2.4 KiB
title, description, ms.date, appliesto, ms.topic
| title | description | ms.date | appliesto | ms.topic | ||
|---|---|---|---|---|---|---|
| Validate and Deploy MFA for Windows Hello for Business with certificate trust | How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust | 08/19/2018 |
|
article |
Validate and Deploy Multi-Factor Authentication feature
[!INCLUDE hello-on-premises-cert-trust]
Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
For information on available third-party authentication methods, see Configure Additional Authentication Methods for AD FS. For creating a custom authentication method, see Build a Custom Authentication Method for AD FS in Windows Server
Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies, see Configure Authentication Policies.
Follow the Windows Hello for Business on premises certificate trust deployment guide
- Validate Active Directory prerequisites
- Validate and Configure Public Key Infrastructure
- Prepare and Deploy Windows Server 2016 Active Directory Federation Services
- Validate and Deploy Multi-factor Authentication Services (MFA) (You're here)
- Configure Windows Hello for Business Policy settings