profile
viewpoint

mapalko/commercialization-public 1

Windows hardware documentation for Microsoft partners.

mapalko/companion-device-framework 1

This repo hosts a set of Windows UWP sample code to illustrate the use of Companion Device Framework, a new feature in Windows 10, enabling developers to build UWP apps to unlock Windows 10 PCs. More info available here - https://msdn.microsoft.com/en-us/windows/uwp/security/companion-device-unlock

mapalko/IntuneDocs 0

Public repo for Intune content in OPS

mapalko/katacoda-scenarios 0

Katacoda Scenarios

mapalko/sdk-api 0

Public contributions for win32 API documentation

mapalko/windows-itpro-docs 0

This is used for contributions to the Windows 10 content for IT professionals on docs.microsoft.com.

mapalko/windows-uwp 0

Conceptual and overview content for developing Microsoft Universal Windows Platform (UWP) apps

mapalko/winrt-api 0

WinRT reference content for developing Microsoft Universal Windows Platform (UWP) apps

PullRequestReviewEvent

Pull request review commentMicrosoftDocs/windows-itpro-docs

Removed a content

 You configure Windows 10 to use the Microsoft PIN Reset service using the comput 3. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration->Administrative Templates->Windows Components->Windows Hello for Business**. 4. Close the Group Policy Management Editor to save the Group Policy object.  Close the GPMC. -### Configure Windows devices to use PIN reset using Microsoft Intune--To configure PIN reset on Windows devices you manage, use an [Intune Windows 10 custom device policy](https://docs.microsoft.com/intune/custom-settings-windows-10) to enable the feature. Configure the policy using the following Windows policy configuration service provider (CSP):- #### Create a PIN Reset Device configuration profile using Microsoft Intune -1. Sign-in to [Azure Portal](https://portal.azure.com) using a Global administrator account.-2. You need your tenant ID to complete the following task.  You can discover your tenant ID by viewing the **Properties** of your Azure Active Directory from the Azure Portal. It will be listed under Directory ID. You can also use the following command in a Command window on any Azure AD-joined or hybrid Azure AD-joined computer.</br>--    ```-    dsregcmd /status | findstr -snip "tenantid"-    ```+1. Sign-in to [Enpoint Manager Admin Center](https://endpoint.microsoft.com/) using a Global administrator account.+2. Click **Endpoint Security**-> **Account Portection**-> **Properties**.+3. Set **Enable PIN recovery** to **Yes**.

Endpoint Security/Account Protection is an optional configuration and this step assumes someone has already set it up.

Can we also add an alternative set of steps using configuration profiles?

  1. Sign-in to Endpoint Manager
  2. Click Devices -> Configuration Profiles -> Create new profile or edit existing an existing profile using the Identity Protection profile type Set Enable PIN recovery to Yes
joinimran

comment created time in 2 days

Pull request review commentMicrosoftDocs/windows-itpro-docs

Removed a content

 You configure Windows 10 to use the Microsoft PIN Reset service using the comput 3. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration->Administrative Templates->Windows Components->Windows Hello for Business**. 4. Close the Group Policy Management Editor to save the Group Policy object.  Close the GPMC. -### Configure Windows devices to use PIN reset using Microsoft Intune--To configure PIN reset on Windows devices you manage, use an [Intune Windows 10 custom device policy](https://docs.microsoft.com/intune/custom-settings-windows-10) to enable the feature. Configure the policy using the following Windows policy configuration service provider (CSP):- #### Create a PIN Reset Device configuration profile using Microsoft Intune -1. Sign-in to [Azure Portal](https://portal.azure.com) using a Global administrator account.-2. You need your tenant ID to complete the following task.  You can discover your tenant ID by viewing the **Properties** of your Azure Active Directory from the Azure Portal. It will be listed under Directory ID. You can also use the following command in a Command window on any Azure AD-joined or hybrid Azure AD-joined computer.</br>--    ```-    dsregcmd /status | findstr -snip "tenantid"-    ```+1. Sign-in to [Enpoint Manager Admin Center](https://endpoint.microsoft.com/) using a Global administrator account.+2. Click **Endpoint Security**-> **Account Portection**-> **Properties**.

Typo: "Account Portection" should be "Account Protection"

joinimran

comment created time in 2 days

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentMicrosoftDocs/windows-itpro-docs

removed note section

 The remainder of the provisioning includes Windows Hello for Business requesting  > [!IMPORTANT] > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. -> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.+> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.

I think that this should still be "use" and not "uses"

MaratMussabekov

comment created time in 2 days

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

pull request commentMicrosoftDocs/windows-itpro-docs

Removed a content

Instead of removing this section, it should be replaced with steps for configuring the policy via the UI linked by CHDAFNI-MSFT

joinimran

comment created time in 9 days

issue commentMicrosoftDocs/windows-itpro-docs

Prerequisites

Illfated's original response on this is correct. The requirement is essentially that the device needs to be on the domain local network or have VPN access to your on-prem network. This guide establishes how an AADJ device can authenticate to an on-prem DC to get back a TGT for accessing AD resources. In order to communicate with a DC, it needs line of sight and this requirement is making sure that is established.

lightupdifire

comment created time in 9 days

issue commentMicrosoftDocs/windows-itpro-docs

Additional Step needed for ADFS 2019

@PaulTown my understanding is that the ugs scope isn't needed for device registration and it is only an issue for certificate enrollment. We already have a note in the section for configuring adfs and pki: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs

PaulTown

comment created time in a month

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentMicrosoftDocs/windows-itpro-docs

Update hello-planning-guide.md

I approve of the changes once the merge conflicts are resolved.

Alexey-Zheltov

comment created time in a month

PullRequestReviewEvent
PullRequestReviewEvent

push eventmapalko/katacoda-scenarios

mapalko

commit sha 0ecc05ada512c1b2746191f84ff15c76538ea3a5

Hello World Sample Scenario

view details

push time in a month

create barnchmapalko/katacoda-scenarios

branch : master

created branch time in a month

created repositorymapalko/katacoda-scenarios

Katacoda Scenarios

created time in a month

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentMicrosoftDocs/windows-itpro-docs

Update hello-identity-verification.md

 Windows Hello addresses the following problems with passwords: - Server breaches can expose symmetric network credentials (passwords). - Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). - Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing).+> [!IMPORTANT]

This only happens on Azure AD Joined devices. I still don't think the current location is appropriate. I think the note should be added, but this just isn't the right place.

matt-call

comment created time in 3 months

more