diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
index 584fff10d0..260e38f167 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
@@ -149,6 +149,12 @@ Once a user completes enrollment with cloud Kerberos trust, the Windows Hello ge
 
 After enrollment, Microsoft Entra Connect synchronizes the user's key from Microsoft Entra ID to Active Directory.
 
+### Sequence diagrams
+
+To better understand the provisioning and authentication flows, review the following sequence diagrams:
+
+ 
+
 ## Migrate from key trust deployment model to cloud Kerberos trust
 
 If you deployed Windows Hello for Business using the key trust model, and want to migrate to the cloud Kerberos trust model, follow these steps:
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
index 726fbc2b1d..e50d7474e8 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
@@ -12,7 +12,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra join authentication to Microsoft Entra ID
 
-![Microsoft Entra join authentication to Microsoft Entra ID.](images/howitworks/auth-aadj-cloud.png)
+![Microsoft Entra join authentication to Microsoft Entra ID.](images/howitworks/auth/auth-aadj-cloud.png)
+
+:::image type="content" source="images/howitworks/auth/entra-join-entra.svg" alt-text="Diagram of a Microsoft Entra join device authenticating to Microsoft Entra ID." lightbox="images/howitworks/auth/entra-join-entra.svg" border="false":::
 
 > [!NOTE]
 > All Microsoft Entra joined devices authenticate with Windows Hello for Business to Microsoft Entra ID the same way. The Windows Hello for Business trust type only impacts how the device authenticates to on-premises AD.
@@ -27,7 +29,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra join authentication to Active Directory using cloud Kerberos trust
 
-![Microsoft Entra join authentication to Active Directory.](images/howitworks/auth-aadj-cloudtrust-kerb.png)
+![Microsoft Entra join authentication to Active Directory.](images/howitworks/auth/auth-aadj-cloudtrust-kerb.png)
+
+:::image type="content" source="images/howitworks/auth/entra-join-ad-ckt.svg" alt-text="Diagram of a Microsoft Entra join device authenticating to Active Directory using cloud Kerberos trust." lightbox="images/howitworks/auth/entra-join-ad-ckt.svg" border="false":::
 
 | Phase  | Description  |
 | :----: | :----------- |
@@ -36,7 +40,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra join authentication to Active Directory using a key
 
-![Microsoft Entra join authentication to Active Directory using a Key.](images/howitworks/auth-aadj-keytrust-kerb.png)
+![Microsoft Entra join authentication to Active Directory using a Key.](images/howitworks/auth/auth-aadj-keytrust-kerb.png)
+
+:::image type="content" source="images/howitworks/auth/entra-join-ad-kt.svg" alt-text="Diagram of a Microsoft Entra join device authenticating to Active Directory using key trust." lightbox="images/howitworks/auth/entra-join-ad-kt.svg" border="false":::
 
 | Phase  | Description  |
 | :----: | :----------- |
@@ -49,7 +55,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra join authentication to Active Directory using a certificate
 
-![Microsoft Entra join authentication to Active Directory using a Certificate.](images/howitworks/auth-aadj-certtrust-kerb.png)
+![Microsoft Entra join authentication to Active Directory using a Certificate.](images/howitworks/auth/auth-aadj-certtrust-kerb.png)
+
+:::image type="content" source="images/howitworks/auth/entra-join-ad-ct.svg" alt-text="Diagram of a Microsoft Entra join device authenticating to Active Directory using certificate trust." lightbox="images/howitworks/auth/entra-join-ad-ct.svg" border="false":::
 
 | Phase  | Description  |
 | :----: | :----------- |
@@ -62,7 +70,7 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra hybrid join authentication using cloud Kerberos trust
 
-![Microsoft Entra hybrid join authentication using Microsoft Entra Kerberos](images/howitworks/auth-haadj-cloudtrust.svg)
+:::image type="content" source="images/howitworks/auth/hybrid-entra-join-ckt.svg" alt-text="Diagram of a Microsoft Entra hybrid join device authenticating to Active Directory using cloud Kerberos trust." lightbox="images/howitworks/auth/hybrid-entra-join-ckt.svg" border="false":::
 
 | Phase  | Description  |
 | :----: | :----------- |
@@ -74,7 +82,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra hybrid join authentication using a key
 
-![Microsoft Entra hybrid join authentication using a key.](images/howitworks/auth-haadj-keytrust.png)
+![Microsoft Entra hybrid join authentication using a key.](images/howitworks/auth/auth-haadj-keytrust.png)
+
+:::image type="content" source="images/howitworks/auth/hybrid-entra-join-kt.svg" alt-text="Diagram of a Microsoft Entra hybrid join device authenticating to Active Directory using key trust." lightbox="images/howitworks/auth/hybrid-entra-join-kt.svg" border="false":::
 
 | Phase  | Description  |
 | :----: | :----------- |
@@ -91,7 +101,9 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in
 
 ## Microsoft Entra hybrid join authentication using a certificate
 
-![Microsoft Entra hybrid join authentication using a Certificate.](images/howitworks/auth-haadj-certtrust.png)
+![Microsoft Entra hybrid join authentication using a Certificate.](images/howitworks/auth/auth-haadj-certtrust.png)
+
+:::image type="content" source="images/howitworks/auth/hybrid-entra-join-ct.svg" alt-text="Diagram of a Microsoft Entra hybrid join device authenticating to Active Directory using certificate trust." lightbox="images/howitworks/auth/hybrid-entra-join-ct.svg" border="false":::
 
 | Phase  | Description  |
 | :----: | :----------- |
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
index 60f81d62ee..d5525d4164 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
@@ -19,8 +19,8 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 ## Microsoft Entra joined provisioning in a managed environment
 
-![Microsoft Entra joined provisioning in a managed environment.](images/howitworks/prov-aadj-managed.png)
-[Full size image](images/howitworks/prov-aadj-managed.png)
+![Microsoft Entra joined provisioning in a managed environment.](images/howitworks/prov/aadj-managed.png)
+[Full size image](images/howitworks/prov/aadj-managed.png)
 
 | Phase | Description |
 |:-:|:-|
@@ -30,8 +30,8 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 ## Microsoft Entra joined provisioning in a federated environment
 
-![Microsoft Entra joined provisioning in federated environment.](images/howitworks/prov-aadj-federated.png)
-[Full size image](images/howitworks/prov-aadj-federated.png)
+![Microsoft Entra joined provisioning in federated environment.](images/howitworks/prov/aadj-federated.png)
+[Full size image](images/howitworks/prov/aadj-federated.png)
 
 | Phase | Description |
 |:-:|:-|
@@ -41,8 +41,8 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 ## Microsoft Entra hybrid joined provisioning in a cloud Kerberos trust deployment in a managed environment
 
-![Microsoft Entra hybrid joined provisioning in a cloud Kerberos trust deployment in a Managed environment.](images/howitworks/prov-haadj-cloudtrust-managed.png)
-[Full size image](images/howitworks/prov-haadj-cloudtrust-managed.png)
+![Microsoft Entra hybrid joined provisioning in a cloud Kerberos trust deployment in a Managed environment.](images/howitworks/prov/haadj-cloudtrust-managed.png)
+[Full size image](images/howitworks/prov/haadj-cloudtrust-managed.png)
 
 | Phase | Description |
 |:-:|:-|
@@ -55,8 +55,8 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 ## Microsoft Entra hybrid joined provisioning in a key trust deployment in a managed environment
 
-![Microsoft Entra hybrid joined provisioning in a key trust deployment in a managed environment.](images/howitworks/prov-haadj-keytrust-managed.png)
-[Full size image](images/howitworks/prov-haadj-keytrust-managed.png)
+![Microsoft Entra hybrid joined provisioning in a key trust deployment in a managed environment.](images/howitworks/prov/haadj-keytrust-managed.png)
+[Full size image](images/howitworks/prov/haadj-keytrust-managed.png)
 
 | Phase | Description |
 |:-:|:-|
@@ -70,8 +70,8 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 ## Microsoft Entra hybrid joined provisioning in a synchronous certificate trust deployment in a federated environment
 
-![Microsoft Entra hybrid joined provisioning in a synchronous Certificate trust deployment in a federated environment.](images/howitworks/prov-haadj-instant-certtrust-federated.png)
-[Full size image](images/howitworks/prov-haadj-instant-certtrust-federated.png)
+![Microsoft Entra hybrid joined provisioning in a synchronous Certificate trust deployment in a federated environment.](images/howitworks/prov/haadj-instant-certtrust-federated.png)
+[Full size image](images/howitworks/prov/haadj-instant-certtrust-federated.png)
 
 | Phase | Description |
 |:-|:-|
@@ -88,8 +88,8 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 ## Domain joined provisioning in an On-premises Key Trust deployment
 
-![Domain joined provisioning in an On-premises Key Trust deployment.](images/howitworks/prov-onprem-keytrust.png)
-[Full size image](images/howitworks/prov-onprem-keytrust.png)
+![Domain joined provisioning in an On-premises Key Trust deployment.](images/howitworks/prov/onprem-keytrust.png)
+[Full size image](images/howitworks/prov/onprem-keytrust.png)
 
 | Phase  | Description  |
 | :----: | :----------- |
@@ -99,8 +99,8 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
 
 ## Domain joined provisioning in an On-premises Certificate Trust deployment
 
-![Domain joined provisioning in an On-premises Certificate Trust deployment.](images/howitworks/prov-onprem-certtrust.png)
-[Full size image](images/howitworks/prov-onprem-certtrust.png)
+![Domain joined provisioning in an On-premises Certificate Trust deployment.](images/howitworks/prov/onprem-certtrust.png)
+[Full size image](images/howitworks/prov/onprem-certtrust.png)
 
 | Phase  | Description  |
 | :----: | :----------- |
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index bb524aeaca..ac509cca22 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -155,14 +155,14 @@ Windows Hello can also be used as a FIDO2 authenticator to authenticate to any w
 
 To learn more how Windows uses the TPM in support of Windows Hello for Business, see [How Windows uses the Trusted Platform Module](../../hardware-security/tpm/how-windows-uses-the-tpm.md).
 
-### Windows Hello data storage
+### Biometric data storage
 
 The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Even if an attacker could obtain the biometric data from a device, it couldn't be converted back into a raw biometric sample recognizable by the biometric sensor.
 
+Each sensor has its own biometric database file where template data is stored (path `C:\WINDOWS\System32\WinBioDatabase`). Each database file has a unique, randomly generated key that is encrypted to the system. The template data for the sensor is encrypted with the per-database key using AES with CBC chaining mode. The hash is SHA256.
+
 > [!NOTE]
->Each sensor on a device has its own biometric database file where template data is stored (path `C:\WINDOWS\System32\WinBioDatabase`). Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor is encrypted with the per-database key using AES with CBC chaining mode. The hash is SHA256.
->
->Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors store biometric data on the fingerprint module instead of in the database file.
+>Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors store biometric data on the fingerprint module instead of in the database file. For more information, see [Windows Hello Enhanced Security Sign-in (ESS)][WINH-1].
 
 ## Key synchronization
 
@@ -231,3 +231,4 @@ Changing a user account password doesn't affect sign-in or unlock, since Windows
 [ENTRA-4]: /entra/identity/devices/device-registration-how-it-works
 
 [WEB-1]: https://openid.net/specs/draft-jones-json-web-token-07.html
+[WINH-1]: /windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-haadj-cloudtrust.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth-haadj-cloudtrust.svg
deleted file mode 100644
index 65d3e29787..0000000000
--- a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-haadj-cloudtrust.svg
+++ /dev/null
@@ -1,876 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<!-- Generated by Microsoft Visio, SVG Export WHFB-Provisioning-Flows.svg HAADJ-Auth-KeyTrust (2) -->
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
-		xmlns:v="http://schemas.microsoft.com/visio/2003/SVGExtensions/" width="11in" height="8.5in" viewBox="0 0 792 612"
-		xml:space="preserve" color-interpolation-filters="sRGB" class="st17">
-	<v:documentProperties v:langID="1033" v:viewMarkup="false">
-		<v:userDefs>
-			<v:ud v:nameU="visFlowchartType" v:prompt="" v:val="VT4(CrossFunctional)"/>
-			<v:ud v:nameU="msvNoAutoConnect" v:val="VT0(0):26"/>
-			<v:ud v:nameU="visV14CFF" v:prompt="" v:val="VT0(1):26"/>
-		</v:userDefs>
-	</v:documentProperties>
-
-	<style type="text/css">
-	<![CDATA[
-		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
-		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
-		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
-		.st4 {font-size:1em}
-		.st5 {marker-end:url(#mrkr4-102);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
-		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
-		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
-		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
-		.st9 {marker-end:url(#mrkr3-110);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
-		.st10 {marker-end:url(#mrkr4-139);stroke:#ed7d31;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
-		.st11 {fill:#ed7d31;fill-opacity:1;stroke:#ed7d31;stroke-opacity:1;stroke-width:0.23584905660377}
-		.st12 {fill:#d06d29;font-family:Calibri;font-size:0.833336em}
-		.st13 {marker-end:url(#mrkr3-154);stroke:#ed7d31;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
-		.st14 {fill:#ffffff;stroke:none;stroke-linecap:butt}
-		.st15 {fill:#002060;stroke:none;stroke-width:0.75}
-		.st16 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
-		.st17 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
-	]]>
-	</style>
-
-	<defs id="Markers">
-		<g id="lend4">
-			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
-		</g>
-		<marker id="mrkr4-102" class="st6" v:arrowType="4" v:arrowSize="3" v:setback="8.48" refX="-8.48" orient="auto"
-				markerUnits="strokeWidth" overflow="visible">
-			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
-		</marker>
-		<g id="lend3">
-			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
-		</g>
-		<marker id="mrkr3-110" class="st6" v:arrowType="3" v:arrowSize="3" orient="auto" markerUnits="strokeWidth"
-				overflow="visible">
-			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
-		</marker>
-		<marker id="mrkr4-139" class="st11" v:arrowType="4" v:arrowSize="3" v:setback="8.48" refX="-8.48" orient="auto"
-				markerUnits="strokeWidth" overflow="visible">
-			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
-		</marker>
-		<marker id="mrkr3-154" class="st11" v:arrowType="3" v:arrowSize="3" orient="auto" markerUnits="strokeWidth"
-				overflow="visible">
-			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
-		</marker>
-	</defs>
-	<g v:mID="52" v:index="18" v:groupContext="foregroundPage">
-		<v:userDefs>
-			<v:ud v:nameU="msvThemeOrder" v:val="VT0(0):26"/>
-		</v:userDefs>
-		<title>HAADJ-Auth-CloudTrust</title>
-		<v:pageProperties v:drawingScale="1" v:pageScale="1" v:drawingUnits="0" v:shadowOffsetX="9" v:shadowOffsetY="-9"/>
-		<v:layer v:name="Connector" v:index="0"/>
-		<v:layer v:name="Flowchart" v:index="1"/>
-		<g id="group1005-1" transform="translate(677.212,-555.056)" v:mID="1005" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1005</title>
-			<desc>Domain Controller</desc>
-			<g id="shape1006-2" v:mID="1006" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1006</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1007-4" v:mID="1007" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1007</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1008-6" v:mID="1008" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1008</title>
-			</g>
-			<g id="shape1009-8" v:mID="1009" v:groupContext="shape" transform="translate(652.5,612) rotate(90)">
-				<title>Sheet.1009</title>
-				<path d="M0 612 L537.06 612" class="st2"/>
-			</g>
-			<g id="shape1005-11" v:mID="1005" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="20.96" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Domain <tspan
-							x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
-		</g>
-		<g id="group1015-15" transform="translate(19.1441,-555.056)" v:mID="1015" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1015</title>
-			<desc>Winlogon</desc>
-			<g id="shape1016-16" v:mID="1016" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1016</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1017-18" v:mID="1017" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1017</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1018-20" v:mID="1018" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1018</title>
-			</g>
-			<g id="shape1019-22" v:mID="1019" v:groupContext="shape" transform="translate(652.5,612) rotate(90)">
-				<title>Sheet.1019</title>
-				<path d="M0 612 L537.06 612" class="st2"/>
-			</g>
-			<g id="shape1015-25" v:mID="1015" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="16.38" y="596.7" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Winlogon</text>			</g>
-		</g>
-		<g id="group1020-28" transform="translate(567.534,-555.056)" v:mID="1020" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1020</title>
-			<desc>Microsoft Entra ID</desc>
-			<g id="shape1021-29" v:mID="1021" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1021</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1022-31" v:mID="1022" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1022</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1023-33" v:mID="1023" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1023</title>
-			</g>
-			<g id="shape1024-35" v:mID="1024" v:groupContext="shape" transform="translate(652.5,612) rotate(90)">
-				<title>Sheet.1024</title>
-				<path d="M0 612 L537.06 612" class="st2"/>
-			</g>
-			<g id="shape1020-38" v:mID="1020" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="16.32" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Microsoft <tspan
-							x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
-		</g>
-		<g id="group1025-42" transform="translate(128.822,-555.056)" v:mID="1025" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1025</title>
-			<desc>LSA</desc>
-			<g id="shape1026-43" v:mID="1026" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1026</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1027-45" v:mID="1027" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1027</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1028-47" v:mID="1028" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1028</title>
-			</g>
-			<g id="shape1029-49" v:mID="1029" v:groupContext="shape" transform="translate(652.5,612) rotate(90)">
-				<title>Sheet.1029</title>
-				<path d="M0 612 L537.06 612" class="st2"/>
-			</g>
-			<g id="shape1025-52" v:mID="1025" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="31.49" y="596.7" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>LSA</text>			</g>
-		</g>
-		<g id="group1030-55" transform="translate(238.5,-555.056)" v:mID="1030" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1030</title>
-			<desc>Credential Provider</desc>
-			<g id="shape1031-56" v:mID="1031" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1031</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1032-58" v:mID="1032" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1032</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1033-60" v:mID="1033" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1033</title>
-			</g>
-			<g id="shape1034-62" v:mID="1034" v:groupContext="shape" transform="translate(652.5,612) rotate(90)">
-				<title>Sheet.1034</title>
-				<path d="M0 612 L537.06 612" class="st2"/>
-			</g>
-			<g id="shape1030-65" v:mID="1030" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="14.72" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Credential<v:lf/><tspan
-							x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
-		</g>
-		<g id="group1035-69" transform="translate(457.856,-555.056)" v:mID="1035" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1035</title>
-			<desc>Cloud Auth provider</desc>
-			<g id="shape1036-70" v:mID="1036" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1036</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1037-72" v:mID="1037" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1037</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1038-74" v:mID="1038" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1038</title>
-			</g>
-			<g id="shape1039-76" v:mID="1039" v:groupContext="shape" transform="translate(652.5,612) rotate(90)">
-				<title>Sheet.1039</title>
-				<path d="M0 612 L537.06 612" class="st2"/>
-			</g>
-			<g id="shape1035-79" v:mID="1035" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="12.67" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Cloud Auth<v:lf/><tspan
-							x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
-		</g>
-		<g id="group1040-83" transform="translate(348.178,-555.056)" v:mID="1040" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1040</title>
-			<desc>Kerberos provider</desc>
-			<g id="shape1041-84" v:mID="1041" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1041</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1042-86" v:mID="1042" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1042</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1043-88" v:mID="1043" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1043</title>
-			</g>
-			<g id="shape1044-90" v:mID="1044" v:groupContext="shape" transform="translate(652.5,612) rotate(90)">
-				<title>Sheet.1044</title>
-				<path d="M0 612 L537.06 612" class="st2"/>
-			</g>
-			<g id="shape1040-93" v:mID="1040" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="18.07" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Kerberos<v:lf/><tspan
-							x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
-		</g>
-		<g id="shape1045-97" v:mID="1045" v:groupContext="shape" v:layerMember="0" transform="translate(270,-537.056)">
-			<title>Self Message.1020</title>
-			<desc>User provides gesture</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="76.5" cy="622.556" width="99.21" height="20.0036"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="32.0321" y="616.556" width="88.936" height="12.0001" class="st7"/>
-			<text x="32.03" y="625.56" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>User provides gesture</text>		</g>
-		<g id="shape1047-105" v:mID="1047" v:groupContext="shape" v:layerMember="0" transform="translate(279,-510.056)">
-			<title>Return Message.1028</title>
-			<desc>Collected Credentials</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-74.5613" cy="602.306" width="96.43" height="20.0036"/>
-			<path d="M0 603 L-219.36 603" class="st9"/>
-			<rect v:rectContext="textBkgnd" x="-117.64" y="596.306" width="86.1584" height="12.0001" class="st7"/>
-			<text x="-117.64" y="605.31" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Collected Credentials</text>		</g>
-		<g id="shape1048-113" v:mID="1048" v:groupContext="shape" v:layerMember="0" transform="translate(59.6441,-492.056)">
-			<title>Message.1029</title>
-			<desc>Collected Credentials</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="54.839" cy="603" width="96.43" height="20.0036"/>
-			<path d="M0 603 L101.2 603" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="11.7599" y="597" width="86.1584" height="12.0001" class="st7"/>
-			<text x="11.76" y="606" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Collected Credentials</text>		</g>
-		<g id="shape1049-120" v:mID="1049" v:groupContext="shape" v:layerMember="0" transform="translate(59.6441,-528.056)">
-			<title>Message.1027</title>
-			<desc>Show the WHFB Cred Prov</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="67.6773" cy="604.556" width="117.81" height="20.0036"/>
-			<path d="M0 603 L210.88 603" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="13.9052" y="598.556" width="107.544" height="12.0001" class="st7"/>
-			<text x="13.91" y="607.56" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Show the WHFB Cred Prov</text>		</g>
-		<g id="shape1061-127" v:mID="1061" v:groupContext="shape" v:layerMember="0" transform="translate(388.678,-160.136)">
-			<title>Return Message.1061</title>
-			<desc>TGT</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-109.678" cy="603" width="50" height="20.0036"/>
-			<path d="M0 603 L-219.36 603" class="st9"/>
-			<rect v:rectContext="textBkgnd" x="-117.705" y="597" width="16.0546" height="12.0001" class="st7"/>
-			<text x="-117.71" y="606" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>TGT</text>		</g>
-		<g id="shape1062-134" v:mID="1062" v:groupContext="shape" v:layerMember="0" transform="translate(169.322,-492.056)">
-			<title>Message.1062</title>
-			<desc>Collected Credentials</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="164.517" cy="603" width="96.43" height="20.0036"/>
-			<path d="M0 603 L320.55 603" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="121.438" y="597" width="86.1584" height="12.0001" class="st7"/>
