From 92730fcb633a888fc0c407d702949bcdfed7a5d8 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 8 Jan 2024 12:09:00 -0500
Subject: [PATCH] Add key registration and certificate enrollment phases to
 how-it-works.md

---
 .../hello-for-business/how-it-works.md             | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index ed50c3575a..478537b51c 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -46,17 +46,27 @@ Windows Hello for Business is a distributed system that requires multiple techno
     
     :::column-end:::
 :::row-end:::
+:::row:::
+    :::column span="":::
+    **Key Registration**
+    :::column-end:::
+:::row-end:::
 :::row:::
     :::column span="1":::
-    **Key synchronization**
+    :::image type="content" source="images/howitworks/key-synchronization.png" alt-text="Icon representing the synchronization phase.":::
     :::column-end:::
     :::column span="3":::
         In this phase, applicable only to hybrid deploments, the user's public key is synchronized from Microsoft Entra ID to Active Directory.
     :::column-end:::
 :::row-end:::
+:::row:::
+    :::column span="":::
+    #### Certificate enrollment phase
+    :::column-end:::
+:::row-end:::
 :::row:::
     :::column span="1":::
-    **Certificate enrollment**
+    :::image type="content" source="images/howitworks/certificate-enrollment.png" alt-text="Icon representing the certificate enrollment phase.":::
     :::column-end:::
     :::column span="3":::
     This phase occurs only in certificate trust deployments. A user certificate is issued by an internal PKI and the public key stored in the Windows Hello container