From 72c7f7416995837e2ee53b722150a0a6aa5a94d0 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Mon, 11 Mar 2019 13:09:14 -0600 Subject: [PATCH] Apply suggestions from code review done Co-Authored-By: j0rt3g4 --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 3f8546ed0e..a006babc6d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -66,7 +66,7 @@ If you are interested in configuring your environment to use the Windows Hello f Certificate authorities write CRL distribution points in certificates as they are issued. If the distribution point changes, then previously issued certificates must be reissued for the certificate authority to include the new CRL distribution point. The domain controller certificate is one the critical components of Azure AD joined devices authenticating to Active Directory -#### Why does Windows need to validate the domain controller certifcate? +#### Why does Windows need to validate the domain controller certificate? Windows Hello for Business enforces the strict KDC validation security feature, which imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met: