deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 14:23:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
ae4956e18da5fce5207eb234796cb61ac256af8c
windows-itpro-docs/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
Liz Long e7821e4222 meta security 1
2022-10-25 11:37:12 -04:00

2.3 KiB
Raw Blame History

title, description, ms.prod, ms.collection, ms.topic, localizationpriority, ms.date, author, ms.author, ms.reviewer, manager, appliesto
title description ms.prod ms.collection ms.topic localizationpriority ms.date author ms.author ms.reviewer manager appliesto
Validate and Deploy MFA for Windows Hello for Business with certificate trust How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust windows-client M365-identity-device-management article medium 08/19/2018 paolomatarazzo paoloma prsriva aaroncz
<b>Windows 10</b>
<b>Windows 11</b>
<b>On-premises deployments</b>
<b>Certificate trust</b>

Validate and Deploy Multi-Factor Authentication feature

Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.

For information on available third-party authentication methods, see Configure Additional Authentication Methods for AD FS. For creating a custom authentication method, see Build a Custom Authentication Method for AD FS in Windows Server

Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies, see Configure Authentication Policies.

Follow the Windows Hello for Business on premises certificate trust deployment guide

  1. Validate Active Directory prerequisites
  2. Validate and Configure Public Key Infrastructure
  3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services
  4. Validate and Deploy Multi-factor Authentication Services (MFA) (You're here)
  5. Configure Windows Hello for Business Policy settings