From 9598eeac99ec0e979a16449f170f069910dbb5a9 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 17 Nov 2022 13:32:15 -0500 Subject: [PATCH 01/25] bulk metadata updates --- .../feature-multifactor-unlock.md | 31 +++++-------------- .../hello-aad-join-cloud-only-deploy.md | 14 ++------- .../hello-adequate-domain-controllers.md | 20 +++--------- .../hello-and-password-changes.md | 12 +------ .../hello-biometrics-in-enterprise.md | 14 +-------- .../hello-cert-trust-adfs.md | 21 ++++--------- .../hello-cert-trust-policy-settings.md | 24 +++++--------- .../hello-cert-trust-validate-ad-prereq.md | 23 +++++--------- .../hello-cert-trust-validate-deploy-mfa.md | 17 +++------- .../hello-cert-trust-validate-pki.md | 25 +++++---------- .../hello-deployment-cert-trust.md | 17 +++------- .../hello-deployment-guide.md | 17 ++-------- .../hello-deployment-issues.md | 18 ++--------- .../hello-deployment-key-trust.md | 16 ++-------- .../hello-deployment-rdp-certs.md | 19 +++--------- .../hello-errors-during-pin-creation.md | 12 +------ .../hello-for-business/hello-event-300.md | 12 +------ .../hello-for-business/hello-faq.yml | 5 ++- .../hello-feature-conditional-access.md | 11 ++----- .../hello-feature-dual-enrollment.md | 12 ++----- .../hello-feature-dynamic-lock.md | 12 +------ .../hello-feature-pin-reset.md | 11 +------ .../hello-feature-remote-desktop.md | 14 ++------- .../hello-how-it-works-authentication.md | 12 +------ .../hello-how-it-works-provisioning.md | 12 +------ .../hello-how-it-works-technology.md | 12 +------ .../hello-for-business/hello-how-it-works.md | 13 ++------ .../hello-hybrid-aadj-sso-base.md | 19 +++--------- .../hello-hybrid-aadj-sso-cert.md | 18 +++-------- .../hello-hybrid-aadj-sso.md | 12 +------ .../hello-hybrid-cert-new-install.md | 16 ++-------- .../hello-hybrid-cert-trust-devreg.md | 16 ++-------- .../hello-hybrid-cert-trust-prereqs.md | 16 ++-------- .../hello-hybrid-cert-trust.md | 16 ++-------- .../hello-hybrid-cert-whfb-provision.md | 16 ++-------- .../hello-hybrid-cert-whfb-settings-ad.md | 16 ++-------- .../hello-hybrid-cert-whfb-settings-adfs.md | 16 ++-------- ...ello-hybrid-cert-whfb-settings-dir-sync.md | 16 ++-------- .../hello-hybrid-cert-whfb-settings-pki.md | 16 ++-------- .../hello-hybrid-cert-whfb-settings-policy.md | 16 ++-------- .../hello-hybrid-cert-whfb-settings.md | 16 ++-------- .../hello-hybrid-cloud-kerberos-trust.md | 13 ++------ .../hello-hybrid-key-new-install.md | 16 ++-------- .../hello-hybrid-key-trust-devreg.md | 16 ++-------- .../hello-hybrid-key-trust-dirsync.md | 16 ++-------- .../hello-hybrid-key-trust-prereqs.md | 15 ++------- .../hello-hybrid-key-trust.md | 16 ++-------- .../hello-hybrid-key-whfb-provision.md | 16 ++-------- .../hello-hybrid-key-whfb-settings-ad.md | 19 +++--------- ...hello-hybrid-key-whfb-settings-dir-sync.md | 16 ++-------- .../hello-hybrid-key-whfb-settings-pki.md | 16 ++-------- .../hello-hybrid-key-whfb-settings-policy.md | 16 ++-------- .../hello-hybrid-key-whfb-settings.md | 16 ++-------- .../hello-identity-verification.md | 10 ++---- .../hello-key-trust-adfs.md | 16 ++-------- .../hello-key-trust-policy-settings.md | 16 ++-------- .../hello-key-trust-validate-ad-prereq.md | 16 ++-------- .../hello-key-trust-validate-deploy-mfa.md | 16 ++-------- .../hello-key-trust-validate-pki.md | 16 ++-------- .../hello-manage-in-organization.md | 17 ++-------- .../hello-for-business/hello-overview.md | 13 ++------ .../hello-planning-guide.md | 13 +------- .../hello-prepare-people-to-use.md | 12 +------ .../hello-for-business/hello-videos.md | 12 +------ .../hello-why-pin-is-better-than-password.md | 17 +++------- .../microsoft-compatible-security-key.md | 11 ++----- .../passwordless-strategy.md | 13 ++------ .../hello-for-business/reset-security-key.md | 11 ++----- .../retired/hello-how-it-works.md | 7 ----- .../hello-for-business/webauthn-apis.md | 12 +------ 70 files changed, 198 insertions(+), 872 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 9217ed606d..46f6f0864a 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -1,37 +1,22 @@ --- title: Multi-factor Unlock description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 03/20/2018 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Multi-factor Unlock -**Requirements:** -* Windows Hello for Business deployment (Cloud, Hybrid or On-premises) -* Azure AD, Hybrid Azure AD, or Domain Joined (Cloud, Hybrid, or On-Premises deployments) -* Windows 10, version 1709 or newer, or Windows 11 -* Bluetooth, Bluetooth capable phone - optional +Windows Hello for Business supports the use of a single credential (PIN and biometrics) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system. -Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system. - -Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure their Windows to request a combination of factors and trusted signals to unlock their devices. +Windows Hello for Business can be configured with multi-factor device unlock, by extending Windows Hello with trusted signals. Administrators can configure devices to request a combination of factors and trusted signals to unlock theim. Which organizations can take advantage of Multi-factor unlock? Those who: -* Have expressed that PINs alone do not meet their security needs. -* Want to prevent Information Workers from sharing credentials. -* Want their organizations to comply with regulatory two-factor authentication policy. -* Want to retain the familiar Windows sign-in user experience and not settle for a custom solution. + +- Have expressed that PINs alone do not meet their security needs +- Want to prevent Information Workers from sharing credentials +- Want their organizations to comply with regulatory two-factor authentication policy +- Want to retain the familiar Windows sign-in user experience and not settle for a custom solution You enable multi-factor unlock using Group Policy. The **Configure device unlock factors** policy setting is located under **Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business**. diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index d42b632977..f04c072a6a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -1,25 +1,15 @@ --- title: Azure Active Directory join cloud only deployment description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 06/23/2021 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Azure Active Directory join cloud only deployment ## Introduction -When you Azure Active Directory (Azure AD) join a Windows 10 or Windows 11 device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud only environment, then there's no additional configuration needed. +When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, then there's no additional configuration needed. You may wish to disable the automatic Windows Hello for Business enrollment prompts if you aren't ready to use it in your environment. Instructions on how to disable Windows Hello for Business enrollment in a cloud only environment are included below. diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index edcdd4c52f..b6124a33ba 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -1,22 +1,12 @@ --- title: Having enough Domain Controllers for Windows Hello for Business deployments description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/20/2018 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz -appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Windows Server 2016 or later - - ✅ Hybrid or On-Premises deployment - - ✅ Key trust -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +- ✅ Hybrid or On-Premises deployment +- ✅ Key trust --- # Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index 8f6de2d563..f4a5e6fa2a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -1,19 +1,9 @@ --- title: Windows Hello and password changes (Windows) description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello. -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -ms.localizationpriority: medium ms.date: 07/27/2017 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Windows Hello and password changes diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index df42f82380..ae041ff38e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -1,21 +1,9 @@ --- title: Windows Hello biometrics in the enterprise (Windows) description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition. -ms.prod: windows-client -ms.collection: - - M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 01/12/2021 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Windows Holographic for Business -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Windows Hello biometrics in the enterprise diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 20352aa60a..cd1dff1b31 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -1,25 +1,16 @@ --- title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business) description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 01/14/2021 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployments - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +- ✅ On-premises deployments +- ✅ Certificate trust --- -# Prepare and Deploy Windows Server 2016 Active Directory Federation Services - Certificate Trust +# Prepare and Deploy Active Directory Federation Services (AD FS) -Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority. +Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS). The on-premises certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority. The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 760d69ed2e..b21b51ec41 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -1,28 +1,20 @@ --- title: Configure Windows Hello for Business Policy settings - certificate trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings. -ms.prod: windows-client ms.collection: - - M365-identity-device-management - - highpri -ms.topic: article -localizationpriority: medium +- M365-identity-device-management +- highpri ms.date: 08/20/2018 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployments - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +- ✅ On-premises deployments +- ✅ Certificate trust --- # Configure Windows Hello for Business Policy settings - Certificate Trust -You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). -Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. +To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). +Install the Remote Server Administration Tools for Windows on a computer running Windows 10 or later. On-premises certificate-based deployments of Windows Hello for Business needs three Group Policy settings: * Enable Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index c324b543eb..e04e653285 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -1,25 +1,16 @@ --- title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business) description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model. -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployments - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +- ✅ On-premises deployments +- ✅ Certificate trust --- # Validate Active Directory prerequisites for cert-trust deployment -The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. +The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. > [!NOTE] > If you already have a Windows Server 2016 or later domain controller in your forest, you can skip the "Updating the Schema" and "Create the KeyCredential Admins Security Global Group" steps that follow. @@ -30,7 +21,9 @@ Manually updating Active Directory uses the command-line utility **adprep.exe** To locate the schema master role holder, open and command prompt and type: -```Netdom query fsmo | findstr -i “schema”``` +```cmd +netdom.exe query fsmo | findstr.exe -i "schema" +``` ![Netdom example output.](images/hello-cmd-netdom.png) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 38589541ad..13cbf44028 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -1,21 +1,12 @@ --- title: Validate and Deploy MFA for Windows Hello for Business with certificate trust description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployments - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +- ✅ On-premises deployments +- ✅ Certificate trust --- # Validate and Deploy Multi-Factor Authentication feature diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 15298bba55..97a8f8eff1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -1,21 +1,12 @@ --- title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model. -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployments - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +- ✅ On-premises deployments +- ✅ Certificate trust --- # Validate and Configure Public Key Infrastructure - Certificate Trust Model @@ -23,7 +14,7 @@ Windows Hello for Business must have a public key infrastructure regardless of t ## Deploy an enterprise certificate authority -This guide assumes most enterprise have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. +This guide assumes most enterprise have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running Active Directory Certificate Services. ### Lab-based public key infrastructure @@ -34,13 +25,13 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o >[!NOTE] >Never install a certificate authority on a domain controller in a production environment. -1. Open an elevated Windows PowerShell prompt. -2. Use the following command to install the Active Directory Certificate Services role. +1. Open an elevated Windows PowerShell prompt +2. Use the following command to install the Active Directory Certificate Services role ```PowerShell Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools ``` -3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration. +3. Use the following command to configure the Certificate Authority using a basic certificate authority configuration ```PowerShell Install-AdcsCertificationAuthority ``` diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index 0c3dce349f..becc2d4809 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -1,21 +1,12 @@ --- title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment description: A guide to on premises, certificate trust Windows Hello for Business deployment. -ms.prod: windows-client -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 -author: paolomatarazzo -ms.author: paoloma -ms.reviewer: prsriva -manager: aaroncz appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployments - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +- ✅ On-premises deployments +- ✅ Certificate trust --- # On Premises Certificate Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index e760eecda3..2241d9369c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -1,25 +1,12 @@ --- title: Windows Hello for Business Deployment Overview description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: - - M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 02/15/2022 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # Windows Hello for Business Deployment Overview -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 - Windows Hello for Business is the springboard to a world without passwords. It replaces username and password sign-in to Windows with strong user authentication based on an asymmetric key pair. This deployment overview is to guide you through deploying Windows Hello for Business. Your first step should be to use the Passwordless Wizard in the [Microsoft 365 admin center](https://admin.microsoft.com/AdminPortal/Home#/modernonboarding/passwordlesssetup) or the [Planning a Windows Hello for Business Deployment](hello-planning-guide.md) guide to determine the right deployment model for your organization. diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index b64a57e89f..bc93c04d1a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -1,17 +1,9 @@ --- title: Windows Hello for Business Deployment Known Issues description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues -params: siblings_only -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 05/03/2021 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # Windows Hello for Business Known Deployment Issues @@ -19,12 +11,6 @@ The content of this article is to help troubleshoot and workaround known deploym ## PIN Reset on Azure AD Join Devices Fails with "We can't open that page right now" error -Applies to: - -- Azure AD joined deployments -- Windows 10, version 1803 and later -- Windows 11 - PIN reset on Azure AD-joined devices uses a flow called web sign-in to authenticate the user above lock. Web sign in only allows navigation to specific domains. If it attempts to navigate to a domain that is not allowed it will show a page with the error message "We can't open that page right now". ### Identifying Azure AD joined PIN Reset Allowed Domains Issue diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 770fc668c9..947b069ead 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -1,21 +1,11 @@ --- title: Windows Hello for Business Deployment Guide - On Premises Key Deployment description: A guide to on premises, key trust Windows Hello for Business deployment. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/20/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ On-premises deployment +- ✅ Key trust --- # On Premises Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 85e91958b3..7cb2ac45f2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -1,24 +1,15 @@ --- title: Deploying Certificates to Key Trust Users to Enable RDP description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: +ms.collection: - M365-identity-device-management - ContentEngagementFY23 -ms.topic: article -localizationpriority: medium ms.date: 02/22/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust - - ✅ Cloud Kerberos trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust +- ✅ Kerberos trust --- # Deploy Certificates to Key Trust and Cloud Kerberos Trust Users to Enable RDP diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 28bab60966..e1b28aec6f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -1,20 +1,10 @@ --- title: Windows Hello errors during PIN creation (Windows) description: When you set up Windows Hello in Windows 10/11, you may get an error during the Create a work PIN step. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: - - M365-identity-device-management ms.topic: troubleshooting -ms.localizationpriority: medium ms.date: 05/05/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Windows Hello errors during PIN creation diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index 32ec0a5204..3445d17de7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -1,19 +1,9 @@ --- title: Event ID 300 - Windows Hello successfully created (Windows) description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -ms.localizationpriority: medium ms.date: 07/27/2017 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Event ID 300 - Windows Hello successfully created diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 919393f45a..72a6edeb6c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -18,9 +18,8 @@ metadata: ms.topic: faq localizationpriority: medium ms.date: 11/11/2022 - appliesto: - - ✅ Windows 10 - - ✅ Windows 11 + appliesto: + - ✅ Windows 10 and later title: Windows Hello for Business Frequently Asked Questions (FAQ) summary: | diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index 8ac9d29d9f..871014cd04 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -1,16 +1,9 @@ --- title: Conditional Access description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 09/09/2019 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # Conditional access diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md index 24c66f9452..9ba5926a91 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md @@ -1,16 +1,9 @@ --- title: Dual Enrollment description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 09/09/2019 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # Dual Enrollment @@ -19,7 +12,6 @@ ms.technology: itpro-security * Hybrid and On-premises Windows Hello for Business deployments * Enterprise joined or Hybrid Azure joined devices -* Windows 10, version 1709 or later * Certificate trust > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index bb878fcd09..dcf545e006 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -1,19 +1,9 @@ --- title: Dynamic lock description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 07/12/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Dynamic lock diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index b50e72d0ef..03bc5a21e2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -1,21 +1,12 @@ --- title: Pin Reset description: Learn how Microsoft PIN reset services enable you to help users recover who have forgotten their PIN. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri -ms.topic: article -localizationpriority: medium ms.date: 07/29/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # PIN reset diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 31cdaa7534..e5b7695a44 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -1,24 +1,14 @@ --- title: Remote Desktop description: Learn how Windows Hello for Business supports using biometrics with remote desktop -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 02/24/2021 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # Remote Desktop **Requirements** - -- Windows 10 -- Windows 11 - Hybrid and On-premises Windows Hello for Business deployments - Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index d3817c3e30..85c10f66aa 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -1,19 +1,9 @@ --- title: How Windows Hello for Business works - Authentication description: Learn about the authentication flow for Windows Hello for Business. