Update hello-hybrid-key-trust-dirsync.md

Added config details for Alternate ID scenario

windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md

@@ -36,6 +36,13 @@ Next, you need to synchronize the on-premises Active Directory with Azure Active
 
 <br>
 
+If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps - 
+- Configure Azure AD Connect to sync the user's on-premises UPN to the onPremisesUserPrincipalName attribute in Azure AD.
+- Add the domain name of the on-premises UPN as a [verified domain](/azure/active-directory/fundamentals/add-custom-domain) in Azure AD. 
+
+> [!NOTE]
+> Windows Hello for Business Hybrid key trust is not supported if your users' on-premises domain cannot be added as a verified domain in Azure AD.
+
 <hr>
 
 ## Follow the Windows Hello for Business hybrid key trust deployment guide
@@ -45,4 +52,4 @@ Next, you need to synchronize the on-premises Active Directory with Azure Active
 4. Configure Directory Synchronization (*You are here*)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
 6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md)
-7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
+7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)