Treceți la conținutul principal

How to Configure Dell Encryption Enterprise to Authenticate with Windows Hello

Summary: Windows Hello may be configured to work with Dell Encryption Enterprise by following these instructions.

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.

Instructions

This article outlines how to configure Azure and the Dell Security Management Server or Dell Security Management Server Virtual to support Windows Hello Authentication. This configuration can be used with Dell Encryption Enterprise.


Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual
  • Dell Encryption Enterprise

Affected Versions:

  • v11.0 and later

Affected Operating Systems:

  • Windows
  • Linux

Starting with Dell Encryption Enterprise version 11.0, Policy-Based Encryption clients can now activate with Windows Hello based credentials. These include Windows Hello PIN, Windows Hello Facial Recognition, Windows Hello Fingerprint, and several other mechanisms for these token-based authentication methods.

Authentication is configured in two steps:

  1. Generating an application registration within Azure Active Directory. This requires that the on-premises Active Directory environment is being synced. For more information, reference Integrate on-premises AD domains with Azure AD (https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-adThis hyperlink is taking you to a website outside of Dell Technologies.)
  2. Configuring the Dell Security Management Server.

Click the appropriate configuration for more information.

This configuration process allows the Dell Security Management Server or Dell Management Security Server Virtual to validate Windows Hello tokens.

Caution: This process requires a user account with Application Administrator (or higher) permissions.

To configure Azure Active Directory:

  1. Log in to the Azure web portal at https://portal.azure.comThis hyperlink is taking you to a website outside of Dell Technologies. with an account that has Application Administrator or higher privileges.
  2. Go to the Azure Active Directory configuration page.

Azure Active Directory configuration page

  1. Select App Registrations from the left pane, and then click New Registration from the right pane.

New Registration

  1. Populate a Name for the application.
Note:
  • The application in the example image has been given the name DellEncryption-WindowsHello. This may differ in your environment.
  • The application name cannot match another app registration.

Register an application name

  1. Select the appropriate account type for your environment.
Note: Most environments will only be authenticating for the currently configured organizational directory.

Account type

  1. Set the Redirect URI platform to Public client/native (mobile & desktop). The Redirect URI may be any address with a prefix of https://.
Note:
  • This value is used later within the "Redirect URI" setting in the Dell Security Management Server.
  • The redirect URI is required for password less authentication with Dell Encryption Enterprise.

Redirect URI

  1. Click Register.

Register button

  1. From the overview of the App Registration, record the values for Application (client) ID and Directory (tenant) ID.
Note: The values that are recorded in this step are used when configuring the Dell Security Management Server.

Application (client) ID and Directory (tenant) ID

  1. Select API permissions from the left pane, and then click Add a permission from the right pane.

API permissions

  1. From the pane that appears on the right, select Microsoft Graph from the Microsoft APIs.

Microsoft Graph

  1. Click Delegated permissions.

Delegated permissions

  1. Select offline_access, openid, and profile, then click Add permissions.

Select permissions

  1. Select Grant admin consent for [ORGANIZATION].
Caution: Only users with Application Administrator (or higher) permissions may grant admin consent.
 
Note: [ORGANIZATION] = The organization name for the environment

Configured permissions

  1. Click Yes.
Note:
  • The permission changes are made organization-wide.
  • When granted, the permissions show a green checkmark in the status column.

Grant admin consent confirmation

The configured application registration within Azure Active Directory is used to configure Password less Authentication within the Dell Security Management Server.

Caution: This process requires a user account with Security Administrator or System Administrator permissions.

To configure the Dell Security Management Server:

  1. Sign in to the Dell Data Security administration console.

Dell Data Security administration console Sign in

  1. From the left menu pane, click Populations, and then Domains.

Populations and Domains

  1. Select your domain.

Domains

Note: The domain name will differ in your environment.
  1. Click Settings.

Settings

  1. From the domain detail settings:
    1. Select Password less Authentication.
    2. Select Azure AD.
    3. Populate Authority with https://login.microsoftonline.com/[DIRECTORYTENANTID]/v2.0/. This field is highlighted red in the example image.
    4. Populate Client ID with the Application (client) ID in GUID format from the configured Azure Active Directory environment. This field is highlighted orange in the example image.
    5. Populate Redirect Uri with the created URL. This field is highlighted green in the example image.
    6. Populate Server Resource Id with the site used to process the authentication token. This is paired with Authority and Client ID to ensure that the proper method is used during registration.
    7. Populate the User Name and Password of the configured domain administrator.
    8. Click Update Domain.
Note:
  • [DIRECTORYTENANTID] = The Directory (tenant) ID from the Azure Active Directory configuration information (Step 8)
    • The Authority field uses the leveraged URI to begin the communication for attempting to resolve the token during the user’s activation attempt. The "Authority" is the primary server (URL) that we must connect to. This contains the validation mechanism for the users that we are requesting to validate against that service.
  • The Client ID should be populated with the Application (client) ID from the Azure Active Directory configuration information (Step 8).
    • The ClientID field directs us to communicate with a specific application on the tenant that we have defined.
  • The Redirect Uri should be populated with the created URL from the Azure Active Directory configuration information (Step 6).
    • This is a specific resource that we host to show how we want to relogin to the application if there are login errors.
  • The Server Resource Id should be populated with https://graph.microsoft.com/ when using Azure Active Directory.
    • This is the primary point on the target authority where the native app communicates to for us to get information about the users. With Azure, this is going to be on the Azure back-end to ensure that we are conferring with the Azure authentication mechanisms.

Domain Detail

Endpoints running Dell Encryption Enterprise’s Policy-Based Encryption are now able to authenticate using Windows Hello credentials on supported Dell Encryption Enterprise releases.


To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

 

Videos

 

Produse afectate

Dell Encryption
Proprietăți articol
Article Number: 000188216
Article Type: How To
Ultima modificare: 09 mar. 2023
Version:  6
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.