-			<text x="121.44" y="606" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Collected Credentials</text>		</g>
-		<g id="shape1063-142" v:mID="1063" v:groupContext="shape" v:layerMember="0" transform="translate(498.356,-492.776)">
-			<title>Message.1030</title>
-			<desc>Request Nonce</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="54.839" cy="603" width="71.87" height="20.0036"/>
-			<path d="M0 603 L101.2 603" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="24.0404" y="597" width="61.5973" height="12.0001" class="st7"/>
-			<text x="24.04" y="606" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Request Nonce</text>		</g>
-		<g id="shape1064-149" v:mID="1064" v:groupContext="shape" v:layerMember="0" transform="translate(608.034,-474.776)">
-			<title>Return Message.1033</title>
-			<desc>Nonce</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-54.839" cy="603" width="50" height="20.0036"/>
-			<path d="M0 603 L-109.68 603" class="st13"/>
-			<rect v:rectContext="textBkgnd" x="-67.9323" y="597" width="26.1867" height="12.0001" class="st7"/>
-			<text x="-67.93" y="606" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Nonce</text>		</g>
-		<g id="shape1065-157" v:mID="1065" v:groupContext="shape" v:layerMember="0" transform="translate(608.034,-372.536)">
-			<title>Return Message.1034</title>
-			<desc>PRT w/Session key and Partial TGT</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-48.5325" cy="602.032" width="87.79" height="32.0037"/>
-			<path d="M0 603 L-109.68 603" class="st13"/>
-			<rect v:rectContext="textBkgnd" x="-86.1646" y="590.033" width="75.264" height="23.9999" class="st7"/>
-			<text x="-86.16" y="599.03" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>PRT w/Session key <v:newlineChar/><v:paragraph
-						v:horizAlign="1"/><tspan x="-79.56" dy="1.2em" class="st4">and Partial TGT</tspan></text>		</g>
-		<g id="shape1066-165" v:mID="1066" v:groupContext="shape" v:layerMember="0" transform="translate(489.355,-468.655)">
-			<title>Self Message.1066</title>
-			<desc>Sign nonce WHFB privkey</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="59.6442" cy="622.556" width="67.29" height="32.0037"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="31.1334" y="610.556" width="57.0218" height="24.0002" class="st7"/>
-			<text x="37.6" y="619.56" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Sign nonce <v:lf/><tspan
-						x="31.13" dy="1.2em" class="st4">WHFB privkey</tspan></text>		</g>
-		<g id="shape1067-173" v:mID="1067" v:groupContext="shape" v:layerMember="0" transform="translate(498.356,-426.536)">
-			<title>Message.1037</title>
-			<desc>Signed Nonce</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="54.839" cy="603" width="65.8" height="20.0036"/>
-			<path d="M0 603 L101.2 603" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="27.0751" y="597" width="55.5279" height="12.0001" class="st7"/>
-			<text x="27.08" y="606" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Signed Nonce</text>		</g>
-		<g id="shape1068-180" v:mID="1068" v:groupContext="shape" v:layerMember="0" transform="translate(599.034,-435.536)">
-			<title>Self Message.1038</title>
-			<desc>Validate signature WHFB pubkey</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="66.9662" cy="622.556" width="83.98" height="32.0037"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="30.1128" y="610.556" width="73.707" height="24.0002" class="st7"/>
-			<text x="30.11" y="619.56" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Validate signature<v:lf/><tspan
-						x="37.22" dy="1.2em" class="st4"> </tspan>WHFB pubkey</text>		</g>
-		<g id="shape1069-188" v:mID="1069" v:groupContext="shape" v:layerMember="0" transform="translate(599.034,-399.536)">
-			<title>Self Message.1039</title>
-			<desc>Validate Nonce</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="62.4662" cy="620.306" width="72.14" height="20.0036"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="31.5309" y="614.306" width="61.8709" height="12.0001" class="st7"/>
-			<text x="31.53" y="623.31" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Validate Nonce</text>		</g>
-		<g id="shape1070-195" v:mID="1070" v:groupContext="shape" v:layerMember="0" transform="translate(489.356,-354.896)">
-			<title>Self Message.1040</title>
-			<desc>Decrypt Session key w/ Transport key</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="73.1441" cy="622.556" width="93.29" height="32.0037"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="32.7654" y="610.556" width="80.7575" height="24.0002" class="st7"/>
-			<text x="32.77" y="619.56" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Decrypt Session key <v:lf/><tspan
-						x="38.52" dy="1.2em" class="st4">w/ Transport key</tspan></text>		</g>
-		<g id="shape1071-203" v:mID="1071" v:groupContext="shape" v:layerMember="0" transform="translate(489.356,-318.896)">
-			<title>Self Message.1041</title>
-			<desc>Import Session Key to TPM</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="73.1441" cy="622.556" width="87.57" height="32.0037"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
-			<rect v:rectContext="textBkgnd" x="34.4916" y="610.556" width="77.3053" height="24.0002" class="st7"/>
-			<text x="34.49" y="619.56" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Import Session Key<v:lf/><tspan
-						x="58.41" dy="1.2em" class="st4">to TPM</tspan></text>		</g>
-		<g id="shape1072-211" v:mID="1072" v:groupContext="shape" v:layerMember="0" transform="translate(498.359,-291.24)">
-			<title>Return Message.1035</title>
-			<desc>Partial TGT</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-164.517" cy="603" width="54.76" height="20.0036"/>
-			<path d="M0 603 L-329.03 603" class="st13"/>
-			<rect v:rectContext="textBkgnd" x="-186.761" y="597" width="44.4875" height="12.0001" class="st7"/>
-			<text x="-186.76" y="606" class="st12" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Partial TGT</text>		</g>
-		<g id="shape1074-218" v:mID="1074" v:groupContext="shape" v:layerMember="0" transform="translate(50.6441,-151.136)">
-			<title>Self Message.1043</title>
-			<desc>Load User Desktop</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="68.6059" cy="622.556" width="86.56" height="20.0036"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="30.4588" y="616.556" width="76.2943" height="12.0001" class="st7"/>
-			<text x="30.46" y="625.56" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Load User Desktop</text>		</g>
-		<g id="shape1075-225" v:mID="1075" v:groupContext="shape" v:layerMember="0" transform="translate(169.322,-160.136)">
-			<title>Return Message.1075</title>
-			<desc>Success</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-54.839" cy="603" width="50" height="20.0036"/>
-			<path d="M0 603 L-109.68 603" class="st9"/>
-			<rect v:rectContext="textBkgnd" x="-70.391" y="597" width="31.1039" height="12.0001" class="st14"/>
-			<text x="-70.39" y="606" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Success</text>		</g>
-		<g id="shape1078-232" v:mID="1078" v:groupContext="shape" v:layerMember="0" transform="translate(169.138,-271.796)">
-			<title>Message.1021</title>
-			<desc>Partial TGT</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="65.2844" cy="602.306" width="54.76" height="20.0036"/>
-			<path d="M0 603 L210.88 603" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="43.0408" y="596.306" width="44.4875" height="12.0001" class="st7"/>
-			<text x="43.04" y="605.31" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Partial TGT</text>		</g>
-		<g id="shape1079-239" v:mID="1079" v:groupContext="shape" v:layerMember="0" transform="translate(379.494,-280.796)">
-			<title>Self Message.1036</title>
-			<desc>Get domain hint from computer</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="61.3221" cy="620.306" width="78.69" height="32.0037"/>
-			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="28.2406" y="608.306" width="66.163" height="24.0002" class="st7"/>
-			<text x="28.24" y="617.31" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Get domain hint <v:lf/><tspan
-						x="30.39" dy="1.2em" class="st4">from computer</tspan></text>		</g>
-		<g id="shape1080-247" v:mID="1080" v:groupContext="shape" v:layerMember="0" transform="translate(717.528,-217.796)">
-			<title>Return Message.1051</title>
-			<desc>return list of domain controlers</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-164.517" cy="603" width="84.92" height="32.0037"/>
-			<path d="M0 603 L-329.03 603" class="st9"/>
-			<rect v:rectContext="textBkgnd" x="-201.841" y="591" width="74.6491" height="24.0002" class="st7"/>
-			<text x="-189.77" y="600" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>return list of <v:lf/><tspan
-						x="-201.84" dy="1.2em" class="st4">domain controlers</tspan></text>		</g>
-		<g id="shape1081-255" v:mID="1081" v:groupContext="shape" v:layerMember="0" transform="translate(388.494,-235.796)">
-			<title>Message.1060</title>
-			<desc>DcLocator via DNS</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="164.517" cy="603" width="84.58" height="20.0036"/>
-			<path d="M0 603 L320.55 603" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="127.361" y="597" width="74.3118" height="12.0001" class="st7"/>
-			<text x="127.36" y="606" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>DcLocator via DNS</text>		</g>
-		<g id="shape1082-262" v:mID="1082" v:groupContext="shape" v:layerMember="0" transform="translate(717.712,-159.416)">
-			<title>Return Message.1082</title>
-			<desc>TGT</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(1):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="-164.517" cy="603" width="50" height="20.0036"/>
-			<path d="M0 603 L-329.03 603" class="st9"/>
-			<rect v:rectContext="textBkgnd" x="-172.544" y="597" width="16.0546" height="12.0001" class="st14"/>
-			<text x="-172.54" y="606" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>TGT</text>		</g>
-		<g id="shape1083-269" v:mID="1083" v:groupContext="shape" v:layerMember="0" transform="translate(387.723,-181.562)">
-			<title>Message.1083</title>
-			<desc>TGS_REQ w/ Partial TGT</desc>
-			<v:userDefs>
-				<v:ud v:nameU="IsReturn" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="IsAsync" v:prompt="" v:val="VT0(0):26"/>
-				<v:ud v:nameU="IsSelfMessage" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(4,4,4,4)"/>
-			<v:textRect cx="164.517" cy="603" width="108.09" height="20.0036"/>
-			<path d="M0 603 L320.55 603" class="st5"/>
-			<rect v:rectContext="textBkgnd" x="115.608" y="597" width="97.8176" height="12.0001" class="st7"/>
-			<text x="115.61" y="606" class="st8" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>TGS_REQ w/ Partial TGT</text>		</g>
-		<g id="shape1084-276" v:mID="1084" v:groupContext="shape" v:layerMember="1" transform="translate(461.943,-449.161)">
-			<title>State</title>
-			<desc>B</desc>
-			<v:custProps>
-				<v:cp v:nameU="Cost" v:lbl="Cost" v:type="7" v:format="@" v:langID="1033"/>
-				<v:cp v:nameU="Duration" v:lbl="Duration" v:type="2" v:langID="1033"/>
-				<v:cp v:nameU="Resources" v:lbl="Resources" v:langID="1033"/>
-			</v:custProps>
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(1,1,1,1)"/>
-			<v:textRect cx="9.83896" cy="602.161" width="19.68" height="19.6779"/>
-			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
-			<text x="5.92" y="606.36" class="st16" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>B</text>		</g>
-		<g id="shape1087-279" v:mID="1087" v:groupContext="shape" v:layerMember="1" transform="translate(461.943,-336.661)">
-			<title>State.1087</title>
-			<desc>D</desc>
-			<v:custProps>
-				<v:cp v:nameU="Cost" v:lbl="Cost" v:type="7" v:format="@" v:langID="1033"/>
-				<v:cp v:nameU="Duration" v:lbl="Duration" v:type="2" v:langID="1033"/>
-				<v:cp v:nameU="Resources" v:lbl="Resources" v:langID="1033"/>
-			</v:custProps>
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(1,1,1,1)"/>
-			<v:textRect cx="9.83896" cy="602.161" width="19.68" height="19.6779"/>
-			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
-			<text x="5.43" y="606.36" class="st16" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>D</text>		</g>
-		<g id="shape1088-282" v:mID="1088" v:groupContext="shape" v:layerMember="1" transform="translate(579.661,-398.822)">
-			<title>State.1088</title>
-			<desc>C</desc>
-			<v:custProps>
-				<v:cp v:nameU="Cost" v:lbl="Cost" v:type="7" v:format="@" v:langID="1033"/>
-				<v:cp v:nameU="Duration" v:lbl="Duration" v:type="2" v:langID="1033"/>
-				<v:cp v:nameU="Resources" v:lbl="Resources" v:langID="1033"/>
-			</v:custProps>
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(1,1,1,1)"/>
-			<v:textRect cx="9.83896" cy="602.161" width="19.68" height="19.6779"/>
-			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
-			<text x="6.13" y="606.36" class="st16" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>C</text>		</g>
-		<g id="shape1089-285" v:mID="1089" v:groupContext="shape" v:layerMember="1" transform="translate(358.322,-227.822)">
-			<title>State.1089</title>
-			<desc>E</desc>
-			<v:custProps>
-				<v:cp v:nameU="Cost" v:lbl="Cost" v:type="7" v:format="@" v:langID="1033"/>
-				<v:cp v:nameU="Duration" v:lbl="Duration" v:type="2" v:langID="1033"/>
-				<v:cp v:nameU="Resources" v:lbl="Resources" v:langID="1033"/>
-			</v:custProps>
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(1,1,1,1)"/>
-			<v:textRect cx="9.83896" cy="602.161" width="19.68" height="19.6779"/>
-			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
-			<text x="6.42" y="606.36" class="st16" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>E</text>		</g>
-		<g id="shape1090-288" v:mID="1090" v:groupContext="shape" v:layerMember="1" transform="translate(29.8221,-508.5)">
-			<title>State.1090</title>
-			<desc>A</desc>
-			<v:custProps>
-				<v:cp v:nameU="Cost" v:lbl="Cost" v:type="7" v:format="@" v:langID="1033"/>
-				<v:cp v:nameU="Duration" v:lbl="Duration" v:type="2" v:langID="1033"/>