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 02/15/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Windows Hello for Business and Authentication diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index ab75ccda70..6f2759317a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -1,19 +1,9 @@ --- title: How Windows Hello for Business works - Provisioning description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 2/15/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Windows Hello for Business Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 719c27216d..ac9ba6f543 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -1,19 +1,9 @@ --- title: How Windows Hello for Business works - technology and terms description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 10/08/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Technology and terms diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 03559c9e2e..5825272226 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -1,18 +1,9 @@ --- title: How Windows Hello for Business works description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 05/05/2018 -appliesto: - - ✅ Windows 10 and later -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # How Windows Hello for Business works in Windows Devices diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index ce22c81e4f..2d63cb7ea1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -1,23 +1,12 @@ --- title: Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: - - M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 01/14/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Azure Active Directory-join - - ✅ Hybrid Deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Azure Active Directory-join +- ✅ Hybrid Deployment +- ✅ Key trust --- # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business ## Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 441651ecdb..eefcba7216 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -1,22 +1,12 @@ --- title: Using Certificates for AADJ On-premises Single-sign On single sign-on description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Azure AD-join - - ✅ Hybrid Deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Azure AD-join +- ✅ Hybrid Deployment +- ✅ Certificate trust --- # Using Certificates for AADJ On-premises Single-sign On diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 8d2c2d3eb7..98dce19398 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -1,19 +1,9 @@ --- title: Azure AD Join Single Sign-on Deployment description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Azure AD Join Single Sign-on Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index d68fe373c4..6487009814 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -1,21 +1,11 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business) description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 912929f030..fa8a682240 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -1,21 +1,11 @@ --- title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business) -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index f3bd6859f8..20f1bc0cb9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -1,21 +1,11 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Prerequisites description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index fbf527bf4b..f5f928cb66 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -1,21 +1,11 @@ --- title: Hybrid Certificate Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 09/08/2017 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Certificate Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 191ad50880..18ff1dd093 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -1,21 +1,11 @@ --- title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business) description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 82c2369b6c..1ee7112806 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -1,21 +1,11 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD) description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 55a8c1fe51..5754075f43 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -1,21 +1,11 @@ --- title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS) description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 9340b2698b..067d4d62ae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -1,21 +1,11 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 0c6e6e4808..9d6cebfeeb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -1,21 +1,11 @@ --- title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI) description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 9665843315..77db693336 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -1,21 +1,11 @@ --- title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index 68da777df7..f38bd88bac 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -1,21 +1,11 @@ --- title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business) description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Certificate trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index d9cd8d2065..676efc7b24 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -1,18 +1,9 @@ --- title: Hybrid cloud Kerberos trust deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 11/1/2022 -appliesto: - - ✅ Windows 10, version 21H2 and later -ms.technology: itpro-security +appliesto: +- ✅ Windows 10, version 21H2 and later --- # Hybrid cloud Kerberos trust deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 98e359fe83..2633e3f741 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -1,21 +1,11 @@ --- title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 60421b9698..88f53c5fe8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -1,21 +1,11 @@ --- title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 05/04/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 883e949f0a..c779439d55 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -1,21 +1,11 @@ --- title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index a91f625b7b..e0749f2c7b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -1,20 +1,11 @@ --- title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business) description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index addf5f5a20..36b9dcf90e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -1,21 +1,11 @@ --- title: Hybrid Key Trust Deployment (Windows Hello for Business) description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/20/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Hybrid Azure AD joined Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 85b0134eed..b2bd711554 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -1,21 +1,11 @@ --- title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business) description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning ## Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index eefcf80dae..943bca7182 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -1,24 +1,13 @@ --- title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD) description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 -ms.technology: itpro-security ---- -# Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory -appliesto: -- ✅ Windows 10 -- ✅ Windows 11 +appliesto: +- ✅ Windows 10 and later - ✅ Hybrid deployment - ✅ Key trust - +--- +# Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 4a6cacda34..4e675c0dfa 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -1,21 +1,11 @@ --- title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 7d80a9ac21..8a5507d1a4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -1,21 +1,11 @@ --- title: Configure Hybrid Azure AD joined key trust Windows Hello for Business description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI) -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 04/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 6d891a5b53..40da24b21e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -1,21 +1,11 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Configuring Hybrid key trust Windows Hello for Business - Group Policy -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 48fe302c63..7201f1f674 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -1,21 +1,11 @@ --- title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 4/30/2021 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Hybrid deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 1b10ff4e76..dfcc189814 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -1,18 +1,12 @@ --- title: Windows Hello for Business Deployment Prerequisite Overview description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri -ms.topic: article -localizationpriority: medium ms.date: 2/15/2022 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # Windows Hello for Business Deployment Prerequisite Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index b9d46ebca9..675b94f610 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -1,21 +1,11 @@ --- title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business) description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ On-premises deployment +- ✅ Key trust --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 090e46cd72..3366c3c6fe 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -1,21 +1,11 @@ --- title: Configure Windows Hello for Business Policy settings - key trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ On-premises deployment +- ✅ Key trust --- # Configure Windows Hello for Business Policy settings - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index a7cf2a4367..ff36b79944 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -1,21 +1,11 @@ --- title: Key registration for on-premises deployment of Windows Hello for Business description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ On-premises deployment +- ✅ Key trust --- # Validate Active Directory prerequisites - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 42ee5bdd01..cdeaa17371 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -1,21 +1,11 @@ --- title: Validate and Deploy MFA for Windows Hello for Business with key trust description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ On-premises deployment +- ✅ Key trust --- # Validate and Deploy Multifactor Authentication (MFA) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 5a4c114b16..3c7e014781 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -1,21 +1,11 @@ --- title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ On-premises deployment - - ✅ Key trust -ms.technology: itpro-security +- ✅ Windows 10 and later +- ✅ On-premises deployment +- ✅ Key trust --- # Validate and Configure Public Key Infrastructure - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index ef4ec913e4..999c14ebb6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -1,31 +1,20 @@ --- title: Manage Windows Hello in your organization (Windows) description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri -ms.topic: article -ms.localizationpriority: medium ms.date: 2/15/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Manage Windows Hello for Business in your organization -You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10. +You can create a Group Policy or mobile device management (MDM) policy to configure Windows Hello for Business on Windows devices. >[!IMPORTANT] ->The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. -> ->Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. +>Windows Hello as a convenience PIN is disabled by default on all domain joined and Azure AD joined devices. To enable a convenience PIN, enable the Group Policy setting **Turn on convenience PIN sign-in**. > >Use **PIN Complexity** policy settings to manage PINs for Windows Hello for Business. diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index eb85e9ca3b..87ec948d71 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -1,25 +1,16 @@ --- title: Windows Hello for Business Overview (Windows) description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri ms.topic: conceptual -localizationpriority: medium appliesto: - - ✅ Windows 10 - - ✅ Windows 11 - - ✅ Windows Holographic for Business -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Windows Hello for Business Overview -In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. +Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This authentication consists of a type of user credential that is tied to a device and uses a biometric or PIN. >[!NOTE] > When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 36ba184666..38bfb65c9e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -1,20 +1,9 @@ --- title: Planning a Windows Hello for Business Deployment description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: - - M365-identity-device-management -ms.topic: article -localizationpriority: conceptual ms.date: 09/16/2020 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Planning a Windows Hello for Business Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 78291dadbd..0507784ebf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -1,19 +1,9 @@ --- title: Prepare people to use Windows Hello (Windows) description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 08/19/2018 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Prepare people to use Windows Hello diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 3a99c148bd..6ba70daf7c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -1,19 +1,9 @@ --- title: Windows Hello for Business Videos description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 07/26/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Windows Hello for Business Videos ## Overview of Windows Hello for Business and Features diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 68cc9b2ecd..4796b54592 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -1,26 +1,17 @@ --- title: Why a PIN is better than an online password (Windows) -description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva +description: Windows Hello enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password. ms.collection: - M365-identity-device-management - highpri -ms.topic: article -ms.localizationpriority: medium ms.date: 10/23/2017 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Why a PIN is better than an online password -Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a local password? -On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: `local` passwords are validated against the machine's password store, whereas `online` passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password. +Windows Hello enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a local password? +On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: `local` passwords are validated against the machine's password store, whereas `online` passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password. Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than an online password. diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index a446e2b52f..18556c7ba1 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -1,16 +1,9 @@ --- title: Microsoft-compatible security key description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 11/14/2018 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # What is a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 5c2b1147af..3d5adbc09e 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -1,24 +1,15 @@ --- title: Password-less strategy description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management ms.topic: conceptual -localizationpriority: medium ms.date: 05/24/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # Password-less strategy -This article describes Windows' password-less strategy. Learn how Windows Hello for Business implements this strategy in Windows 10 and Windows 11. +This article describes Windows' password-less strategy and how Windows Hello for Business implements this strategy. ## Four steps to password freedom diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index bf8a6a57bf..030ced19fb 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -1,16 +1,9 @@ --- title: Reset-security-key description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 11/14/2018 -ms.technology: itpro-security +appliesto: +- ✅ Windows 10 and later --- # How to reset a Microsoft-compatible security key? > [!Warning] diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 4653d23331..5ac3fa463f 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -1,17 +1,10 @@ --- title: How Windows Hello for Business works (Windows) description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business. -ms.prod: windows-client -ms.localizationpriority: high -author: paolomatarazzo -ms.author: paoloma ms.date: 10/16/2017 -manager: aaroncz -ms.topic: article appliesto: - ✅ Windows 10 - ✅ Windows 11 -ms.technology: itpro-security --- # How Windows Hello for Business works in Windows devices diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md index afac158d28..415ba509b3 100644 --- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md +++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md @@ -1,19 +1,9 @@ --- title: WebAuthn APIs description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: prsriva -ms.collection: M365-identity-device-management -ms.topic: article -localizationpriority: medium ms.date: 09/15/2022 appliesto: - - ✅ Windows 10 - - ✅ Windows 11 -ms.technology: itpro-security +- ✅ Windows 10 and later --- # WebAuthn APIs for passwordless authentication on Windows From 77eaa033f9a7de0918f3e170730b577aa5b6a48f Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 17 Nov 2022 16:46:47 -0500 Subject: [PATCH 02/25] updates --- .../hello-deployment-key-trust.md | 4 ++-- .../includes/hello-on-premises-key-trust.md | 8 ++++++++ windows/security/includes/hello-template.md | 13 +++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 windows/security/includes/hello-on-premises-key-trust.md create mode 100644 windows/security/includes/hello-template.md diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 77fdd72a63..3350a8b6d4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -4,11 +4,11 @@ description: A guide to on premises, key trust Windows Hello for Business deploy ms.date: 08/20/2018 appliesto: - ✅ Windows 10 and later -- ✅ On-premises deployment -- ✅ Key trust --- # On Premises Key Trust Deployment +[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)] + Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment. Below, you can find all the information you need to deploy Windows Hello for Business in a key trust model in your on-premises environment: diff --git a/windows/security/includes/hello-on-premises-key-trust.md b/windows/security/includes/hello-on-premises-key-trust.md new file mode 100644 index 0000000000..cd6241fa72 --- /dev/null +++ b/windows/security/includes/hello-on-premises-key-trust.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\ +✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\ +✅ **Device registration type:** Active Directory domain join + +
+ +--- diff --git a/windows/security/includes/hello-template.md b/windows/security/includes/hello-template.md new file mode 100644 index 0000000000..2650d3e865 --- /dev/null +++ b/windows/security/includes/hello-template.md @@ -0,0 +1,13 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [cloud-only](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\ +✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\ +✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\ +✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\ +✅ **Device registration type:** Active Directory domain join\ +✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)\ +✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)\ +✅ **Device registration type:** [Azure AD registration](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-ad-registration)\ + +--- From 35652b7eeb133a747a7361f6e3eb5be5ff4a3269 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 17 Nov 2022 17:28:32 -0500 Subject: [PATCH 03/25] key trust updates --- .../hello-deployment-rdp-certs.md | 6 - .../hello-how-it-works-technology.md | 2 +- .../hello-key-trust-adfs.md | 4 +- .../hello-key-trust-policy-settings.md | 9 +- .../hello-key-trust-validate-ad-prereq.md | 6 +- .../hello-key-trust-validate-deploy-mfa.md | 4 +- .../hello-key-trust-validate-pki.md | 4 +- .../hello-for-business/toc.yml | 118 +++++++++--------- 8 files changed, 73 insertions(+), 80 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 282264de1e..93e2a47b86 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -1,13 +1,7 @@ --- title: Deploy certificates for remote desktop sign-in description: Learn how to deploy certificates to cloud Kerberos trust and key trust users, to enable remote desktop sign-in with supplied credentials. -ms.prod: windows-client -author: paolomatarazzo -ms.author: paoloma -manager: aaroncz -ms.reviewer: erikdau ms.collection: - - M365-identity-device-management - ContentEngagementFY23 ms.topic: how-to localizationpriority: medium diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index ac9ba6f543..b8609c2ae3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -184,7 +184,7 @@ If your environment has an on-premises AD footprint and you also want benefit fr ## Hybrid deployment -The Windows Hello for Business hybrid deployment is for organizations that have both on-premises and cloud resources that are accessed using a managed or federated identity that's synchronized with Azure AD. Hybrid deployments support devices that are Azure AD-registered, Azure AD-joined, and hybrid Azure AD-joined. The Hybrid deployment model supports two trust types for on-premises authentication, key trust and certificate trust. +The Windows Hello for Business hybrid deployment is for organizations that have both on-premises and cloud resources that are accessed using a managed or federated identity that's synchronized with Azure AD. Hybrid deployments support devices that are Azure AD-registered, Azure AD-joined, and hybrid Azure AD-joined. The Hybrid deployment model supports three trust types for on-premises authentication: cloud Kerberos trust, key trust and certificate trust. ### Related to hybrid deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 675b94f610..c32b9f41df 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -4,11 +4,11 @@ description: How to Prepare and Deploy Windows Server 2016 Active Directory Fede ms.date: 08/19/2018 appliesto: - ✅ Windows 10 and later -- ✅ On-premises deployment -- ✅ Key trust --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust +[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)] + Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration. The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 3366c3c6fe..7507f0ee07 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -4,15 +4,14 @@ description: Configure Windows Hello for Business Policy settings for Windows He ms.date: 08/19/2018 appliesto: - ✅ Windows 10 and later -- ✅ On-premises deployment -- ✅ Key trust --- # Configure Windows Hello for Business Policy settings - Key Trust -You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). -Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. +[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)] -Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows 10, version 1703 installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. +To run the Group Policy Management Console from a Windows client, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). + +Alternatively, you can create a copy of the .ADMX and .ADML files from a Windows client installation setup template folder to their respective language folder on a Windows Server, or you can create a Group Policy Central Store and copy them their respective language folder. See [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for more information. On-premises certificate-based deployments of Windows Hello for Business needs one Group Policy setting: Enable Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index ff36b79944..9be31d0bba 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -4,12 +4,12 @@ description: How to Validate Active Directory prerequisites for Windows Hello fo ms.date: 08/19/2018 appliesto: - ✅ Windows 10 and later -- ✅ On-premises deployment -- ✅ Key trust --- # Validate Active Directory prerequisites - Key Trust -Key trust deployments need an adequate number of 2016 or later domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md), the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section. +[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)] + +Key trust deployments need an adequate number of 2016 or later domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md), the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section. > [!NOTE] >There was an issue with key trust authentication on Windows Server 2019. If you are planning to use Windows Server 2019 domain controllers refer to [KB4487044](https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044) to fix this issue. