diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 7bc895088c..2106e8d4c5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -12,7 +12,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 02/11/2022 +ms.date: 02/15/2022 ms.reviewer: --- # Windows Hello for Business and Authentication @@ -27,12 +27,12 @@ Windows Hello for Business authentication is passwordless, two-factor authentica Azure Active Directory joined devices authenticate to Azure during sign-in and can optional authenticate to Active Directory. Hybrid Azure Active Directory joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background. - [Azure AD join authentication to Azure Active Directory](#azure-ad-join-authentication-to-azure-active-directory) -- [Azure AD join authentication to Active Directory using Azure AD Kerberos (Cloud trust)](#azure-ad-join-authentication-to-active-directory-using-azure-ad-kerberos-cloud-trust) -- [Azure AD join authentication to Active Directory using a Key](#azure-ad-join-authentication-to-active-directory-using-a-key) -- [Azure AD join authentication to Active Directory using a Certificate](#azure-ad-join-authentication-to-active-directory-using-a-certificate) -- [Hybrid Azure AD join authentication using Azure AD Kerberos (Cloud trust)](#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust) -- [Hybrid Azure AD join authentication using a Key](#hybrid-azure-ad-join-authentication-using-a-key) -- [Hybrid Azure AD join authentication using a Certificate](#hybrid-azure-ad-join-authentication-using-a-certificate) +- [Azure AD join authentication to Active Directory using Azure AD Kerberos (cloud trust preview)](#azure-ad-join-authentication-to-active-directory-using-azure-ad-kerberos-cloud-trust-preview) +- [Azure AD join authentication to Active Directory using a key](#azure-ad-join-authentication-to-active-directory-using-a-key) +- [Azure AD join authentication to Active Directory using a certificate](#azure-ad-join-authentication-to-active-directory-using-a-certificate) +- [Hybrid Azure AD join authentication using Azure AD Kerberos (cloud trust preview)](#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview) +- [Hybrid Azure AD join authentication using a key](#hybrid-azure-ad-join-authentication-using-a-key) +- [Hybrid Azure AD join authentication using a certificate](#hybrid-azure-ad-join-authentication-using-a-certificate) ## Azure AD join authentication to Azure Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 38fd963a67..18d6c48bea 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -12,7 +12,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/19/2018 +ms.date: 2/15/2022 ms.reviewer: --- # Windows Hello for Business Provisioning @@ -30,21 +30,21 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, List of provisioning flows: -- [Azure AD joined provisioning in a Managed environment](#azure-ad-joined-provisioning-in-a-managed-environment) -- [Azure AD joined provisioning in a Federated environment](#azure-ad-joined-provisioning-in-a-federated-environment) -- [Hybrid Azure AD joined provisioning in a Cloud Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-cloud-trust-deployment-in-a-managed-environment) -- [Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-key-trust-deployment-in-a-managed-environment) -- [Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-federated-environment) -- [Domain joined provisioning in an On-premises Key Trust deployment](#domain-joined-provisioning-in-an-on-premises-key-trust-deployment) -- [Domain joined provisioning in an On-premises Certificate Trust deployment](#domain-joined-provisioning-in-an-on-premises-certificate-trust-deployment) +- [Azure AD joined provisioning in a managed environment](#azure-ad-joined-provisioning-in-a-managed-environment) +- [Azure AD joined provisioning in a federated environment](#azure-ad-joined-provisioning-in-a-federated-environment) +- [Hybrid Azure AD joined provisioning in a cloud trust (preview) deployment in a managed environment](#hybrid-azure-ad-joined-provisioning-in-a-cloud-trust-preview-deployment-in-a-managed-environment) +- [Hybrid Azure AD joined provisioning in a key trust deployment in a managed environment](#hybrid-azure-ad-joined-provisioning-in-a-key-trust-deployment-in-a-managed-environment) +- [Hybrid Azure AD joined provisioning in a synchronous certificate trust deployment in a federated environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-federated-environment) +- [Domain joined provisioning in an On-premises key trust deployment](#domain-joined-provisioning-in-an-on-premises-key-trust-deployment) +- [Domain joined provisioning in an On-premises certificate trust deployment](#domain-joined-provisioning-in-an-on-premises-certificate-trust-deployment) > [!NOTE] > The