-				<v:cp v:nameU="Resources" v:lbl="Resources" v:langID="1033"/>
-			</v:custProps>
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:val="VT0(15):26"/>
-			</v:userDefs>
-			<v:textBlock v:margins="rect(1,1,1,1)"/>
-			<v:textRect cx="9.83896" cy="602.161" width="19.68" height="19.6779"/>
-			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
-			<text x="5.6" y="606.36" class="st16" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>A</text>		</g>
-		<g id="group1126-291" transform="translate(677.212,-19.1441)" v:mID="1126" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1126</title>
-			<desc>Domain Controller</desc>
-			<g id="shape1127-292" v:mID="1127" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1127</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1128-294" v:mID="1128" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1128</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1129-296" v:mID="1129" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1129</title>
-			</g>
-			<g id="shape1126-298" v:mID="1126" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="20.96" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Domain <tspan
-							x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
-		</g>
-		<g id="group1131-302" transform="translate(19.1441,-19.1441)" v:mID="1131" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1131</title>
-			<desc>Winlogon</desc>
-			<g id="shape1132-303" v:mID="1132" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1132</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1133-305" v:mID="1133" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1133</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1134-307" v:mID="1134" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1134</title>
-			</g>
-			<g id="shape1131-309" v:mID="1131" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="16.38" y="596.7" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Winlogon</text>			</g>
-		</g>
-		<g id="group1136-312" transform="translate(567.534,-19.1441)" v:mID="1136" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1136</title>
-			<desc>Microsoft Entra ID</desc>
-			<g id="shape1137-313" v:mID="1137" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1137</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1138-315" v:mID="1138" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1138</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1139-317" v:mID="1139" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1139</title>
-			</g>
-			<g id="shape1136-319" v:mID="1136" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="16.32" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Microsoft <tspan
-							x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
-		</g>
-		<g id="group1141-323" transform="translate(128.822,-19.1441)" v:mID="1141" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1141</title>
-			<desc>LSA</desc>
-			<g id="shape1142-324" v:mID="1142" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1142</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1143-326" v:mID="1143" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1143</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1144-328" v:mID="1144" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1144</title>
-			</g>
-			<g id="shape1141-330" v:mID="1141" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="31.49" y="596.7" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>LSA</text>			</g>
-		</g>
-		<g id="group1146-333" transform="translate(238.5,-19.1441)" v:mID="1146" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1146</title>
-			<desc>Credential Provider</desc>
-			<g id="shape1147-334" v:mID="1147" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1147</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1148-336" v:mID="1148" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1148</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1149-338" v:mID="1149" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1149</title>
-			</g>
-			<g id="shape1146-340" v:mID="1146" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="14.72" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Credential<v:lf/><tspan
-							x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
-		</g>
-		<g id="group1151-344" transform="translate(457.856,-19.1441)" v:mID="1151" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1151</title>
-			<desc>Cloud Auth provider</desc>
-			<g id="shape1152-345" v:mID="1152" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1152</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1153-347" v:mID="1153" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1153</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1154-349" v:mID="1154" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1154</title>
-			</g>
-			<g id="shape1151-351" v:mID="1151" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="12.67" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Cloud Auth<v:lf/><tspan
-							x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
-		</g>
-		<g id="group1156-355" transform="translate(348.178,-19.1441)" v:mID="1156" v:groupContext="group">
-			<v:userDefs>
-				<v:ud v:nameU="visVersion" v:prompt="" v:val="VT0(15):26"/>
-				<v:ud v:nameU="ShowActor" v:prompt="" v:val="VT0(0):5"/>
-				<v:ud v:nameU="ShowDestruction" v:prompt="" v:val="VT0(0):5"/>
-			</v:userDefs>
-			<title>Object lifeline.1156</title>
-			<desc>Kerberos provider</desc>
-			<g id="shape1157-356" v:mID="1157" v:groupContext="shape" transform="translate(13.5,-6.3)">
-				<title>Sheet.1157</title>
-				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
-			</g>
-			<g id="shape1158-358" v:mID="1158" v:groupContext="shape" transform="translate(31.5,-41.4)">
-				<title>Sheet.1158</title>
-				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
-			</g>
-			<g id="shape1159-360" v:mID="1159" v:groupContext="shape" transform="translate(27,559.556)">
-				<title>Sheet.1159</title>
-			</g>
-			<g id="shape1156-362" v:mID="1156" v:groupContext="groupContent">
-				<v:textBlock v:margins="rect(4,4,4,4)"/>
-				<v:textRect cx="40.5" cy="593.1" width="81.01" height="37.8"/>
-				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
-				<text x="18.07" y="589.5" class="st3" v:langID="1033"><v:paragraph v:horizAlign="1"/><v:tabList/>Kerberos<v:lf/><tspan
-							x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
-		</g>
-	</g>
-</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-certtrust-kerb.png b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-certtrust-kerb.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-certtrust-kerb.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-certtrust-kerb.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-cloud.png b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-cloud.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-cloud.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-cloud.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-cloudtrust-kerb.png b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-cloudtrust-kerb.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-cloudtrust-kerb.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-cloudtrust-kerb.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-keytrust-kerb.png b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-keytrust-kerb.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/auth-aadj-keytrust-kerb.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-aadj-keytrust-kerb.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-haadj-certtrust.png b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-haadj-certtrust.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/auth-haadj-certtrust.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-haadj-certtrust.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth-haadj-keytrust.png b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-haadj-keytrust.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/auth-haadj-keytrust.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/auth/auth-haadj-keytrust.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-ckt.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-ckt.svg
new file mode 100644
index 0000000000..b08f1a1817
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-ckt.svg
@@ -0,0 +1,216 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export auth-entra-join-ad-ckt.svg AADJ Kerb Auth-KeyTrust (2) -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		width="11in" height="8.5in" viewBox="0 0 792 612" xml:space="preserve" color-interpolation-filters="sRGB" class="st12">
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
+		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+		.st4 {font-size:1em}
+		.st5 {marker-end:url(#mrkr4-46);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
+		.st9 {marker-end:url(#mrkr3-54);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st10 {fill:#002060;stroke:none;stroke-width:0.75}
+		.st11 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
+		.st12 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-46" class="st6" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<g id="lend3">
+			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr3-54" class="st6" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+	</defs>
+	<g>
+		<title>auth-entra-join-ad-ckt</title>
+		<g id="group1005-1" transform="translate(427.462,-555.056)">
+			<title>Object lifeline.1005</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1006-2" transform="translate(13.5,-6.3)">
+				<title>Sheet.1006</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1007-4" transform="translate(31.5,-41.4)">
+				<title>Sheet.1007</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1008-6" transform="translate(27,204.056)">
+				<title>Sheet.1008</title>
+			</g>
+			<g id="shape1009-8" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1009</title>
+				<path d="M0 612 L181.56 612" class="st2"/>
+			</g>
+			<g id="shape1005-11">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1015-15" transform="translate(19.1441,-555.056)">
+			<title>Object lifeline.1015</title>
+			<desc>Windows</desc>
+			<g id="shape1016-16" transform="translate(13.5,-6.3)">
+				<title>Sheet.1016</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1017-18" transform="translate(31.5,-41.4)">
+				<title>Sheet.1017</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1018-20" transform="translate(27,212.303)">
+				<title>Sheet.1018</title>
+			</g>
+			<g id="shape1019-22" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1019</title>
+				<path d="M0 612 L189.8 612" class="st2"/>
+			</g>
+			<g id="shape1015-25">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="17.06" y="596.7" class="st3">Windows</text>			</g>
+		</g>
+		<g id="group1022-28" transform="translate(236.25,-555.056)">
+			<title>Object lifeline.1022</title>
+			<desc>DNS</desc>
+			<g id="shape1023-29" transform="translate(13.5,-6.3)">
+				<title>Sheet.1023</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1024-31" transform="translate(31.5,-41.4)">
+				<title>Sheet.1024</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1025-33" transform="translate(27,206.303)">
+				<title>Sheet.1025</title>
+			</g>
+			<g id="shape1026-35" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1026</title>
+				<path d="M0 612 L183.8 612" class="st2"/>
+			</g>
+			<g id="shape1022-38">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="29.93" y="596.7" class="st3">DNS</text>			</g>
+		</g>
+		<g id="shape1027-41" transform="translate(59.6441,-492.056)">
+			<title>Message.1027</title>
+			<desc>DcLocator</desc>
+			<path d="M0 603 L208.63 603" class="st5"/>
+			<rect x="88.0597" y="597" width="40.9867" height="12.0001" class="st7"/>
+			<text x="88.06" y="606" class="st8">DcLocator</text>		</g>
+		<g id="shape1028-49" transform="translate(276.75,-474.056)">
+			<title>Return Message.1028</title>
+			<desc>return list of domain controlers</desc>
+			<path d="M0 603 L-217.11 603" class="st9"/>
+			<rect x="-145.877" y="591" width="74.6491" height="24.0002" class="st7"/>
+			<text x="-133.8" y="600" class="st8">return list of <tspan x="-145.88" dy="1.2em" class="st4">domain controlers</tspan></text>		</g>
+		<g id="shape1029-58" transform="translate(59.6441,-420.056)">
+			<title>Message.1029</title>
+			<desc>TGS_REQ w/ Partial TGT</desc>
+			<path d="M0 603 L399.84 603" class="st5"/>
+			<rect x="155.25" y="597" width="97.8176" height="12.0001" class="st7"/>
+			<text x="155.25" y="606" class="st8">TGS_REQ w/ Partial TGT</text>		</g>
+		<g id="shape1030-65" transform="translate(458.962,-429.056)">
+			<title>Self Message.1030</title>
+			<desc>Validate partial TGT</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="34.1578" y="615.053" width="80.2595" height="12.0001" class="st7"/>
+			<text x="34.16" y="624.05" class="st8">Validate partial TGT</text>		</g>
+		<g id="shape1031-72" transform="translate(467.962,-402.056)">
+			<title>Return Message.1031</title>
+			<desc>TGT</desc>
+			<path d="M0 603 L-408.32 603" class="st9"/>
+			<rect x="-212.186" y="597" width="16.0546" height="12.0001" class="st7"/>
+			<text x="-212.19" y="606" class="st8">TGT</text>		</g>
+		<g id="shape1032-79" transform="translate(267.75,-501.056)">
+			<title>Self Message.1032</title>
+			<desc>find _ldap._tcp.dc._msdcs.domainhint.om</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="33.7334" y="606.056" width="153.034" height="24.0002" class="st7"/>
+			<text x="102.32" y="615.06" class="st8">find <tspan x="33.73" dy="1.2em" class="st4">_ldap._tcp.dc._msdcs.domainhint.om</tspan></text>		</g>
+		<g id="shape1036-87" transform="translate(50.6441,-537.056)">
+			<title>Self Message.1036</title>
+			<desc>Get domain hint from key metadata</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="28.7743" y="604.556" width="66.163" height="36.0003" class="st7"/>
