deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 05:13:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix link errors

Browse Source
This commit is contained in:
Greg Lindsay
2019-05-29 20:29:02 -07:00
parent 6358014c42
commit d564317c9f
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/access-control/special-identities.md
View File

@ -82,7 +82,7 @@ The special identity groups are described in the following tables:
- [This Organization](#this-organization) - [This Organization](#this-organization)
- [Window Manager\\Window Manager Group](#window-manager\\window-manager-group) - [Window Manager\\Window Manager Group](#window-manager-window-manager-group)
## Anonymous Logon ## Anonymous Logon

12
windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
View File

@ -34,8 +34,8 @@ ms.date: 10/08/2018
- [Key Trust](#key-trust) - [Key Trust](#key-trust)
- [Managed Environment](#managed-environment) - [Managed Environment](#managed-environment)
- [On-premises Deployment](#on-premises-deployment) - [On-premises Deployment](#on-premises-deployment)
- [Pass-through Authentication](#passthrough-authentication) - [Pass-through Authentication](#pass-through-authentication)
- [Password Hash Synchronization](#password-hash-synchronization) - [Password Hash Synchronization](#password-hash-sync)
- [Primary Refresh Token](#primary-refresh-token) - [Primary Refresh Token](#primary-refresh-token)
- [Storage Root Key](#storage-root-key) - [Storage Root Key](#storage-root-key)
- [Trust Type](#trust-type) - [Trust Type](#trust-type)
@ -212,9 +212,9 @@ The key trust model uses the user's Windows Hello for Business identity to authe
Managed environments are for non-federated environments where Azure Active Directory manages the authentication using technologies such as Password Hash Synchronization and Pass-through Authentication rather than a federation service such as Active Directory Federation Services. Managed environments are for non-federated environments where Azure Active Directory manages the authentication using technologies such as Password Hash Synchronization and Pass-through Authentication rather than a federation service such as Active Directory Federation Services.
### Related topics ### Related topics
[Federated Environment](#federated-environment), [Pass-through authentication](#pass-through-authentication), [Password Hash Synchronization](#password-hash-synchronization) [Federated Environment](#federated-environment), [Pass-through authentication](#pass-through-authentication), [Password Hash Synchronization](#password-hash-sync)
[Return to Top](#Technology-and-Terms) [Return to Top](#technology-and-terms)
## On-premises Deployment ## On-premises Deployment
The Windows Hello for Business on-premises deployment is for organizations that exclusively have on-premises resources that are accessed using Active Directory identities. On-premises deployments support domain joined devices. The on-premises deployment model supports two authentication trust types, key trust and certificate trust. The Windows Hello for Business on-premises deployment is for organizations that exclusively have on-premises resources that are accessed using Active Directory identities. On-premises deployments support domain joined devices. The on-premises deployment model supports two authentication trust types, key trust and certificate trust.
@ -235,7 +235,7 @@ Provides a simple password validation for Azure AD authentication services using
### More information ### More information
- [Choosing the right authentication method for your Azure Active Directory hybrid identity solution](https://docs.microsoft.com/azure/security/azure-ad-choose-authn) - [Choosing the right authentication method for your Azure Active Directory hybrid identity solution](https://docs.microsoft.com/azure/security/azure-ad-choose-authn)
[Return to Top](#hello-how-it-works-technology.md) [Return to Top](hello-how-it-works-technology.md)
## Password Hash Sync ## Password Hash Sync
The simplest way to enable authentication for on-premises directory objects in Azure AD. With password hash sync (PHS), you synchronize your on-premises Active Directory user account objects with Office 365 and manage your users on-premises. Hashes of user passwords are synchronized from your on-premises Active Directory to Azure AD so that the users have the same password on-premises and in the cloud. When passwords are changed or reset on-premises, the new password hashes are synchronized to Azure AD so that your users can always use the same password for cloud resources and on-premises resources. The passwords are never sent to Azure AD or stored in Azure AD in clear text. Some premium features of Azure AD, such as Identity Protection, require PHS regardless of which authentication method is selected. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network. The simplest way to enable authentication for on-premises directory objects in Azure AD. With password hash sync (PHS), you synchronize your on-premises Active Directory user account objects with Office 365 and manage your users on-premises. Hashes of user passwords are synchronized from your on-premises Active Directory to Azure AD so that the users have the same password on-premises and in the cloud. When passwords are changed or reset on-premises, the new password hashes are synchronized to Azure AD so that your users can always use the same password for cloud resources and on-premises resources. The passwords are never sent to Azure AD or stored in Azure AD in clear text. Some premium features of Azure AD, such as Identity Protection, require PHS regardless of which authentication method is selected. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network.
@ -253,7 +253,7 @@ The PRT is initially obtained during Windows Logon (user sign-in/unlock) in a si
The PRT is needed for SSO. Without it, the user will be prompted for credentials when accessing applications every time. Please also note that the PRT contains information about the device. This means that if you have any [device-based conditional access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-policy-connected-applications) policy set on an application, without the PRT, access will be denied. The PRT is needed for SSO. Without it, the user will be prompted for credentials when accessing applications every time. Please also note that the PRT contains information about the device. This means that if you have any [device-based conditional access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-policy-connected-applications) policy set on an application, without the PRT, access will be denied.
[Return to Top](#Technology-and-Terms) [Return to Top](#technology-and-terms)
## Storage Root Key ## Storage Root Key
The storage root key (SRK) is also an asymmetric key pair (RSA with a minimum of 2048 bits length). The SRK has a major role and is used to protect TPM keys, so that these keys cannot be used without the TPM. The SRK key is created when the ownership of the TPM is taken. The storage root key (SRK) is also an asymmetric key pair (RSA with a minimum of 2048 bits length). The SRK has a major role and is used to protect TPM keys, so that these keys cannot be used without the TPM. The SRK key is created when the ownership of the TPM is taken.

4
windows/security/threat-protection/windows-defender-atp/user-roles.md
View File

@ -82,5 +82,5 @@ After creating roles, you'll need to create a machine group and provide access t
## Related topics ## Related topics
- [User basic permissions to access the portal](basic-permissions.md) - [User basic permissions to access the portal](../microsoft-defender-atp/basic-permissions.md)
- [Create and manage machine groups](machine-groups.md) - [Create and manage machine groups](../microsoft-defender-atp/machine-groups.md)