minor edits

windows/access-protection/hello-for-business/hello-deployment-key-trust.md

@@ -1,5 +1,5 @@
 ---
-title: Windows Hello for Business Deployment Guide - On Premises Certificate Key Deployment
+title: Windows Hello for Business Deployment Guide - On Premises Key Deployment
 description: A guide to an On Premises, Certificate trust Windows Hello for Business deployment 
 keywords: identity, PIN, biometric, Hello, passport
 ms.prod: w10
@@ -11,7 +11,7 @@ ms.author: mstephen
 localizationpriority: high
 ms.date: 10/08/2017
 ---
-# On Premises Certificate Trust Deployment
+# On Premises Key Trust Deployment
 
 **Applies to**
 -   Windows 10
@@ -20,7 +20,7 @@ ms.date: 10/08/2017
 
 Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair.  The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.  
 
-Below, you can find all the infromation you will need to deploy Windows Hello for Business in a Certificate Key Model in your on-premises environment:
+Below, you can find all the infromation you need to deploy Windows Hello for Business in a key trust model in your on-premises environment:
 1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md)
 2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md)
 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md)

windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md

@@ -16,15 +16,10 @@ ms.date: 09/08/2017
 **Applies to**
 -   Windows 10
 
->[!div class="step-by-step"]
+>This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-[< Configure Windows Hello for Business](hello-hybrid-cert-whfb-settings.md)
-[Configure Azure AD Connect >](hello-hybrid-cert-whfb-settings-dir-sync.md)
 
 The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema. 
 
->[!IMPORTANT]
->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-
 ### Creating Security Groups
 
 Windows Hello for Business uses several security groups to simplify the deployment and managment.

windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md

@@ -18,14 +18,8 @@ ms.date: 09/08/2017
 
 ## Federation Services
 
->[!IMPORTANT]
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
 
->[!div class="step-by-step"]
-[< Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)
-[Configure policy settings >](hello-hybrid-cert-whfb-settings-policy.md)
-
-
 The Windows Server 2016 Active Directory Fedeartion Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. 
 
 The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate.

windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md

@@ -16,15 +16,10 @@ ms.date: 09/08/2017
 **Applies to**
 -   Windows 10
 
->[!div class="step-by-step"]
+>This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-[< Configure Active Directory](hello-hybrid-cert-whfb-settings-ad.md)
-[Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)
 
 ## Directory Synchronization
 
->[!IMPORTANT]
->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-
 In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure.  Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.  
 
 The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.

windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md

@@ -17,11 +17,6 @@ ms.date: 09/08/2017
 **Applies to**
 -   Windows 10
 
-> [!div class="step-by-step"]
-[< Configure Azure AD Connect](hello-hybrid-cert-whfb-settings-dir-sync.md)
-[Configure AD FS >](hello-hybrid-cert-whfb-settings-adfs.md)
-
->[!IMPORTANT]
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
 
 Windows Hello for Business deployments rely on certificates.  Hybrid deployments uses publicly issued server authentication certifcates to validate the name of the server to which they are connecting and to encyrpt the data that flows them and the client computer.

windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md

@@ -16,15 +16,10 @@ ms.date: 09/08/2017
 **Applies to**
 -   Windows 10
 
-> [!div class="step-by-step"]
+>This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-[< Configure AD FS](hello-hybrid-cert-whfb-settings-adfs.md)
-
 
 ## Policy Configuration
 
->[!IMPORTANT]
->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-
 You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520).
 Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
 

windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md

@@ -16,10 +16,6 @@ ms.date: 09/08/2017
 **Applies to**
 -   Windows 10
 
-> [!div class="step-by-step"]
-[Configure Active Directory >](hello-hybrid-cert-whfb-settings-ad.md)
-
->[!IMPORTANT]
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
  
 You're environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.  

windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md

@@ -16,10 +16,6 @@ ms.date: 10/20/2017
 **Applies to**
 -   Windows 10
 
->[!div class="step-by-step"]
-[< Configure Windows Hello for Business](hello-hybrid-key-whfb-settings.md)
-[Configure Azure AD Connect >](hello-hybrid-key-whfb-settings-dir-sync.md)
-
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
 
 The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema. 

windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

@@ -16,10 +16,6 @@ ms.date: 10/20/2017
 **Applies to**
 -   Windows 10
 
->[!div class="step-by-step"]
-[< Configure Active Directory](hello-hybrid-cert-whfb-settings-ad.md)
-[Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)
-
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
 
 ## Directory Syncrhonization

windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md

@@ -17,10 +17,6 @@ ms.date: 10/20/2017
 **Applies to**
 -   Windows 10
 
-> [!div class="step-by-step"]
-[< Configure Azure AD Connect](hello-hybrid-key-whfb-settings-dir-sync.md)
-[Configure policy settings >](hello-hybrid-key-whfb-settings-policy.md)
-
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
 
 Windows Hello for Business deployments rely on certificates.  Hybrid deployments uses publicly issued server authentication certifcates to validate the name of the server to which they are connecting and to encyrpt the data that flows them and the client computer.

windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md

@@ -16,14 +16,10 @@ ms.date: 10/20/2017
 **Applies to**
 -   Windows 10
 
-> [!div class="step-by-step"]
+>This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-[< Configure PKI ](hello-hybrid-key-whfb-settings-pki.md)
 
 ## Policy Configuration
 
->[!IMPORTANT]
->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
-
 You need a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings.  To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows 10. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=45520).
 Install the Remote Server Administration Tools for Windows 10 on a computer running Windows 10, version 1703.
 

windows/access-protection/hello-for-business/hello-hybrid-key-whfb-settings.md

@@ -16,10 +16,6 @@ ms.date: 09/08/2017
 **Applies to**
 -   Windows 10
 
-> [!div class="step-by-step"]
-[Configure Active Directory >](hello-hybrid-key-whfb-settings-ad.md)
-
->[!IMPORTANT]
 >This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher.
  
 You are ready to configure your hybrid key trust environment for Windows Hello for Business.

windows/access-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md

@@ -22,13 +22,11 @@ Key trust deployments need an adequate number of 2016 domain controllers to ensu
 
 The key registration process for the On-prem deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema.  The key-trust model receives the schema extension when the first Windows Server 2016 domain controller is added to the forest.  The minimum required domain functional and forest functional levels for Windows Hello for Business deployment is Windows Server 2008 R2.
 
-Ensure each site where you plan to deploy key trust Windows Hello for Business has an adequate number of Windows Server 2016 domain controllers/
-
 ## Create the Windows Hello for Business Users Security Global Group
 
 The Windows Hello for Business Users group is used to make it easy to deploy Windows Hello for Business in phases.  You assign Group Policy permissions to this group to simplify the deployment by simply adding the users to the group.  This provides users with the proper permissions to provision Windows Hello for Business.
 
-Sign-in a domain controller or management workstation with Domain Admin equivalent credentials.
+Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
 
 1.	Open **Active Directory Users and Computers**.
 2.	Click **View** and click **Advanced Features**.