Update Windows Hello for Business links

2025-05-13 13:57:22 +00:00 · 2023-12-16 08:54:11 -05:00 · 2023-12-16 08:54:11 -05:00 · f6a4b8c0ba
commit f6a4b8c0ba
parent fe4efd0dc8
11 changed files with 14 additions and 14 deletions
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
@ -20,7 +20,7 @@ Hybrid environments are distributed systems that enable organizations to use on-
 This deployment guide describes how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
 > [!IMPORTANT]
-> Windows Hello for Business *cloud Kerberos trust* is the recommended deployment model when compared to the *key trust model*. It is also the recommended deployment model if you don't need to deploy certificates to the end users. For more information, see [cloud Kerberos trust deployment](../hybrid-cloud-kerberos-trust.md).
+> Windows Hello for Business *cloud Kerberos trust* is the recommended deployment model when compared to the *key trust model*. It is also the recommended deployment model if you don't need to deploy certificates to the end users. For more information, see [cloud Kerberos trust deployment](hybrid-cloud-kerberos-trust.md).
 It's recommended that you review the [Windows Hello for Business planning guide](../hello-planning-guide.md) prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions.
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
@ -45,7 +45,7 @@ When Microsoft Entra Kerberos is enabled in an Active Directory domain, an *Azur
 :::image type="content" source="images/azuread-kerberos-object.png" alt-text="Active Directory Users and Computers console, showing the computer object representing the Microsoft Entra Kerberos server ":::
 For more information about how Microsoft Entra Kerberos enables access to on-premises resources, see [enabling passwordless security key sign-in to on-premises resources][AZ-1].\
-For more information about how Microsoft Entra Kerberos works with Windows Hello for Business cloud Kerberos trust, see [Windows Hello for Business authentication technical deep dive](hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-cloud-kerberos-trust).
+For more information about how Microsoft Entra Kerberos works with Windows Hello for Business cloud Kerberos trust, see [Windows Hello for Business authentication technical deep dive](../hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-cloud-kerberos-trust).
 > [!IMPORTANT]
 > When implementing the cloud Kerberos trust deployment model, you *must* ensure that you have an adequate number of *read-write domain controllers* in each Active Directory site where users will be authenticating with Windows Hello for Business. For more information, see [Capacity planning for Active Directory][SERV-1].
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki.md
@ -53,6 +53,7 @@ Sign in using *Enterprise Administrator* equivalent credentials on a Windows Ser
 > [!IMPORTANT]
 > For Microsoft Entra joined devices to authenticate to on-premises resources, ensure to:
 >
 > - Install the root CA certificate in the device's trusted root certificate store. See [how to deploy a trusted certificate profile](/mem/intune/protect/certificates-trusted-root#to-create-a-trusted-certificate-profile) via Intune
 > - Publish your certificate revocation list to a location that is available to Microsoft Entra joined devices, such as a web-based URL
@ -74,7 +75,7 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
 1. Close the console
 > [!IMPORTANT]
-> If you plan to deploy **Microsoft Entra joined** devices, and require single sign-on (SSO) to on-premises resources when signing in with Windows Hello for Business, follow the procedures to [update your CA to include an http-based CRL distribution point](hello-hybrid-aadj-sso.md).
+> If you plan to deploy **Microsoft Entra joined** devices, and require single sign-on (SSO) to on-premises resources when signing in with Windows Hello for Business, follow the procedures to [update your CA to include an http-based CRL distribution point](../hello-hybrid-aadj-sso.md).
