deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-06-23 16:23:49 -04:00
parent 2dbf84843f
commit db7d53094e
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/identity-protection/hello-for-business/deploy/includes/adfs-mfa.md
View File

@ -1,5 +1,5 @@
---
ms.date: 01/03/2024
ms.date: 06/23/2024
ms.topic: include
---
@ -8,6 +8,8 @@ ms.topic: include
Windows Hello for Business requires users perform multifactor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
- certificates
> [!NOTE]
> When using this option, the certificates must be deployed to the users. For example, users can use their smart card or virtual smart card as a certificate authentication option.
- non-Microsoft authentication providers for AD FS
- custom authentication provider for AD FS

1
windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
View File

@ -76,6 +76,7 @@ For detailed information about the certificate, use `Certutil -q -v <certificate
> [!div class="checklist"]
> Before you continue with the deployment, validate your deployment progress by reviewing the following items:
>
> - Configure an enrollment agent certificate template
> - Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template
> - Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance
> - Confirm you properly configured the Windows Hello for Business authentication certificate template

2
windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md
View File

@ -7,7 +7,6 @@ ms.topic: tutorial
# On-premises certificate trust deployment guide
[!INCLUDE [apply-to-on-premises-cert-trust](includes/apply-to-on-premises-cert-trust.md)]
[!INCLUDE [requirements](includes/requirements.md)]
@ -83,7 +82,6 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
> - Configure domain controller and web server certificate templates
> - Supersede existing domain controller certificates
> - Unpublish superseded certificate templates
> - Configure an enrollment agent certificate template
> - Publish the certificate templates to the CA
> - Deploy certificates to the domain controllers
> - Validate the domain controllers configuration