Update Windows Hello for Business documentation

2025-06-18 11:53:37 +00:00 · 2024-01-05 11:44:08 -05:00
parent 352e2f2b6b
commit d9715b72af
4 changed files with 25 additions and 26 deletions
--- a/windows/security/identity-protection/hello-for-business/deploy/images/group-policy.svg
+++ b/windows/security/identity-protection/hello-for-business/deploy/images/group-policy.svg
@ -1,9 +1,9 @@
-<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<svg width="17" height="18" viewBox="0 0 17 18" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-<rect width="17.2" height="18" fill="url(#pattern0)"/>
+<rect width="17" height="18" fill="url(#pattern0)"/>
 <defs>
 <pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
-<use xlink:href="#image0_48_118" transform="scale(0.0232558 0.0222222)"/>
+<use xlink:href="#image0_92_347" transform="matrix(0.0227273 0 0 0.0217391 -0.0454545 -0.0869565)"/>
 </pattern>
-<image id="image0_48_118" width="43" height="45" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAtCAYAAAA3BJLdAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAB3RJTUUH6AECFiANUjRVqQAABPtJREFUWAnNWTGP5DQUfoOClEhbZNAVM4jiVqLgCoq7q/YKJHZFwehoVnfNCQq0Es1BR3c12gLtT+A3UEFJCSUFEjRI2+1sMdpEYkQi7Ujhe2/GsZPYiT07s8LSTGzn+b3P7z2/ZzujqqrIVS7O31RnXzynclW4SPbXvyIqVrnwT+KYJg9no5EL7MX331XHHz+mR+9PiTCQqNwfsBbnEqL4V6zmeJNBfk6//3FDTrCXf/9WTR+khEndb4FicgDNFjkl0ZyKck7l8orig3cpciEZH8QACqROCtfIu/WXqwQMoE3SrldiAuUy70J59fK0evHqBc0+Ob53oEQxzJ+JVvP5X5TTlYCc5xkUN+6CffrkKR0fHa21ejclbTU6gw9cL2D+/Aq+eg3wBWVL9P152QUrEmRBbSXrzoNymDvLMtFoHLEbppTg8eb8YnTPHjk8F9bk7LOzEdFZh9gbbIlYwoysZQtLpCkWEmsuoDjAInYwAONtvshofr0O0sKfVyhXbjketiYxBD5O6MmHE0pTG1jhKiLafwac9qtmO03HWKxgLkCYoRLEE0sbxC3ojXfc4OAUA3Bo8QYbI+5O8NtrYUX0WOWtvQoPZu52AWblrdkcgZljYKNstFCu7P0NWrMBdzp8bxwcywfAahDraIC2CQxghcIwXbttYlT1mCPLBOlcdXg+B8BqLpMHsWP1apqQWuwtWXP1HxIltI0ALeruNW+wkhAMcyvRvCPqFu0+3XfcAysd4AEFhBRvsDn2l/OFAWIDUsDe6sgqNesENKwkSejRB5wUdJ9PrQesAQycOM5ObUsCwIp2/wBYjkHbbOp7wGpt8awlNTo1EbqulR6bMlSv6/k/SwoMs2lRE3iPZk0ynIuQEEpsgjkddvTRNjvabpFwAUidcpwNTN/eYBkoZ7B69RsA5aiO3Zd3eTuhMeJ2qPN4g+1PCi1nNiZinQCk2hdYnz289gYbBlBDqCasQBud/eAapGgMaBbMFAWqnQ1Lm5tqe2kWU1e8edzQGJCY5EqU9XmNhJBtkkLtt0wJIZ3rpQH/jSUpwFLWk4JVvHR6g2UfG29cs2hrQS4mtJDGZHR3XZM9hrfkepiHZjfA1klhx17bnnRvwBtyA2EWtgi0HkJrw4qwGsMGL8/hm3y1x8XQiM/GZT3I+IfUKfw15p1Xp9ikr4msYOWVOhFsKDgpzAGY1LF7A1hYy3HckGpMxuitq3zDIhd/dQ9X3CAVmRMsD8U1maKjlDOOaGLYXKbmawZmBVJ3lBT+BVsNUgnmFWw3m4kisG5awKk2zdNOYjIxgetx+6k15HZFdMA2YyRruLPH6nLZRU8N1C2vA5blFlhcKS7hsMdCy3CJXYBq8ahXAJCIom7d8jpgJbsw0JKXPgaq1d8S4tU0udeaM0ZuDowMUuSyFVV4NMhUVdi9/uasOjl+Jn2zT0+w1+TbkrCTp2IY8uQTs1weLy6RnkoJZ0V542QRnb6cVV9/9Tk9O3qsiTCF2jxGTRPspsYa5W9d+T83EiYLekdv7i0ioovzb2kqmnT5iqvfwi2kawV1AKxkRawR3n7mGbTac8Ec0RIfGSKYgTHZ/CoEQCAtZ0X+ZJRxLue1wT4cT5xc5KPdLz++rg6n2vBO6l2+gKuxVnE5iRt1fPAA7xhgT7/8Ad8T7EUW2E8//0onHx3aKfbcy4s/W0JR0ZiKOO2V9h92paXIkgWrzgAAAABJRU5ErkJggg=="/>
+<image id="image0_92_347" width="47" height="52" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAC8AAAA0CAYAAAAaNmH0AAAACXBIWXMAABYlAAAWJQFJUiTwAAAAB3RJTUUH6AEEFgALC7iL4gAABVhJREFUaAXtWb+LJEUUfruMSzde0CMbzIiBAwZusMEazV4gOMcli4IuCIoayIogmohmF8sGsoEYKfgfCCbeRWKmqaCg4WU3EwzbDQ50sze4fq+660f3dFdV98zurWDBbr+pevXe976qelVdvXV5eUlN5eLiQjTt7Ow0qTzR+u0n6n1N5/+DX5PAzt17Hj2fPju999PJe6+Os2Xqob5hlSVRukyE0TAIaPD80Zb0sOVYsPtff/Xlt5NXDsZ7LwyJYIgok32v/JnBFf+lyyl8xfCf0G9/nNPx21+IAFzM/378xoSGuxEh6KIoQVZczRNEMU3pIqEQKFNEkS3O6WD/WeXPBZ76twIAB2CnprK5ESFbhrADtklP1YwDQjCyWCH9eP97Oro7uXbgRAGmS0zxPKFk+hcl9EiAniYxiOzTwTiHbwU/OTzMWZehXuMzTjKazaeUJo8w12cIJqV4gbo/H9LRmx7g8wV6jYgNVwmmRxzHgvGgx9M2ohCPe6dnKttYmTdsXbvITB+9dgKgJ42+W4PPeNXDcG0RqbS2pbEyirAwmdkOxQEeyYoBGVrJPKbpTK94bueURo85H1eCcgUThPTS/oCiqA68sGoNyYBl1VONUdRHMoAzAYwdSMccaKT0WKiEUmrjH5wMAwTQtbQGHyDvD/B3pYWJcY0aVG7oqdI9ZZi81swn2Cg4B5dKwVK2rK8v6Zo/MP1Gz/U77yWe4DWoPNvgtwkU4IWGMdTV3yZmKQecuQY4fsiKlk9P8NrqYDdoyA5ap40UtEagrbfv2gtpHYfa9fpSa/BigzKmh4TAJ77VoqfbahvXYBRv4QFCupTW4BOc9KZzA1QBWoB/rDO7kGoD0jDDMKS9F3mT0nVtJA/wBlBY5jw/rFtiAJpW6x3gOdfpl5w2sHNdD/CaTe4itvJGprrmjbIP3zBu6CbF8MsjXheQB/Plbgk2qAwvBbx9r/BVnSb4bYPAWWvIeb7jcaM1eAbOO6zKLgZgcTWC06V3eSqkPvaNrpOtNXj7JlVZDEZgtQHBe/2CtY2XttQCfGEQNHVlSrutSn5gq708wcO41IS4cgCrWpW/vZgHFdI293P1kbbxNLsZ1c3iDBtUXGxSat6zOpyuXAc65n8gNimMZO2bVDMG2dIaPM/RfjG10ypL4qJImuZgtFwniTNSawTakn/XAki+SW141q8E6bcG/MAL434GNS9dJX9irODr4CYJpgNf3XIxGPM5iOWdjP/wPsR8D/hkuVLqvJeVrOCFqnxjKjR5k5oiAJLXHEUAwpW4/jAcGMEZtUrkGzBxkatqWHCDlupO8GwK155SnyLeEQVTHsPrAN98qtT+lOMawQHeMFIA4QxRP8w11n2rzCAdiEyTdlXTqMG+aeBK5JLfZg928Kofj8DKGVK1blRQwN3+rOBTLNYIl6o4QwKfMYU2ijY3plYQEOWvlG5/VvDEwDNOLTAks0sX4KYXxaxhqHgBZ9D5zQRYl+nYUKuKPfmJHg3bn3720S93JrfHrLQ3GuFFgW+zur3ZVx3ZfvONhPiYMH+I01Ym0meandu6iDbJyfZb77z+zScfvju+fXigO6FVDachaYXNSMw4f2tN/j4XaTmlZ5znIvYswf9zdvr5B8NdZrpprjXVrxnAEvQAvNi1scb4uJ3EYN3jg4MET7TAR6seho0x1s3LNTHauvOuzZ8oYz578NriNRAMbF1EW+kL+M8/fHw5GuqJ4uy9CQXQx6zj8hlfXPABDTYDgD9+/zv14azJjWYeGvcf/Dq78/LIHXKTtTXqObnECxDX61MaRF6WSsx79bhBSjf40snN0n8a/L87FqtbB9OY7gAAAABJRU5ErkJggg=="/>
 </defs>
 </svg>
--- a/windows/security/identity-protection/hello-for-business/deploy/index.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/index.md
@ -16,9 +16,9 @@ This guide explains the role of each component within Windows Hello for Business
 ## Using this guide
-There are many options from which you can choose when deploying Windows Hello for Business. Providing multiple options ensures nearly every organization can deploy Windows Hello for Business. Providing many options makes the deployment appear complex. However, most organization will realize they've already implemented most of the infrastructure on which the Windows Hello for Business deployment depends. It's important to understand that Windows Hello for Business is a distributed system and does take proper planning across multiple teams within an organization.
+There are many options available for deploying Windows Hello for Business, ensuring compatibility with various organizational infrastructures. While the deployment process may appear complex, most organizations will find that they have already implemented the necessary infrastructure. It is important to note that Windows Hello for Business is a distributed system and requires proper planning across multiple teams within an organization.
