deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update images and descriptions in how-it-works.md

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-01-08 12:22:19 -05:00
parent 92730fcb63
commit febf96bff1
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
windows/security/identity-protection/hello-for-business/how-it-works.md
View File

@ -24,7 +24,8 @@ Windows Hello for Business is a distributed system that requires multiple techno
:::row::: :::row:::
:::column span="1"::: :::column span="1":::
**Device Registration** **Device Registration**
:::image type="content" source="images/howitworks/device-registration.png" alt-text="Icon representing the device registration phase.":::
:::image type="content" source="images/howitworks/device-registration.png" alt-text="Icon representing the device registration phase." border="false":::
:::column-end::: :::column-end:::
:::column span="3"::: :::column span="3":::
Registration is a prerequisite for Windows Hello for Business. Without device registration, Windows Hello for Business provisioning cannot start. Registration is a prerequisite for Windows Hello for Business. Without device registration, Windows Hello for Business provisioning cannot start.
@ -35,7 +36,8 @@ Windows Hello for Business is a distributed system that requires multiple techno
:::row::: :::row:::
:::column span="1"::: :::column span="1":::
**Provisioning** **Provisioning**
:::image type="content" source="images/howitworks/provisioning.png" alt-text="Icon representing the provisioning phase.":::
:::image type="content" source="images/howitworks/provisioning.png" alt-text="Icon representing the provisioning phase." border="false":::
:::column-end::: :::column-end:::
:::column span="3"::: :::column span="3":::
During this phase, the user authenticates using one form of authentication (typically, username/password) to request a new Windows Hello for Business credential. The provisioning flow requires a second factor of authentication before it can create a strong, two-factor Windows Hello for Business credential. During this phase, the user authenticates using one form of authentication (typically, username/password) to request a new Windows Hello for Business credential. The provisioning flow requires a second factor of authentication before it can create a strong, two-factor Windows Hello for Business credential.
@ -46,27 +48,21 @@ Windows Hello for Business is a distributed system that requires multiple techno
:::column-end::: :::column-end:::
:::row-end::: :::row-end:::
:::row:::
:::column span="":::
**Key Registration**
:::column-end:::
:::row-end:::
:::row::: :::row:::
:::column span="1"::: :::column span="1":::
:::image type="content" source="images/howitworks/key-synchronization.png" alt-text="Icon representing the synchronization phase."::: **Key Registration**
:::image type="content" source="images/howitworks/synchronization.png" alt-text="Icon representing the synchronization phase." border="false":::
:::column-end::: :::column-end:::
:::column span="3"::: :::column span="3":::
In this phase, applicable only to hybrid deploments, the user's public key is synchronized from Microsoft Entra ID to Active Directory. In this phase, applicable only to hybrid deploments, the user's public key is synchronized from Microsoft Entra ID to Active Directory.
:::column-end::: :::column-end:::
:::row-end::: :::row-end:::
:::row:::
:::column span="":::
#### Certificate enrollment phase
:::column-end:::
:::row-end:::
:::row::: :::row:::
:::column span="1"::: :::column span="1":::
:::image type="content" source="images/howitworks/certificate-enrollment.png" alt-text="Icon representing the certificate enrollment phase."::: **Certificate enrollment**
:::image type="content" source="images/howitworks/certificate-enrollment.png" alt-text="Icon representing the certificate enrollment phase." border="false":::
:::column-end::: :::column-end:::
:::column span="3"::: :::column span="3":::
This phase occurs only in certificate trust deployments. A user certificate is issued by an internal PKI and the public key stored in the Windows Hello container This phase occurs only in certificate trust deployments. A user certificate is issued by an internal PKI and the public key stored in the Windows Hello container
@ -75,18 +71,27 @@ Windows Hello for Business is a distributed system that requires multiple techno
:::row::: :::row:::
:::column span="1"::: :::column span="1":::
**Authentication** **Authentication**
:::image type="content" source="images/howitworks/authentication.png" alt-text="Icon representing the authentication phase." border="false":::
:::column-end::: :::column-end:::
:::column span="3"::: :::column span="3":::
Once the provisioning phase completes, users can sign-in to Windows using biometrics or a PIN. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential. In this last phase, users can sign-in to Windows using biometrics or a PIN. Regardless of the gesture used, authentication occurs using the private portion of the Windows Hello for Business credential.
In this phase, WHfB is used to authenticate user against the IdP. The user provides a gesture (PIN or biometric) and the IdP validates the user identity by mapping the user account to the public key used during the key registration step The user provides a gesture and the IdP validates the user identity by mapping the user account to the public key used during the key registration phase.
:::column-end::: :::column-end:::
:::row-end::: :::row-end:::
The following sections provide deeper insight into each of these components. The following sections provide deeper insight into each of these components.
## Device Registration :::row:::
:::column span="1":::
:::image type="content" source="images/howitworks/device-registration.png" alt-text="Icon representing the device registration phase." border="false":::
:::column-end:::
:::column span="3":::
## Device Registration
:::column-end:::
:::row-end:::
All devices included in the Windows Hello for Business deployment must go through a process called *device registration*. Device registration enables devices to be associated and to authentiticate to an IdP: All devices included in the Windows Hello for Business deployment must go through a process called *device registration*. Device registration enables devices to be associated and to authentiticate to an IdP: