From 47f7926a946e5d6c4c2e44e8efa3a38c82aa06f8 Mon Sep 17 00:00:00 2001
From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com>
Date: Tue, 12 Oct 2021 23:26:00 -0700
Subject: [PATCH 1/2] Update hello-hybrid-key-trust-dirsync.md

Added config details for Alternate ID scenario
---
 .../hello-for-business/hello-hybrid-key-trust-dirsync.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index 5acfb06f68..7583001fed 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -36,6 +36,13 @@ Next, you need to synchronize the on-premises Active Directory with Azure Active
 
 <br>
 
+If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps - 
+- Configure Azure AD Connect to sync the user's on-premises UPN to the onPremisesUserPrincipalName attribute in Azure AD.
+- Add the domain name of the on-premises UPN as a [verified domain](/azure/active-directory/fundamentals/add-custom-domain) in Azure AD. 
+
+> [!NOTE]
+> Windows Hello for Business Hybrid key trust is not supported if your users' on-premises domain cannot be added as a verified domain in Azure AD.
+
 <hr>
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
@@ -45,4 +52,4 @@ Next, you need to synchronize the on-premises Active Directory with Azure Active
 4. Configure Directory Synchronization (*You are here*)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
 6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md)
-7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
\ No newline at end of file
+7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)

From 6e24a84af731f14e3f372a05acd2b9d06f1fcdf1 Mon Sep 17 00:00:00 2001
From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com>
Date: Wed, 13 Oct 2021 08:13:37 -0700
Subject: [PATCH 2/2] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-trust-dirsync.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index 7583001fed..2a4d5d3c4b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -36,7 +36,7 @@ Next, you need to synchronize the on-premises Active Directory with Azure Active
 
 <br>
 
-If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps - 
+If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps:
 - Configure Azure AD Connect to sync the user's on-premises UPN to the onPremisesUserPrincipalName attribute in Azure AD.
 - Add the domain name of the on-premises UPN as a [verified domain](/azure/active-directory/fundamentals/add-custom-domain) in Azure AD.