From 2d0f31588b32b2e75ede7e4465e79b4ba4559124 Mon Sep 17 00:00:00 2001
From: NagaCSC <naveerap@microsoft.com>
Date: Thu, 12 Dec 2019 16:52:44 -0800
Subject: [PATCH 1/4] Delat CRL note

add note for Delta CRL
---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md           | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 060bf7e60a..8ed1157475 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -58,6 +58,8 @@ To resolve this issue, the CRL distribution point must be a location that is acc
 
 If your CRL distribution point does not list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points.
 
+Note:  If your CA has both Base and Delta CRL published. please make sure. you have included publishing the delta CRL in the http path. Include web server to fetch delta crl by allowing doubleescaping in the (IIS) web server.
+
 ### Windows Server 2016 Domain Controllers
 If you are interested in configuring your environment to use the Windows Hello for Business key rather than a certificate, then your environment must have an adequate number of Windows Server 2016 domain controllers.  Only Windows Server 2016 domain controllers are capable of authenticating user with a Windows Hello for Business key.  What do we mean by adequate?  We are glad you asked.  Read [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
@@ -151,6 +153,7 @@ These procedures configure NTFS and share permissions on the web server to allow
 ![CDP Share Permissions](images/aadj/cdp-share-permissions.png)
 9. In the **Advanced Sharing** dialog box, click **OK**.
 
+
 #### Disable Caching 
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
 2. Right-click the **cdp** folder and click **Properties**.  Click the **Sharing** tab.  Click **Advanced Sharing**.

From 5e900d9706bde6e25e0c431f080a4fa16b87622e Mon Sep 17 00:00:00 2001
From: NagaCSC <naveerap@microsoft.com>
Date: Fri, 13 Dec 2019 09:26:58 -0800
Subject: [PATCH 2/4] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md

Looks good, commit the changes

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md           | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 8ed1157475..37e65c43d4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -58,7 +58,7 @@ To resolve this issue, the CRL distribution point must be a location that is acc
 
 If your CRL distribution point does not list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points.
 
-Note:  If your CA has both Base and Delta CRL published. please make sure. you have included publishing the delta CRL in the http path. Include web server to fetch delta crl by allowing doubleescaping in the (IIS) web server.
+Note:  If your CA has published both the Base and the Delta CRL, please make sure you have included publishing the Delta CRL in the HTTP path. Include web server to fetch the Delta CRL by allowing double escaping in the (IIS) web server.
 
 ### Windows Server 2016 Domain Controllers
 If you are interested in configuring your environment to use the Windows Hello for Business key rather than a certificate, then your environment must have an adequate number of Windows Server 2016 domain controllers.  Only Windows Server 2016 domain controllers are capable of authenticating user with a Windows Hello for Business key.  What do we mean by adequate?  We are glad you asked.  Read [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
@@ -340,4 +340,3 @@ If you plan on using certificates for on-premises single-sign on, perform the ad
  
 
 
-

From f8ba6714c320ba76defb672f00c1de04441e77b1 Mon Sep 17 00:00:00 2001
From: NagaCSC <naveerap@microsoft.com>
Date: Mon, 16 Dec 2019 09:20:27 -0800
Subject: [PATCH 3/4] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md

looks good, please proceed further

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 37e65c43d4..927449551f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -58,7 +58,8 @@ To resolve this issue, the CRL distribution point must be a location that is acc
 
 If your CRL distribution point does not list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points.
 
-Note:  If your CA has published both the Base and the Delta CRL, please make sure you have included publishing the Delta CRL in the HTTP path. Include web server to fetch the Delta CRL by allowing double escaping in the (IIS) web server.
+> [!NOTE]
+> If your CA has published both the Base and the Delta CRL, please make sure you have included publishing the Delta CRL in the HTTP path. Include web server to fetch the Delta CRL by allowing double escaping in the (IIS) web server.
 
 ### Windows Server 2016 Domain Controllers
 If you are interested in configuring your environment to use the Windows Hello for Business key rather than a certificate, then your environment must have an adequate number of Windows Server 2016 domain controllers.  Only Windows Server 2016 domain controllers are capable of authenticating user with a Windows Hello for Business key.  What do we mean by adequate?  We are glad you asked.  Read [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
@@ -339,4 +340,3 @@ Sign-in a workstation with access equivalent to a _domain user_.
 If you plan on using certificates for on-premises single-sign on, perform the additional steps in [Using Certificates for On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). 
  
 
-

From a922ae24ab54104b41a6f1f8025e28a0f71ccc47 Mon Sep 17 00:00:00 2001
From: NagaCSC <naveerap@microsoft.com>
Date: Mon, 16 Dec 2019 14:25:15 -0800
Subject: [PATCH 4/4] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md            | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 927449551f..f6f3f40c4b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -154,7 +154,6 @@ These procedures configure NTFS and share permissions on the web server to allow
 ![CDP Share Permissions](images/aadj/cdp-share-permissions.png)
 9. In the **Advanced Sharing** dialog box, click **OK**.
 
-
 #### Disable Caching 
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
 2. Right-click the **cdp** folder and click **Properties**.  Click the **Sharing** tab.  Click **Advanced Sharing**.
@@ -339,4 +338,3 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 If you plan on using certificates for on-premises single-sign on, perform the additional steps in [Using Certificates for On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). 
  
-