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index cdeaa17371..59886f6036 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -4,11 +4,11 @@ description: How to Validate and Deploy Multifactor Authentication (MFA) Service ms.date: 08/19/2018 appliesto: - ✅ Windows 10 and later -- ✅ On-premises deployment -- ✅ Key trust --- # Validate and Deploy Multifactor Authentication (MFA) +[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)] + > [!IMPORTANT] > As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 3c7e014781..017b606e61 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -4,11 +4,11 @@ description: How to Validate Public Key Infrastructure for Windows Hello for Bus ms.date: 08/19/2018 appliesto: - ✅ Windows 10 and later -- ✅ On-premises deployment -- ✅ Key trust --- # Validate and Configure Public Key Infrastructure - Key Trust +[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)] + Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. ## Deploy an enterprise certificate authority diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 2c22050ab0..4d8b648f78 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -2,12 +2,12 @@ href: index.yml - name: Overview items: - - name: Windows Hello for Business Overview + - name: Windows Hello for Business overview href: hello-overview.md - name: Concepts expanded: true items: - - name: Passwordless Strategy + - name: Passwordless strategy href: passwordless-strategy.md - name: Why a PIN is better than a password href: hello-why-pin-is-better-than-password.md @@ -15,7 +15,7 @@ href: hello-biometrics-in-enterprise.md - name: How Windows Hello for Business works href: hello-how-it-works.md - - name: Technical Deep Dive + - name: Technical deep dive items: - name: Provisioning href: hello-how-it-works-provisioning.md @@ -25,93 +25,93 @@ href: webauthn-apis.md - name: How-to Guides items: - - name: Windows Hello for Business Deployment Overview + - name: Windows Hello for Business deployment overview href: hello-deployment-guide.md - - name: Planning a Windows Hello for Business Deployment + - name: Planning a Windows Hello for Business deployment href: hello-planning-guide.md - - name: Deployment Prerequisite Overview + - name: Deployment prerequisite overview href: hello-identity-verification.md - name: Prepare people to use Windows Hello href: hello-prepare-people-to-use.md - - name: Deployment Guides + - name: Deployment guides items: - - name: Hybrid Cloud Kerberos Trust Deployment + - name: Hybrid cloud Kerberos trust deployment href: hello-hybrid-cloud-kerberos-trust.md - - name: Hybrid Azure AD Joined Key Trust + - name: Azure AD join items: - - name: Hybrid Azure AD Joined Key Trust Deployment + - name: Cloud-only deployment + href: hello-aad-join-cloud-only-deploy.md + - name: On-premises SSO for Azure AD joined devices + href: hello-hybrid-aadj-sso.md + - name: Configure Azure AD joined devices for on-premises SSO + href: hello-hybrid-aadj-sso-base.md + - name: Using certificates for on-premises SSO + href: hello-hybrid-aadj-sso-cert.md + - name: Hybrid Azure AD join with key trust + items: + - name: Key trust deployment href: hello-hybrid-key-trust.md - name: Prerequisites href: hello-hybrid-key-trust-prereqs.md - - name: New Installation Baseline + - name: New installation baseline href: hello-hybrid-key-new-install.md - - name: Configure Directory Synchronization + - name: Configure directory synchronization href: hello-hybrid-key-trust-dirsync.md - - name: Configure Azure Device Registration + - name: Configure Azure AD device registration href: hello-hybrid-key-trust-devreg.md - name: Configure Windows Hello for Business settings href: hello-hybrid-key-whfb-settings.md - - name: Sign-in and Provisioning + - name: Sign-in and provisioning href: hello-hybrid-key-whfb-provision.md - - name: Hybrid Azure AD Joined Certificate Trust + - name: Hybrid Azure AD join with certificate trust items: - - name: Hybrid Azure AD Joined Certificate Trust Deployment + - name: Certificate trust deployment href: hello-hybrid-cert-trust.md - name: Prerequisites href: hello-hybrid-cert-trust-prereqs.md - - name: New Installation Baseline + - name: New installation baseline href: hello-hybrid-cert-new-install.md - - name: Configure Azure Device Registration + - name: Configure Azure AD device registration href: hello-hybrid-cert-trust-devreg.md - name: Configure Windows Hello for Business settings href: hello-hybrid-cert-whfb-settings.md - - name: Sign-in and Provisioning + - name: Sign-in and provisioning href: hello-hybrid-cert-whfb-provision.md - - name: On-premises SSO for Azure AD Joined Devices + - name: Active Directory domain join with key trust items: - - name: On-premises SSO for Azure AD Joined Devices Deployment - href: hello-hybrid-aadj-sso.md - - name: Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business - href: hello-hybrid-aadj-sso-base.md - - name: Using Certificates for AADJ On-premises Single-sign On - href: hello-hybrid-aadj-sso-cert.md - - name: On-premises Key Trust - items: - - name: On-premises Key Trust Deployment + - name: Key trust deployment href: hello-deployment-key-trust.md - - name: Validate Active Directory Prerequisites + - name: Validate Active Directory prerequisites href: hello-key-trust-validate-ad-prereq.md - - name: Validate and Configure Public Key Infrastructure + - name: Validate and configure Public Key Infrastructure (PKI) href: hello-key-trust-validate-pki.md - - name: Prepare and Deploy Windows Server 2016 Active Directory Federation Services + - name: Prepare and deploy Active Directory Federation Services (AD FS) href: hello-key-trust-adfs.md - - name: Validate and Deploy Multi-factor Authentication (MFA) Services + - name: Validate and deploy multi-factor authentication (MFA) services href: hello-key-trust-validate-deploy-mfa.md - name: Configure Windows Hello for Business policy settings href: hello-key-trust-policy-settings.md - - name: On-premises Certificate Trust + - name: Active Directory domain join with certificate trust items: - - name: On-premises Certificate Trust Deployment + - name: Certificate trust deployment href: hello-deployment-cert-trust.md - - name: Validate Active Directory Prerequisites + - name: Validate Active Directory prerequisites href: hello-cert-trust-validate-ad-prereq.md - - name: Validate and Configure Public Key Infrastructure + - name: Validate and configure Public Key Infrastructure (PKI) href: hello-cert-trust-validate-pki.md - - name: Prepare and Deploy Windows Server 2016 Active Directory Federation Services + - name: Prepare and Deploy Active Directory Federation Services (AD FS) href: hello-cert-trust-adfs.md - - name: Validate and Deploy Multi-factor Authentication (MFA) Services + - name: Validate and deploy multi-factor authentication (MFA) services href: hello-cert-trust-validate-deploy-mfa.md - name: Configure Windows Hello for Business policy settings href: hello-cert-trust-policy-settings.md - - name: Azure AD join cloud only deployment - href: hello-aad-join-cloud-only-deploy.md - - name: Managing Windows Hello for Business in your organization - href: hello-manage-in-organization.md - - name: Deploying Certificates to Key Trust Users to Enable RDP + - name: Deploy certificates for RDP sign-in href: hello-deployment-rdp-certs.md - - name: Windows Hello for Business Features + - name: Manage Windows Hello for Business in your organization + href: hello-manage-in-organization.md + - name: Windows Hello for Business features items: - - name: Conditional Access + - name: Conditional access href: hello-feature-conditional-access.md - name: PIN Reset href: hello-feature-pin-reset.md @@ -121,23 +121,23 @@ href: hello-feature-dynamic-lock.md - name: Multi-factor Unlock href: feature-multifactor-unlock.md - - name: Remote Desktop + - name: Remote desktop (RDP) sign-in href: hello-feature-remote-desktop.md - - name: Troubleshooting - items: - - name: Known Deployment Issues - href: hello-deployment-issues.md - - name: Errors During PIN Creation - href: hello-errors-during-pin-creation.md - - name: Event ID 300 - Windows Hello successfully created - href: hello-event-300.md - - name: Windows Hello and password changes - href: hello-and-password-changes.md +- name: Troubleshooting + items: + - name: Known deployment issues + href: hello-deployment-issues.md + - name: Errors during PIN creation + href: hello-errors-during-pin-creation.md + - name: Event ID 300 - Windows Hello successfully created + href: hello-event-300.md + - name: Windows Hello and password changes + href: hello-and-password-changes.md - name: Reference items: - - name: Technology and Terminology + - name: Technology and terminology href: hello-how-it-works-technology.md - name: Frequently Asked Questions (FAQ) href: hello-faq.yml - name: Windows Hello for Business videos - href: hello-videos.md + href: hello-videos.md \ No newline at end of file From b951e00f4d7fca2ec6bd36f6defbfda029ef72eb Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 18 Nov 2022 07:57:34 -0500 Subject: [PATCH 04/25] updates --- .../hello-for-business/hello-faq.yml | 2 +- .../hello-how-it-works-technology.md | 6 +++--- .../hello-for-business/hello-hybrid-cert-trust.md | 6 +++--- .../hello-for-business/hello-hybrid-key-new-install.md | 4 ++-- .../hello-hybrid-key-trust-devreg.md | 4 ++-- .../hello-hybrid-key-trust-dirsync.md | 4 ++-- .../hello-hybrid-key-trust-prereqs.md | 10 +++++----- .../hello-for-business/hello-hybrid-key-trust.md | 8 ++++---- .../hello-hybrid-key-whfb-provision.md | 5 +++-- .../hello-hybrid-key-whfb-settings-ad.md | 4 ++-- .../hello-hybrid-key-whfb-settings-dir-sync.md | 6 +++--- .../hello-hybrid-key-whfb-settings-pki.md | 4 ++-- .../hello-hybrid-key-whfb-settings-policy.md | 4 ++-- .../hello-hybrid-key-whfb-settings.md | 6 +++--- .../hello-for-business/hello-identity-verification.md | 1 - .../hello-for-business/hello-manage-in-organization.md | 5 ++++- .../hello-for-business/hello-planning-guide.md | 4 ++-- .../hello-for-business/passwordless-strategy.md | 2 +- windows/security/includes/hello-hybrid-key-trust-ad.md | 8 ++++++++ windows/security/includes/hello-hybrid-key-trust.md | 8 ++++++++ windows/security/includes/hello-template.md | 6 ++++-- 21 files changed, 64 insertions(+), 43 deletions(-) create mode 100644 windows/security/includes/hello-hybrid-key-trust-ad.md create mode 100644 windows/security/includes/hello-hybrid-key-trust.md diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 72a6edeb6c..f4456c7110 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -210,7 +210,7 @@ sections: - question: I have extended Active Directory to Azure Active Directory. Can I use the on-premises deployment model? answer: | - No. If your organization is federated or using online services, such as Azure AD Connect, Office 365, or OneDrive, then you must use a hybrid deployment model. On-premises deployments are exclusive to organizations who need more time before moving to the cloud and exclusively use Active Directory. + No. If your organization is using Microsoft cloud services, then you must use a hybrid deployment model. On-premises deployments are exclusive to organizations who need more time before moving to the cloud and exclusively use Active Directory. - question: Does Windows Hello for Business prevent the use of simple PINs? answer: | diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index b8609c2ae3..0ceba47444 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -148,7 +148,7 @@ For certain devices that use firmware-based TPM produced by Intel or Qualcomm, t ## Federated environment -Primarily for large enterprise organizations with more complex authentication requirements, on-premises directory objects are synchronized with Azure AD and users accounts are managed on-premises. With AD FS, users have the same password on-premises and in the cloud and they don't have to sign in again to use Office 365 or other Azure-based applications. This federated authentication model can provide extra authentication requirements, such as smart card-based authentication or a third-party multi-factor authentication and is typically required when organizations have an authentication requirement not natively supported by Azure AD. +Primarily for large enterprise organizations with more complex authentication requirements, on-premises directory objects are synchronized with Azure AD and users accounts are managed on-premises. With AD FS, users have the same password on-premises and in the cloud and they don't have to sign in again to use Microsoft cloud services. This federated authentication model can provide extra authentication requirements, such as smart card-based authentication or a third-party multi-factor authentication and is typically required when organizations have an authentication requirement not natively supported by Azure AD. ### Related to federated environment @@ -259,7 +259,7 @@ The Windows Hello for Business on-premises deployment is for organizations that ## Pass-through authentication -Pass-through authentication provides a simple password validation for Azure AD authentication services. It uses a software agent that runs on one or more on-premises servers to validate the users directly with your on-premises Active Directory. With pass-through authentication (PTA), you synchronize on-premises Active Directory user account objects with Office 365 and manage your users on-premises. Allows your users to sign in to both on-premises and Office 365 resources and applications using their on-premises account and password. This configuration validates users' passwords directly against your on-premises Active Directory without sending password hashes to Office 365. Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours would use this authentication method. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network. +Pass-through authentication provides a simple password validation for Azure AD authentication services. It uses a software agent that runs on one or more on-premises servers to validate the users directly with your on-premises Active Directory. With pass-through authentication (PTA), you synchronize on-premises Active Directory user account objects with Azure AD and manage your users on-premises. Allows your users to sign in to both on-premises and Microsoft cloud resources and applications using their on-premises account and password. This configuration validates users' passwords directly against your on-premises Active Directory without sending password hashes to Azure AD. Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours would use this authentication method. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network. ### Related to pass-through authentication @@ -273,7 +273,7 @@ Pass-through authentication provides a simple password validation for Azure AD a ## Password hash sync -Password hash sync is the simplest way to enable authentication for on-premises directory objects in Azure AD. With password hash sync (PHS), you synchronize your on-premises Active Directory user account objects with Office 365 and manage your users on-premises. Hashes of user passwords are synchronized from your on-premises Active Directory to Azure AD so that the users have the same password on-premises and in the cloud. When passwords are changed or reset on-premises, the new password hashes are synchronized to Azure AD so that your users can always use the same password for cloud resources and on-premises resources. The passwords are never sent to Azure AD or stored in Azure AD in clear text. Some premium features of Azure AD, such as Identity Protection, require PHS regardless of which authentication method is selected. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network. +Password hash sync is the simplest way to enable authentication for on-premises directory objects in Azure AD. With password hash sync (PHS), you synchronize your on-premises Active Directory user account objects with Azure AD and manage your users on-premises. Hashes of user passwords are synchronized from your on-premises Active Directory to Azure AD so that the users have the same password on-premises and in the cloud. When passwords are changed or reset on-premises, the new password hashes are synchronized to Azure AD so that your users can always use the same password for cloud resources and on-premises resources. The passwords are never sent to Azure AD or stored in Azure AD in clear text. Some premium features of Azure AD, such as Identity Protection, require PHS regardless of which authentication method is selected. With seamless single sign-on, users are automatically signed in to Azure AD when they are on their corporate devices and connected to your corporate network. ### Related to password hash sync diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index f5f928cb66..54516a61e3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -13,17 +13,17 @@ Windows Hello for Business replaces username and password sign-in to Windows wit It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514). -This deployment guide provides guidance for new deployments and customers who are already federated with Office 365. These two scenarios provide a baseline from which you can begin your deployment. +This deployment guide provides guidance for new deployments and customers who are already federated with Azure AD. These two scenarios provide a baseline from which you can begin your deployment. ## New Deployment Baseline -The new deployment baseline helps organizations who are moving to Azure and Office 365 to include Windows Hello for Business as part of their deployments. This baseline is good for organizations who are looking to deploy proof of concepts as well as IT professionals who want to familiarize themselves Windows Hello for Business by deploying a lab environment. +The new deployment baseline helps organizations who are moving to Azure AD to include Windows Hello for Business as part of their deployments. This baseline is good for organizations who are looking to deploy proof of concepts as well as IT professionals who want to familiarize themselves Windows Hello for Business by deploying a lab environment. This baseline provides detailed procedures to move your environment from an on-premises only environment to a hybrid environment using Windows Hello for Business to authenticate to Azure Active Directory and to your on-premises Active Directory using a single Windows sign-in. ## Federated Baseline -The federated baseline helps organizations that have completed their federation with Azure Active Directory and Office 365 and enables them to introduce Windows Hello for Business into their hybrid environment. This baseline exclusively focuses on the procedures needed to add Azure Device Registration and Windows Hello for Business to an existing hybrid deployment. +The federated baseline helps organizations that have completed their federation with Azure Active Directory and enables them to introduce Windows Hello for Business into their hybrid environment. This baseline exclusively focuses on the procedures needed to add Azure Device Registration and Windows Hello for Business to an existing hybrid deployment. Regardless of the baseline you choose, your next step is to familiarize yourself with the prerequisites needed for the deployment. Many of the prerequisites will be new for organizations and individuals pursuing the new deployment baseline. Organizations and individuals starting from the federated baseline will likely be familiar with most of the prerequisites, but should validate they are using the proper versions that include the latest updates. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 2633e3f741..539854ab6a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -4,11 +4,11 @@ description: Learn how to configure a hybrid key trust deployment of Windows Hel ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid key trust deployments of Windows Hello for Business rely on these technologies - [Active Directory](#active-directory) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 88f53c5fe8..9d1d1a6fb8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -4,11 +4,11 @@ description: Azure Device Registration for Hybrid Certificate Key Deployment (Wi ms.date: 05/04/2022 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + You're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index c779439d55..62a86722ae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -4,11 +4,11 @@ description: Azure Directory Synchronization for Hybrid Certificate Key Deployme ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises. ## Deploy Azure AD Connect diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index e0749f2c7b..1970f6c930 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -4,12 +4,12 @@ description: Learn about the prerequisites for hybrid Windows Hello for Business ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites -Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + +Hybrid environments are distributed systems that enable organizations to use on-premises and Azure AD-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: @@ -24,7 +24,7 @@ The distributed systems on which these technologies were built involved several Hybrid Windows Hello for Business needs two directories: on-premises Active Directory and a cloud Azure Active Directory. The minimum required domain functional and forest functional levels for Windows Hello for Business deployment is Windows Server 2008 R2. -A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription. The hybrid key trust deployment does not need a premium Azure Active Directory subscription. +A hybrid Windows Hello for Business deployment requires Azure Active Directory. The hybrid key trust deployment does not need a premium Azure Active Directory subscription. You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers. If using the key trust deployment model, you MUST ensure that you have adequate (1 or more, depending on your authentication load) Windows Server 2016 or later Domain Controllers in each Active Directory site where users will be authenticating for Windows Hello for Business. @@ -104,7 +104,7 @@ You can deploy Windows Hello for Business key trust in non-federated and federat Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their user name and password as one factor, but needs a second factor of authentication. -Hybrid Windows Hello for Business deployments can use Azure's Multifactor Authentication (MFA) service or they can use multifactor authentication provided by AD FS beginning with Windows Server 2012 R2, which includes an adapter model that enables third parties to integrate their MFA into AD FS. The MFA enabled by an Office 365 license is sufficient for Azure AD. +Hybrid Windows Hello for Business deployments can use Azure's Multifactor Authentication (MFA) service or they can use multifactor authentication provided by AD FS, which includes an adapter model that enables third parties to integrate their MFA into AD FS. ### Section Review diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 36b9dcf90e..20136253c2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -4,20 +4,20 @@ description: Review this deployment guide to successfully deploy Windows Hello f ms.date: 08/20/2018 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Hybrid Azure AD joined Key Trust Deployment +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid key trust scenario. It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514). -This deployment guide provides guidance for new deployments and customers who are already federated with Office 365. These two scenarios provide a baseline from which you can begin your deployment. +This deployment guide provides guidance for new deployments and customers who are already federated with Azure AD. These two scenarios provide a baseline from which you can begin your deployment. ## New Deployment Baseline ## -The new deployment baseline helps organizations who are moving to Azure and Office 365 to include Windows Hello for Business as part of their deployments. This baseline is good for organizations who are looking to deploy proof of concepts as well as IT professionals who want to familiarize themselves Windows Hello for Business by deploying a lab environment. +The new deployment baseline helps organizations who are moving to Azure AD to include Windows Hello for Business as part of their deployments. This baseline is good for organizations who are looking to deploy proof of concepts as well as IT professionals who want to familiarize themselves Windows Hello for Business by deploying a lab environment. This baseline provides detailed procedures to move your environment from an on-premises only environment to a hybrid environment using Windows Hello for Business to authenticate to Azure Active Directory and to your on-premises Active Directory using a single Windows sign-in. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index b2bd711554..57bbf0be17 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -4,10 +4,11 @@ description: Learn about provisioning for hybrid key trust deployments of Window ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning + +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + ## Provisioning The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 943bca7182..0e31526fb2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -4,11 +4,11 @@ description: Configuring Hybrid key trust Windows Hello for Business - Active Di ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust-ad.md)] + Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users. ### Creating Security Groups diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 4e675c0dfa..39f1eca934 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -4,14 +4,14 @@ description: How to configure Hybrid key trust Windows Hello for Business - Dire ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + ## Directory Synchronization -In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. +In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure AD. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. ### Group Memberships for the Azure AD Connect Service Account >[!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 8a5507d1a4..55609355c9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -4,11 +4,11 @@ description: Configuring Hybrid key trust Windows Hello for Business - Public Ke ms.date: 04/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer. All deployments use enterprise issued certificates for domain controllers as a root of trust. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 40da24b21e..7f24a671a2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -4,11 +4,11 @@ description: Configuring Hybrid key trust Windows Hello for Business - Group Pol ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust-ad.md)] + ## Policy Configuration You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 7201f1f674..e09f41a79c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -4,13 +4,13 @@ description: Begin the process of configuring your hybrid key trust environment ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)] + You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business. - + > [!IMPORTANT] > Ensure your environment meets all the [prerequisites](hello-hybrid-key-trust-prereqs.md) before proceeding. Review the [New Installation baseline](hello-hybrid-key-new-install.md) section of this deployment document to learn how to prepare your environment for your Windows Hello for Business deployment. diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index dfcc189814..ca44940e20 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -15,7 +15,6 @@ This article lists the infrastructure requirements for the different deployment ## Azure AD Cloud Only Deployment -* Windows 10, version 1511 or later, or Windows 11 * Microsoft Azure Account * Azure Active Directory * Azure AD Multifactor Authentication diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 999c14ebb6..52f9cbea9d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -133,9 +133,10 @@ All PIN complexity policies are grouped separately from feature enablement and a >- LowercaseLetters - 1 >- SpecialCharacters - 1 + diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 38bfb65c9e..3dd05930a5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -178,9 +178,9 @@ Hybrid Azure AD-joined devices managed by Group Policy need the Windows Server 2 Choose a trust type that is best suited for your organizations. Remember, the trust type determines two things. Whether you issue authentication certificates to your users and if your deployment needs Windows Server 2016 domain controllers. -One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end entity certificates (key-trust) against using existing domain controllers (Windows Server 2008R2 or later) and needing to enroll certificates for all their users (certificate trust). +One trust model is not more secure than the other. The major difference is based on the organization comfort with deploying Windows Server 2016 domain controllers and not enrolling users with end entity certificates (key-trust) against using existing domain controllers and needing to enroll certificates for all their users (certificate trust). -Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accommodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployments includes a certificate registration authority. In a federated environment, you need to activate the Device Writeback option in Azure AD Connect. +Because the certificate trust types issues certificates, there is more configuration and infrastructure needed to accommodate user certificate enrollment, which could also be a factor to consider in your decision. Additional infrastructure needed for certificate-trust deployments includes a certificate registration authority. In a federated environment, you need to activate the Device Writeback option in Azure AD Connect. If your organization wants to use the key trust type, write **key trust** in box **1b** on your planning worksheet. Write **Windows Server 2016** in box **4d**. Write **N/A** in box **5b**. diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 3d5adbc09e..a18a0b3aeb 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -300,7 +300,7 @@ The following image shows the SCRIL setting for a user in Active Directory Users :::image type="content" source="images/passwordless/aduc-account-scril.png" alt-text="Example user properties in Active Directory that shows the SCRIL setting on Account options."::: -When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account don't allow the user to sign-in interactively with a password. Also, users will no longer be troubled with needing to change their password when it expires, because passwords for SCRIL users in domains with a Windows Server 2012 R2 or early domain functional level don't expire. The users are effectively password-less because: +When you configure a user account for SCRIL, Active Directory changes the affected user's password to a random 128 bits of data. Additionally, domain controllers hosting the user account don't allow the user to sign-in interactively with a password. Users will no longer need to change their password when it expires, because passwords for SCRIL users don't expire. The users are effectively password-less because: - They don't know their password. - Their password is 128 random bits of data and is likely to include non-typable characters. diff --git a/windows/security/includes/hello-hybrid-key-trust-ad.md b/windows/security/includes/hello-hybrid-key-trust-ad.md new file mode 100644 index 0000000000..68521a5a14 --- /dev/null +++ b/windows/security/includes/hello-hybrid-key-trust-ad.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\ +✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join) + +
+ +--- diff --git a/windows/security/includes/hello-hybrid-key-trust.md b/windows/security/includes/hello-hybrid-key-trust.md new file mode 100644 index 0000000000..fdb7466014 --- /dev/null +++ b/windows/security/includes/hello-hybrid-key-trust.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\ +✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join) + +
+ +--- diff --git a/windows/security/includes/hello-template.md b/windows/security/includes/hello-template.md index 2650d3e865..8bf862c83f 100644 --- a/windows/security/includes/hello-template.md +++ b/windows/security/includes/hello-template.md @@ -8,6 +8,8 @@ This document describes Windows Hello for Business functionalities or scenarios ✅ **Device registration type:** Active Directory domain join\ ✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)\ ✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)\ -✅ **Device registration type:** [Azure AD registration](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-ad-registration)\ - +✅ **Device registration type:** [Azure AD registration](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-ad-registration) + +
+ --- From 3eac64eff0303c05a706738c41b8773f9f417678 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 18 Nov 2022 13:19:55 -0500 Subject: [PATCH 05/25] updates --- .../hello-for-business/toc.yml | 193 ++++++++++-------- 1 file changed, 106 insertions(+), 87 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 4d8b648f78..a52eeed659 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -33,96 +33,113 @@ href: hello-identity-verification.md - name: Prepare people to use Windows Hello href: hello-prepare-people-to-use.md - - name: Deployment guides - items: - - name: Hybrid cloud Kerberos trust deployment - href: hello-hybrid-cloud-kerberos-trust.md - - name: Azure AD join - items: - - name: Cloud-only deployment - href: hello-aad-join-cloud-only-deploy.md - - name: On-premises SSO for Azure AD joined devices - href: hello-hybrid-aadj-sso.md - - name: Configure Azure AD joined devices for on-premises SSO - href: hello-hybrid-aadj-sso-base.md - - name: Using certificates for on-premises SSO - href: hello-hybrid-aadj-sso-cert.md - - name: Hybrid Azure AD join with key trust - items: - - name: Key trust deployment - href: hello-hybrid-key-trust.md - - name: Prerequisites - href: hello-hybrid-key-trust-prereqs.md - - name: New installation baseline - href: hello-hybrid-key-new-install.md - - name: Configure directory synchronization - href: hello-hybrid-key-trust-dirsync.md - - name: Configure Azure AD device registration - href: hello-hybrid-key-trust-devreg.md - - name: Configure Windows Hello for Business settings - href: hello-hybrid-key-whfb-settings.md - - name: Sign-in and provisioning - href: hello-hybrid-key-whfb-provision.md - - name: Hybrid Azure AD join with certificate trust - items: - - name: Certificate trust deployment - href: hello-hybrid-cert-trust.md - - name: Prerequisites - href: hello-hybrid-cert-trust-prereqs.md - - name: New installation baseline - href: hello-hybrid-cert-new-install.md - - name: Configure Azure AD device registration - href: hello-hybrid-cert-trust-devreg.md - - name: Configure Windows Hello for Business settings - href: hello-hybrid-cert-whfb-settings.md - - name: Sign-in and provisioning - href: hello-hybrid-cert-whfb-provision.md - - name: Active Directory domain join with key trust - items: - - name: Key trust deployment - href: hello-deployment-key-trust.md - - name: Validate Active Directory prerequisites - href: hello-key-trust-validate-ad-prereq.md - - name: Validate and configure Public Key Infrastructure (PKI) - href: hello-key-trust-validate-pki.md - - name: Prepare and deploy Active Directory Federation Services (AD FS) - href: hello-key-trust-adfs.md - - name: Validate and deploy multi-factor authentication (MFA) services - href: hello-key-trust-validate-deploy-mfa.md - - name: Configure Windows Hello for Business policy settings - href: hello-key-trust-policy-settings.md - - name: Active Directory domain join with certificate trust - items: - - name: Certificate trust deployment - href: hello-deployment-cert-trust.md - - name: Validate Active Directory prerequisites - href: hello-cert-trust-validate-ad-prereq.md - - name: Validate and configure Public Key Infrastructure (PKI) - href: hello-cert-trust-validate-pki.md - - name: Prepare and Deploy Active Directory Federation Services (AD FS) - href: hello-cert-trust-adfs.md - - name: Validate and deploy multi-factor authentication (MFA) services - href: hello-cert-trust-validate-deploy-mfa.md - - name: Configure Windows Hello for Business policy settings - href: hello-cert-trust-policy-settings.md - - name: Deploy certificates for RDP sign-in - href: hello-deployment-rdp-certs.md + - name: Deploy certificates for RDP sign-in + href: hello-deployment-rdp-certs.md - name: Manage Windows Hello for Business in your organization href: hello-manage-in-organization.md - - name: Windows Hello for Business features + +- name: Deployment guides + - name: Hybrid deployments items: - - name: Conditional access - href: hello-feature-conditional-access.md - - name: PIN Reset - href: hello-feature-pin-reset.md - - name: Dual Enrollment - href: hello-feature-dual-enrollment.md - - name: Dynamic Lock - href: hello-feature-dynamic-lock.md - - name: Multi-factor Unlock - href: feature-multifactor-unlock.md - - name: Remote desktop (RDP) sign-in - href: hello-feature-remote-desktop.md + - name: Cloud Kerberos trust deployment + href: hello-hybrid-cloud-kerberos-trust.md + + - name: Cloud-only deployment + items: + - name: Azure AD join + href: hello-aad-join-cloud-only-deploy.md + - name: On-premises SSO for Azure AD joined devices + href: hello-hybrid-aadj-sso.md + - name: Configure Azure AD joined devices for on-premises SSO + href: hello-hybrid-aadj-sso-base.md + - name: Using certificates for on-premises SSO + href: hello-hybrid-aadj-sso-cert.md + + + - name: Hybrid Azure AD join with key trust + items: + - name: Key trust deployment + href: hello-hybrid-key-trust.md + - name: Prerequisites + href: hello-hybrid-key-trust-prereqs.md + - name: New installation baseline + href: hello-hybrid-key-new-install.md + - name: Configure directory synchronization + href: hello-hybrid-key-trust-dirsync.md + - name: Configure Azure AD device registration + href: hello-hybrid-key-trust-devreg.md + - name: Configure Windows Hello for Business settings + href: hello-hybrid-key-whfb-settings.md + - name: Sign-in and provisioning + href: hello-hybrid-key-whfb-provision.md + + + - name: Hybrid Azure AD join with certificate trust + items: + - name: Certificate trust deployment + href: hello-hybrid-cert-trust.md + - name: Prerequisites + href: hello-hybrid-cert-trust-prereqs.md + - name: New installation baseline + href: hello-hybrid-cert-new-install.md + - name: Configure Azure AD device registration + href: hello-hybrid-cert-trust-devreg.md + - name: Configure Windows Hello for Business settings + href: hello-hybrid-cert-whfb-settings.md + - name: Sign-in and provisioning + href: hello-hybrid-cert-whfb-provision.md + + + - name: Active Directory domain join with key trust + items: + - name: Key trust deployment + href: hello-deployment-key-trust.md + - name: Validate Active Directory prerequisites + href: hello-key-trust-validate-ad-prereq.md + - name: Validate and configure Public Key Infrastructure (PKI) + href: hello-key-trust-validate-pki.md + - name: Prepare and deploy Active Directory Federation Services (AD FS) + href: hello-key-trust-adfs.md + - name: Validate and deploy multi-factor authentication (MFA) services + href: hello-key-trust-validate-deploy-mfa.md + - name: Configure Windows Hello for Business policy settings + href: hello-key-trust-policy-settings.md + + + - name: Active Directory domain join with certificate trust + items: + - name: Certificate trust deployment + href: hello-deployment-cert-trust.md + - name: Validate Active Directory prerequisites + href: hello-cert-trust-validate-ad-prereq.md + - name: Validate and configure Public Key Infrastructure (PKI) + href: hello-cert-trust-validate-pki.md + - name: Prepare and Deploy Active Directory Federation Services (AD FS) + href: hello-cert-trust-adfs.md + - name: Validate and deploy multi-factor authentication (MFA) services + href: hello-cert-trust-validate-deploy-mfa.md + - name: Configure Windows Hello for Business policy settings + href: hello-cert-trust-policy-settings.md + + + + + +- name: Windows Hello for Business features + items: + - name: Conditional access + href: hello-feature-conditional-access.md + - name: PIN Reset + href: hello-feature-pin-reset.md + - name: Dual Enrollment + href: hello-feature-dual-enrollment.md + - name: Dynamic Lock + href: hello-feature-dynamic-lock.md + - name: Multi-factor Unlock + href: feature-multifactor-unlock.md + - name: Remote desktop (RDP) sign-in + href: hello-feature-remote-desktop.md + - name: Troubleshooting items: - name: Known deployment issues @@ -133,6 +150,8 @@ href: hello-event-300.md - name: Windows Hello and password changes href: hello-and-password-changes.md + + - name: Reference items: - name: Technology and terminology From d751a101927034e8e9be61ec1c599cabdfaa6fb7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 18 Nov 2022 16:14:06 -0500 Subject: [PATCH 06/25] updates --- .../feature-multifactor-unlock.md | 3 +- .../hello-aad-join-cloud-only-deploy.md | 3 +- .../hello-adequate-domain-controllers.md | 9 +- .../hello-and-password-changes.md | 3 +- .../hello-biometrics-in-enterprise.md | 3 +- .../hello-cert-trust-adfs.md | 7 +- .../hello-cert-trust-policy-settings.md | 11 +- .../hello-cert-trust-validate-ad-prereq.md | 7 +- .../hello-cert-trust-validate-deploy-mfa.md | 7 +- .../hello-cert-trust-validate-pki.md | 7 +- .../hello-deployment-cert-trust.md | 7 +- .../hello-deployment-guide.md | 3 +- .../hello-deployment-issues.md | 3 +- .../hello-deployment-key-trust.md | 3 +- .../hello-deployment-rdp-certs.md | 8 +- .../hello-for-business/hello-event-300.md | 3 +- .../hello-feature-conditional-access.md | 3 +- .../hello-feature-dual-enrollment.md | 3 +- .../hello-feature-dynamic-lock.md | 3 +- .../hello-feature-pin-reset.md | 3 +- .../hello-feature-remote-desktop.md | 3 +- .../hello-how-it-works-authentication.md | 3 +- .../hello-how-it-works-provisioning.md | 3 +- .../hello-how-it-works-technology.md | 3 +- .../hello-for-business/hello-how-it-works.md | 3 +- .../hello-hybrid-aadj-sso-base.md | 6 +- .../hello-hybrid-aadj-sso-cert.md | 6 +- .../hello-hybrid-aadj-sso.md | 3 +- .../hello-hybrid-cert-new-install.md | 3 +- .../hello-hybrid-cert-trust-devreg.md | 5 +- .../hello-hybrid-cert-trust-prereqs.md | 5 +- .../hello-hybrid-cert-trust.md | 5 +- .../hello-hybrid-cert-whfb-provision.md | 5 +- .../hello-hybrid-cert-whfb-settings-ad.md | 5 +- .../hello-hybrid-cert-whfb-settings-adfs.md | 5 +- ...ello-hybrid-cert-whfb-settings-dir-sync.md | 5 +- .../hello-hybrid-cert-whfb-settings-pki.md | 5 +- .../hello-hybrid-cert-whfb-settings-policy.md | 5 +- .../hello-hybrid-cert-whfb-settings.md | 5 +- .../hello-hybrid-cloud-kerberos-trust.md | 1 + .../hello-hybrid-key-new-install.md | 3 +- .../hello-hybrid-key-trust-devreg.md | 3 +- .../hello-hybrid-key-trust-dirsync.md | 3 +- .../hello-hybrid-key-trust-prereqs.md | 3 +- .../hello-hybrid-key-trust.md | 3 +- .../hello-hybrid-key-whfb-provision.md | 3 +- .../hello-hybrid-key-whfb-settings-ad.md | 3 +- ...hello-hybrid-key-whfb-settings-dir-sync.md | 3 +- .../hello-hybrid-key-whfb-settings-pki.md | 3 +- .../hello-hybrid-key-whfb-settings-policy.md | 3 +- .../hello-hybrid-key-whfb-settings.md | 3 +- .../hello-identity-verification.md | 3 +- .../hello-key-trust-adfs.md | 3 +- .../hello-key-trust-policy-settings.md | 3 +- .../hello-key-trust-validate-ad-prereq.md | 3 +- .../hello-key-trust-validate-deploy-mfa.md | 3 +- .../hello-key-trust-validate-pki.md | 3 +- .../hello-manage-in-organization.md | 3 +- .../hello-planning-guide.md | 3 +- .../hello-prepare-people-to-use.md | 3 +- .../hello-for-business/hello-videos.md | 3 +- .../hello-why-pin-is-better-than-password.md | 3 +- .../microsoft-compatible-security-key.md | 3 +- .../hello-for-business/reset-security-key.md | 3 +- .../retired/hello-how-it-works.md | 1 + .../hello-for-business/toc.yml | 136 ++++++++---------- .../hello-for-business/webauthn-apis.md | 3 +- 67 files changed, 201 insertions(+), 194 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 46f6f0864a..fde0fc3992 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -3,7 +3,8 @@ title: Multi-factor Unlock description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. ms.date: 03/20/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Multi-factor Unlock diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index f04c072a6a..6a99a599d0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -3,7 +3,8 @@ title: Azure Active Directory join cloud only deployment description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. ms.date: 06/23/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Azure Active Directory join cloud only deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index b6124a33ba..b2ce704395 