deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2022-11-10 15:38:47 -05:00
parent ad3dd22648
commit f4948d3be7
10 changed files with 96 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
education/windows/federated-sign-in.md
View File

@ -57,7 +57,7 @@ To configure federated sign-in using Microsoft Intune, [create a custom profile]
To sign-in with a SAML 2.0 identity provider, your devices must be configured with different policies, which can be configured using Microsoft Intune. To sign-in with a SAML 2.0 identity provider, your devices must be configured with different policies, which can be configured using Microsoft Intune.
To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings: [!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)]
| Setting | | Setting |
|--------| |--------|
@ -68,7 +68,8 @@ To configure federated sign-in using Microsoft Intune, [create a custom profile]
:::image type="content" source="images/federated-sign-in-settings-intune.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-intune.png" border="true"::: :::image type="content" source="images/federated-sign-in-settings-intune.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-intune.png" border="true":::
Assign the policy to a security group that contains as members the devices that require federated sign-in. [!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
<!-- <!--
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)

18
education/windows/includes/intune-custom-settings-1.md Normal file
View File

@ -0,0 +1,18 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022
ms.topic: include
---
To configure devices with Microsoft Intune, use a custom policy:
> [!TIP]
> If you're browsing with an account that can create Intune policies, you can skip to step 5 by using this direct link to <a href="https://go.microsoft.com/fwlink/?linkid=2109431#view/Microsoft_Intune_DeviceSettings/CreatePolicyFullScreenBlade/policyId/00000000-0000-0000-0000-000000000000/policyType/Windows10Custom/policyJourneyState~/0" target="_blank"><b>create a custom policy</b></a> (opens in a new tab).
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
2. Select **Devices > Configuration profiles > Create profile**
3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom**
4. Select **Create**
5. Specify a **Name** and, optionally, a **Description > Next**
6. Add the following settings:

11
education/windows/includes/intune-custom-settings-2.md Normal file
View File

@ -0,0 +1,11 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022
ms.topic: include
---
7. Select **Next**
8. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
9. Under **Applicability Rules**, select **Next**
10. Review the policy configuration and select **Create**

8
education/windows/includes/intune-custom-settings-alternative.md Normal file
View File

@ -0,0 +1,8 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022
ms.topic: include
---
Alternatively, <a href="https://go.microsoft.com/fwlink/?linkid=2109431#view/Microsoft_Intune_DeviceSettings/CreatePolicyFullScreenBlade/policyId/00000000-0000-0000-0000-000000000000/policyType/Windows10Custom/policyJourneyState~/0" target="_blank"><b>create a custom policy</b></a> with the following settings:

8
education/windows/includes/intune-custom-settings-info.md Normal file
View File

@ -0,0 +1,8 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022
ms.topic: include
---
For more information about how to create custom settings using Intune, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).

18
education/windows/includes/intune-settings-catalog-1.md Normal file
View File

@ -0,0 +1,18 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022
ms.topic: include
---
To configure devices with Microsoft Intune, use the settings catalog:
> [!TIP]
> If you're browsing with an account that can create Intune policies, you can skip to step 5 by using this direct link to <a href="https://go.microsoft.com/fwlink/?linkid=2109431#view/Microsoft_Intune_Workflows/SettingsCatalogWizardBlade/mode/create/platform/Windows%2010%20and%20later/policyType/SettingsCatalogWindows10" target="_blank"><b>create a Settings catalog policy</b></a> (opens in a new tab).
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
2. Select **Devices > Configuration profiles > Create profile**
3. Select **Platform > Windows 10 and later** and **Profile type > Settings catalog**
4. Select **Create**
5. Specify a **Name** and, optionally, a **Description** > **Next**
6. In the settings picker, add the following settings:

11
education/windows/includes/intune-settings-catalog-2.md Normal file
View File

@ -0,0 +1,11 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022
ms.topic: include
---
7. Select **Next**
8. Optionally, add *scope tags* > **Next**
9. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
10. Review the policy configuration and select **Create**

8
education/windows/includes/intune-settings-catalog-info.md Normal file
View File

@ -0,0 +1,8 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 11/08/2022
ms.topic: include
---
For more information about how to create policies with the Intune settings catalog, see [Use the settings catalog to configure settings](/mem/intune/configuration/settings-catalog).

5
windows/security/identity-protection/hello-for-business/hello-how-it-works.md
View File

@ -11,13 +11,12 @@ ms.topic: article
localizationpriority: medium localizationpriority: medium
ms.date: 05/05/2018 ms.date: 05/05/2018
appliesto: appliesto:
-<b>Windows 10</b> -<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-<b>Windows 11</b>
ms.technology: itpro-security ms.technology: itpro-security
--- ---
# How Windows Hello for Business works in Windows Devices # How Windows Hello for Business works in Windows Devices
Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory-joined, Hybrid Azure Active Directory-joined, or Azure AD registered devices. Windows Hello for Business also works for domain joined devices. Windows Hello for Business is a two-factor credential that is a more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory-joined, Hybrid Azure Active Directory-joined, or Azure AD registered devices. Windows Hello for Business also works for domain joined devices.
Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features. Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features.
> [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8] > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8]

9
windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
View File

@ -11,14 +11,19 @@ ms.topic: article
localizationpriority: medium localizationpriority: medium
ms.date: 11/1/2022 ms.date: 11/1/2022
appliesto: appliesto:
-<b>Windows 10, version 21H2 and later</b> -<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10, version 21H2 and later</a>
-<b>Windows 11</b>
-<b>Hybrid deployment</b> -<b>Hybrid deployment</b>
-<b>Hybrid cloud Kerberos trust</b> -<b>Hybrid cloud Kerberos trust</b>
ms.technology: itpro-security ms.technology: itpro-security
--- ---
# Hybrid cloud Kerberos trust deployment # Hybrid cloud Kerberos trust deployment
**Deployment type:** [hybrid](hello-how-it-works-technology#hybrid-deployment)\
**Trust type:** [key trust](hello-hybrid-key-trust)\
**Trust type:** [cloud Kerberos trust](hello-hybrid-cloud-kerberos-trust)\
**Trust type:** [certificate trust](hello-hybrid-cert-trust)\
**Device registration type:** [Azure AD join](hello-how-it-works-technology#azure-active-directory-join), [Hybrid Azure AD join](hello-how-it-works-technology#hybrid-azure-ad-join)
Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario. Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario.
## Introduction to cloud Kerberos trust ## Introduction to cloud Kerberos trust