-This guide removes the appearance of complexity by helping you make decisions on each aspect of your Windows Hello for Business deployment and the options you need to consider. Using this guide also identifies the information needed to help you make decisions about the deployment that best suits your environment.
+This guide aims to simplify the deployment process by helping you make informed decisions about each aspect of your Windows Hello for Business deployment. It provides information on the options available and assists in selecting the deployment approach that best suits your environment.
 ### How to proceed
@ -35,7 +35,7 @@ There are eight major categories to consider when planning a Windows Hello for B
 > - [Licensing for cloud services](#licensing-for-cloud-services)
 > - [Windows requirements](#windows-requirements)
 > - [Windows Server requirements](#windows-server-requirements)
-> - [Prepare users to use Windows Hello](#prepare-users-to-use-windows-hello)
+> - [Prepare users to enroll and use Windows Hello](#prepare-users-to-enroll-and-use-windows-hello)
 ## Deployment options
@ -161,11 +161,6 @@ Here's a list of requirements for federated and nonfederated deployments.
 ### Device registration
 All devices included in the Windows Hello for Business deployment must go through a process called *device registration*. Device registration enables devices to be associated and to authentiticate to an identity provider (IdP). Device registration is identified by the *join type*.
 - Registering a device to Microsoft Entra ID enables you to manage a device's identity. When a device is registered, Microsoft Entra provides the device with an identity that is used to authenticate the device when a user signs-in to Microsoft Entra ID. You can use the identity to enable or disable a device. When combined with a mobile device management (MDM) solution such as Microsoft Intune, the device attributes in Microsoft Entra ID are updated with additional information about the device. This behavior allows you to create conditional access rules that enforce access from devices to meet your standards for security and compliance
 - Joining a device to Microsoft Entra ID is an extension to registering a device. This method provides you with all the benefits of registering a device, and changes the local state of a device. Changing the local state enables your users to sign-in to a device using an organizational work or school account, instead of a personal account
 For on-premises deployments, the server running the Active Directory Federation Services (AD FS) role is responsible for device registration. For cloud-only and hybrid deployments, devices must register in Microsoft Entra ID.
 | Deployment model | Supported join type | Device registration service provider |
@ -244,7 +239,7 @@ If you configure the flag with a value of either `acceptIfMfaDoneByFederatedIdp`
 ## Device configuration
-Windows Hello for Business provides organizations with a rich set of granular policy settings with which they can use to configure their devices. There are two main options to configure Windows Hello for Business: configuration service provider (CSP) and group policy (GPO).
