deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 00:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
Marty Hernandez Avedon 0e1c3c037e
Merge branch 'master' into seo-update-duplicate-titles
2019-12-03 15:29:28 -05:00

2.8 KiB
Raw Blame History

title, description, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, audience, author, ms.author, manager, ms.collection, ms.topic, localizationpriority, ms.date, ms.reviewer
title description keywords ms.prod ms.mktglfcycl ms.sitesec ms.pagetype audience author ms.author manager ms.collection ms.topic localizationpriority ms.date ms.reviewer
Validate and Deploy MFA for Windows Hello for Business with key trust How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust identity, PIN, biometric, Hello, passport w10 deploy library security, mobile ITPro mapalko mapalko dansimp M365-identity-device-management article medium 08/19/2018

Validate and Deploy Multi-factor Authentication (MFA)

Important

As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.

Applies to

  • Windows 10, version 1703 or later
  • On-premises deployment
  • Key trust

Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.

For information on available third-party authentication methods see Configure Additional Authentication Methods for AD FS. For creating a custom authentication method see Build a Custom Authentication Method for AD FS in Windows Server

Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see Configure Authentication Policies.

Follow the Windows Hello for Business on premises certificate trust deployment guide

  1. Validate Active Directory prerequisites
  2. Validate and Configure Public Key Infrastructure
  3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services
  4. Validate and Deploy Multifactor Authentication Services (MFA) (You are here)
  5. Configure Windows Hello for Business Policy settings