+			<text x="28.77" y="613.56" class="st8">Get domain hint <tspan x="43.8" dy="1.2em" class="st4">from key</tspan><tspan
+						x="42.21" dy="1.2em" class="st4">metadata</tspan></text>		</g>
+		<g id="shape1039-96" transform="translate(50.6441,-356.253)">
+			<title>Dynamic connector.1039</title>
+		</g>
+		<g id="group1040-97" transform="translate(427.462,-346.95)">
+			<title>Object lifeline.1040</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1041-98" transform="translate(13.5,-6.3)">
+				<title>Sheet.1041</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1042-100" transform="translate(31.5,-41.4)">
+				<title>Sheet.1042</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1043-102" transform="translate(27,204.803)">
+				<title>Sheet.1043</title>
+			</g>
+			<g id="shape1040-104">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1045-108" transform="translate(19.1441,-346.95)">
+			<title>Object lifeline.1045</title>
+			<desc>Windows</desc>
+			<g id="shape1046-109" transform="translate(13.5,-6.3)">
+				<title>Sheet.1046</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1047-111" transform="translate(31.5,-41.4)">
+				<title>Sheet.1047</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1048-113" transform="translate(27,212.303)">
+				<title>Sheet.1048</title>
+			</g>
+			<g id="shape1045-115">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="17.06" y="596.7" class="st3">Windows</text>			</g>
+		</g>
+		<g id="group1050-118" transform="translate(236.25,-346.95)">
+			<title>Object lifeline.1050</title>
+			<desc>DNS</desc>
+			<g id="shape1051-119" transform="translate(13.5,-6.3)">
+				<title>Sheet.1051</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1052-121" transform="translate(31.5,-41.4)">
+				<title>Sheet.1052</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1053-123" transform="translate(27,206.303)">
+				<title>Sheet.1053</title>
+			</g>
+			<g id="shape1050-125">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="29.93" y="596.7" class="st3">DNS</text>			</g>
+		</g>
+		<g id="shape1054-128" transform="translate(32.5744,-491.072)">
+			<title>State.1090</title>
+			<desc>A</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st10"/>
+			<text x="5.6" y="606.36" class="st11">A</text>		</g>
+		<g id="shape1055-131" transform="translate(32.5744,-420.75)">
+			<title>State.1055</title>
+			<desc>B</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st10"/>
+			<text x="5.92" y="606.36" class="st11">B</text>		</g>
+	</g>
+</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-ct.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-ct.svg
new file mode 100644
index 0000000000..9d950e0cbc
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-ct.svg
@@ -0,0 +1,245 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export auth-entra-join-ad-ct.svg AADJ Kerb Auth-CertTrust -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		width="11in" height="8.5in" viewBox="0 0 792 612" xml:space="preserve" color-interpolation-filters="sRGB" class="st14">
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
+		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+		.st4 {font-size:1em}
+		.st5 {marker-end:url(#mrkr4-46);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
+		.st9 {marker-end:url(#mrkr3-54);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st10 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st11 {fill:#4f87bb;font-family:Calibri;font-size:0.666664em}
+		.st12 {fill:#002060;stroke:none;stroke-width:0.75}
+		.st13 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
+		.st14 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-46" class="st6" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<g id="lend3">
+			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr3-54" class="st6" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+	</defs>
+	<g>
+		<title>auth-entra-join-ad-ct</title>
+		<g id="group1005-1" transform="translate(390.375,-555.056)">
+			<title>Object lifeline.1005</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1006-2" transform="translate(13.5,-6.3)">
+				<title>Sheet.1006</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1007-4" transform="translate(31.5,-41.4)">
+				<title>Sheet.1007</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1008-6" transform="translate(27,325.556)">
+				<title>Sheet.1008</title>
+			</g>
+			<g id="shape1009-8" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1009</title>
+				<path d="M0 612 L303.06 612" class="st2"/>
+			</g>
+			<g id="shape1005-11">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1015-15" transform="translate(19.1441,-555.056)">
+			<title>Object lifeline.1015</title>
+			<desc>Windows</desc>
+			<g id="shape1016-16" transform="translate(13.5,-6.3)">
+				<title>Sheet.1016</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1017-18" transform="translate(31.5,-41.4)">
+				<title>Sheet.1017</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1018-20" transform="translate(27,325.556)">
+				<title>Sheet.1018</title>
+			</g>
+			<g id="shape1019-22" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1019</title>
+				<path d="M0 612 L303.06 612" class="st2"/>
+			</g>
+			<g id="shape1015-25">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="17.06" y="596.7" class="st3">Windows</text>			</g>
+		</g>
+		<g id="group1022-28" transform="translate(199.163,-555.056)">
+			<title>Object lifeline.1022</title>
+			<desc>DNS</desc>
+			<g id="shape1023-29" transform="translate(13.5,-6.3)">
+				<title>Sheet.1023</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1024-31" transform="translate(31.5,-41.4)">
+				<title>Sheet.1024</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1025-33" transform="translate(27,325.556)">
+				<title>Sheet.1025</title>
+			</g>
+			<g id="shape1026-35" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1026</title>
+				<path d="M0 612 L303.06 612" class="st2"/>
+			</g>
+			<g id="shape1022-38">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="29.93" y="596.7" class="st3">DNS</text>			</g>
+		</g>
+		<g id="shape1027-41" transform="translate(59.6441,-492.056)">
+			<title>Message.1027</title>
+			<desc>DcLocator</desc>
+			<path d="M0 603 L171.54 603" class="st5"/>
+			<rect x="69.5163" y="597" width="40.9867" height="12.0001" class="st7"/>
+			<text x="69.52" y="606" class="st8">DcLocator</text>		</g>
+		<g id="shape1028-49" transform="translate(239.663,-474.056)">
+			<title>Return Message.1028</title>
+			<desc>return list of domain controlers</desc>
+			<path d="M0 603 L-180.02 603" class="st9"/>
+			<rect x="-127.334" y="591" width="74.6491" height="24.0002" class="st10"/>
+			<text x="-115.26" y="600" class="st8">return list of <tspan x="-127.33" dy="1.2em" class="st4">domain controlers</tspan></text>		</g>
+		<g id="shape1029-58" transform="translate(59.6441,-420.056)">
+			<title>Message.1029</title>
+			<desc>KRB_AS_REQ w/signed preAuth data</desc>
+			<path d="M0 603 L362.75 603" class="st5"/>
+			<rect x="111.025" y="597" width="149.181" height="12.0001" class="st10"/>
+			<text x="111.03" y="606" class="st8">KRB_AS_REQ w/signed preAuth data</text>		</g>
+		<g id="shape1030-65" transform="translate(421.875,-429.056)">
+			<title>Self Message.1030</title>
+			<desc>PreAuth data validation</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="32.767" y="610.556" width="53.7163" height="24.0002" class="st7"/>
+			<text x="32.77" y="619.56" class="st8">PreAuth data<tspan x="39.57" dy="1.2em" class="st4">validation</tspan></text>		</g>
+		<g id="shape1031-73" transform="translate(430.875,-402.056)">
+			<title>Return Message.1031</title>
+			<desc>KRB_AS_REP w/KDC cert and TGT</desc>
+			<path d="M0 603 L-371.23 603" class="st9"/>
+			<rect x="-253.621" y="597" width="136.011" height="12.0001" class="st10"/>
+			<text x="-253.62" y="606" class="st8">KRB_AS_REP w/KDC cert and TGT</text>		</g>
+		<g id="shape1032-80" transform="translate(230.663,-501.056)">
+			<title>Self Message.1032</title>
+			<desc>find _ldap._tcp.dc._msdcs.domainhint.om</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="30.3201" y="606.056" width="153.034" height="24.0002" class="st10"/>
+			<text x="98.91" y="615.06" class="st8">find <tspan x="30.32" dy="1.2em" class="st4">_ldap._tcp.dc._msdcs.domainhint.om</tspan></text>		</g>
+		<g id="shape1033-88" transform="translate(50.6441,-393.056)">
+			<title>Self Message.1033</title>
+			<desc>Kdc cert chains and validates</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="28.861" y="608.306" width="83.9899" height="24.0002" class="st10"/>
+			<text x="54.37" y="617.31" class="st8">Kdc cert<tspan x="28.86" dy="1.2em" class="st4"> </tspan>chains and validates</text>		</g>
+		<g id="shape1034-96" transform="translate(50.6441,-357.056)">
+			<title>Self Message.1034</title>
+			<desc>KDC cert include KDC Authentication EKU (1.3.6.1.5.2.3.5)</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="30.6537" y="600.056" width="98.4045" height="36.0003" class="st10"/>
+			<text x="46.46" y="609.06" class="st8">KDC cert include <tspan x="30.65" dy="1.2em" class="st4">KDC Authentication EKU</tspan><tspan
+						x="47.72" dy="1.2em" class="st4">(1.3.6.1.5.2.3.5)</tspan></text>		</g>
+		<g id="shape1035-105" transform="translate(50.6441,-321.056)">
+			<title>Self Message.1035</title>
+			<desc>KDC cert subject alternate name matches domain DNS</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="32.7753" y="604.556" width="94.1613" height="36.0003" class="st10"/>
+			<text x="62.37" y="613.56" class="st8">KDC cert<tspan x="32.78" dy="1.2em" class="st4">subject alternate name</tspan><tspan
+						x="36.32" dy="1.2em" class="st4">matches domain DNS</tspan></text>		</g>
+		<g id="shape1036-114" transform="translate(50.6441,-537.056)">
+			<title>Self Message.1036</title>
+			<desc>Get domain hint from Certificate</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="30.8914" y="612.956" width="52.9288" height="19.1997" class="st10"/>
+			<text x="30.89" y="620.16" class="st11">Get domain hint <tspan x="31.68" dy="1.2em" class="st4">from Certificate</tspan></text>		</g>
+		<g id="shape1037-122" transform="translate(50.6441,-465.056)">
+			<title>Self Message.1037</title>
+			<desc>WHFB privKey signs preAuth data</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="32.7844" y="610.556" width="76.1432" height="24.0002" class="st7"/>
+			<text x="42.02" y="619.56" class="st8">WHFB privKey<tspan x="32.78" dy="1.2em" class="st4">signs preAuth data</tspan></text>		</g>
+		<g id="group1038-130" transform="translate(390.375,-232.2)">
+			<title>Object lifeline.1038</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1039-131" transform="translate(13.5,-6.3)">
+				<title>Sheet.1039</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1040-133" transform="translate(31.5,-41.4)">
+				<title>Sheet.1040</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1041-135" transform="translate(27,325.556)">
+				<title>Sheet.1041</title>
+			</g>
+			<g id="shape1038-137">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1043-141" transform="translate(19.1441,-232.2)">
+			<title>Object lifeline.1043</title>
+			<desc>Windows</desc>
+			<g id="shape1044-142" transform="translate(13.5,-6.3)">
+				<title>Sheet.1044</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1045-144" transform="translate(31.5,-41.4)">
+				<title>Sheet.1045</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1046-146" transform="translate(27,325.556)">
+				<title>Sheet.1046</title>
+			</g>
+			<g id="shape1043-148">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="17.06" y="596.7" class="st3">Windows</text>			</g>
+		</g>
+		<g id="group1048-151" transform="translate(199.163,-232.2)">
+			<title>Object lifeline.1048</title>
+			<desc>DNS</desc>
+			<g id="shape1049-152" transform="translate(13.5,-6.3)">
+				<title>Sheet.1049</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1050-154" transform="translate(31.5,-41.4)">
+				<title>Sheet.1050</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1051-156" transform="translate(27,325.556)">
+				<title>Sheet.1051</title>
+			</g>
+			<g id="shape1048-158">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="29.93" y="596.7" class="st3">DNS</text>			</g>
+		</g>
+		<g id="shape1052-161" transform="translate(36.0777,-518.328)">
+			<title>State.1090</title>
+			<desc>A</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="5.6" y="606.36" class="st13">A</text>		</g>
+		<g id="shape1053-164" transform="translate(36.0777,-420.75)">
+			<title>State.1053</title>
+			<desc>B</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="5.92" y="606.36" class="st13">B</text>		</g>
+		<g id="shape1054-167" transform="translate(36.0777,-338.072)">
+			<title>State.1054</title>
+			<desc>C</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="6.13" y="606.36" class="st13">C</text>		</g>
+	</g>
+</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-kt.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-kt.svg
new file mode 100644
index 0000000000..267034368c
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-ad-kt.svg
@@ -0,0 +1,245 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export auth-entra-join-ad-kt.svg AADJ Kerb Auth -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		width="11in" height="8.5in" viewBox="0 0 792 612" xml:space="preserve" color-interpolation-filters="sRGB" class="st13">
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
+		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+		.st4 {font-size:1em}
+		.st5 {marker-end:url(#mrkr4-46);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
+		.st9 {marker-end:url(#mrkr3-54);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st10 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+		.st11 {fill:#002060;stroke:none;stroke-width:0.75}
+		.st12 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
