From f9428cbd5cf7917295207e3c69c9e0e563ec90df Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Tue, 26 Jan 2021 10:22:17 -0800
Subject: [PATCH 1/4] Update hello-key-trust-adfs.md

added Cname required for enterpriseregistration entry for on-prem ADFS device registration
---
 .../hello-for-business/hello-key-trust-adfs.md              | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index a908e96533..39091b5f6e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -298,8 +298,14 @@ Sign-in the domain controller or administrative workstation with domain administ
 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
 4. In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**.
 5. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Click **Add Host**. 
+6. Right-click the domain_name node, and then click New Alias (CNAME).
+7. In the New Resource Record dialog box, type enterpriseregistration in the Alias name box.
+8. In the fully qualified domain name (FQDN) of the target host box, type federation_service_farm_name.domain_name.com, and then click OK.
 6. Close the DNS Management console 
 
+Note: if your forest has multiple UPN suffix. please make sure, you have enterpriseregistration.upnsuffix.com present for each suffix 
+
+
 ## Configure the Intranet Zone to include the federation service
 
 The Windows Hello provisioning presents web pages from the federation service.  Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication.  Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. 

From 7223dc7c6ae30baf2b9615fce0ae10a4d11cf0c7 Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Tue, 26 Jan 2021 14:47:28 -0800
Subject: [PATCH 2/4] Update
 windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md

looks good

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-key-trust-adfs.md               | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index 39091b5f6e..ebef5484a7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -303,8 +303,8 @@ Sign-in the domain controller or administrative workstation with domain administ
 8. In the fully qualified domain name (FQDN) of the target host box, type federation_service_farm_name.domain_name.com, and then click OK.
 6. Close the DNS Management console 
 
-Note: if your forest has multiple UPN suffix. please make sure, you have enterpriseregistration.upnsuffix.com present for each suffix 
-
+> [!NOTE]
+> If your forest has multiple UPN suffixes, please make sure that `enterpriseregistration.upnsuffix.com` is present for each suffix.
 
 ## Configure the Intranet Zone to include the federation service
 
@@ -349,4 +349,3 @@ Before you continue with the deployment, validate your deployment progress by re
 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
 5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
 
-

From 6b03f05ca81841c738b96c4b707a48e2a185c966 Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Tue, 26 Jan 2021 14:47:59 -0800
Subject: [PATCH 3/4] Update
 windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md

accepted

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-key-trust-adfs.md             | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index ebef5484a7..5eb6f6aa71 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -298,9 +298,9 @@ Sign-in the domain controller or administrative workstation with domain administ
 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
 4. In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**.
 5. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Click **Add Host**. 
-6. Right-click the domain_name node, and then click New Alias (CNAME).
-7. In the New Resource Record dialog box, type enterpriseregistration in the Alias name box.
-8. In the fully qualified domain name (FQDN) of the target host box, type federation_service_farm_name.domain_name.com, and then click OK.
+6. Right-click the `domain_name` node and select **New Alias (CNAME)**.
+7. In the **New Resource Record** dialog box, type "enterpriseregistration" in the **Alias** name box.
+8. In the **fully qualified domain name (FQDN)** of the target host box, type `federation_service_farm_name.domain_name.com`, and click OK.
 6. Close the DNS Management console 
 
 > [!NOTE]
@@ -348,4 +348,3 @@ Before you continue with the deployment, validate your deployment progress by re
 3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)
 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
 5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
-

From dc4e543aceb17c20dc9ba5c820dc6966d1492564 Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Wed, 27 Jan 2021 09:36:51 -0800
Subject: [PATCH 4/4] Update
 windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md

number correction

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-key-trust-adfs.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index 5eb6f6aa71..2a2c07e715 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -301,7 +301,7 @@ Sign-in the domain controller or administrative workstation with domain administ
 6. Right-click the `domain_name` node and select **New Alias (CNAME)**.
 7. In the **New Resource Record** dialog box, type "enterpriseregistration" in the **Alias** name box.
 8. In the **fully qualified domain name (FQDN)** of the target host box, type `federation_service_farm_name.domain_name.com`, and click OK.
-6. Close the DNS Management console 
+9. Close the DNS Management console.
 
 > [!NOTE]
 > If your forest has multiple UPN suffixes, please make sure that `enterpriseregistration.upnsuffix.com` is present for each suffix.