flows in this section are not exhaustive for every possible scenario. For example, Federated Key Trust is also a supported configuration. -## Azure AD joined provisioning in a Managed environment +## Azure AD joined provisioning in a managed environment -![Azure AD joined provisioning in a Managed environment.](images/howitworks/prov-aadj-managed.png) +![Azure AD joined provisioning in a managed environment.](images/howitworks/prov-aadj-managed.png) [Full size image](images/howitworks/prov-aadj-managed.png) | Phase | Description | @@ -56,9 +56,9 @@ List of provisioning flows: [Return to top](#windows-hello-for-business-provisioning) -## Azure AD joined provisioning in a Federated environment +## Azure AD joined provisioning in a federated environment -![Azure AD joined provisioning in Managed environment.](images/howitworks/prov-aadj-federated.png) +![Azure AD joined provisioning in federated environment.](images/howitworks/prov-aadj-federated.png) [Full size image](images/howitworks/prov-aadj-federated.png) | Phase | Description | @@ -69,9 +69,9 @@ List of provisioning flows: [Return to top](#windows-hello-for-business-provisioning) -## Hybrid Azure AD joined provisioning in a Cloud Trust deployment in a Managed environment +## Hybrid Azure AD joined provisioning in a cloud trust (preview) deployment in a managed environment -![Hybrid Azure AD joined provisioning in a Cloud Trust deployment in a Managed environment.](images/howitworks/prov-haadj-cloudtrust-managed.png) +![Hybrid Azure AD joined provisioning in a cloud trust deployment in a Managed environment.](images/howitworks/prov-haadj-cloudtrust-managed.png) [Full size image](images/howitworks/prov-haadj-cloudtrust-managed.png) | Phase | Description | @@ -85,9 +85,9 @@ List of provisioning flows: [Return to top](#windows-hello-for-business-provisioning) -## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment +## Hybrid Azure AD joined provisioning in a key yrust deployment in a managed environment -![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment.](images/howitworks/prov-haadj-keytrust-managed.png) +![Hybrid Azure AD joined provisioning in a key trust deployment in a managed environment.](images/howitworks/prov-haadj-keytrust-managed.png) [Full size image](images/howitworks/prov-haadj-keytrust-managed.png) | Phase | Description | @@ -102,9 +102,9 @@ List of provisioning flows: [Return to top](#windows-hello-for-business-provisioning) -## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment +## Hybrid Azure AD joined provisioning in a synchronous certificate trust deployment in a federated environment -![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment.](images/howitworks/prov-haadj-instant-certtrust-federated.png) +![Hybrid Azure AD joined provisioning in a synchronous Certificate trust deployment in a federated environment.](images/howitworks/prov-haadj-instant-certtrust-federated.png) [Full size image](images/howitworks/prov-haadj-instant-certtrust-federated.png) | Phase | Description | diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index af49399259..75be1fd4f3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 2/07/2022 +ms.date: 2/15/2022 ms.reviewer: --- # Hybrid Cloud Trust Deployment (Preview) @@ -46,7 +46,7 @@ With Azure AD Kerberos, Azure AD can issue TGTs for one or more of your AD domai When you enable Azure AD Kerberos in a domain, an Azure AD Kerberos Server object is created in your on-premises AD. This object will appear as a Read Only Domain Controller (RODC) object but isn't associated with any physical servers. This resource is only used by Azure Active Directory to generate TGTs for your Active Directory Domain. The same rules and restrictions used for RODCs apply to the Azure AD Kerberos Server object. -More details on how Azure AD Kerberos enables access to on-premises resources are available in our documentation on [enabling passwordless security key sign-in to on-premises resources](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). There's more information on how Azure AD Kerberos works with Windows Hello for Business cloud trust in the [Windows Hello for Business authentication technical deep dive](hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust). +More details on how Azure AD Kerberos enables access to on-premises resources are available in our documentation on [enabling passwordless security key sign-in to on-premises resources](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). There's more information on how Azure AD Kerberos works with Windows Hello for Business cloud trust in the [Windows Hello for Business authentication technical deep dive](hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-trust-preview). ## Prerequisites