Update windows/security/identity-protection/vpn/vpn-conditional-access.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
2025-05-17 15:57:23 +00:00 · 2020-11-13 08:41:35 +01:00 · 2020-11-13 08:41:35 +01:00 · 02c827d651
commit 02c827d651
parent ea38b9d7d7
1 changed files with 1 additions and 1 deletions
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@ -79,7 +79,7 @@ Two client-side configuration service providers are leveraged for VPN device com
 > [!NOTE]
 > Currently, it is required that certificates used for obtaining Kerberos tickets must be issued from an on-premises CA, and that SSO must be enabled in the user’s VPN profile. This will enable the user to access on-premises resources.
 > 
-> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name) , the VPN profile must be modified to ensure the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing entry **UseRasCredentials** from 1 (default) to 0 (zero).
+> In the case of AzureAD-only joined devices (not hybrid joined devices), if the user certificate issued by the on-premises CA has the user UPN from AzureAD in Subject and SAN (Subject Alternative Name), the VPN profile must be modified to ensure that the client does not cache the credentials used for VPN authentication. To do this, after deploying the VPN profile to the client, modify the *Rasphone.pbk* on the client by changing the entry **UseRasCredentials** from 1 (default) to 0 (zero).
 ## Client connection flow