deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

WHfB/Key Trust models: PIN reset availability

Browse Source 
Description:
Based on user feedback and author verification, the PIN reset feature in
Windows Hello for Business is available in Windows 10 Professional using
different key trust models in different deployments depending on
the version of Windows 10 (1511, 1703, 1709 and 1903).

Thanks to @greytone for noting this issue in ticket #4662 .

Changes proposed:

- add important Note outlining which Windows 10 version makes the PIN
  reset feature available and the key trust model to use in each case.
  The information summary is provided by @jvsam and @mapalko, based on
  the discussion in the issue ticket page and original user feedback.

- add spacing for another important note with MD quote indentation
- add spacing for a table quote indentation
- remove HTML tag incorrectly showing up in the MarkDown preview

Additional notes:
PR content and placement of the important note is subject to change,
based on feedback from the author and MS Docs team members.

issue ticket closure or reference:

Closes #4662
This commit is contained in:
illfated 2019-10-27 22:21:13 +01:00
parent 77bd4dc21c
commit d5bd8dc72f
2 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
windows/security/identity-protection/hello-for-business/hello-identity-verification.md
View File

@ -28,13 +28,24 @@ Windows Hello addresses the following problems with passwords:
- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). - Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing). - Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing).
>[!div class="mx-tdBreakAll"]
> | | | | > | | | |
> | :---: | :---: | :---: | > | :---: | :---: | :---: |
> | [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) | > | [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
## Prerequisites ## Prerequisites
> [!Important]
> 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>.
> **Requirements:**</br>
> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
>
> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
> **Requirements:**</br>
> Reset from settings - Windows 10, version 1703, Professional</br>
> Reset above lock screen - Windows 10, version 1709, Professional</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
### Cloud Only Deployment ### Cloud Only Deployment
* Windows 10, version 1511 or later * Windows 10, version 1511 or later
* Microsoft Azure Account * Microsoft Azure Account

12
windows/security/identity-protection/hello-for-business/hello-planning-guide.md
View File

@ -64,9 +64,21 @@ The hybrid deployment model is for organizations that:
* Have identities synchronized to Azure Active Directory using Azure Active Directory Connect * Have identities synchronized to Azure Active Directory using Azure Active Directory Connect
* Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources * Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
> [!Important]
> Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>
> **Requirements:**</br>
> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
##### On-premises ##### On-premises
The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory. The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.
> [!Important]
> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
> **Requirements:**</br>
> Reset from settings - Windows 10, version 1703, Professional</br>
> Reset above lock screen - Windows 10, version 1709, Professional</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
Its fundamentally important to understand which deployment model to use for a successful deployment. Some of aspects of the deployment may already be decided for you based on your current infrastructure. Its fundamentally important to understand which deployment model to use for a successful deployment. Some of aspects of the deployment may already be decided for you based on your current infrastructure.