+		.st13 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-46" class="st6" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<g id="lend3">
+			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr3-54" class="st6" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+	</defs>
+	<g>
+		<title>auth-entra-join-ad-kt</title>
+		<g id="group1005-1" transform="translate(427.462,-555.056)">
+			<title>Object lifeline.1005</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1006-2" transform="translate(13.5,-6.3)">
+				<title>Sheet.1006</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1007-4" transform="translate(31.5,-41.4)">
+				<title>Sheet.1007</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1008-6" transform="translate(27,325.556)">
+				<title>Sheet.1008</title>
+			</g>
+			<g id="shape1009-8" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1009</title>
+				<path d="M0 612 L303.06 612" class="st2"/>
+			</g>
+			<g id="shape1005-11">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1015-15" transform="translate(19.1441,-555.056)">
+			<title>Object lifeline.1015</title>
+			<desc>Windows</desc>
+			<g id="shape1016-16" transform="translate(13.5,-6.3)">
+				<title>Sheet.1016</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1017-18" transform="translate(31.5,-41.4)">
+				<title>Sheet.1017</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1018-20" transform="translate(27,325.556)">
+				<title>Sheet.1018</title>
+			</g>
+			<g id="shape1019-22" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1019</title>
+				<path d="M0 612 L303.06 612" class="st2"/>
+			</g>
+			<g id="shape1015-25">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="17.06" y="596.7" class="st3">Windows</text>			</g>
+		</g>
+		<g id="group1022-28" transform="translate(236.25,-555.056)">
+			<title>Object lifeline.1022</title>
+			<desc>DNS</desc>
+			<g id="shape1023-29" transform="translate(13.5,-6.3)">
+				<title>Sheet.1023</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1024-31" transform="translate(31.5,-41.4)">
+				<title>Sheet.1024</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1025-33" transform="translate(27,325.556)">
+				<title>Sheet.1025</title>
+			</g>
+			<g id="shape1026-35" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1026</title>
+				<path d="M0 612 L303.06 612" class="st2"/>
+			</g>
+			<g id="shape1022-38">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="29.93" y="596.7" class="st3">DNS</text>			</g>
+		</g>
+		<g id="shape1027-41" transform="translate(59.6441,-492.056)">
+			<title>Message.1027</title>
+			<desc>DcLocator</desc>
+			<path d="M0 603 L208.63 603" class="st5"/>
+			<rect x="88.0597" y="597" width="40.9867" height="12.0001" class="st7"/>
+			<text x="88.06" y="606" class="st8">DcLocator</text>		</g>
+		<g id="shape1028-49" transform="translate(276.75,-474.056)">
+			<title>Return Message.1028</title>
+			<desc>return list of domain controlers</desc>
+			<path d="M0 603 L-217.11 603" class="st9"/>
+			<rect x="-145.877" y="591" width="74.6491" height="24.0002" class="st7"/>
+			<text x="-133.8" y="600" class="st8">return list of <tspan x="-145.88" dy="1.2em" class="st4">domain controlers</tspan></text>		</g>
+		<g id="shape1029-58" transform="translate(59.6441,-420.056)">
+			<title>Message.1029</title>
+			<desc>KRB_AS_REQ w/signed preAuth data</desc>
+			<path d="M0 603 L399.84 603" class="st5"/>
+			<rect x="129.568" y="597" width="149.181" height="12.0001" class="st7"/>
+			<text x="129.57" y="606" class="st8">KRB_AS_REQ w/signed preAuth data</text>		</g>
+		<g id="shape1030-65" transform="translate(458.962,-429.056)">
+			<title>Self Message.1030</title>
+			<desc>PreAuth data validation</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="31.6802" y="610.556" width="53.7163" height="24.0002" class="st7"/>
+			<text x="31.68" y="619.56" class="st8">PreAuth data<tspan x="38.48" dy="1.2em" class="st4">validation</tspan></text>		</g>
+		<g id="shape1031-73" transform="translate(467.962,-402.056)">
+			<title>Return Message.1031</title>
+			<desc>KRB_AS_REP w/KDC cert and TGT</desc>
+			<path d="M0 603 L-408.32 603" class="st9"/>
+			<rect x="-272.164" y="597" width="136.011" height="12.0001" class="st7"/>
+			<text x="-272.16" y="606" class="st8">KRB_AS_REP w/KDC cert and TGT</text>		</g>
+		<g id="shape1032-80" transform="translate(267.75,-501.056)">
+			<title>Self Message.1032</title>
+			<desc>find _ldap._tcp.dc._msdcs.domainhint.om</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="33.7334" y="606.056" width="153.034" height="24.0002" class="st7"/>
+			<text x="102.32" y="615.06" class="st8">find <tspan x="33.73" dy="1.2em" class="st4">_ldap._tcp.dc._msdcs.domainhint.om</tspan></text>		</g>
+		<g id="shape1033-88" transform="translate(50.6441,-393.056)">
+			<title>Self Message.1033</title>
+			<desc>Kdc cert chains and validates</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="28.861" y="606.056" width="83.9899" height="24.0002" class="st7"/>
+			<text x="54.37" y="615.06" class="st8">Kdc cert<tspan x="28.86" dy="1.2em" class="st4"> </tspan>chains and validates</text>		</g>
+		<g id="shape1034-96" transform="translate(50.6441,-357.056)">
+			<title>Self Message.1034</title>
+			<desc>KDC cert include KDC Authentication EKU (1.3.6.1.5.2.3.5)</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="30.6537" y="600.056" width="98.4045" height="36.0003" class="st7"/>
+			<text x="46.46" y="609.06" class="st8">KDC cert include <tspan x="30.65" dy="1.2em" class="st4">KDC Authentication EKU</tspan><tspan
+						x="47.72" dy="1.2em" class="st4">(1.3.6.1.5.2.3.5)</tspan></text>		</g>
+		<g id="shape1035-105" transform="translate(50.6441,-321.056)">
+			<title>Self Message.1035</title>
+			<desc>KDC cert subject alternate name matches domain DNS</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="30.5253" y="604.556" width="94.1613" height="36.0003" class="st10"/>
+			<text x="60.12" y="613.56" class="st8">KDC cert<tspan x="30.53" dy="1.2em" class="st4">subject alternate name</tspan><tspan
+						x="34.07" dy="1.2em" class="st4">matches domain DNS</tspan></text>		</g>
+		<g id="shape1036-114" transform="translate(50.6441,-537.056)">
+			<title>Self Message.1036</title>
+			<desc>Get domain hint from key metadata</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="28.7743" y="604.556" width="66.163" height="36.0003" class="st7"/>
+			<text x="28.77" y="613.56" class="st8">Get domain hint <tspan x="43.8" dy="1.2em" class="st4">from key</tspan><tspan
+						x="42.21" dy="1.2em" class="st4">metadata</tspan></text>		</g>
+		<g id="shape1037-123" transform="translate(50.6441,-465.056)">
+			<title>Self Message.1037</title>
+			<desc>WHFB privKey signs preAuth data</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="32.7844" y="610.556" width="76.1432" height="24.0002" class="st7"/>
+			<text x="42.02" y="619.56" class="st8">WHFB privKey<tspan x="32.78" dy="1.2em" class="st4">signs preAuth data</tspan></text>		</g>
+		<g id="group1038-131" transform="translate(427.462,-214.2)">
+			<title>Object lifeline.1038</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1039-132" transform="translate(13.5,-6.3)">
+				<title>Sheet.1039</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1040-134" transform="translate(31.5,-41.4)">
+				<title>Sheet.1040</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1041-136" transform="translate(27,325.556)">
+				<title>Sheet.1041</title>
+			</g>
+			<g id="shape1038-138">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1043-142" transform="translate(19.1441,-214.2)">
+			<title>Object lifeline.1043</title>
+			<desc>Windows</desc>
+			<g id="shape1044-143" transform="translate(13.5,-6.3)">
+				<title>Sheet.1044</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1045-145" transform="translate(31.5,-41.4)">
+				<title>Sheet.1045</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1046-147" transform="translate(27,325.556)">
+				<title>Sheet.1046</title>
+			</g>
+			<g id="shape1043-149">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="17.06" y="596.7" class="st3">Windows</text>			</g>
+		</g>
+		<g id="group1048-152" transform="translate(236.25,-214.2)">
+			<title>Object lifeline.1048</title>
+			<desc>DNS</desc>
+			<g id="shape1049-153" transform="translate(13.5,-6.3)">
+				<title>Sheet.1049</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1050-155" transform="translate(31.5,-41.4)">
+				<title>Sheet.1050</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1051-157" transform="translate(27,325.556)">
+				<title>Sheet.1051</title>
+			</g>
+			<g id="shape1048-159">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="29.93" y="596.7" class="st3">DNS</text>			</g>
+		</g>
+		<g id="shape1052-162" transform="translate(33.661,-489.661)">
+			<title>State.1090</title>
+			<desc>A</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st11"/>
+			<text x="5.6" y="606.36" class="st12">A</text>		</g>
+		<g id="shape1053-165" transform="translate(33.661,-422.161)">
+			<title>State.1053</title>
+			<desc>B</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st11"/>
+			<text x="5.92" y="606.36" class="st12">B</text>		</g>
+		<g id="shape1054-168" transform="translate(33.661,-331.322)">
+			<title>State.1054</title>
+			<desc>C</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st11"/>
+			<text x="6.13" y="606.36" class="st12">C</text>		</g>
+	</g>
+</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-entra.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-entra.svg
new file mode 100644
index 0000000000..563162bee2
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/entra-join-entra.svg
@@ -0,0 +1,367 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export auth-entra-join-entra.svg AADJ Authentication -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		width="11in" height="8.5in" viewBox="0 0 792 612" xml:space="preserve" color-interpolation-filters="sRGB" class="st14">
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
+		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+		.st4 {font-size:1em}
+		.st5 {marker-end:url(#mrkr4-61);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
+		.st9 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st10 {fill:#4f87bb;font-family:Calibri;font-size:0.666664em}
+		.st11 {marker-end:url(#mrkr3-96);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st12 {fill:#002060;stroke:none;stroke-width:0.75}
+		.st13 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
+		.st14 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-61" class="st6" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<g id="lend3">
+			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr3-96" class="st6" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+	</defs>
+	<g>
+		<title>auth-entra-join-entra</title>
+		<g id="group1000-1" transform="translate(307.144,-555.056)">
+			<title>Object lifeline.46</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1001-2" transform="translate(13.5,-6.3)">
+				<title>Sheet.1001</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1002-4" transform="translate(31.5,-41.4)">
+				<title>Sheet.1002</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1003-6" transform="translate(27,379.556)">
+				<title>Sheet.1003</title>
+			</g>
+			<g id="shape1004-8" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1004</title>
+				<path d="M0 612 L357.06 612" class="st2"/>
+			</g>
+			<g id="shape1000-11">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="589.5" class="st3">Credential <tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1005-15" transform="translate(454.5,-555.056)">
+			<title>Object lifeline.1005</title>
+			<desc>Cloud AP provider</desc>
+			<g id="shape1006-16" transform="translate(13.5,-6.3)">
+				<title>Sheet.1006</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1007-18" transform="translate(31.5,-41.4)">
+				<title>Sheet.1007</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1008-20" transform="translate(27,379.556)">
+				<title>Sheet.1008</title>
+			</g>
+			<g id="shape1009-22" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1009</title>
+				<path d="M0 612 L357.06 612" class="st2"/>
+			</g>
+			<g id="shape1005-25">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="18" y="589.5" class="st3">Cloud AP <tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1010-29" transform="translate(601.856,-555.056)">
+			<title>Object lifeline.1010</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1011-30" transform="translate(13.5,-6.3)">
+				<title>Sheet.1011</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1012-32" transform="translate(31.5,-41.4)">
+				<title>Sheet.1012</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1013-34" transform="translate(27,379.556)">
+				<title>Sheet.1013</title>
+			</g>
+			<g id="shape1014-36" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1014</title>
+				<path d="M0 612 L357.06 612" class="st2"/>
+			</g>
+			<g id="shape1010-39">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="589.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1015-43" transform="translate(19.1441,-555.056)">
+			<title>Object lifeline.1015</title>
+			<desc>Winlogon</desc>
+			<g id="shape1016-44" transform="translate(13.5,-6.3)">
+				<title>Sheet.1016</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1017-46" transform="translate(31.5,-41.4)">
+				<title>Sheet.1017</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1018-48" transform="translate(27,379.556)">
+				<title>Sheet.1018</title>
+			</g>
+			<g id="shape1019-50" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1019</title>
+				<path d="M0 612 L357.06 612" class="st2"/>
+			</g>
+			<g id="shape1015-53">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="596.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="shape1020-56" transform="translate(338.644,-537.056)">
