diff --git a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
index 97e372d620..0ef597d593 100644
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@@ -14,6 +14,10 @@ This article describes two certificate deployment approaches, where authenticati
 - Using Microsoft Intune with SCEP or PKCS connectors
 - Using an Active Directory Certificate Services (AD CS) enrollment policy
 
+>[!IMPORTANT]
+> If you deploying the certificate using Microsoft Intune, and you have User Account Control configure to *Prompt for credentials on secure desktop* you won't be able to use the *run as* feature.
+> In such scenario, when you try to execute an application with elevated privileges and choose the Windows Hello for Business credential, you'll receive the error message: **The username or password is incorrect**.
+
 > [!TIP]
 > Consider using Remote Credential Guard instead of Windows Hello for Business for RDP sign-in. Remote Credential Guard provides single sign-on (SSO) to RDP sessions using Kerberos authentication, and doesn't require the deployment of certificates. For more information, see [Remote Credential Guard](../remote-credential-guard.md).