On Premises Certificate Trust Deployment

Applies to

  • Windows 10, version 1703 or later
  • Windows 11
  • On-premises deployment
  • Certificate trust

Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.

Below, you can find all the information you will need to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:

  1. Validate Active Directory prerequisites
  2. Validate and Configure Public Key Infrastructure
  3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services
  4. Validate and Deploy Multifactor Authentication Services (MFA)
  5. Configure Windows Hello for Business Policy settings