+			<title>Self Message.1020</title>
+			<desc>User provides gesture</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="30.888" y="616.556" width="88.936" height="12.0001" class="st7"/>
+			<text x="30.89" y="625.56" class="st8">User provides gesture</text>		</g>
+		<g id="shape1021-64" transform="translate(200.288,-492.056)">
+			<title>Message.1021</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 603 L286.23 603" class="st5"/>
+			<rect x="44.6326" y="596.306" width="86.1584" height="12.0001" class="st9"/>
+			<text x="44.63" y="605.31" class="st8">Collected Credentials</text>		</g>
+		<g id="group1022-71" transform="translate(159.788,-555.056)">
+			<title>Object lifeline.1022</title>
+			<desc>LSA</desc>
+			<g id="shape1023-72" transform="translate(13.5,-6.3)">
+				<title>Sheet.1023</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1024-74" transform="translate(31.5,-41.4)">
+				<title>Sheet.1024</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1025-76" transform="translate(27,379.556)">
+				<title>Sheet.1025</title>
+			</g>
+			<g id="shape1026-78" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1026</title>
+				<path d="M0 612 L357.06 612" class="st2"/>
+			</g>
+			<g id="shape1022-81">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="596.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="shape1027-84" transform="translate(59.6441,-528.056)">
+			<title>Message.1027</title>
+			<desc>Show the WHFB Cred Prov</desc>
+			<path d="M0 603 L279.52 603" class="st5"/>
+			<rect x="45.8386" y="599.756" width="86.0348" height="9.59985" class="st9"/>
+			<text x="45.84" y="606.96" class="st10">Show the WHFB Cred Prov</text>		</g>
+		<g id="shape1028-91" transform="translate(347.644,-510.056)">
+			<title>Return Message.1028</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 603 L-288 603" class="st11"/>
+			<rect x="-140.973" y="596.306" width="86.1584" height="12.0001" class="st9"/>
+			<text x="-140.97" y="605.31" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1029-99" transform="translate(59.6441,-492.056)">
+			<title>Message.1029</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 603 L132.16 603" class="st5"/>
+			<rect x="27.243" y="597" width="86.1584" height="12.0001" class="st7"/>
+			<text x="27.24" y="606" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1030-106" transform="translate(495,-492.056)">
+			<title>Message.1030</title>
+			<desc>Request Nonce</desc>
+			<path d="M0 603 L138.88 603" class="st5"/>
+			<rect x="42.8794" y="597" width="61.5973" height="12.0001" class="st7"/>
+			<text x="42.88" y="606" class="st8">Request Nonce</text>		</g>
+		<g id="shape1033-113" transform="translate(642.356,-492.056)">
+			<title>Return Message.1033</title>
+			<desc>Nonce</desc>
+			<path d="M0 621 L-147.36 621" class="st11"/>
+			<rect x="-86.7712" y="615" width="26.1867" height="12.0001" class="st9"/>
+			<text x="-86.77" y="624" class="st8">Nonce</text>		</g>
+		<g id="shape1034-120" transform="translate(642.356,-348.056)">
+			<title>Return Message.1034</title>
+			<desc>PRT w/Session key</desc>
+			<path d="M0 621 L-147.36 621" class="st11"/>
+			<rect x="-111.31" y="615" width="75.264" height="12.0001" class="st9"/>
+			<text x="-111.31" y="624" class="st8">PRT w/Session key</text>		</g>
+		<g id="shape1035-127" transform="translate(495,-258.056)">
+			<title>Return Message.1035</title>
+			<desc>Successful Authentication</desc>
+			<path d="M0 603 L-294.71 603" class="st11"/>
+			<rect x="-199.693" y="597" width="104.674" height="12.0001" class="st9"/>
+			<text x="-199.69" y="606" class="st8">Successful Authentication</text>		</g>
+		<g id="shape1036-134" transform="translate(486,-465.056)">
+			<title>Self Message.1036</title>
+			<desc>Sign nonce WHFB privkey</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="29.9892" y="610.556" width="57.0218" height="24.0002" class="st9"/>
+			<text x="36.45" y="619.56" class="st8">Sign nonce <tspan x="29.99" dy="1.2em" class="st4">WHFB privkey</tspan></text>		</g>
+		<g id="shape1037-142" transform="translate(495,-420.056)">
+			<title>Message.1037</title>
+			<desc>Signed Nonce</desc>
+			<path d="M0 603 L138.88 603" class="st5"/>
+			<rect x="45.9141" y="597" width="55.5279" height="12.0001" class="st9"/>
+			<text x="45.91" y="606" class="st8">Signed Nonce</text>		</g>
+		<g id="shape1038-149" transform="translate(633.356,-411.056)">
+			<title>Self Message.1038</title>
+			<desc>Validate signature WHFB pubkey</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="31.7908" y="610.556" width="73.707" height="24.0002" class="st9"/>
+			<text x="31.79" y="619.56" class="st8">Validate signature<tspan x="38.9" dy="1.2em" class="st4"> </tspan>WHFB pubkey</text>		</g>
+		<g id="shape1039-157" transform="translate(633.356,-375.056)">
+			<title>Self Message.1039</title>
+			<desc>Validate Nonce</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="33.2088" y="612.056" width="61.8709" height="12.0001" class="st7"/>
+			<text x="33.21" y="621.06" class="st8">Validate Nonce</text>		</g>
+		<g id="shape1040-164" transform="translate(486,-321.056)">
+			<title>Self Message.1040</title>
+			<desc>Decrypt Session key w/ Transport key</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="31.6212" y="610.556" width="80.7575" height="24.0002" class="st7"/>
+			<text x="31.62" y="619.56" class="st8">Decrypt Session key <tspan x="37.37" dy="1.2em" class="st4">w/ Transport key</tspan></text>		</g>
+		<g id="shape1041-172" transform="translate(486,-285.056)">
+			<title>Self Message.1041</title>
+			<desc>Import Session Key to TPM</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="28.8475" y="610.556" width="77.3053" height="24.0002" class="st9"/>
+			<text x="28.85" y="619.56" class="st8">Import Session Key<tspan x="52.76" dy="1.2em" class="st4">to TPM</tspan></text>		</g>
+		<g id="shape1042-180" transform="translate(200.288,-258.056)">
+			<title>Return Message.1042</title>
+			<path d="M0 603 L-140.64 603" class="st11"/>
+		</g>
+		<g id="shape1043-185" transform="translate(50.6441,-249.056)">
+			<title>Self Message.1043</title>
+			<desc>Load User Desktop</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="28.2088" y="612.056" width="76.2943" height="12.0001" class="st7"/>
+			<text x="28.21" y="621.06" class="st8">Load User Desktop</text>		</g>
+		<g id="shape1044-192" transform="translate(30.8268,-508.5)">
+			<title>State.1090</title>
+			<desc>A</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="5.6" y="606.36" class="st13">A</text>		</g>
+		<g id="group1045-195" transform="translate(307.144,-169.2)">
+			<title>Object lifeline.1045</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1046-196" transform="translate(13.5,-6.3)">
+				<title>Sheet.1046</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1047-198" transform="translate(31.5,-41.4)">
+				<title>Sheet.1047</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1048-200" transform="translate(27,379.556)">
+				<title>Sheet.1048</title>
+			</g>
+			<g id="shape1045-202">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="589.5" class="st3">Credential <tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1050-206" transform="translate(454.5,-169.2)">
+			<title>Object lifeline.1050</title>
+			<desc>Cloud AP provider</desc>
+			<g id="shape1051-207" transform="translate(13.5,-6.3)">
+				<title>Sheet.1051</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1052-209" transform="translate(31.5,-41.4)">
+				<title>Sheet.1052</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1053-211" transform="translate(27,379.556)">
+				<title>Sheet.1053</title>
+			</g>
+			<g id="shape1050-213">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="18" y="589.5" class="st3">Cloud AP <tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1055-217" transform="translate(601.856,-169.2)">
+			<title>Object lifeline.1055</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1056-218" transform="translate(13.5,-6.3)">
+				<title>Sheet.1056</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1057-220" transform="translate(31.5,-41.4)">
+				<title>Sheet.1057</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1058-222" transform="translate(27,379.556)">
+				<title>Sheet.1058</title>
+			</g>
+			<g id="shape1055-224">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="589.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1060-228" transform="translate(19.1441,-169.2)">
+			<title>Object lifeline.1060</title>
+			<desc>Winlogon</desc>
+			<g id="shape1061-229" transform="translate(13.5,-6.3)">
+				<title>Sheet.1061</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1062-231" transform="translate(31.5,-41.4)">
+				<title>Sheet.1062</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1063-233" transform="translate(27,379.556)">
+				<title>Sheet.1063</title>
+			</g>
+			<g id="shape1060-235">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="596.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="group1065-238" transform="translate(159.788,-169.2)">
+			<title>Object lifeline.1065</title>
+			<desc>LSA</desc>
+			<g id="shape1066-239" transform="translate(13.5,-6.3)">
+				<title>Sheet.1066</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1067-241" transform="translate(31.5,-41.4)">
+				<title>Sheet.1067</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1068-243" transform="translate(27,379.556)">
+				<title>Sheet.1068</title>
+			</g>
+			<g id="shape1065-245">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="596.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="shape1069-248" transform="translate(468.635,-441)">
+			<title>State.1069</title>
+			<desc>B</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="5.92" y="606.36" class="st13">B</text>		</g>
+		<g id="shape1070-251" transform="translate(612,-372.661)">
+			<title>State.1070</title>
+			<desc>C</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="6.13" y="606.36" class="st13">C</text>		</g>
+		<g id="shape1071-254" transform="translate(468.635,-286.322)">
+			<title>State.1071</title>
+			<desc>D</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="5.43" y="606.36" class="st13">D</text>		</g>
+		<g id="shape1072-257" transform="translate(30.8268,-241.322)">
+			<title>State.1072</title>
+			<desc>E</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st12"/>
+			<text x="6.42" y="606.36" class="st13">E</text>		</g>
+	</g>
+</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-ckt.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-ckt.svg
new file mode 100644
index 0000000000..af536a80b1
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-ckt.svg
@@ -0,0 +1,500 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export auth-hybrid-entra-join-ckt.svg HAADJ-Auth-KeyTrust (2) -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		width="11in" height="8.5in" viewBox="0 0 792 612" xml:space="preserve" color-interpolation-filters="sRGB" class="st17">
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
+		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+		.st4 {font-size:1em}
+		.st5 {marker-end:url(#mrkr4-102);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
+		.st9 {marker-end:url(#mrkr3-110);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st10 {marker-end:url(#mrkr4-139);stroke:#ed7d31;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st11 {fill:#ed7d31;fill-opacity:1;stroke:#ed7d31;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st12 {fill:#d06d29;font-family:Calibri;font-size:0.833336em}
+		.st13 {marker-end:url(#mrkr3-154);stroke:#ed7d31;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st14 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+		.st15 {fill:#002060;stroke:none;stroke-width:0.75}
+		.st16 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
+		.st17 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-102" class="st6" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<g id="lend3">
+			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr3-110" class="st6" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<marker id="mrkr4-139" class="st11" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<marker id="mrkr3-154" class="st11" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+	</defs>
+	<g>
+		<title>auth-hybrid-entra-join-ckt</title>
+		<g id="group1005-1" transform="translate(677.212,-555.056)">
+			<title>Object lifeline.1005</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1006-2" transform="translate(13.5,-6.3)">
+				<title>Sheet.1006</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1007-4" transform="translate(31.5,-41.4)">
+				<title>Sheet.1007</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1008-6" transform="translate(27,559.556)">
+				<title>Sheet.1008</title>
+			</g>
+			<g id="shape1009-8" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1009</title>
+				<path d="M0 612 L537.06 612" class="st2"/>
+			</g>
+			<g id="shape1005-11">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1015-15" transform="translate(19.1441,-555.056)">
+			<title>Object lifeline.1015</title>
+			<desc>Winlogon</desc>
+			<g id="shape1016-16" transform="translate(13.5,-6.3)">
+				<title>Sheet.1016</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1017-18" transform="translate(31.5,-41.4)">
+				<title>Sheet.1017</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1018-20" transform="translate(27,559.556)">
+				<title>Sheet.1018</title>
+			</g>
+			<g id="shape1019-22" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1019</title>
+				<path d="M0 612 L537.06 612" class="st2"/>
+			</g>
+			<g id="shape1015-25">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="596.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="group1020-28" transform="translate(567.534,-555.056)">
+			<title>Object lifeline.1020</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1021-29" transform="translate(13.5,-6.3)">
