Merge pull request #9673 from MicrosoftDocs/main

Publish main to live, Wednesday 3:30 PM PST, 03/06
2025-06-05 09:07:22 +00:00 · 2024-03-06 18:39:00 -05:00 · 2024-03-06 18:39:00 -05:00 · 96ae1cf160
commit 96ae1cf160
parent 3d55b2cb29 b9bf514e83
3 changed files with 13 additions and 4 deletions
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@ -8172,7 +8172,7 @@
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
-      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll",
+      "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works#provisioning",
      "redirect_document_id": false
    },
    {
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@ -96,7 +96,16 @@ For detailed sequence diagrams, see [how device registration works][ENTRA-4].
 :::row-end:::

 > [!NOTE]
-> The list of prerequisites varies depending on the deployment type, as described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).
+>
+> Depending on the deployment type, Windows Hello for Business provisioning is launched only if:
+>
+> - The device meets the Windows Hello hardware requirements
+> - The device is joined to Active Directory or Microsoft Entra ID
+> - The user signs in with an account defined in Active Directory or Microsoft Entra ID
+> - The Windows Hello for Business policy is enabled
+> - The user is not connected to the machine via Remote Desktop
+>
+> Additional prerequisites for specific deployment types are described in the article [Plan a Windows Hello for Business deployment](deploy/index.md).

 During the provisioning phase, a *Windows Hello container* is created. A Windows Hello container is a logical grouping of *key material*, or data. The container holds organization's credentials only on devices that are *registered* with the organization's IdP.

--- a/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-removable-data-drives.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/configure-use-of-passwords-for-removable-data-drives.md
@ -14,7 +14,7 @@ This policy setting specifies whether a password is required to unlock BitLocker

 If you enable this policy setting, users can configure a password that meets the requirements you define. To enforce complexity requirements on the password, select **Require complexity**:

- When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password
+- When set to **Require complexity**, a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity of the password
 - When set to **Allow complexity**, a connection to a domain controller is attempted to validate that the complexity adheres to the rules set by the policy. If no domain controllers are found, the password is accepted regardless of actual password complexity and the drive will be encrypted using that password as a protector
 - When set to **Do not allow complexity**, password complexity isn't validated

@ -25,4 +25,4 @@ If you disable or don't configure this policy setting, the default length constr
 |  | Path |
 |--|--|
 | **CSP** | Not available |
-| **GPO** | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Removable Data Drives** |
+| **GPO** | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Removable Data Drives** |