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -2,11 +2,10 @@ title: Having enough Domain Controllers for Windows Hello for Business deployments description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments ms.date: 08/20/2018 -appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later -- ✅ Hybrid or On-Premises deployment -- ✅ Key trust +appliesto: +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +ms.topic: article --- # Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index f4a5e6fa2a..7a0295c745 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -3,7 +3,8 @@ title: Windows Hello and password changes (Windows) description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello. ms.date: 07/27/2017 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello and password changes diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index ae041ff38e..5ecf283653 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -3,7 +3,8 @@ title: Windows Hello biometrics in the enterprise (Windows) description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition. ms.date: 01/12/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello biometrics in the enterprise diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index cd1dff1b31..2fb31da66e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -3,10 +3,9 @@ title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Bus description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. ms.date: 01/14/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later -- ✅ On-premises deployments -- ✅ Certificate trust +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +ms.topic: article --- # Prepare and Deploy Active Directory Federation Services (AD FS) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index b21b51ec41..e894b561e7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -2,14 +2,13 @@ title: Configure Windows Hello for Business Policy settings - certificate trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings. ms.collection: -- M365-identity-device-management -- highpri + - M365-identity-device-management + - highpri ms.date: 08/20/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later -- ✅ On-premises deployments -- ✅ Certificate trust +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +ms.topic: article --- # Configure Windows Hello for Business Policy settings - Certificate Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index e04e653285..c2c2a41f96 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -3,10 +3,9 @@ title: Update Active Directory schema for cert-trust deployment (Windows Hello f description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later -- ✅ On-premises deployments -- ✅ Certificate trust +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +ms.topic: article --- # Validate Active Directory prerequisites for cert-trust deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 13cbf44028..dba5cbd45a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -3,10 +3,9 @@ title: Validate and Deploy MFA for Windows Hello for Business with certificate t description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later -- ✅ On-premises deployments -- ✅ Certificate trust +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +ms.topic: article --- # Validate and Deploy Multi-Factor Authentication feature diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 97a8f8eff1..b216bfb35b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -3,10 +3,9 @@ title: Validate Public Key Infrastructure - certificate trust model (Windows Hel description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later -- ✅ On-premises deployments -- ✅ Certificate trust +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +ms.topic: article --- # Validate and Configure Public Key Infrastructure - Certificate Trust Model diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index becc2d4809..a59c13f069 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -3,10 +3,9 @@ title: Windows Hello for Business Deployment Guide - On Premises Certificate Tru description: A guide to on premises, certificate trust Windows Hello for Business deployment. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later -- ✅ On-premises deployments -- ✅ Certificate trust +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later +ms.topic: article --- # On Premises Certificate Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 2241d9369c..04d00df06a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -3,7 +3,8 @@ title: Windows Hello for Business Deployment Overview description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. ms.date: 02/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello for Business Deployment Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index bc93c04d1a..a215be09ab 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -3,7 +3,8 @@ title: Windows Hello for Business Deployment Known Issues description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues ms.date: 05/03/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello for Business Known Deployment Issues diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 3350a8b6d4..e17a8c1519 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -3,7 +3,8 @@ title: Windows Hello for Business Deployment Guide - On Premises Key Deployment description: A guide to on premises, key trust Windows Hello for Business deployment. ms.date: 08/20/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # On Premises Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 93e2a47b86..584bbc855d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -1,13 +1,13 @@ --- title: Deploy certificates for remote desktop sign-in description: Learn how to deploy certificates to cloud Kerberos trust and key trust users, to enable remote desktop sign-in with supplied credentials. -ms.collection: +ms.collection: - ContentEngagementFY23 -ms.topic: how-to +ms.topic: article localizationpriority: medium ms.date: 11/15/2022 -appliesto: - - ✅ Windows 10 and later +appliesto: +- ✅ Windows 10 and later ms.technology: itpro-security --- diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index 3445d17de7..c0ccbc607f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -3,7 +3,8 @@ title: Event ID 300 - Windows Hello successfully created (Windows) description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). ms.date: 07/27/2017 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Event ID 300 - Windows Hello successfully created diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index 871014cd04..3e2ee4981d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -3,7 +3,8 @@ title: Conditional Access description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory. ms.date: 09/09/2019 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Conditional access diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md index 9ba5926a91..d134a1fdcb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md @@ -3,7 +3,8 @@ title: Dual Enrollment description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment. ms.date: 09/09/2019 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Dual Enrollment diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index dcf545e006..d86258cf2a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -3,7 +3,8 @@ title: Dynamic lock description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. ms.date: 07/12/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Dynamic lock diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index d2c5f2aa3c..5c63324b71 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -6,7 +6,8 @@ ms.collection: - highpri ms.date: 07/29/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # PIN reset diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index e5b7695a44..9403bbeb15 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -3,7 +3,8 @@ title: Remote Desktop description: Learn how Windows Hello for Business supports using biometrics with remote desktop ms.date: 02/24/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Remote Desktop diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 85c10f66aa..5fca1bc1d6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -3,7 +3,8 @@ title: How Windows Hello for Business works - Authentication description: Learn about the authentication flow for Windows Hello for Business. ms.date: 02/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello for Business and Authentication diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 6f2759317a..976c8459fd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -3,7 +3,8 @@ title: How Windows Hello for Business works - Provisioning description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. ms.date: 2/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello for Business Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 0ceba47444..cf67df6de1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -3,7 +3,8 @@ title: How Windows Hello for Business works - technology and terms description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. ms.date: 10/08/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Technology and terms diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 5825272226..e0bc567be4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -3,7 +3,8 @@ title: How Windows Hello for Business works description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. ms.date: 05/05/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # How Windows Hello for Business works in Windows Devices diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 2d63cb7ea1..74274d4183 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -3,10 +3,8 @@ title: Configure Azure AD-joined devices for On-premises Single-Sign On using Wi description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. ms.date: 01/14/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Azure Active Directory-join -- ✅ Hybrid Deployment -- ✅ Key trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business ## Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index eefcba7216..5977ab7c96 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -3,10 +3,8 @@ title: Using Certificates for AADJ On-premises Single-sign On single sign-on description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Azure AD-join -- ✅ Hybrid Deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Using Certificates for AADJ On-premises Single-sign On diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 98dce19398..25b6e5d91a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -3,7 +3,8 @@ title: Azure AD Join Single Sign-on Deployment description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Azure AD Join Single Sign-on Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 6487009814..9f5d90a309 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -4,8 +4,7 @@ description: Learn about new installations for Windows Hello for Business certif ms.date: 4/30/2021 appliesto: - ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index fa8a682240..2c01db0be0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -3,9 +3,8 @@ title: Configure Device Registration for Hybrid Azure AD joined Windows Hello fo description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business) ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 20f1bc0cb9..e4dddaeefb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -3,9 +3,8 @@ title: Hybrid Azure AD joined Windows Hello for Business Prerequisites description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 54516a61e3..aaadd2c4cf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -3,9 +3,8 @@ title: Hybrid Certificate Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. ms.date: 09/08/2017 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Hybrid Azure AD joined Certificate Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 18ff1dd093..ea67804dbf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -3,9 +3,8 @@ title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provi description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 1ee7112806..d27e008d03 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -3,9 +3,8 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Dire description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 5754075f43..04651f40ca 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -3,9 +3,8 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Di description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 067d4d62ae..b4cf766f7b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -3,9 +3,8 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Syn description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 9d6cebfeeb..4fd2ef1de3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -3,9 +3,8 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Ke description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 77db693336..ac5152a442 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -3,9 +3,8 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Pol description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index f38bd88bac..42dbbcafb5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -3,9 +3,8 @@ title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for B description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Hybrid deployment -- ✅ Certificate trust +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index 676efc7b24..758dbbe371 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -4,6 +4,7 @@ description: Learn the information you need to successfully deploy Windows Hello ms.date: 11/1/2022 appliesto: - ✅ Windows 10, version 21H2 and later +ms.topic: article --- # Hybrid cloud Kerberos trust deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 539854ab6a..204846a944 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -3,7 +3,8 @@ title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installat description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 9d1d1a6fb8..26fe328e34 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -3,7 +3,8 @@ title: Configure Device Registration for Hybrid Azure AD joined key trust Window description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) ms.date: 05/04/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 62a86722ae..157585b869 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -3,7 +3,8 @@ title: Configure Directory Synchronization for Hybrid Azure AD joined key trust description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 1970f6c930..ce37633adc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -3,7 +3,8 @@ title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 20136253c2..a9db5107d6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -3,7 +3,8 @@ title: Hybrid Key Trust Deployment (Windows Hello for Business) description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario. ms.date: 08/20/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Hybrid Azure AD joined Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 57bbf0be17..390635c4dd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -3,7 +3,8 @@ title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 0e31526fb2..6c219fd480 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -3,7 +3,8 @@ title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 39f1eca934..8852674b8a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -3,7 +3,8 @@ title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchroniza description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 55609355c9..e1a57b9819 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -3,7 +3,8 @@ title: Configure Hybrid Azure AD joined key trust Windows Hello for Business description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI) ms.date: 04/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 7f24a671a2..bdf29f99c5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -3,7 +3,8 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Polic description: Configuring Hybrid key trust Windows Hello for Business - Group Policy ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index e09f41a79c..40498ce5f7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -3,7 +3,8 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Set description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index ca44940e20..d23e4abf56 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -6,7 +6,8 @@ ms.collection: - highpri ms.date: 2/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello for Business Deployment Prerequisite Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index c32b9f41df..22e8953388 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -3,7 +3,8 @@ title: Prepare & Deploy Windows Active Directory Federation Services with key tr description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 7507f0ee07..7aea4d2c52 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -3,7 +3,8 @@ title: Configure Windows Hello for Business Policy settings - key trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Configure Windows Hello for Business Policy settings - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index 9be31d0bba..f0449f0dcd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -3,7 +3,8 @@ title: Key registration for on-premises deployment of Windows Hello for Business description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Validate Active Directory prerequisites - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 59886f6036..8e9a050f0e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -3,7 +3,8 @@ title: Validate and Deploy MFA for Windows Hello for Business with key trust description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Validate and Deploy Multifactor Authentication (MFA) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 017b606e61..808271c0a5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -3,7 +3,8 @@ title: Validate Public Key Infrastructure - key trust model (Windows Hello for B description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Validate and Configure Public Key Infrastructure - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 52f9cbea9d..f48ff8146e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -6,7 +6,8 @@ ms.collection: - highpri ms.date: 2/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Manage Windows Hello for Business in your organization diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 3dd05930a5..523cce8b4c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -3,7 +3,8 @@ title: Planning a Windows Hello for Business Deployment description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. ms.date: 09/16/2020 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Planning a Windows Hello for Business Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 0507784ebf..b3b3484a6d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -3,7 +3,8 @@ title: Prepare people to use Windows Hello (Windows) description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Prepare people to use Windows Hello diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 6ba70daf7c..4b3c90c925 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -3,7 +3,8 @@ title: Windows Hello for Business Videos description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11. ms.date: 07/26/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Windows Hello for Business Videos ## Overview of Windows Hello for Business and Features diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 4796b54592..6828d7f5a7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -6,7 +6,8 @@ ms.collection: - highpri ms.date: 10/23/2017 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # Why a PIN is better than an online password diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 18556c7ba1..c9fcb9eb7e 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -3,7 +3,8 @@ title: Microsoft-compatible security key description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. ms.date: 11/14/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # What is a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 030ced19fb..506d9207d0 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -3,7 +3,8 @@ title: Reset-security-key description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key ms.date: 11/14/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # How to reset a Microsoft-compatible security key? > [!Warning] diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 5ac3fa463f..5aa1fcad6a 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -5,6 +5,7 @@ ms.date: 10/16/2017 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.topic: article --- # How Windows Hello for Business works in Windows devices diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index a52eeed659..775c84d1d6 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -37,13 +37,7 @@ href: hello-deployment-rdp-certs.md - name: Manage Windows Hello for Business in your organization href: hello-manage-in-organization.md - - name: Deployment guides - - name: Hybrid deployments - items: - - name: Cloud Kerberos trust deployment - href: hello-hybrid-cloud-kerberos-trust.md - - name: Cloud-only deployment items: - name: Azure AD join @@ -54,77 +48,70 @@ href: hello-hybrid-aadj-sso-base.md - name: Using certificates for on-premises SSO href: hello-hybrid-aadj-sso-cert.md - - - - name: Hybrid Azure AD join with key trust - items: + - name: Hybrid deployments + items: + - name: Cloud Kerberos trust deployment + href: hello-hybrid-cloud-kerberos-trust.md - name: Key trust deployment - href: hello-hybrid-key-trust.md - - name: Prerequisites - href: hello-hybrid-key-trust-prereqs.md - - name: New installation baseline - href: hello-hybrid-key-new-install.md - - name: Configure directory synchronization - href: hello-hybrid-key-trust-dirsync.md - - name: Configure Azure AD device registration - href: hello-hybrid-key-trust-devreg.md - - name: Configure Windows Hello for Business settings - href: hello-hybrid-key-whfb-settings.md - - name: Sign-in and provisioning - href: hello-hybrid-key-whfb-provision.md - - - - name: Hybrid Azure AD join with certificate trust - items: + items: + - name: Overview + href: hello-hybrid-key-trust.md + - name: Prerequisites + href: hello-hybrid-key-trust-prereqs.md + - name: New installation baseline + href: hello-hybrid-key-new-install.md + - name: Configure directory synchronization + href: hello-hybrid-key-trust-dirsync.md + - name: Configure Azure AD device registration + href: hello-hybrid-key-trust-devreg.md + - name: Configure Windows Hello for Business settings + href: hello-hybrid-key-whfb-settings.md + - name: Sign-in and provisioning + href: hello-hybrid-key-whfb-provision.md - name: Certificate trust deployment - href: hello-hybrid-cert-trust.md - - name: Prerequisites - href: hello-hybrid-cert-trust-prereqs.md - - name: New installation baseline - href: