deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-10 11:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
Nick Schonning f418730793 fix: Replace tab after ordered list marker 
Find: `\.\t`
Replace: `. `
2019-07-18 01:31:57 -04:00

2.6 KiB
Raw Blame History

title, description, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, audience, author, ms.author, manager, ms.collection, ms.topic, localizationpriority, ms.date, ms.reviewer
title description keywords ms.prod ms.mktglfcycl ms.sitesec ms.pagetype audience author ms.author manager ms.collection ms.topic localizationpriority ms.date ms.reviewer
Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) identity, PIN, biometric, Hello, passport, WHFB, ad, key trust, key-trust w10 deploy library security, mobile ITPro mapalko mapalko dansimp M365-identity-device-management article medium 08/20/2018

Configuring Hybrid key trust Windows Hello for Business: Active Directory

Applies to

  • Windows 10, version 1703 or later
  • Hybrid deployment
  • Key trust

Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users.

Creating Security Groups

Windows Hello for Business uses a security group to simplify the deployment and management.

Create the Windows Hello for Business Users Security Group

The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases. You assign Group Policy and Certificate template permissions to this group to simplify the deployment by simply adding the users to the group. This provides users with the proper permissions to provision Windows Hello for Business and to enroll in the Windows Hello for Business authentication certificate.

Sign-in a domain controller or management workstation with Domain Admin equivalent credentials.

  1. Open Active Directory Users and Computers.
  2. Click View and click Advanced Features.
  3. Expand the domain node from the navigation pane.
  4. Right-click the Users container. Click New. Click Group.
  5. Type Windows Hello for Business Users in the Group Name text box.
  6. Click OK.

Section Review

[!div class="checklist"]

  • Create the Windows Hello for Business Users group

[!div class="step-by-step"] < Configure Windows Hello for Business Configure Azure AD Connect >



Follow the Windows Hello for Business hybrid key trust deployment guide

  1. Overview
  2. Prerequisites
  3. New Installation Baseline
  4. Configure Directory Synchronization
  5. Configure Azure Device Registration
  6. Configure Windows Hello for Business settings: Active Directory (You are here)
  7. Sign-in and Provision