Merge branch 'pm-20221208-whfb' of github.com:paolomatarazzo/windows-docs-pr into pm-20221208-whfb

windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md

@@ -22,7 +22,7 @@ On-premises certificate-based deployments of Windows Hello for Business need thr
 
 The group policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
 
-If you configure the group policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the group policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business .
+If you configure the group policy for computers, all users that sign-in to those computers will be allowed and prompted to enroll for Windows Hello for Business. If you configure the group policy for users, only those users will be allowed and prompted to enroll for Windows Hello for Business.
 
 ## Use certificate for on-premises authentication group policy setting
 
@@ -36,7 +36,7 @@ Windows Hello for Business provisioning performs the initial enrollment of the W
 
 ## Create the GPO
 
-Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
 1. Expand the domain and select the **Group Policy Object** node in the navigation pane
@@ -58,7 +58,7 @@ Sign in to a domain controller or management workstations with *Domain Admintist
 
 The best way to deploy the Windows Hello for Business Group Policy object is to use security group filtering. The enables you to easily manage the users that should receive Windows Hello for Business by simply adding them to a group. This enables you to deploy Windows Hello for Business in phases.
 
-Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
 1. Expand the domain and select the **Group Policy Object** node in the navigation pane

windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md

@@ -52,7 +52,7 @@ Domain controllers automatically request a domain controller certificate (if pub
 
 By default, the Active Directory CA provides and publishes the *Kerberos Authentication* certificate template. The cryptography configuration included in the template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the *Kerberos Authentication* certificate template as a *baseline* to create an updated domain controller certificate template.
 
-Sign in to a CA or management workstations with *Domain Admintistrator* equivalent credentials.
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Open the **Certification Authority** management console
 1. Right-click **Certificate Templates > Manage**
@@ -88,7 +88,7 @@ Sign in to a CA or management workstations with *Domain Admintistrator* equivale
 The domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers called *domain controller certificate*. Later releases of Windows Server provided a new certificate template called *domain controller authentication certificate*. These certificate templates were provided prior to the update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the *KDC Authentication* extension. 
 
 The *Kerberos Authentication* certificate template is the most current certificate template designated for domain controllers, and should be the one you deploy to all your domain controllers.\
-The *autoenrollment* feature allows to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
+The *autoenrollment* feature allows you to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
 
 Sign in to a CA or management workstations with *Enterprise Administrator* equivalent credentials.
 

windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md

@@ -24,7 +24,7 @@ If you configure the Group Policy for computers, all users that sign-in to those
 
 ## Create the GPO
 
-Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
 1. Expand the domain and select the **Group Policy Object** node in the navigation pane
@@ -39,7 +39,7 @@ Sign in to a domain controller or management workstations with *Domain Admintist
 
 The best way to deploy the Windows Hello for Business Group Policy object is to use security group filtering. The enables you to easily manage the users that should receive Windows Hello for Business by simply adding them to a group. This enables you to deploy Windows Hello for Business in phases.
 
-Sign in to a domain controller or management workstations with *Domain Admintistrator* equivalent credentials.
+Sign in to a domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
 1. Expand the domain and select the **Group Policy Object** node in the navigation pane

windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md

@@ -52,7 +52,7 @@ Domain controllers automatically request a domain controller certificate (if pub
 
 By default, the Active Directory CA provides and publishes the *Kerberos Authentication* certificate template. The cryptography configuration included in the template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the *Kerberos Authentication* certificate template as a *baseline* to create an updated domain controller certificate template.
 
-Sign in to a CA or management workstations with *Domain Admintistrator* equivalent credentials.
+Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
 
 1. Open the **Certification Authority** management console
 1. Right-click **Certificate Templates > Manage**
@@ -89,7 +89,7 @@ Sign in to a CA or management workstations with *Domain Admintistrator* equivale
 The domain controllers may have an existing domain controller certificate. The Active Directory Certificate Services provides a default certificate template for domain controllers called *domain controller certificate*. Later releases of Windows Server provided a new certificate template called *domain controller authentication certificate*. These certificate templates were provided prior to the update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the *KDC Authentication* extension. 
 
 The *Kerberos Authentication* certificate template is the most current certificate template designated for domain controllers, and should be the one you deploy to all your domain controllers.\
-The *autoenrollment* feature allows to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
+The *autoenrollment* feature allows you to replace the domain controller certificates. Use the following configuration to replace older domain controller certificates with new ones, using the *Kerberos Authentication* certificate template.
 
 Sign in to a CA or management workstations with *Enterprise Administrator* equivalent credentials.