hello-hybrid-cert-new-install.md - - name: Configure Azure AD device registration - href: hello-hybrid-cert-trust-devreg.md - - name: Configure Windows Hello for Business settings - href: hello-hybrid-cert-whfb-settings.md - - name: Sign-in and provisioning - href: hello-hybrid-cert-whfb-provision.md - - - - name: Active Directory domain join with key trust - items: + items: + - name: Overview + href: hello-hybrid-cert-trust.md + - name: Prerequisites + href: hello-hybrid-cert-trust-prereqs.md + - name: New installation baseline + href: hello-hybrid-cert-new-install.md + - name: Configure Azure AD device registration + href: hello-hybrid-cert-trust-devreg.md + - name: Configure Windows Hello for Business settings + href: hello-hybrid-cert-whfb-settings.md + - name: Sign-in and provisioning + href: hello-hybrid-cert-whfb-provision.md + - name: Oon-premises deployments + items: - name: Key trust deployment - href: hello-deployment-key-trust.md - - name: Validate Active Directory prerequisites - href: hello-key-trust-validate-ad-prereq.md - - name: Validate and configure Public Key Infrastructure (PKI) - href: hello-key-trust-validate-pki.md - - name: Prepare and deploy Active Directory Federation Services (AD FS) - href: hello-key-trust-adfs.md - - name: Validate and deploy multi-factor authentication (MFA) services - href: hello-key-trust-validate-deploy-mfa.md - - name: Configure Windows Hello for Business policy settings - href: hello-key-trust-policy-settings.md - - - - name: Active Directory domain join with certificate trust - items: + items: + - name: Overview + href: hello-deployment-key-trust.md + - name: Validate Active Directory prerequisites + href: hello-key-trust-validate-ad-prereq.md + - name: Validate and configure Public Key Infrastructure (PKI) + href: hello-key-trust-validate-pki.md + - name: Prepare and deploy Active Directory Federation Services (AD FS) + href: hello-key-trust-adfs.md + - name: Validate and deploy multi-factor authentication (MFA) services + href: hello-key-trust-validate-deploy-mfa.md + - name: Configure Windows Hello for Business policy settings + href: hello-key-trust-policy-settings.md - name: Certificate trust deployment - href: hello-deployment-cert-trust.md - - name: Validate Active Directory prerequisites - href: hello-cert-trust-validate-ad-prereq.md - - name: Validate and configure Public Key Infrastructure (PKI) - href: hello-cert-trust-validate-pki.md - - name: Prepare and Deploy Active Directory Federation Services (AD FS) - href: hello-cert-trust-adfs.md - - name: Validate and deploy multi-factor authentication (MFA) services - href: hello-cert-trust-validate-deploy-mfa.md - - name: Configure Windows Hello for Business policy settings - href: hello-cert-trust-policy-settings.md - - - - - + items: + - name: Overview + href: hello-deployment-cert-trust.md + - name: Validate Active Directory prerequisites + href: hello-cert-trust-validate-ad-prereq.md + - name: Validate and configure Public Key Infrastructure (PKI) + href: hello-cert-trust-validate-pki.md + - name: Prepare and Deploy Active Directory Federation Services (AD FS) + href: hello-cert-trust-adfs.md + - name: Validate and deploy multi-factor authentication (MFA) services + href: hello-cert-trust-validate-deploy-mfa.md + - name: Configure Windows Hello for Business policy settings + href: hello-cert-trust-policy-settings.md - name: Windows Hello for Business features items: - name: Conditional access @@ -139,7 +126,6 @@ href: feature-multifactor-unlock.md - name: Remote desktop (RDP) sign-in href: hello-feature-remote-desktop.md - - name: Troubleshooting items: - name: Known deployment issues @@ -150,8 +136,6 @@ href: hello-event-300.md - name: Windows Hello and password changes href: hello-and-password-changes.md - - - name: Reference items: - name: Technology and terminology diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md index 415ba509b3..0705c591d2 100644 --- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md +++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md @@ -3,7 +3,8 @@ title: WebAuthn APIs description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps. ms.date: 09/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later +ms.topic: article --- # WebAuthn APIs for passwordless authentication on Windows From 8ad290adcc5c22b283bf4b56df2b1e90a19f8d4b Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 18 Nov 2022 16:24:23 -0500 Subject: [PATCH 07/25] updates --- windows/security/identity-protection/hello-for-business/toc.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 775c84d1d6..60d52bc928 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -38,6 +38,7 @@ - name: Manage Windows Hello for Business in your organization href: hello-manage-in-organization.md - name: Deployment guides + items: - name: Cloud-only deployment items: - name: Azure AD join From 3e9b5143c1ae29240159e80e2649496b8d0b6f64 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 18 Nov 2022 16:37:54 -0500 Subject: [PATCH 08/25] updates --- .../feature-multifactor-unlock.md | 2 +- .../hello-aad-join-cloud-only-deploy.md | 2 +- .../hello-adequate-domain-controllers.md | 4 ++-- .../hello-and-password-changes.md | 2 +- .../hello-biometrics-in-enterprise.md | 2 +- .../hello-cert-trust-adfs.md | 4 ++-- .../hello-cert-trust-policy-settings.md | 4 ++-- .../hello-cert-trust-validate-ad-prereq.md | 4 ++-- .../hello-cert-trust-validate-deploy-mfa.md | 4 ++-- .../hello-cert-trust-validate-pki.md | 4 ++-- .../hello-deployment-cert-trust.md | 4 ++-- .../hello-deployment-guide.md | 2 +- .../hello-deployment-issues.md | 2 +- .../hello-deployment-key-trust.md | 2 +- .../hello-deployment-rdp-certs.md | 2 +- .../hello-for-business/hello-event-300.md | 2 +- .../hello-feature-conditional-access.md | 2 +- .../hello-feature-dual-enrollment.md | 2 +- .../hello-feature-dynamic-lock.md | 2 +- .../hello-feature-pin-reset.md | 2 +- .../hello-feature-remote-desktop.md | 2 +- .../hello-how-it-works-authentication.md | 2 +- .../hello-how-it-works-provisioning.md | 2 +- .../hello-how-it-works-technology.md | 2 +- .../hello-for-business/hello-how-it-works.md | 2 +- .../hello-hybrid-aadj-sso-base.md | 2 +- .../hello-hybrid-aadj-sso-cert.md | 2 +- .../hello-hybrid-aadj-sso.md | 2 +- .../hello-hybrid-cert-new-install.md | 2 +- .../hello-hybrid-cert-trust-devreg.md | 2 +- .../hello-hybrid-cert-trust-prereqs.md | 2 +- .../hello-hybrid-cert-trust.md | 2 +- .../hello-hybrid-cert-whfb-provision.md | 2 +- .../hello-hybrid-cert-whfb-settings-ad.md | 2 +- .../hello-hybrid-cert-whfb-settings-adfs.md | 2 +- ...ello-hybrid-cert-whfb-settings-dir-sync.md | 2 +- .../hello-hybrid-cert-whfb-settings-pki.md | 2 +- .../hello-hybrid-cert-whfb-settings-policy.md | 2 +- .../hello-hybrid-cert-whfb-settings.md | 2 +- .../hello-hybrid-key-new-install.md | 2 +- .../hello-hybrid-key-trust-devreg.md | 2 +- .../hello-hybrid-key-trust-dirsync.md | 2 +- .../hello-hybrid-key-trust-prereqs.md | 2 +- .../hello-hybrid-key-trust.md | 2 +- .../hello-hybrid-key-whfb-provision.md | 2 +- .../hello-hybrid-key-whfb-settings-ad.md | 2 +- ...hello-hybrid-key-whfb-settings-dir-sync.md | 2 +- .../hello-hybrid-key-whfb-settings-pki.md | 2 +- .../hello-hybrid-key-whfb-settings-policy.md | 2 +- .../hello-hybrid-key-whfb-settings.md | 2 +- .../hello-identity-verification.md | 2 +- .../hello-key-trust-adfs.md | 2 +- .../hello-key-trust-policy-settings.md | 2 +- .../hello-key-trust-validate-ad-prereq.md | 2 +- .../hello-key-trust-validate-deploy-mfa.md | 2 +- .../hello-key-trust-validate-pki.md | 2 +- .../hello-manage-in-organization.md | 2 +- .../hello-planning-guide.md | 2 +- .../hello-prepare-people-to-use.md | 2 +- .../hello-for-business/hello-videos.md | 2 +- .../hello-why-pin-is-better-than-password.md | 2 +- .../microsoft-compatible-security-key.md | 2 +- .../hello-for-business/reset-security-key.md | 2 +- .../hello-for-business/toc.yml | 24 +++++++++---------- .../hello-for-business/webauthn-apis.md | 2 +- 65 files changed, 82 insertions(+), 84 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index fde0fc3992..33c5c76b9f 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -3,7 +3,7 @@ title: Multi-factor Unlock description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. ms.date: 03/20/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Multi-factor Unlock diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 6a99a599d0..16df43011e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -3,7 +3,7 @@ title: Azure Active Directory join cloud only deployment description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. ms.date: 06/23/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Azure Active Directory join cloud only deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index b2ce704395..485f602211 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -3,8 +3,8 @@ title: Having enough Domain Controllers for Windows Hello for Business deploymen description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments ms.date: 08/20/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later ms.topic: article --- # Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index 7a0295c745..b7b06e3193 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -3,7 +3,7 @@ title: Windows Hello and password changes (Windows) description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello. ms.date: 07/27/2017 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Windows Hello and password changes diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index 5ecf283653..c9bc5a12f3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -3,7 +3,7 @@ title: Windows Hello biometrics in the enterprise (Windows) description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition. ms.date: 01/12/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 2fb31da66e..4a720d9d9d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -3,8 +3,8 @@ title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Bus description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. ms.date: 01/14/2021 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later ms.topic: article --- # Prepare and Deploy Active Directory Federation Services (AD FS) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index e894b561e7..90da4e7cde 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -6,8 +6,8 @@ ms.collection: - highpri ms.date: 08/20/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later ms.topic: article --- # Configure Windows Hello for Business Policy settings - Certificate Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index c2c2a41f96..9899640b91 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -3,8 +3,8 @@ title: Update Active Directory schema for cert-trust deployment (Windows Hello f description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later ms.topic: article --- # Validate Active Directory prerequisites for cert-trust deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index dba5cbd45a..91f416ef25 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -3,8 +3,8 @@ title: Validate and Deploy MFA for Windows Hello for Business with certificate t description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later ms.topic: article --- # Validate and Deploy Multi-Factor Authentication feature diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index b216bfb35b..5e88e54303 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -3,8 +3,8 @@ title: Validate Public Key Infrastructure - certificate trust model (Windows Hel description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later ms.topic: article --- # Validate and Configure Public Key Infrastructure - Certificate Trust Model diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index a59c13f069..63d0769c37 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -3,8 +3,8 @@ title: Windows Hello for Business Deployment Guide - On Premises Certificate Tru description: A guide to on premises, certificate trust Windows Hello for Business deployment. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later -- ✅ Windows Server 2016 and later +- ✅ Windows 10 and later +- ✅ Windows Server 2016 and later ms.topic: article --- # On Premises Certificate Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 04d00df06a..64b6af4819 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -3,7 +3,7 @@ title: Windows Hello for Business Deployment Overview description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. ms.date: 02/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Windows Hello for Business Deployment Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index a215be09ab..8c8fd3b65d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -3,7 +3,7 @@ title: Windows Hello for Business Deployment Known Issues description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues ms.date: 05/03/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Windows Hello for Business Known Deployment Issues diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index e17a8c1519..6dfcd9f952 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -3,7 +3,7 @@ title: Windows Hello for Business Deployment Guide - On Premises Key Deployment description: A guide to on premises, key trust Windows Hello for Business deployment. ms.date: 08/20/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # On Premises Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 584bbc855d..7bc1114aae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -7,7 +7,7 @@ ms.topic: article localizationpriority: medium ms.date: 11/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.technology: itpro-security --- diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index c0ccbc607f..484985c43d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -3,7 +3,7 @@ title: Event ID 300 - Windows Hello successfully created (Windows) description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). ms.date: 07/27/2017 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index 3e2ee4981d..a96e6d66b5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -3,7 +3,7 @@ title: Conditional Access description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory. ms.date: 09/09/2019 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md index d134a1fdcb..adfbe58657 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md @@ -3,7 +3,7 @@ title: Dual Enrollment description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment. ms.date: 09/09/2019 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index d86258cf2a..6bae92fc12 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -3,7 +3,7 @@ title: Dynamic lock description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. ms.date: 07/12/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 5c63324b71..d6a29d0306 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -6,7 +6,7 @@ ms.collection: - highpri ms.date: 07/29/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 9403bbeb15..2281821bdc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -3,7 +3,7 @@ title: Remote Desktop description: Learn how Windows Hello for Business supports using biometrics with remote desktop ms.date: 02/24/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 5fca1bc1d6..27dde9400e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -3,7 +3,7 @@ title: How Windows Hello for Business works - Authentication description: Learn about the authentication flow for Windows Hello for Business. ms.date: 02/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Windows Hello for Business and Authentication diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 976c8459fd..6d250848d5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -3,7 +3,7 @@ title: How Windows Hello for Business works - Provisioning description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. ms.date: 2/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Windows Hello for Business Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index cf67df6de1..ad5eec8634 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -3,7 +3,7 @@ title: How Windows Hello for Business works - technology and terms description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. ms.date: 10/08/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index e0bc567be4..9f3670151c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -3,7 +3,7 @@ title: How Windows Hello for Business works description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. ms.date: 05/05/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # How Windows Hello for Business works in Windows Devices diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 74274d4183..103f9f3d54 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -3,7 +3,7 @@ title: Configure Azure AD-joined devices for On-premises Single-Sign On using Wi description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. ms.date: 01/14/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 5977ab7c96..8a2009474b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -3,7 +3,7 @@ title: Using Certificates for AADJ On-premises Single-sign On single sign-on description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 25b6e5d91a..b999c78a75 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -3,7 +3,7 @@ title: Azure AD Join Single Sign-on Deployment description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Azure AD Join Single Sign-on Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 9f5d90a309..716384d545 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -3,7 +3,7 @@ title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 2c01db0be0..969581b31e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -3,7 +3,7 @@ title: Configure Device Registration for Hybrid Azure AD joined Windows Hello fo description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business) ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index e4dddaeefb..486702561b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -3,7 +3,7 @@ title: Hybrid Azure AD joined Windows Hello for Business Prerequisites description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index aaadd2c4cf..0d762143e4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -3,7 +3,7 @@ title: Hybrid Certificate Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. ms.date: 09/08/2017 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Hybrid Azure AD joined Certificate Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index ea67804dbf..9c92aa6f4f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -3,7 +3,7 @@ title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provi description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index d27e008d03..031c5f69bd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -3,7 +3,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Dire description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 04651f40ca..d9fca2be23 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -3,7 +3,7 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Di description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index b4cf766f7b..8495f69bd7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -3,7 +3,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Syn description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 4fd2ef1de3..d9d1370e3f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -3,7 +3,7 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Ke description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index ac5152a442..d144a84f1e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -3,7 +3,7 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Pol description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index 42dbbcafb5..8b34e2d324 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -3,7 +3,7 @@ title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for B description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 204846a944..32f0d91fc6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -3,7 +3,7 @@ title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installat description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 26fe328e34..e6d1d3275c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -3,7 +3,7 @@ title: Configure Device Registration for Hybrid Azure AD joined key trust Window description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) ms.date: 05/04/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 157585b869..18df532ca9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -3,7 +3,7 @@ title: Configure Directory Synchronization for Hybrid Azure AD joined key trust description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index ce37633adc..17e3fe7e61 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -3,7 +3,7 @@ title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index a9db5107d6..9ab687ded9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -3,7 +3,7 @@ title: Hybrid Key Trust Deployment (Windows Hello for Business) description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario. ms.date: 08/20/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Hybrid Azure AD joined Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 390635c4dd..b5c704fb93 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -3,7 +3,7 @@ title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 6c219fd480..cb30af909d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -3,7 +3,7 @@ title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 8852674b8a..f19aab257d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -3,7 +3,7 @@ title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchroniza description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index e1a57b9819..a824e822fe 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -3,7 +3,7 @@ title: Configure Hybrid Azure AD joined key trust Windows Hello for Business description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI) ms.date: 04/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index bdf29f99c5..333f505d95 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -3,7 +3,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Polic description: Configuring Hybrid key trust Windows Hello for Business - Group Policy ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 40498ce5f7..5e24b6de2c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -3,7 +3,7 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Set description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. ms.date: 4/30/2021 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index d23e4abf56..37b6335a50 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -6,7 +6,7 @@ ms.collection: - highpri ms.date: 2/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 22e8953388..4a8dc18965 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -3,7 +3,7 @@ title: Prepare & Deploy Windows Active Directory Federation Services with key tr description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 