From 0d5c60edd9b5f553c33f4adb8bf6963bf9b20683 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 6 Mar 2024 07:41:42 -0500
Subject: [PATCH 1/3] Update redirection and add prerequisites for Windows
 Hello for Business provisioning

---
 .openpublishing.redirection.windows-security.json    |  2 +-
 .../hello-for-business/how-it-works.md               | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
index da22ec83f2..61cba05549 100644
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@@ -8172,7 +8172,7 @@
     },
     {
       "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning",
       "redirect_document_id": false
     },
     {
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index 87250d1fa9..74131ef057 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -96,7 +96,17 @@ For detailed sequence diagrams, see [how device registration works][ENTRA-4].
 :::row-end:::
 
 > [!NOTE]
-> The list of prerequisites varies depending on the deployment type, as described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
+>
+> Depending on the deployment type, Windows Hello for Business provisioning is launched only if:
+>
+> - The device meets the Windows Hello hardware requirements
+> - The device is joined to Active Directory or Microsoft Entra ID
+> - The user signs in with an account defined in Active Directory or Microsoft Entra ID
+> - The Windows Hello for Business policy is enabled
+> - The user is not connected to the machine via Remote Desktop
+>
+> Additional prerequisites are required for specific deployment types, as described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
+
 
 During the provisioning phase, a *Windows Hello container* is created. A Windows Hello container is a logical grouping of *key material*, or data. The container holds organization's credentials only on devices that are *registered* with the organization's IdP.
 

From a4f5548b00fd516770dc92e05c18719648dce9a2 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 6 Mar 2024 09:41:11 -0500
Subject: [PATCH 2/3] Update prerequisites description in how-it-works.md

---
 .../identity-protection/hello-for-business/how-it-works.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index 74131ef057..c4c40ed7e9 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -105,7 +105,7 @@ For detailed sequence diagrams, see [how device registration works][ENTRA-4].
 > - The Windows Hello for Business policy is enabled
 > - The user is not connected to the machine via Remote Desktop
 >
-> Additional prerequisites are required for specific deployment types, as described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
+> Additional prerequisites for specific deployment types are described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
 
 
 During the provisioning phase, a *Windows Hello container* is created. A Windows Hello container is a logical grouping of *key material*, or data. The container holds organization's credentials only on devices that are *registered* with the organization's IdP.

From de598f8ec98df8769c7c62cb742e8bc7eea5eefc Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 6 Mar 2024 09:41:19 -0500
Subject: [PATCH 3/3] Remove empty line in how-it-works.md

---
 .../identity-protection/hello-for-business/how-it-works.md       | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index c4c40ed7e9..fb493c8800 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -107,7 +107,6 @@ For detailed sequence diagrams, see [how device registration works][ENTRA-4].
 >
 > Additional prerequisites for specific deployment types are described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
 
-
 During the provisioning phase, a *Windows Hello container* is created. A Windows Hello container is a logical grouping of *key material*, or data. The container holds organization's credentials only on devices that are *registered* with the organization's IdP.
 
 > [!NOTE]