remove phone signin

.openpublishing.redirection.json

@@ -386,6 +386,11 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/keep-secure/hello-enable-phone-signin.md",
+"redirect_url": "/itpro/windows/keep-secure/hello-identity-verification",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/keep-secure/deploy-edp-policy-using-intune.md",
 "redirect_url": "/itpro/windows/keep-secure/deploy-wip-policy-using-intune",
 "redirect_document_id": true

windows/keep-secure/TOC.md

@@ -3,7 +3,6 @@
 ## [Windows Hello for Business](hello-identity-verification.md)
 ### [How Windows Hello for Business works](hello-how-it-works.md)
 ### [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-### [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 ### [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 ### [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 ### [Windows Hello and password changes](hello-and-password-changes.md)

windows/keep-secure/hello-and-password-changes.md

@@ -41,7 +41,6 @@ Suppose instead that you sign in on **Device B** and change your password for yo
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)

windows/keep-secure/hello-biometrics-in-enterprise.md

@@ -79,7 +79,6 @@ To allow facial recognition, you must have devices with integrated special infra
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)

windows/keep-secure/hello-enable-phone-signin.md

@@ -1,84 +0,0 @@
----
-title: Enable phone sign-in to PC or VPN (Windows 10)
-description: You can set policies to allow your users to sign in to a PC or VPN using their Windows 10 phone.
-keywords: ["identity", "PIN", "biometric", "Hello"]
-ms.prod: W10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-author: DaniHalfin
-localizationpriority: high
----
-
-# Enable phone sign-in to PC or VPN
-
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-In Windows 10, version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app.
-
-![Sign in to a device](images/phone-signin-menu.png)
-
-> [!NOTE]
-> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
-
-You can create a Group Policy or mobile device management (MDM) policy that will allow users to sign in to a work PC or their company's VPN using the credentials stored on their Windows 10 phone.
-
- ## Prerequisites
- 
- - Both phone and PC must be running Windows 10, version 1607.
- - The PC must be running Windows 10 Pro, Enterprise, or Education
- - Both phone and PC must have Bluetooth.
- - The **Microsoft Authenticator** app must be installed on the phone.
- - The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
- - The phone must be joined to Azure AD or have a work account added.
- - The VPN configuration profile must use certificate-based authentication.
- 
-## Set policies
-
-To enable phone sign-in, you must enable the following policies using Group Policy or MDM.
-
--  Group Policy: **Computer Configuration** or **User Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**
-    - Enable **Use Windows Hello for Business**
-    - Enable **Phone Sign-in**
-- MDM: 
-    - Set **UsePassportForWork** to **True**
-    - Set **Remote\UseRemotePassport** to **True**
-
-## Configure VPN 
-
-To enable phone sign-in to VPN, you must enable the [policy](#set-policies) for phone sign-in and ensure that VPN is configured as follows:
-
-- For inbox VPN, set up the VPN profile with Extensible Authentication Protocol (EAP) with the **Smart card or other certificate (TLS)** EAP type, also known as EAP-Transport Level Security (EAP-TLS). To exclusively access the VPN certificates on the phone, in the EAP filtering XML, add either **EKU** or **Issuer** (or both) filtering to make sure it picks only the Remote NGC certificate.
-- For a Universal Windows Platform (UWP) VPN plug-in, add filtering criteria based on the 3rd party mechanism for the Remote NGC Certificate.
-
-## Get the app
-
-If you want to distribute the **Microsoft Authenticator** app, your organization must have set up Windows Store for Business, with Microsoft added as a [Line of Business (LOB) publisher](../manage/working-with-line-of-business-apps.md).
-
-[Tell people how to sign in using their phone.](hello-prepare-people-to-use.md#bmk-remote)
-
-
-## Related topics
-
-- [Windows Hello for Business](hello-identity-verification.md)
-- [How Windows Hello for Business works](hello-how-it-works.md)
-- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
-- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
-- [Windows Hello and password changes](hello-and-password-changes.md)
-- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
-- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
-- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
-
-
- 
-
- 
-
-
-
-
-

windows/keep-secure/hello-errors-during-pin-creation.md

@@ -225,7 +225,6 @@ For errors listed in this table, contact Microsoft Support for assistance.
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)

windows/keep-secure/hello-event-300.md

@@ -37,7 +37,6 @@ This is a normal condition. No further action is required.
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)

windows/keep-secure/hello-how-it-works.md

@@ -112,7 +112,6 @@ Windows Hello depends on having compatible IDPs available to it. As of this writ
 
 - [Windows Hello for Business](hello-identity-verification.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)

windows/keep-secure/hello-identity-verification.md

@@ -72,10 +72,6 @@ Imagine that someone is looking over your shoulder as you get money from an ATM
 
 Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
 
-For customers using a hybrid Active Directory and Azure Active Directory environment, Windows Hello also enables Windows 10 Mobile devices to be used as [a remote credential](hello-prepare-people-to-use.md#bmk-remote) when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Windows Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Windows Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions.
-
-> [!NOTE]
->  Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
 
  
 ## How Windows Hello for Business works: key points
@@ -119,7 +115,6 @@ Windows Hello for Business can use either keys (hardware or software) or certifi
 
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)

windows/keep-secure/hello-manage-in-organization.md

@@ -134,13 +134,9 @@ The following table lists the Group Policy settings that you can configure for W
 <td><a href="hello-prepare-people-to-use.md#bmk-remote">Phone Sign-in</a></td>
 <td>
 <p>Use Phone Sign-in</p>
-<div class="alert"><b>Note</b>  Applies to desktop only. Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.</div>
-<div> </div>
 </td>
 <td>
-<p><b>Not configured</b>: Phone sign-in is disabled.</p>
+<p>Not currently supported.</p>
-<p><b>Enabled</b>: Users can use a portable, registered device as a companion device for desktop authentication.</p>
-<p><b>Disabled</b>: Phone sign-in is disabled.</p>
 </td>
 </tr>
 </table>
@@ -283,14 +279,11 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Remote</td>
 <td>
 <p>UseRemotePassport</p>
-<div class="alert"><b>Note</b>  Applies to desktop only. Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.</div>
-<div> </div>
 </td>
 <td>Device or user</td>
 <td>False</td>
 <td>
-<p>True: <a href="hello-prepare-people-to-use.md#bmk-remote">Phone sign-in</a> is enabled.</p>
+<p>Not currently supported.</p>
-<p>False: <a href="hello-prepare-people-to-use.md#bmk-remote">Phone sign-in</a> is disabled.</p>
 </td>
 </tr>
 </table>
@@ -381,7 +374,6 @@ If you want to use Windows Hello for Business with certificates, you’ll need a
 
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)

windows/keep-secure/hello-prepare-people-to-use.md

@@ -51,56 +51,13 @@ If your policy allows it, people can use biometrics (fingerprint, iris, and faci
 
 ![sign in to windows, apps, and services using fingerprint or face](images/hellosettings.png)
 
-## <a href="" id="bmk-remote"></a>Use a phone to sign in to a PC or VPN
 
-If your enterprise enables phone sign-in, users can pair a phone running Windows 10 Mobile to a PC running Windows 10 and then use an app on the phone to sign in to the PC using their Windows Hello credentials.
-
-> [!NOTE]
-> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
-
- 
-**Prerequisites:**
-   
-- Both phone and PC must be running Windows 10, version 1607.
-- The PC must be running Windows 10 Pro, Enterprise, or Education
-- Both phone and PC must have Bluetooth.
-- The **Microsoft Authenticator** app must be installed on the phone.
-- The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
-- The phone must be joined to Azure AD or have a work account added.
-- The VPN configuration profile must use certificate-based authentication.
-
-**Pair the PC and phone**
-
-1.  On the PC, go to **Settings** &gt; **Devices** &gt; **Bluetooth**. Tap the name of the phone and then tap **Pair** to begin pairing.
-
-    ![bluetooth pairing](images/btpair.png)
-    
-2.  On the phone, go to **Settings** &gt; **Devices** &gt; **Bluetooth**, and verify that the passcode for **Pairing accessory** on the phone matches the passcode displayed on the PC, and then tap **ok**.
-
-    ![bluetooth pairing passcode](images/bt-passcode.png)
-    
-3.  On the PC, tap **Yes**.
-
-**Sign in to PC using the phone**
-
-
-1.  Open the **Microsoft Authenticator** app, choose your account, and tap the name of the PC to sign in to.
-    > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account.
-    
-    ![select a device](images/phone-signin-device-select.png)
-     
-2.  Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account.
-
-**Connect to VPN**
-
-You simply connect to VPN as you normally would. If the phone's certificates are being used, a notification will be pushed to the phone asking if you approve. If you click **allow** in the notification, you will be prompted for your PIN. After you enter your PIN, the VPN session will connect. 
 
 ## Related topics
 
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
 - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)

windows/keep-secure/hello-why-pin-is-better-than-password.md

@@ -75,7 +75,6 @@ If you only had a biometric sign-in configured and, for any reason, were unable
 - [Windows Hello for Business](hello-identity-verification.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
-- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
 - [Windows Hello and password changes](hello-and-password-changes.md)
 - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)