Merge pull request #9671 from paolomatarazzo/pm-20230306-whfb-provisioning

WHFB provisioning

.openpublishing.redirection.windows-security.json

@@ -8172,7 +8172,7 @@
     },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning",
       "redirect_document_id": false
     },
     {

windows/security/identity-protection/hello-for-business/how-it-works.md

@@ -96,7 +96,16 @@ For detailed sequence diagrams, see [how device registration works][ENTRA-4].
 :::row-end:::
 
 > [!NOTE]
-> The list of prerequisites varies depending on the deployment type, as described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
+>
+> Depending on the deployment type, Windows Hello for Business provisioning is launched only if:
+>
+> - The device meets the Windows Hello hardware requirements
+> - The device is joined to Active Directory or Microsoft Entra ID
+> - The user signs in with an account defined in Active Directory or Microsoft Entra ID
+> - The Windows Hello for Business policy is enabled
+> - The user is not connected to the machine via Remote Desktop
+>
+> Additional prerequisites for specific deployment types are described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
 
 During the provisioning phase, a *Windows Hello container* is created. A Windows Hello container is a logical grouping of *key material*, or data. The container holds organization's credentials only on devices that are *registered* with the organization's IdP.