On Premises Key Trust Deployment

Applies to

  • Windows 10, version 1703 or later
  • On-premises deployment
  • Key trust

Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.

Below, you can find all the information you need to deploy Windows Hello for Business in a key trust model in your on-premises environment:

  1. Validate Active Directory prerequisites
  2. Validate and Configure Public Key Infrastructure
  3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services
  4. Validate and Deploy Multifactor Authentication Services (MFA)
  5. Configure Windows Hello for Business Policy settings