diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index fa127fbc9c..5255ad8eec 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -62,7 +62,7 @@ The minimum required enterprise certificate authority that can be used with Wind
 
 * The certificate must have a Certificate Revocation List (CRL) distribution point extension that points to a valid CRL.
 * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name).
-* The certificate Key Usage section must contain:
+* The certificate Key Usage section must contain Digital Signature and Key Encipherment.
 * Optionally, the certificate Basic Constraints section should contain:
 [Subject Type=End Entity, Path Length Constraint=None]
 * The certificate Enhanced Key Usage section must contain: Client Authentication (1.3.6.1.5.5.7.3.2) and Server Authentication (1.3.6.1.5.5.7.3.1)