Deployment guide overview - on-premises key trust

This document describes Windows Hello for Business functionalities or scenarios that apply to:


Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment::

  1. Validate Active Directory prerequisites
  2. Validate and configure a PKI
  3. Prepare and deploy AD FS
  4. Validate and deploy multi-factor authentication (MFA)
  5. Configure Windows Hello for Business Policy settings