+Windows Hello for Business provides a rich set of granular policy settings. There are two main options to configure Windows Hello for Business: configuration service provider (CSP) and group policy (GPO).
 - The CSP option is ideal for devices that are managed through a Mobile Device Management (MDM) solution, like Microsoft Intune. CSPs can also be configured with [provisioning packages](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers#csps-in-windows-configuration-designer)
 - GPO can be used to configure domain joined devices and where devices aren't managed via MDM
@ -295,9 +290,9 @@ All supported Windows 10 and Windows 11 versions can be used with Windows Hello
 All supported Windows Server versions can be used with Windows Hello for Business as Domain Controller. However, cloud Kerberos trust requires minimum versions:
 |  | Deployment model | Trust type | Domain Controller OS version |
-|-----------------------------|------------------|----------------|-----------------------------------------------------------------------------------------------------------|
+|--|--|--|--|
 | **🔲** | **Cloud-only** | n/a | All supported versions |
-| **🔲** | **Hybrid**       | Cloud Kerberos | - Windows Server 2016, [KB3534307][KB-3]<br>- Windows Server 2019, [KB4534321][KB-4]<br>- Windows Server 2022 |
+| **🔲** | **Hybrid** | Cloud Kerberos | - Windows Server 2016, with [KB3534307][KB-3] and later<br>- Windows Server 2019, with [KB4534321][KB-4] and later<br>- Windows Server 2022 |
 | **🔲** | **Hybrid** | Key | All supported versions |
 | **🔲** | **Hybrid** | Certificate | All supported versions |
 | **🔲** | **On-premises** | Key | All supported versions |
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@ -29,7 +29,6 @@ The statement *PIN is stronger than Password* is not directed at the strength of
 >
 > For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim).
 ## Windows Hello data storage
 The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor.
@ -47,6 +46,11 @@ Windows Hello for Business is a distributed system that uses several components
 Registration is a fundamental prerequisite for Windows Hello for Business.  Without registration, Windows Hello for Business provisioning cannot start. Registration is where the device **registers** its identity with the identity provider. For cloud and hybrid deployments, the identity provider is Microsoft Entra ID and the device registers with the Device Registration Service. For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the device registers with the enterprise device registration service hosted on the federation servers (AD FS).
 All devices included in the Windows Hello for Business deployment must go through a process called *device registration*. Device registration enables devices to be associated and to authentiticate to an identity provider (IdP). Device registration is identified by the *join type*.
 - Registering a device to Microsoft Entra ID enables you to manage a device's identity. When a device is registered, Microsoft Entra provides the device with an identity that is used to authenticate the device when a user signs-in to Microsoft Entra ID. You can use the identity to enable or disable a device. When combined with a mobile device management (MDM) solution such as Microsoft Intune, the device attributes in Microsoft Entra ID are updated with additional information about the device. This behavior allows you to create conditional access rules that enforce access from devices to meet your standards for security and compliance
 - Joining a device to Microsoft Entra ID is an extension to registering a device. This method provides you with all the benefits of registering a device, and changes the local state of a device. Changing the local state enables your users to sign-in to a device using an organizational work or school account, instead of a personal account
 For more information, read [how device registration works](/azure/active-directory/devices/device-registration-how-it-works).
 ## Provisioning
--- a/windows/security/images/icons/group-policy.svg
+++ b/windows/security/images/icons/group-policy.svg
@ -1,9 +1,9 @@
-<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<svg width="17" height="18" viewBox="0 0 17 18" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-<rect width="17.2" height="18" fill="url(#pattern0)"/>
+<rect width="17" height="18" fill="url(#pattern0)"/>
 <defs>
 <pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1">
-<use xlink:href="#image0_48_118" transform="scale(0.0232558 0.0222222)"/>
+<use xlink:href="#image0_92_347" transform="matrix(0.0227273 0 0 0.0217391 -0.0454545 -0.0869565)"/>
 </pattern>
-<image id="image0_48_118" width="43" height="45" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAtCAYAAAA3BJLdAAAACXBIWXMAABYlAAAWJQFJUiTwAAAAB3RJTUUH6AECFiANUjRVqQAABPtJREFUWAnNWTGP5DQUfoOClEhbZNAVM4jiVqLgCoq7q/YKJHZFwehoVnfNCQq0Es1BR3c12gLtT+A3UEFJCSUFEjRI2+1sMdpEYkQi7Ujhe2/GsZPYiT07s8LSTGzn+b3P7z2/ZzujqqrIVS7O31RnXzynclW4SPbXvyIqVrnwT+KYJg9no5EL7MX331XHHz+mR+9PiTCQqNwfsBbnEqL4V6zmeJNBfk6//3FDTrCXf/9WTR+khEndb4FicgDNFjkl0ZyKck7l8orig3cpciEZH8QACqROCtfIu/WXqwQMoE3SrldiAuUy70J59fK0evHqBc0+Ob53oEQxzJ+JVvP5X5TTlYCc5xkUN+6CffrkKR0fHa21ejclbTU6gw9cL2D+/Aq+eg3wBWVL9P152QUrEmRBbSXrzoNymDvLMtFoHLEbppTg8eb8YnTPHjk8F9bk7LOzEdFZh9gbbIlYwoysZQtLpCkWEmsuoDjAInYwAONtvshofr0O0sKfVyhXbjketiYxBD5O6MmHE0pTG1jhKiLafwac9qtmO03HWKxgLkCYoRLEE0sbxC3ojXfc4OAUA3Bo8QYbI+5O8NtrYUX0WOWtvQoPZu52AWblrdkcgZljYKNstFCu7P0NWrMBdzp8bxwcywfAahDraIC2CQxghcIwXbttYlT1mCPLBOlcdXg+B8BqLpMHsWP1apqQWuwtWXP1HxIltI0ALeruNW+wkhAMcyvRvCPqFu0+3XfcAysd4AEFhBRvsDn2l/OFAWIDUsDe6sgqNesENKwkSejRB5wUdJ9PrQesAQycOM5ObUsCwIp2/wBYjkHbbOp7wGpt8awlNTo1EbqulR6bMlSv6/k/SwoMs2lRE3iPZk0ynIuQEEpsgjkddvTRNjvabpFwAUidcpwNTN/eYBkoZ7B69RsA5aiO3Zd3eTuhMeJ2qPN4g+1PCi1nNiZinQCk2hdYnz289gYbBlBDqCasQBud/eAapGgMaBbMFAWqnQ1Lm5tqe2kWU1e8edzQGJCY5EqU9XmNhJBtkkLtt0wJIZ3rpQH/jSUpwFLWk4JVvHR6g2UfG29cs2hrQS4mtJDGZHR3XZM9hrfkepiHZjfA1klhx17bnnRvwBtyA2EWtgi0HkJrw4qwGsMGL8/hm3y1x8XQiM/GZT3I+IfUKfw15p1Xp9ikr4msYOWVOhFsKDgpzAGY1LF7A1hYy3HckGpMxuitq3zDIhd/dQ9X3CAVmRMsD8U1maKjlDOOaGLYXKbmawZmBVJ3lBT+BVsNUgnmFWw3m4kisG5awKk2zdNOYjIxgetx+6k15HZFdMA2YyRruLPH6nLZRU8N1C2vA5blFlhcKS7hsMdCy3CJXYBq8ahXAJCIom7d8jpgJbsw0JKXPgaq1d8S4tU0udeaM0ZuDowMUuSyFVV4NMhUVdi9/uasOjl+Jn2zT0+w1+TbkrCTp2IY8uQTs1weLy6RnkoJZ0V542QRnb6cVV9/9Tk9O3qsiTCF2jxGTRPspsYa5W9d+T83EiYLekdv7i0ioovzb2kqmnT5iqvfwi2kawV1AKxkRawR3n7mGbTac8Ec0RIfGSKYgTHZ/CoEQCAtZ0X+ZJRxLue1wT4cT5xc5KPdLz++rg6n2vBO6l2+gKuxVnE5iRt1fPAA7xhgT7/8Ad8T7EUW2E8//0onHx3aKfbcy4s/W0JR0ZiKOO2V9h92paXIkgWrzgAAAABJRU5ErkJggg=="/>