 ## Configure and deploy certificates to domain controllers
@ -89,6 +90,7 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
 Before moving to the next section, ensure the following steps are complete:
 > [!div class="checklist"]
 >
 > - Configure domain controller certificates
 > - Supersede existing domain controller certificates
 > - Unpublish superseded certificate templates
--- a/windows/security/identity-protection/hello-for-business/deploy/images/event358.png
+++ b/windows/security/identity-protection/hello-for-business/deploy/images/event358.png
--- a/windows/security/identity-protection/hello-for-business/deploy/index.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/index.md
@ -51,11 +51,11 @@ Following are the various deployment guides and models included in this topic:
 - [Microsoft Entra hybrid joined cloud Kerberos trust Deployment](hybrid-cloud-kerberos-trust.md)
 - [Microsoft Entra hybrid joined Key Trust Deployment](hybrid-key-trust.md)
 - [Microsoft Entra hybrid joined Certificate Trust Deployment](hybrid-cert-trust.md)
- [Microsoft Entra join Single Sign-on Deployment Guides](hello-hybrid-aadj-sso.md)
+- [Microsoft Entra join Single Sign-on Deployment Guides](../hello-hybrid-aadj-sso.md)
 - [On Premises Key Trust Deployment](hybrid-cloud-kerberos-trust.md)
 - [On Premises Certificate Trust Deployment](on-premises-cert-trust.md)
-For Windows Hello for Business hybrid [certificate trust prerequisites](/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust#directory-synchronization) and [key trust prerequisites](/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust#directory-synchronization) deployments, you'll need Microsoft Entra Connect to synchronize user accounts in the on-premises Active Directory with Microsoft Entra ID. For on-premises deployments, both key and certificate trust, use the Azure MFA server where the credentials aren't synchronized to Microsoft Entra ID. Learn how to [deploy Multifactor Authentication Services (MFA) for key trust](on-premises-key-trust-mfa.md) and [for certificate trust](deploy/on-premises-cert-trust-mfa.md) deployments.
+For Windows Hello for Business hybrid [certificate trust prerequisites](/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust#directory-synchronization) and [key trust prerequisites](/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust#directory-synchronization) deployments, you'll need Microsoft Entra Connect to synchronize user accounts in the on-premises Active Directory with Microsoft Entra ID. For on-premises deployments, both key and certificate trust, use the Azure MFA server where the credentials aren't synchronized to Microsoft Entra ID. Learn how to [deploy Multifactor Authentication Services (MFA) for key trust](on-premises-key-trust-mfa.md) and [for certificate trust](on-premises-cert-trust-mfa.md) deployments.
 ## Provisioning
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@ -25,9 +25,7 @@ The Windows Hello authenticator works to authenticate and allow employees onto y
 Windows Hello provides many benefits, including:
 - It helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it's much more difficult to gain access without the employee's knowledge.
 - Employees get a simple authentication method (backed up with a PIN) that's always with them, so there's nothing to lose. No more forgetting passwords!
 - Support for Windows Hello is built into the operating system so you can add additional biometric devices and policies as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.<br>For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](hello-manage-in-organization.md) topic.
 ## Where is Windows Hello data stored?
@ -80,7 +78,7 @@ To use Iris authentication, you'll need a [HoloLens 2 device](/hololens/). All H
 ## Related topics
- [Windows Hello for Business](requirements.md)
+- [Windows Hello for Business](deploy/requirements.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@ -106,7 +106,7 @@ In Windows 10 and Windows 11, cloud experience host is an application used while
 ### Related to cloud experience host
- [Windows Hello for Business](requirements.md)
+- [Windows Hello for Business](deploy/requirements.md)
 - [Managed Windows Hello in organization](hello-manage-in-organization.md)
 ### More information on cloud experience host
@ -131,7 +131,7 @@ Giving the simplicity offered by this model, cloud Kerberos trust is the recomme
 ### More information about cloud Kerberos trust
-[Cloud Kerberos trust deployment](hybrid-cloud-kerberos-trust.md)
+[Cloud Kerberos trust deployment](deploy/hybrid-cloud-kerberos-trust.md)
 ## Deployment type
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@ -44,7 +44,7 @@ For more information read [how authentication works](hello-how-it-works-authenti
 ## Related topics
 - [Technology and Terminology](hello-how-it-works-technology.md)
- [Windows Hello for Business](requirements.md)
+- [Windows Hello for Business](deploy/requirements.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
 - [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@ -82,7 +82,7 @@ It's fundamentally important to understand which deployment model to use for a s
 A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory.  There are two trust types: key trust and certificate trust.
 > [!NOTE]
-> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Microsoft Entra hybrid joined devices and on-premises resource access on Microsoft Entra joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](hybrid-cloud-kerberos-trust.md).
+> Windows Hello for Business introduced a new trust model called cloud Kerberos trust, in early 2022. This model enables deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Microsoft Entra hybrid joined devices and on-premises resource access on Microsoft Entra joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). For more information, see [Hybrid Cloud Kerberos Trust Deployment](deploy/hybrid-cloud-kerberos-trust.md).
 The key trust type doesn't require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
--- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
+++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
@ -44,7 +44,7 @@ If your policy allows it, people can use biometrics (fingerprint, iris, and faci
 ## Related topics
- [Windows Hello for Business](requirements.md)
+- [Windows Hello for Business](deploy/requirements.md)
 - [How Windows Hello for Business works](hello-how-it-works.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
 - [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)