Add note-devicelock-csp include

windows/security/identity-protection/hello-for-business/configure.md

@@ -72,6 +72,8 @@ There are different ways to enable and configure Windows Hello for Business in I
   - [Account protection policy][MEM-5]
   - [Identity protection policy template][MEM-6]
 
+[!INCLUDE [note-devicelock-csp](includes/note-devicelock-csp.md)]
+
 ### Verify the tenant-wide policy
 
 To check the Windows Hello for Business policy settings applied at enrollment time:

windows/security/identity-protection/hello-for-business/includes/note-devicelock-csp.md

@@ -0,0 +1,11 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 01/03/2024
+ms.topic: include
+---
+
+>[!IMPORTANT]
+>If you configure password lenght and complexity settings that are part of the [DeviceLock CSP](/windows/client-management/mdm/policy-csp-devicelock), and PIN lenght and complexity settings defined by the PassportForWork CSP, Windows enforces the strictest policy out of the set of governing policies.
+>
+>The DeviceLock CSP utilizes the Exchange ActiveSync Policy Engine. For more information, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn282287).

windows/security/identity-protection/hello-for-business/policy-settings.md

@@ -38,6 +38,8 @@ Select one of the tabs to see the list of available settings:
 
 # [:::image type="icon" source="images/pin.svg"::: **PIN settings**](#tab/pin)
 
+[!INCLUDE [note-devicelock-csp](includes/note-devicelock-csp.md)]
+
 |Setting Name|CSP|GPO|
 |-|-|-|-|
 |[Expiration](#expiration)|✅|✅|