+<image id="image0_92_347" width="47" height="52" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAC8AAAA0CAYAAAAaNmH0AAAACXBIWXMAABYlAAAWJQFJUiTwAAAAB3RJTUUH6AEEFgALC7iL4gAABVhJREFUaAXtWb+LJEUUfruMSzde0CMbzIiBAwZusMEazV4gOMcli4IuCIoayIogmohmF8sGsoEYKfgfCCbeRWKmqaCg4WU3EwzbDQ50sze4fq+660f3dFdV98zurWDBbr+pevXe976qelVdvXV5eUlN5eLiQjTt7Ow0qTzR+u0n6n1N5/+DX5PAzt17Hj2fPju999PJe6+Os2Xqob5hlSVRukyE0TAIaPD80Zb0sOVYsPtff/Xlt5NXDsZ7LwyJYIgok32v/JnBFf+lyyl8xfCf0G9/nNPx21+IAFzM/378xoSGuxEh6KIoQVZczRNEMU3pIqEQKFNEkS3O6WD/WeXPBZ76twIAB2CnprK5ESFbhrADtklP1YwDQjCyWCH9eP97Oro7uXbgRAGmS0zxPKFk+hcl9EiAniYxiOzTwTiHbwU/OTzMWZehXuMzTjKazaeUJo8w12cIJqV4gbo/H9LRmx7g8wV6jYgNVwmmRxzHgvGgx9M2ohCPe6dnKttYmTdsXbvITB+9dgKgJ42+W4PPeNXDcG0RqbS2pbEyirAwmdkOxQEeyYoBGVrJPKbpTK94bueURo85H1eCcgUThPTS/oCiqA68sGoNyYBl1VONUdRHMoAzAYwdSMccaKT0WKiEUmrjH5wMAwTQtbQGHyDvD/B3pYWJcY0aVG7oqdI9ZZi81swn2Cg4B5dKwVK2rK8v6Zo/MP1Gz/U77yWe4DWoPNvgtwkU4IWGMdTV3yZmKQecuQY4fsiKlk9P8NrqYDdoyA5ap40UtEagrbfv2gtpHYfa9fpSa/BigzKmh4TAJ77VoqfbahvXYBRv4QFCupTW4BOc9KZzA1QBWoB/rDO7kGoD0jDDMKS9F3mT0nVtJA/wBlBY5jw/rFtiAJpW6x3gOdfpl5w2sHNdD/CaTe4itvJGprrmjbIP3zBu6CbF8MsjXheQB/Plbgk2qAwvBbx9r/BVnSb4bYPAWWvIeb7jcaM1eAbOO6zKLgZgcTWC06V3eSqkPvaNrpOtNXj7JlVZDEZgtQHBe/2CtY2XttQCfGEQNHVlSrutSn5gq708wcO41IS4cgCrWpW/vZgHFdI293P1kbbxNLsZ1c3iDBtUXGxSat6zOpyuXAc65n8gNimMZO2bVDMG2dIaPM/RfjG10ypL4qJImuZgtFwniTNSawTakn/XAki+SW141q8E6bcG/MAL434GNS9dJX9irODr4CYJpgNf3XIxGPM5iOWdjP/wPsR8D/hkuVLqvJeVrOCFqnxjKjR5k5oiAJLXHEUAwpW4/jAcGMEZtUrkGzBxkatqWHCDlupO8GwK155SnyLeEQVTHsPrAN98qtT+lOMawQHeMFIA4QxRP8w11n2rzCAdiEyTdlXTqMG+aeBK5JLfZg928Kofj8DKGVK1blRQwN3+rOBTLNYIl6o4QwKfMYU2ijY3plYQEOWvlG5/VvDEwDNOLTAks0sX4KYXxaxhqHgBZ9D5zQRYl+nYUKuKPfmJHg3bn3720S93JrfHrLQ3GuFFgW+zur3ZVx3ZfvONhPiYMH+I01Ym0meandu6iDbJyfZb77z+zScfvju+fXigO6FVDachaYXNSMw4f2tN/j4XaTmlZ5znIvYswf9zdvr5B8NdZrpprjXVrxnAEvQAvNi1scb4uJ3EYN3jg4MET7TAR6seho0x1s3LNTHauvOuzZ8oYz578NriNRAMbF1EW+kL+M8/fHw5GuqJ4uy9CQXQx6zj8hlfXPABDTYDgD9+/zv14azJjWYeGvcf/Dq78/LIHXKTtTXqObnECxDX61MaRF6WSsx79bhBSjf40snN0n8a/L87FqtbB9OY7gAAAABJRU5ErkJggg=="/>
 </defs>
 </svg>