From 0ef901195f4364ce818e624699196049fe5775d7 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 25 Apr 2021 23:14:23 +0500
Subject: [PATCH 1/6] Update hello-hybrid-aadj-sso-cert.md

---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index da0e139923..3bcde4eec9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -679,6 +679,11 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 10. Select **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** from the **Key storage provider (KSP)** list.
 11. Next to **Subject name format**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
+
+   > [!Note]
+   > If the distinguished names contain scpecial characters ("+", ",", ";" or "="), put quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
+   > If the distinguished names length is more than 64 characters, name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement)
+
 12. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** parameter. Set its value as {{UserPrincipalName}}.
 13. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to the configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**.
 14. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority as a root certificate for the profile.
@@ -712,4 +717,4 @@ You have successfully completed the configuration.  Add users that need to enrol
 > * Install and Configure the NDES Role
 > * Configure Network Device Enrollment Services to work with Microsoft Intune
 > * Download, Install, and Configure the Intune Certificate Connector
-> * Create and Assign a Simple Certificate Enrollment Protocol (SCEP Certificate Profile)
\ No newline at end of file
+> * Create and Assign a Simple Certificate Enrollment Protocol (SCEP Certificate Profile)

From 33f51de4962c7468947f1f9e030ebba2a2eae5e6 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 27 Apr 2021 14:09:24 +0500
Subject: [PATCH 2/6] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 3bcde4eec9..37b51d0f58 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -680,7 +680,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 10. Select **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** from the **Key storage provider (KSP)** list.
 11. Next to **Subject name format**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
 
-   > [!Note]
+   > [!NOTE]
    > If the distinguished names contain scpecial characters ("+", ",", ";" or "="), put quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
    > If the distinguished names length is more than 64 characters, name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement)
 

From 84a64b71fa3ab330f7bdb7927e92720ea32277a4 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 27 Apr 2021 14:09:33 +0500
Subject: [PATCH 3/6] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 37b51d0f58..ef4f0465c4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -681,7 +681,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 11. Next to **Subject name format**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
 
    > [!NOTE]
-   > If the distinguished names contain scpecial characters ("+", ",", ";" or "="), put quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
+   > If the distinguished name contains special characters like plus sign ("+"), comma (","), semicolon (";"), or equal sign ("="), the bracketed name must be enclosed in quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
    > If the distinguished names length is more than 64 characters, name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement)
 
 12. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** parameter. Set its value as {{UserPrincipalName}}.

From 8cf38b6fcac09a95c54e88fc9976c2b91111410f Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Tue, 27 Apr 2021 14:09:38 +0500
Subject: [PATCH 4/6] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index ef4f0465c4..090085514e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -682,7 +682,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
    > [!NOTE]
    > If the distinguished name contains special characters like plus sign ("+"), comma (","), semicolon (";"), or equal sign ("="), the bracketed name must be enclosed in quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
-   > If the distinguished names length is more than 64 characters, name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement)
+   > If the length of the distinguished name is more than 64 characters, the name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement).
 
 12. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** parameter. Set its value as {{UserPrincipalName}}.
 13. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to the configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**.

From 9aa2be7ebddbdf0c9908a4db134eec8a4becacc5 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 9 Aug 2021 11:44:55 +0500
Subject: [PATCH 5/6] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 090085514e..aa4eeb348a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -681,7 +681,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 11. Next to **Subject name format**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
 
    > [!NOTE]
-   > If the distinguished name contains special characters like plus sign ("+"), comma (","), semicolon (";"), or equal sign ("="), the bracketed name must be enclosed in quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
+   > If the distinguished name contains special characters like a plus sign ("+"), comma (","), semicolon (";"), or equal sign ("="), the bracketed name must be enclosed in quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
    > If the length of the distinguished name is more than 64 characters, the name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement).
 
 12. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** parameter. Set its value as {{UserPrincipalName}}.

From 036de85d1818004a91cde78ae0152d5fdda0ddd0 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 9 Aug 2021 11:45:03 +0500
Subject: [PATCH 6/6] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index aa4eeb348a..b8ce7af3da 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -682,7 +682,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
    > [!NOTE]
    > If the distinguished name contains special characters like a plus sign ("+"), comma (","), semicolon (";"), or equal sign ("="), the bracketed name must be enclosed in quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
-   > If the length of the distinguished name is more than 64 characters, the name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement).
+   > If the length of the distinguished name is more than 64 characters, the name length enforcement on the Certification Authority [must be disabled](/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement).
 
 12. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** parameter. Set its value as {{UserPrincipalName}}.
 13. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to the configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**.