7aea4d2c52..c618365d4e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -3,7 +3,7 @@ title: Configure Windows Hello for Business Policy settings - key trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Configure Windows Hello for Business Policy settings - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index f0449f0dcd..57080612a2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -3,7 +3,7 @@ title: Key registration for on-premises deployment of Windows Hello for Business description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Validate Active Directory prerequisites - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 8e9a050f0e..046acb3df3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -3,7 +3,7 @@ title: Validate and Deploy MFA for Windows Hello for Business with key trust description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Validate and Deploy Multifactor Authentication (MFA) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 808271c0a5..c3a9226714 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -3,7 +3,7 @@ title: Validate Public Key Infrastructure - key trust model (Windows Hello for B description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Validate and Configure Public Key Infrastructure - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index f48ff8146e..2d83fca7b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -6,7 +6,7 @@ ms.collection: - highpri ms.date: 2/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 523cce8b4c..c3c5912b26 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -3,7 +3,7 @@ title: Planning a Windows Hello for Business Deployment description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. ms.date: 09/16/2020 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Planning a Windows Hello for Business Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index b3b3484a6d..69e4a380e5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -3,7 +3,7 @@ title: Prepare people to use Windows Hello (Windows) description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization. ms.date: 08/19/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Prepare people to use Windows Hello diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 4b3c90c925..bf6f5a4ea0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -3,7 +3,7 @@ title: Windows Hello for Business Videos description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11. ms.date: 07/26/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Windows Hello for Business Videos diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 6828d7f5a7..f2ba4fd368 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -6,7 +6,7 @@ ms.collection: - highpri ms.date: 10/23/2017 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # Why a PIN is better than an online password diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index c9fcb9eb7e..6d5ad8dea5 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -3,7 +3,7 @@ title: Microsoft-compatible security key description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. ms.date: 11/14/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # What is a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 506d9207d0..366a317f73 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -3,7 +3,7 @@ title: Reset-security-key description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key ms.date: 11/14/2018 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # How to reset a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 60d52bc928..280ba77b63 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -1,12 +1,10 @@ - name: Windows Hello for Business documentation href: index.yml -- name: Overview - items: - - name: Windows Hello for Business overview - href: hello-overview.md - name: Concepts expanded: true items: + - name: Windows Hello for Business overview + href: hello-overview.md - name: Passwordless strategy href: passwordless-strategy.md - name: Why a PIN is better than a password @@ -23,7 +21,7 @@ href: hello-how-it-works-authentication.md - name: WebAuthn APIs href: webauthn-apis.md -- name: How-to Guides +- name: Deployment guides items: - name: Windows Hello for Business deployment overview href: hello-deployment-guide.md @@ -31,14 +29,6 @@ href: hello-planning-guide.md - name: Deployment prerequisite overview href: hello-identity-verification.md - - name: Prepare people to use Windows Hello - href: hello-prepare-people-to-use.md - - name: Deploy certificates for RDP sign-in - href: hello-deployment-rdp-certs.md - - name: Manage Windows Hello for Business in your organization - href: hello-manage-in-organization.md -- name: Deployment guides - items: - name: Cloud-only deployment items: - name: Azure AD join @@ -113,6 +103,14 @@ href: hello-cert-trust-validate-deploy-mfa.md - name: Configure Windows Hello for Business policy settings href: hello-cert-trust-policy-settings.md +- name: How-to Guides + items: + - name: Prepare people to use Windows Hello + href: hello-prepare-people-to-use.md + - name: Deploy certificates for RDP sign-in + href: hello-deployment-rdp-certs.md + - name: Manage Windows Hello for Business in your organization + href: hello-manage-in-organization.md - name: Windows Hello for Business features items: - name: Conditional access diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md index 0705c591d2..534fddf6ee 100644 --- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md +++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md @@ -3,7 +3,7 @@ title: WebAuthn APIs description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps. ms.date: 09/15/2022 appliesto: -- ✅ Windows 10 and later +- ✅ Windows 10 and later ms.topic: article --- # WebAuthn APIs for passwordless authentication on Windows From 3ea739705e1959ad2dba8b4cb26bb8c2d623bfb2 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:21:20 -0500 Subject: [PATCH 09/25] updates --- .../hello-for-business/hello-aad-join-cloud-only-deploy.md | 6 +++++- .../hello-for-business/hello-feature-pin-reset.md | 6 +++++- .../security/identity-protection/hello-for-business/toc.yml | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 16df43011e..c2cc43c54d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -62,7 +62,11 @@ If you don't use Intune in your organization, then you can disable Windows Hello Intune uses the following registry keys: **`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\\Device\Policies`** -To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) +To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following: + +```msgraph-interactive +GET https://graph.microsoft.com/v1.0/organization?$select=id +``` These registry settings are pushed from Intune for user policies: diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index d6a29d0306..fae8a14f05 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -172,7 +172,11 @@ You can configure Windows devices to use the **Microsoft PIN Reset Service** usi - Value: **True** >[!NOTE] -> You must replace `TenantId` with the identifier of your Azure Active Directory tenant. +> You must replace `TenantId` with the identifier of your Azure Active Directory tenant. To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following: + +```msgraph-interactive +GET https://graph.microsoft.com/v1.0/organization?$select=id +``` --- diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 280ba77b63..4cb9fc2b8e 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -73,7 +73,7 @@ href: hello-hybrid-cert-whfb-settings.md - name: Sign-in and provisioning href: hello-hybrid-cert-whfb-provision.md - - name: Oon-premises deployments + - name: On-premises deployments items: - name: Key trust deployment items: From 2e4296f8d6e8bff54375704ebf68a946b0a81fd5 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 08:26:12 -0500 Subject: [PATCH 10/25] updates --- windows/security/docfx.json | 6 +++--- .../hello-hybrid-cloud-kerberos-trust.md | 2 +- .../identity-protection/hello-for-business/toc.yml | 12 ++++++++++++ 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/windows/security/docfx.json b/windows/security/docfx.json index b923e0d70f..8484e3b795 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -65,13 +65,13 @@ }, "fileMetadata": { "author":{ - "/identity-protection/hello-for-business/*.md": "paolomatarazzo" + "identity-protection/hello-for-business/**/*.md": "paolomatarazzo" }, "ms.author":{ - "/identity-protection/hello-for-business/*.md": "paoloma" + "identity-protection/hello-for-business/**/*.md": "paoloma" }, "ms.reviewer":{ - "/identity-protection/hello-for-business/*.md": "erikdau" + "identity-protection/hello-for-business/**/*.md": "erikdau" } }, "template": [], diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index 758dbbe371..05694db88f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -3,7 +3,7 @@ title: Hybrid cloud Kerberos trust deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario. ms.date: 11/1/2022 appliesto: -- ✅ Windows 10, version 21H2 and later +- ✅ Windows 10, version 21H2 and later ms.topic: article --- # Hybrid cloud Kerberos trust deployment diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 4cb9fc2b8e..d7613158b8 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -70,7 +70,19 @@ - name: Configure Azure AD device registration href: hello-hybrid-cert-trust-devreg.md - name: Configure Windows Hello for Business settings + items: + - name: Overview href: hello-hybrid-cert-whfb-settings.md + - name: Configure Active Directory + href: hello-hybrid-cert-whfb-settings-ad.md + - name: Configure Azure AD Connect Sync + href: hello-hybrid-cert-whfb-settings-dir-sync.md + - name: Configure PKI + href: hello-hybrid-cert-whfb-settings-pki.md + - name: Configure AD FS + href: hello-hybrid-cert-whfb-settings-adfs.md + - name: Confire Group Policy settings + href: hello-hybrid-cert-whfb-settings-policy.md - name: Sign-in and provisioning href: hello-hybrid-cert-whfb-provision.md - name: On-premises deployments From 8694b9de3c5c310ea41b234915717682ff03e74c Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 09:40:24 -0500 Subject: [PATCH 11/25] updates --- .../hello-for-business/toc.yml | 34 +++++++++++++------ 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index d7613158b8..b6f31685e8 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -56,8 +56,18 @@ - name: Configure Azure AD device registration href: hello-hybrid-key-trust-devreg.md - name: Configure Windows Hello for Business settings - href: hello-hybrid-key-whfb-settings.md - - name: Sign-in and provisioning + items: + - name: Overview + href: hello-hybrid-key-whfb-settings.md + - name: Configure Active Directory + href: hello-hybrid-key-whfb-settings-ad.md + - name: Configure Azure AD Connect Sync + href: hello-hybrid-key-whfb-settings-dir-sync.md + - name: Configure PKI + href: hello-hybrid-key-whfb-settings-pki.md + - name: Configure Group Policy settings + href: hello-hybrid-key-whfb-settings-policy.md + - name: Sign-in and provision Windows Hello for Business href: hello-hybrid-key-whfb-provision.md - name: Certificate trust deployment items: @@ -72,19 +82,19 @@ - name: Configure Windows Hello for Business settings items: - name: Overview - href: hello-hybrid-cert-whfb-settings.md + href: hello-hybrid-cert-whfb-settings.md - name: Configure Active Directory - href: hello-hybrid-cert-whfb-settings-ad.md + href: hello-hybrid-cert-whfb-settings-ad.md - name: Configure Azure AD Connect Sync - href: hello-hybrid-cert-whfb-settings-dir-sync.md + href: hello-hybrid-cert-whfb-settings-dir-sync.md - name: Configure PKI - href: hello-hybrid-cert-whfb-settings-pki.md + href: hello-hybrid-cert-whfb-settings-pki.md - name: Configure AD FS - href: hello-hybrid-cert-whfb-settings-adfs.md - - name: Confire Group Policy settings - href: hello-hybrid-cert-whfb-settings-policy.md - - name: Sign-in and provisioning - href: hello-hybrid-cert-whfb-provision.md + href: hello-hybrid-cert-whfb-settings-adfs.md + - name: Configure Group Policy settings + href: hello-hybrid-cert-whfb-settings-policy.md + - name: Sign-in and provision Windows Hello for Business + href: hello-hybrid-cert-whfb-provision.md - name: On-premises deployments items: - name: Key trust deployment @@ -151,6 +161,8 @@ items: - name: Technology and terminology href: hello-how-it-works-technology.md + - name: How many Domain Controllers? + href: hello-adequate-domain-controllers.md - name: Frequently Asked Questions (FAQ) href: hello-faq.yml - name: Windows Hello for Business videos From cab8a87ac61d2f110cb455ed9f7f4f2ccd95925a Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 09:50:00 -0500 Subject: [PATCH 12/25] updates --- windows/security/identity-protection/hello-for-business/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index b6f31685e8..e76276cdca 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -94,7 +94,7 @@ - name: Configure Group Policy settings href: hello-hybrid-cert-whfb-settings-policy.md - name: Sign-in and provision Windows Hello for Business - href: hello-hybrid-cert-whfb-provision.md + href: hello-hybrid-cert-whfb-provision.md - name: On-premises deployments items: - name: Key trust deployment From 2a74e340ca393411b5df5fa5f26e6847a3e149dd Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 11:18:34 -0500 Subject: [PATCH 13/25] updates --- .../hello-for-business/hello-cert-trust-adfs.md | 2 ++ .../hello-cert-trust-policy-settings.md | 2 ++ .../hello-cert-trust-validate-ad-prereq.md | 2 ++ .../hello-cert-trust-validate-deploy-mfa.md | 2 ++ .../hello-for-business/hello-cert-trust-validate-pki.md | 2 ++ .../hello-for-business/hello-deployment-cert-trust.md | 2 ++ .../hello-for-business/hello-hybrid-cert-new-install.md | 2 ++ .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 2 ++ .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 ++ .../hello-for-business/hello-hybrid-cert-trust.md | 2 ++ .../hello-hybrid-cert-whfb-provision.md | 2 ++ .../hello-hybrid-cert-whfb-settings-ad.md | 2 ++ .../hello-hybrid-cert-whfb-settings-adfs.md | 2 ++ .../hello-hybrid-cert-whfb-settings-dir-sync.md | 2 ++ .../hello-hybrid-cert-whfb-settings-pki.md | 2 ++ .../hello-hybrid-cert-whfb-settings-policy.md | 1 + .../hello-for-business/hello-hybrid-cert-whfb-settings.md | 2 ++ windows/security/includes/hello-hybrid-cert-trust-aad.md | 8 ++++++++ windows/security/includes/hello-hybrid-cert-trust-ad.md | 8 ++++++++ windows/security/includes/hello-hybrid-cert-trust.md | 8 ++++++++ windows/security/includes/hello-on-premises-cert-trust.md | 8 ++++++++ 21 files changed, 65 insertions(+) create mode 100644 windows/security/includes/hello-hybrid-cert-trust-aad.md create mode 100644 windows/security/includes/hello-hybrid-cert-trust-ad.md create mode 100644 windows/security/includes/hello-hybrid-cert-trust.md create mode 100644 windows/security/includes/hello-on-premises-cert-trust.md diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 4a720d9d9d..3486c444df 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -110,6 +110,8 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. ## Review & validate +[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)] + Before you continue with the deployment, validate your deployment progress by reviewing the following items: - Confirm the AD FS farm uses the correct database configuration. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index 90da4e7cde..bde42599c7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -12,6 +12,8 @@ ms.topic: article --- # Configure Windows Hello for Business Policy settings - Certificate Trust +[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)] + To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10 or later. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 9899640b91..af56ffb943 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -9,6 +9,8 @@ ms.topic: article --- # Validate Active Directory prerequisites for cert-trust deployment +[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)] + The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 91f416ef25..28d010fbd8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -9,6 +9,8 @@ ms.topic: article --- # Validate and Deploy Multi-Factor Authentication feature +[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)] + Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option. For information on available third-party authentication methods, see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method, see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 5e88e54303..4b692280e1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -9,6 +9,8 @@ ms.topic: article --- # Validate and Configure Public Key Infrastructure - Certificate Trust Model +[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)] + Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate. ## Deploy an enterprise certificate authority diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index 63d0769c37..115a1041e1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -9,6 +9,8 @@ ms.topic: article --- # On Premises Certificate Trust Deployment +[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)] + Windows Hello for Business replaces username and password sign-in to Windows with authentication using an asymmetric key pair. This deployment guide provides the information you'll need to successfully deploy Windows Hello for Business in an existing environment. Below, you can find all the information needed to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 716384d545..234f257566 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -8,6 +8,8 @@ ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid certificate trust deployments of Windows Hello for Business rely on these technologies - [Active Directory](#active-directory) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 969581b31e..997dbea6e9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -8,6 +8,8 @@ ms.topic: article --- # Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust-ad.md)] + Your environment is federated and you're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication. > [!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 486702561b..56e0d50918 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -8,6 +8,8 @@ ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Prerequisites +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 0d762143e4..caf8cfe867 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -8,6 +8,8 @@ ms.topic: article --- # Hybrid Azure AD joined Certificate Trust Deployment +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 9c92aa6f4f..fa4284edd5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -8,6 +8,8 @@ ms.topic: article --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + ## Provisioning The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 031c5f69bd..748cc46a44 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -8,6 +8,8 @@ ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema. ### Creating Security Groups diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index d9fca2be23..83988357c9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -8,6 +8,8 @@ ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + ## Federation Services The Windows Server 2016 Active Directory Federation Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 8495f69bd7..5002843385 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -9,6 +9,8 @@ ms.topic: article # Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + ## Directory Synchronization In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index d9d1370e3f..98725d74b3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -9,6 +9,8 @@ ms.topic: article # Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly-issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows between them and the client computer. All deployments use enterprise issued certificates for domain controllers as a root of trust. Hybrid certificate trust deployments issue users with a sign-in certificate that enables them to authenticate using Windows Hello for Business credentials to non-Windows Server 2016 domain controllers. Additionally, hybrid certificate trust deployments issue certificates to registration authorities to provide defense-in-depth security when issuing user authentication certificates. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index d144a84f1e..ad8ff6984f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -8,6 +8,7 @@ ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust-ad.md)] ## Policy Configuration diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index 8b34e2d324..360f679614 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -8,6 +8,8 @@ ms.topic: article --- # Configure Hybrid Azure AD joined Windows Hello for Business +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)] + Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model. > [!IMPORTANT] > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment. diff --git a/windows/security/includes/hello-hybrid-cert-trust-aad.md b/windows/security/includes/hello-hybrid-cert-trust-aad.md new file mode 100644 index 0000000000..e80912d8b9 --- /dev/null +++ b/windows/security/includes/hello-hybrid-cert-trust-aad.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\ +✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join) + +
+ +--- diff --git a/windows/security/includes/hello-hybrid-cert-trust-ad.md b/windows/security/includes/hello-hybrid-cert-trust-ad.md new file mode 100644 index 0000000000..4ef97bd233 --- /dev/null +++ b/windows/security/includes/hello-hybrid-cert-trust-ad.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\ +✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join) + +
+ +--- diff --git a/windows/security/includes/hello-hybrid-cert-trust.md b/windows/security/includes/hello-hybrid-cert-trust.md new file mode 100644 index 0000000000..77a897f264 --- /dev/null +++ b/windows/security/includes/hello-hybrid-cert-trust.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\ +✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join) + +
+ +--- diff --git a/windows/security/includes/hello-on-premises-cert-trust.md b/windows/security/includes/hello-on-premises-cert-trust.md new file mode 100644 index 0000000000..2cc01ac3ac --- /dev/null +++ b/windows/security/includes/hello-on-premises-cert-trust.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\ +✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\ +✅ **Device registration type:** Active Directory domain join + +
