mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 21:37:22 +00:00
updates
This commit is contained in:
Paolo Matarazzo
parent
2dbf84843f
commit
db7d53094e
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
ms.date: 01/03/2024
|
ms.date: 06/23/2024
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -8,6 +8,8 @@ ms.topic: include
|
|||||||
Windows Hello for Business requires users perform multifactor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
|
Windows Hello for Business requires users perform multifactor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
|
||||||
|
|
||||||
- certificates
|
- certificates
|
||||||
|
> [!NOTE]
|
||||||
|
> When using this option, the certificates must be deployed to the users. For example, users can use their smart card or virtual smart card as a certificate authentication option.
|
||||||
- non-Microsoft authentication providers for AD FS
|
- non-Microsoft authentication providers for AD FS
|
||||||
- custom authentication provider for AD FS
|
- custom authentication provider for AD FS
|
||||||
|
|
||||||
|
|||||||
@ -76,6 +76,7 @@ For detailed information about the certificate, use `Certutil -q -v <certificate
|
|||||||
> [!div class="checklist"]
|
> [!div class="checklist"]
|
||||||
> Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
> Before you continue with the deployment, validate your deployment progress by reviewing the following items:
|
||||||
>
|
>
|
||||||
|
> - Configure an enrollment agent certificate template
|
||||||
> - Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template
|
> - Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template
|
||||||
> - Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance
|
> - Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance
|
||||||
> - Confirm you properly configured the Windows Hello for Business authentication certificate template
|
> - Confirm you properly configured the Windows Hello for Business authentication certificate template
|
||||||
|
|||||||
@ -7,7 +7,6 @@ ms.topic: tutorial
|
|||||||
|
|
||||||
# On-premises certificate trust deployment guide
|
# On-premises certificate trust deployment guide
|
||||||
|
|
||||||
|
|
||||||
[!INCLUDE [apply-to-on-premises-cert-trust](includes/apply-to-on-premises-cert-trust.md)]
|
[!INCLUDE [apply-to-on-premises-cert-trust](includes/apply-to-on-premises-cert-trust.md)]
|
||||||
|
|
||||||
[!INCLUDE [requirements](includes/requirements.md)]
|
[!INCLUDE [requirements](includes/requirements.md)]
|
||||||
@ -83,7 +82,6 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
|
|||||||
> - Configure domain controller and web server certificate templates
|
> - Configure domain controller and web server certificate templates
|
||||||
> - Supersede existing domain controller certificates
|
> - Supersede existing domain controller certificates
|
||||||
> - Unpublish superseded certificate templates
|
> - Unpublish superseded certificate templates
|
||||||
> - Configure an enrollment agent certificate template
|
|
||||||
> - Publish the certificate templates to the CA
|
> - Publish the certificate templates to the CA
|
||||||
> - Deploy certificates to the domain controllers
|
> - Deploy certificates to the domain controllers
|
||||||
> - Validate the domain controllers configuration
|
> - Validate the domain controllers configuration
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user