+ +--- From cf49e1a8cda433f8198c295359f3aebbe72df279 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 12:11:09 -0500 Subject: [PATCH 14/25] updates --- .../hello-hybrid-aadj-sso-base.md | 3 +++ .../hello-hybrid-aadj-sso-cert.md | 2 ++ .../hello-hybrid-cloud-kerberos-trust.md | 5 +---- .../microsoft-compatible-security-key.md | 0 .../{ => retired}/reset-security-key.md | 0 .../hello-for-business/toc.yml | 18 ++++++++---------- .../includes/hello-hybrid-cloudkerb-trust.md | 8 ++++++++ .../includes/hello-hybrid-keycert-trust-aad.md | 7 +++++++ windows/security/includes/hello-template.md | 15 --------------- 9 files changed, 29 insertions(+), 29 deletions(-) rename windows/security/identity-protection/hello-for-business/{ => retired}/microsoft-compatible-security-key.md (100%) rename windows/security/identity-protection/hello-for-business/{ => retired}/reset-security-key.md (100%) create mode 100644 windows/security/includes/hello-hybrid-cloudkerb-trust.md create mode 100644 windows/security/includes/hello-hybrid-keycert-trust-aad.md delete mode 100644 windows/security/includes/hello-template.md diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 103f9f3d54..a53b5977d6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -7,6 +7,9 @@ appliesto: ms.topic: article --- # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business + +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)] + ## Prerequisites Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices. Unlike hybrid Azure AD-joined devices, Azure AD-joined devices don't have a relationship with your Active Directory domain. This factor changes the way in which users authenticate to Active Directory. Validate the following configurations to ensure they support Azure AD-joined devices. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 8a2009474b..84377c36b5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -9,6 +9,8 @@ ms.topic: article # Using Certificates for AADJ On-premises Single-sign On +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)] + If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices. > [!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index 05694db88f..4b65d68e29 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -8,10 +8,7 @@ ms.topic: article --- # Hybrid cloud Kerberos trust deployment -This document describes Windows Hello for Business functionalities or scenarios that apply to:\ -✅ **Deployment type:** [hybrid](hello-how-it-works-technology.md#hybrid-deployment)\ -✅ **Trust type:** [cloud Kerberos trust](hello-hybrid-cloud-kerberos-trust.md)\ -✅ **Device registration type:** [Azure AD join](hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](hello-how-it-works-technology.md#hybrid-azure-ad-join) +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cloudkerb-trust.md)]
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md similarity index 100% rename from windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md rename to windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/retired/reset-security-key.md similarity index 100% rename from windows/security/identity-protection/hello-for-business/reset-security-key.md rename to windows/security/identity-protection/hello-for-business/retired/reset-security-key.md diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index e76276cdca..732561a038 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -13,14 +13,6 @@ href: hello-biometrics-in-enterprise.md - name: How Windows Hello for Business works href: hello-how-it-works.md - - name: Technical deep dive - items: - - name: Provisioning - href: hello-how-it-works-provisioning.md - - name: Authentication - href: hello-how-it-works-authentication.md - - name: WebAuthn APIs - href: webauthn-apis.md - name: Deployment guides items: - name: Windows Hello for Business deployment overview @@ -125,6 +117,8 @@ href: hello-cert-trust-validate-deploy-mfa.md - name: Configure Windows Hello for Business policy settings href: hello-cert-trust-policy-settings.md + - name: Planning for Domain Controller load + href: hello-adequate-domain-controllers.md - name: How-to Guides items: - name: Prepare people to use Windows Hello @@ -159,10 +153,14 @@ href: hello-and-password-changes.md - name: Reference items: + - name: How Windows Hello for Business provisioning works + href: hello-how-it-works-provisioning.md + - name: How Windows Hello for Business authentication works + href: hello-how-it-works-authentication.md + - name: WebAuthn APIs + href: webauthn-apis.md - name: Technology and terminology href: hello-how-it-works-technology.md - - name: How many Domain Controllers? - href: hello-adequate-domain-controllers.md - name: Frequently Asked Questions (FAQ) href: hello-faq.yml - name: Windows Hello for Business videos diff --git a/windows/security/includes/hello-hybrid-cloudkerb-trust.md b/windows/security/includes/hello-hybrid-cloudkerb-trust.md new file mode 100644 index 0000000000..4f68be791b --- /dev/null +++ b/windows/security/includes/hello-hybrid-cloudkerb-trust.md @@ -0,0 +1,8 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\ +✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join) + +
+ +--- diff --git a/windows/security/includes/hello-hybrid-keycert-trust-aad.md b/windows/security/includes/hello-hybrid-keycert-trust-aad.md new file mode 100644 index 0000000000..a8d82200d3 --- /dev/null +++ b/windows/security/includes/hello-hybrid-keycert-trust-aad.md @@ -0,0 +1,7 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ +✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust), [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\ +✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join) +
+ +--- diff --git a/windows/security/includes/hello-template.md b/windows/security/includes/hello-template.md deleted file mode 100644 index 8bf862c83f..0000000000 --- a/windows/security/includes/hello-template.md +++ /dev/null @@ -1,15 +0,0 @@ -This document describes Windows Hello for Business functionalities or scenarios that apply to:\ -✅ **Deployment type:** [cloud-only](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ -✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\ -✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\ -✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\ -✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\ -✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\ -✅ **Device registration type:** Active Directory domain join\ -✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)\ -✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)\ -✅ **Device registration type:** [Azure AD registration](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-ad-registration) - -
- ---- From c84d7277f463bddd4668be0cce0b145638027cef Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 12:26:49 -0500 Subject: [PATCH 15/25] updates --- .../{retired => }/microsoft-compatible-security-key.md | 0 .../hello-for-business/{retired => }/reset-security-key.md | 0 windows/security/identity-protection/hello-for-business/toc.yml | 2 ++ 3 files changed, 2 insertions(+) rename windows/security/identity-protection/hello-for-business/{retired => }/microsoft-compatible-security-key.md (100%) rename windows/security/identity-protection/hello-for-business/{retired => }/reset-security-key.md (100%) diff --git a/windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md similarity index 100% rename from windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md rename to windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md diff --git a/windows/security/identity-protection/hello-for-business/retired/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md similarity index 100% rename from windows/security/identity-protection/hello-for-business/retired/reset-security-key.md rename to windows/security/identity-protection/hello-for-business/reset-security-key.md diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 732561a038..f24629b2cc 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -87,6 +87,8 @@ href: hello-hybrid-cert-whfb-settings-policy.md - name: Sign-in and provision Windows Hello for Business href: hello-hybrid-cert-whfb-provision.md + - name: Planning for Domain Controller load + href: hello-adequate-domain-controllers.md - name: On-premises deployments items: - name: Key trust deployment From 48ebceb97a627962cbdc5cc3c2137f7c42a26818 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 12:39:40 -0500 Subject: [PATCH 16/25] updates --- .../hello-for-business/hello-aad-join-cloud-only-deploy.md | 2 ++ .../hello-hybrid-cloud-kerberos-trust.md | 4 ---- .../identity-protection/hello-for-business/toc.yml | 4 ++-- windows/security/includes/hello-cloud.md | 7 +++++++ 4 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 windows/security/includes/hello-cloud.md diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index c2cc43c54d..6912ee4dba 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -8,6 +8,8 @@ ms.topic: article --- # Azure Active Directory join cloud only deployment +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-cloud.md)] + ## Introduction When you Azure Active Directory (Azure AD) join a Windows device, the system prompts you to enroll in Windows Hello for Business by default. If you want to use Windows Hello for Business in your cloud-only environment, then there's no additional configuration needed. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index 4b65d68e29..d8063e6127 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -10,10 +10,6 @@ ms.topic: article [!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cloudkerb-trust.md)] -
- ---- - Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario. ## Introduction to cloud Kerberos trust diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index f24629b2cc..17c221406d 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -121,12 +121,12 @@ href: hello-cert-trust-policy-settings.md - name: Planning for Domain Controller load href: hello-adequate-domain-controllers.md + - name: Deploy certificates for remote desktop (RDP) sign-in + href: hello-deployment-rdp-certs.md - name: How-to Guides items: - name: Prepare people to use Windows Hello href: hello-prepare-people-to-use.md - - name: Deploy certificates for RDP sign-in - href: hello-deployment-rdp-certs.md - name: Manage Windows Hello for Business in your organization href: hello-manage-in-organization.md - name: Windows Hello for Business features diff --git a/windows/security/includes/hello-cloud.md b/windows/security/includes/hello-cloud.md new file mode 100644 index 0000000000..c40ed1027c --- /dev/null +++ b/windows/security/includes/hello-cloud.md @@ -0,0 +1,7 @@ +This document describes Windows Hello for Business functionalities or scenarios that apply to:\ +✅ **Deployment type:** [cloud](../identity-protection/hello-for-business/hello-how-it-works-technology.md#cloud-deployment)\ +✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join) + +
+ +--- From f454f46e445cda3c5d4c530de8fff08d8329755a Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 13:47:03 -0500 Subject: [PATCH 17/25] updates --- .../hello-hybrid-aadj-sso-cert.md | 4 ++-- .../hello-hybrid-aadj-sso.md | 2 ++ .../hello-for-business/toc.yml | 20 ++++++++++--------- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 84377c36b5..1b222da4f8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -1,5 +1,5 @@ --- -title: Using Certificates for AADJ On-premises Single-sign On single sign-on +title: Use Certificates to enable SSO for Azure AD join devices description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. ms.date: 08/19/2018 appliesto: @@ -9,7 +9,7 @@ ms.topic: article # Using Certificates for AADJ On-premises Single-sign On -[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)] +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust-aad.md)] If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index b999c78a75..1acc6aa213 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -8,6 +8,8 @@ ms.topic: article --- # Azure AD Join Single Sign-on Deployment +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)] + Windows Hello for Business combined with Azure Active Directory-joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD-joined devices may need to access these resources. With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory-joined devices using Windows Hello for Business, using a key or a certificate. ## Key vs. Certificate diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 17c221406d..4a54576434 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -22,15 +22,7 @@ - name: Deployment prerequisite overview href: hello-identity-verification.md - name: Cloud-only deployment - items: - - name: Azure AD join - href: hello-aad-join-cloud-only-deploy.md - - name: On-premises SSO for Azure AD joined devices - href: hello-hybrid-aadj-sso.md - - name: Configure Azure AD joined devices for on-premises SSO - href: hello-hybrid-aadj-sso-base.md - - name: Using certificates for on-premises SSO - href: hello-hybrid-aadj-sso-cert.md + href: hello-aad-join-cloud-only-deploy.md - name: Hybrid deployments items: - name: Cloud Kerberos trust deployment @@ -61,6 +53,10 @@ href: hello-hybrid-key-whfb-settings-policy.md - name: Sign-in and provision Windows Hello for Business href: hello-hybrid-key-whfb-provision.md + - name: On-premises SSO for Azure AD joined devices + href: hello-hybrid-aadj-sso.md + - name: Configure Azure AD joined devices for on-premises SSO + href: hello-hybrid-aadj-sso-base.md - name: Certificate trust deployment items: - name: Overview @@ -87,6 +83,12 @@ href: hello-hybrid-cert-whfb-settings-policy.md - name: Sign-in and provision Windows Hello for Business href: hello-hybrid-cert-whfb-provision.md + - name: On-premises SSO for Azure AD joined devices + href: hello-hybrid-aadj-sso.md + - name: Configure Azure AD joined devices for on-premises SSO + href: hello-hybrid-aadj-sso-base.md + - name: Using certificates for on-premises SSO + href: hello-hybrid-aadj-sso-cert.md - name: Planning for Domain Controller load href: hello-adequate-domain-controllers.md - name: On-premises deployments From d1641e9f8e6b43dba952448f68a2619992d67771 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 21 Nov 2022 15:05:53 -0500 Subject: [PATCH 18/25] updates --- .../hello-for-business/hello-aad-join-cloud-only-deploy.md | 2 +- .../hello-for-business/hello-feature-pin-reset.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 6912ee4dba..721ddca258 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -64,7 +64,7 @@ If you don't use Intune in your organization, then you can disable Windows Hello Intune uses the following registry keys: **`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Policies\PassportForWork\\Device\Policies`** -To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following: +To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following, ensuring to sign-in with your organization's account: ```msgraph-interactive GET https://graph.microsoft.com/v1.0/organization?$select=id diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index fae8a14f05..313ef05f54 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -172,7 +172,7 @@ You can configure Windows devices to use the **Microsoft PIN Reset Service** usi - Value: **True** >[!NOTE] -> You must replace `TenantId` with the identifier of your Azure Active Directory tenant. To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following: +> You must replace `TenantId` with the identifier of your Azure Active Directory tenant. To look up your Tenant ID, see [How to find your Azure Active Directory tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) or try the following, ensuring to sign-in with your organization's account:: ```msgraph-interactive GET https://graph.microsoft.com/v1.0/organization?$select=id From 5a1f8e4d10a65b762aba1d2eefcb76985db694dc Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 21 Nov 2022 15:25:58 -0700 Subject: [PATCH 19/25] Update toc.yml Add blank line 172. --- .../security/identity-protection/hello-for-business/toc.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 4a54576434..502a196109 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -168,4 +168,5 @@ - name: Frequently Asked Questions (FAQ) href: hello-faq.yml - name: Windows Hello for Business videos - href: hello-videos.md \ No newline at end of file + href: hello-videos.md + From a41e782b47ed3f7049dd009ed53528422d4329fb Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 01:57:13 +0530 Subject: [PATCH 20/25] Update enable-virtualization-based-protection-of-code-integrity.md Made changes to the document as *Win32\_DeviceGuard* WMI class is available in Win 11 pro. @vinaypamnani-msft I have not been able to check with win10 pro though. However, the user states that it appears to be present. fixes #https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10998 --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 634bbc6d29..8e5b846c1c 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -205,7 +205,7 @@ Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windo ``` > [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10 and Windows 11. +> The *Win32\_DeviceGuard* WMI class is only available on the Professional & Enterprise edition of Windows 10 and Windows 11. > [!NOTE] > Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2. From e0b4a3aab67721d90ed68cb9bcc35900ccdbb93a Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 16:51:17 +0530 Subject: [PATCH 21/25] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 8e5b846c1c..1078f160f2 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -205,7 +205,7 @@ Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windo ``` > [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Professional & Enterprise edition of Windows 10 and Windows 11. +> The *Win32\_DeviceGuard* WMI class is only available on the Professional and Enterprise editions of Windows 10 and Windows 11. > [!NOTE] > Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2. From e82efe9be8ea6fde8d48c296169a03764d8de90d Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 17:00:33 +0530 Subject: [PATCH 22/25] Update hello-deployment-rdp-certs.md Made changes to Subject Alternative Name fixes #https://github.com/MicrosoftDocs/windows-itpro-docs/issues/11053 --- .../hello-for-business/hello-deployment-rdp-certs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 282264de1e..62a2a4eb41 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -139,7 +139,7 @@ This section describes how to configure a SCEP policy in Intune. Similar steps c | --- | --- | |*Certificate Type*| User | |*Subject name format* | `CN={{UserPrincipalName}}` | - |*Subject alternative name* |From the dropdown, select **User principal name (UPN)** with a value of `CN={{UserPrincipalName}}` + |*Subject alternative name* |From the dropdown, select **User principal name (UPN)** with a value of `{{UserPrincipalName}}` |*Certificate validity period* | Configure a value of your choosing| |*Key storage provider (KSP)* | **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** |*Key usage*| **Digital Signature**| @@ -198,4 +198,4 @@ After obtaining a certificate, users can RDP to any Windows devices in the same [MEM-5]: /mem/intune/protect/certificates-trusted-root [MEM-6]: /mem/intune/protect/certificate-authority-add-scep-overview -[HTTP-1]: https://www.powershellgallery.com/packages/Generate-CertificateRequest \ No newline at end of file +[HTTP-1]: https://www.powershellgallery.com/packages/Generate-CertificateRequest From e0babf5136244eebb2ba18a0faf518e8154b2838 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 21:37:04 +0530 Subject: [PATCH 23/25] Update enable-virtualization-based-protection-of-code-integrity.md Made change per author. --- ...enable-virtualization-based-protection-of-code-integrity.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 1078f160f2..b322223819 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -204,9 +204,6 @@ Windows 10, Windows 11, and Windows Server 2016 have a WMI class for related pro Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard ``` -> [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Professional and Enterprise editions of Windows 10 and Windows 11. - > [!NOTE] > Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2. From f5d01d9a957064cd67beff281a5c6b1414331168 Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 23 Nov 2022 09:49:18 -0800 Subject: [PATCH 24/25] Removing as per Mounica. --- .../prepare/windows-autopatch-fix-issues.md | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index 01a4100390..f73d12c221 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -72,27 +72,3 @@ Windows Autopatch requires the following licenses: | Result | Meaning | | ----- | ----- | | Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium, and Microsoft Intune are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). | - -## Submit a support request - -> [!IMPORTANT] -> Make sure you've [added and verified your admin contacts](../deploy/windows-autopatch-admin-contacts.md). The Windows Autopatch Service Engineering Team will contact these individuals for assistance with troubleshooting issues. - -If you need more assistance with tenant enrollment, you can submit support tickets to the Windows Autopatch Service Engineering Team in the Windows Autopatch enrollment tool. Email is the recommended approach to interact with the Windows Autopatch Service Engineering Team. - -**To submit a new support request:** - -1. If the Readiness assessment tool fails, remediation steps can be found by selecting **View details** under **Management settings** and then selecting the individual check. The **Contact Support** button will be available below remediation instructions in the fly-in-pane. -2. Enter your question(s) and/or a description of the problem. -3. Review all the information you provided for accuracy. -4. When you're ready, select **Create**. - -### Manage an active support request - -The primary contact for the support request will receive email notifications when a case is created, assigned to a service engineer to investigate, and mitigated. If you have a question about the case, the best way to get in touch is to reply directly to one of the emails. If we have questions about your request or need more details, we'll email the primary contact listed in the support request. - -**To view all your active pre-enrollment support requests:** - -1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu. -1. In the **Windows Autopatch** section, select **Tenant Enrollment**. -1. Select the **Support history** tab. You can view the list of all support cases, or select an individual case to view the details. From 13b67daca3f0a8de0fe7b6612efeacee27a385bd Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Wed, 23 Nov 2022 09:54:01 -0800 Subject: [PATCH 25/25] Fix link. --- .../windows-autopatch/prepare/windows-autopatch-fix-issues.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md index f73d12c221..854b107c86 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md @@ -14,9 +14,7 @@ msreviewer: hathind # Fix issues found by the Readiness assessment tool -Seeing issues with your tenant? This article details how to remediate issues found with your tenant. - -If you need more assistance with tenant enrollment, you can submit a [tenant enrollment support request](#submit-a-support-request). +Seeing issues with your tenant? This article details how to remediate issues found with your tenant. ## Check results