+				<title>Sheet.1021</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1022-31" transform="translate(31.5,-41.4)">
+				<title>Sheet.1022</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1023-33" transform="translate(27,559.556)">
+				<title>Sheet.1023</title>
+			</g>
+			<g id="shape1024-35" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1024</title>
+				<path d="M0 612 L537.06 612" class="st2"/>
+			</g>
+			<g id="shape1020-38">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="589.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1025-42" transform="translate(128.822,-555.056)">
+			<title>Object lifeline.1025</title>
+			<desc>LSA</desc>
+			<g id="shape1026-43" transform="translate(13.5,-6.3)">
+				<title>Sheet.1026</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1027-45" transform="translate(31.5,-41.4)">
+				<title>Sheet.1027</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1028-47" transform="translate(27,559.556)">
+				<title>Sheet.1028</title>
+			</g>
+			<g id="shape1029-49" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1029</title>
+				<path d="M0 612 L537.06 612" class="st2"/>
+			</g>
+			<g id="shape1025-52">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="596.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="group1030-55" transform="translate(238.5,-555.056)">
+			<title>Object lifeline.1030</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1031-56" transform="translate(13.5,-6.3)">
+				<title>Sheet.1031</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1032-58" transform="translate(31.5,-41.4)">
+				<title>Sheet.1032</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1033-60" transform="translate(27,559.556)">
+				<title>Sheet.1033</title>
+			</g>
+			<g id="shape1034-62" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1034</title>
+				<path d="M0 612 L537.06 612" class="st2"/>
+			</g>
+			<g id="shape1030-65">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="589.5" class="st3">Credential<tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1035-69" transform="translate(457.856,-555.056)">
+			<title>Object lifeline.1035</title>
+			<desc>Cloud Auth provider</desc>
+			<g id="shape1036-70" transform="translate(13.5,-6.3)">
+				<title>Sheet.1036</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1037-72" transform="translate(31.5,-41.4)">
+				<title>Sheet.1037</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1038-74" transform="translate(27,559.556)">
+				<title>Sheet.1038</title>
+			</g>
+			<g id="shape1039-76" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1039</title>
+				<path d="M0 612 L537.06 612" class="st2"/>
+			</g>
+			<g id="shape1035-79">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="12.67" y="589.5" class="st3">Cloud Auth<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1040-83" transform="translate(348.178,-555.056)">
+			<title>Object lifeline.1040</title>
+			<desc>Kerberos provider</desc>
+			<g id="shape1041-84" transform="translate(13.5,-6.3)">
+				<title>Sheet.1041</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1042-86" transform="translate(31.5,-41.4)">
+				<title>Sheet.1042</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1043-88" transform="translate(27,559.556)">
+				<title>Sheet.1043</title>
+			</g>
+			<g id="shape1044-90" transform="translate(652.5,612) rotate(90)">
+				<title>Sheet.1044</title>
+				<path d="M0 612 L537.06 612" class="st2"/>
+			</g>
+			<g id="shape1040-93">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="18.07" y="589.5" class="st3">Kerberos<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="shape1045-97" transform="translate(270,-537.056)">
+			<title>Self Message.1020</title>
+			<desc>User provides gesture</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="32.0321" y="616.556" width="88.936" height="12.0001" class="st7"/>
+			<text x="32.03" y="625.56" class="st8">User provides gesture</text>		</g>
+		<g id="shape1047-105" transform="translate(279,-510.056)">
+			<title>Return Message.1028</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 603 L-219.36 603" class="st9"/>
+			<rect x="-117.64" y="596.306" width="86.1584" height="12.0001" class="st7"/>
+			<text x="-117.64" y="605.31" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1048-113" transform="translate(59.6441,-492.056)">
+			<title>Message.1029</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 603 L101.2 603" class="st5"/>
+			<rect x="11.7599" y="597" width="86.1584" height="12.0001" class="st7"/>
+			<text x="11.76" y="606" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1049-120" transform="translate(59.6441,-528.056)">
+			<title>Message.1027</title>
+			<desc>Show the WHFB Cred Prov</desc>
+			<path d="M0 603 L210.88 603" class="st5"/>
+			<rect x="13.9052" y="598.556" width="107.544" height="12.0001" class="st7"/>
+			<text x="13.91" y="607.56" class="st8">Show the WHFB Cred Prov</text>		</g>
+		<g id="shape1061-127" transform="translate(388.678,-160.136)">
+			<title>Return Message.1061</title>
+			<desc>TGT</desc>
+			<path d="M0 603 L-219.36 603" class="st9"/>
+			<rect x="-117.705" y="597" width="16.0546" height="12.0001" class="st7"/>
+			<text x="-117.71" y="606" class="st8">TGT</text>		</g>
+		<g id="shape1062-134" transform="translate(169.322,-492.056)">
+			<title>Message.1062</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 603 L320.55 603" class="st10"/>
+			<rect x="121.438" y="597" width="86.1584" height="12.0001" class="st7"/>
+			<text x="121.44" y="606" class="st12">Collected Credentials</text>		</g>
+		<g id="shape1063-142" transform="translate(498.356,-492.776)">
+			<title>Message.1030</title>
+			<desc>Request Nonce</desc>
+			<path d="M0 603 L101.2 603" class="st10"/>
+			<rect x="24.0404" y="597" width="61.5973" height="12.0001" class="st7"/>
+			<text x="24.04" y="606" class="st12">Request Nonce</text>		</g>
+		<g id="shape1064-149" transform="translate(608.034,-474.776)">
+			<title>Return Message.1033</title>
+			<desc>Nonce</desc>
+			<path d="M0 603 L-109.68 603" class="st13"/>
+			<rect x="-67.9323" y="597" width="26.1867" height="12.0001" class="st7"/>
+			<text x="-67.93" y="606" class="st12">Nonce</text>		</g>
+		<g id="shape1065-157" transform="translate(608.034,-372.536)">
+			<title>Return Message.1034</title>
+			<desc>PRT w/Session key and Partial TGT</desc>
+			<path d="M0 603 L-109.68 603" class="st13"/>
+			<rect x="-86.1646" y="590.033" width="75.264" height="23.9999" class="st7"/>
+			<text x="-86.16" y="599.03" class="st12">PRT w/Session key  <tspan x="-79.56" dy="1.2em" class="st4">and Partial TGT</tspan></text>		</g>
+		<g id="shape1066-165" transform="translate(489.355,-468.655)">
+			<title>Self Message.1066</title>
+			<desc>Sign nonce WHFB privkey</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
+			<rect x="31.1334" y="610.556" width="57.0218" height="24.0002" class="st7"/>
+			<text x="37.6" y="619.56" class="st12">Sign nonce <tspan x="31.13" dy="1.2em" class="st4">WHFB privkey</tspan></text>		</g>
+		<g id="shape1067-173" transform="translate(498.356,-426.536)">
+			<title>Message.1037</title>
+			<desc>Signed Nonce</desc>
+			<path d="M0 603 L101.2 603" class="st10"/>
+			<rect x="27.0751" y="597" width="55.5279" height="12.0001" class="st7"/>
+			<text x="27.08" y="606" class="st12">Signed Nonce</text>		</g>
+		<g id="shape1068-180" transform="translate(599.034,-435.536)">
+			<title>Self Message.1038</title>
+			<desc>Validate signature WHFB pubkey</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
+			<rect x="30.1128" y="610.556" width="73.707" height="24.0002" class="st7"/>
+			<text x="30.11" y="619.56" class="st12">Validate signature<tspan x="37.22" dy="1.2em" class="st4"> </tspan>WHFB pubkey</text>		</g>
+		<g id="shape1069-188" transform="translate(599.034,-399.536)">
+			<title>Self Message.1039</title>
+			<desc>Validate Nonce</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
+			<rect x="31.5309" y="614.306" width="61.8709" height="12.0001" class="st7"/>
+			<text x="31.53" y="623.31" class="st12">Validate Nonce</text>		</g>
+		<g id="shape1070-195" transform="translate(489.356,-354.896)">
+			<title>Self Message.1040</title>
+			<desc>Decrypt Session key w/ Transport key</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
+			<rect x="32.7654" y="610.556" width="80.7575" height="24.0002" class="st7"/>
+			<text x="32.77" y="619.56" class="st12">Decrypt Session key <tspan x="38.52" dy="1.2em" class="st4">w/ Transport key</tspan></text>		</g>
+		<g id="shape1071-203" transform="translate(489.356,-318.896)">
+			<title>Self Message.1041</title>
+			<desc>Import Session Key to TPM</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st10"/>
+			<rect x="34.4916" y="610.556" width="77.3053" height="24.0002" class="st7"/>
+			<text x="34.49" y="619.56" class="st12">Import Session Key<tspan x="58.41" dy="1.2em" class="st4">to TPM</tspan></text>		</g>
+		<g id="shape1072-211" transform="translate(498.359,-291.24)">
+			<title>Return Message.1035</title>
+			<desc>Partial TGT</desc>
+			<path d="M0 603 L-329.03 603" class="st13"/>
+			<rect x="-186.761" y="597" width="44.4875" height="12.0001" class="st7"/>
+			<text x="-186.76" y="606" class="st12">Partial TGT</text>		</g>
+		<g id="shape1074-218" transform="translate(50.6441,-151.136)">
+			<title>Self Message.1043</title>
+			<desc>Load User Desktop</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="30.4588" y="616.556" width="76.2943" height="12.0001" class="st7"/>
+			<text x="30.46" y="625.56" class="st8">Load User Desktop</text>		</g>
+		<g id="shape1075-225" transform="translate(169.322,-160.136)">
+			<title>Return Message.1075</title>
+			<desc>Success</desc>
+			<path d="M0 603 L-109.68 603" class="st9"/>
+			<rect x="-70.391" y="597" width="31.1039" height="12.0001" class="st7"/>
+			<text x="-70.39" y="606" class="st8">Success</text>		</g>
+		<g id="shape1078-232" transform="translate(169.138,-271.796)">
+			<title>Message.1021</title>
+			<desc>Partial TGT</desc>
+			<path d="M0 603 L210.88 603" class="st5"/>
+			<rect x="43.0408" y="596.306" width="44.4875" height="12.0001" class="st7"/>
+			<text x="43.04" y="605.31" class="st8">Partial TGT</text>		</g>
+		<g id="shape1079-239" transform="translate(379.494,-280.796)">
+			<title>Self Message.1036</title>
+			<desc>Get domain hint from computer</desc>
+			<path d="M9 612 L27 612 L27 630 L17.48 630" class="st5"/>
+			<rect x="28.2406" y="608.306" width="66.163" height="24.0002" class="st7"/>
+			<text x="28.24" y="617.31" class="st8">Get domain hint <tspan x="30.39" dy="1.2em" class="st4">from computer</tspan></text>		</g>
+		<g id="shape1080-247" transform="translate(717.528,-217.796)">
+			<title>Return Message.1051</title>
+			<desc>return list of domain controlers</desc>
+			<path d="M0 603 L-329.03 603" class="st9"/>
+			<rect x="-201.841" y="591" width="74.6491" height="24.0002" class="st7"/>
+			<text x="-189.77" y="600" class="st8">return list of <tspan x="-201.84" dy="1.2em" class="st4">domain controlers</tspan></text>		</g>
+		<g id="shape1081-255" transform="translate(388.494,-235.796)">
+			<title>Message.1060</title>
+			<desc>DcLocator via DNS</desc>
+			<path d="M0 603 L320.55 603" class="st5"/>
+			<rect x="127.361" y="597" width="74.3118" height="12.0001" class="st14"/>
+			<text x="127.36" y="606" class="st8">DcLocator via DNS</text>		</g>
+		<g id="shape1082-262" transform="translate(717.712,-159.416)">
+			<title>Return Message.1082</title>
+			<desc>TGT</desc>
+			<path d="M0 603 L-329.03 603" class="st9"/>
+			<rect x="-172.544" y="597" width="16.0546" height="12.0001" class="st7"/>
+			<text x="-172.54" y="606" class="st8">TGT</text>		</g>
+		<g id="shape1083-269" transform="translate(387.723,-181.562)">
+			<title>Message.1083</title>
+			<desc>TGS_REQ w/ Partial TGT</desc>
+			<path d="M0 603 L320.55 603" class="st5"/>
+			<rect x="115.608" y="597" width="97.8176" height="12.0001" class="st7"/>
+			<text x="115.61" y="606" class="st8">TGS_REQ w/ Partial TGT</text>		</g>
+		<g id="shape1084-276" transform="translate(461.943,-449.161)">
+			<title>State</title>
+			<desc>B</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
+			<text x="5.92" y="606.36" class="st16">B</text>		</g>
+		<g id="shape1087-279" transform="translate(461.943,-336.661)">
+			<title>State.1087</title>
+			<desc>D</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
+			<text x="5.43" y="606.36" class="st16">D</text>		</g>
+		<g id="shape1088-282" transform="translate(579.661,-398.822)">
+			<title>State.1088</title>
+			<desc>C</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
+			<text x="6.13" y="606.36" class="st16">C</text>		</g>
+		<g id="shape1089-285" transform="translate(358.322,-227.822)">
+			<title>State.1089</title>
+			<desc>E</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
+			<text x="6.42" y="606.36" class="st16">E</text>		</g>
+		<g id="shape1090-288" transform="translate(29.8221,-508.5)">
+			<title>State.1090</title>
+			<desc>A</desc>
+			<path d="M0 602.16 A9.83896 9.83896 0 0 1 19.68 602.16 A9.83896 9.83896 0 1 1 0 602.16 Z" class="st15"/>
+			<text x="5.6" y="606.36" class="st16">A</text>		</g>
+		<g id="group1126-291" transform="translate(677.212,-19.1441)">
+			<title>Object lifeline.1126</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1127-292" transform="translate(13.5,-6.3)">
+				<title>Sheet.1127</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1128-294" transform="translate(31.5,-41.4)">
+				<title>Sheet.1128</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1129-296" transform="translate(27,559.556)">
+				<title>Sheet.1129</title>
+			</g>
+			<g id="shape1126-298">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="589.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1131-302" transform="translate(19.1441,-19.1441)">
+			<title>Object lifeline.1131</title>
+			<desc>Winlogon</desc>
+			<g id="shape1132-303" transform="translate(13.5,-6.3)">
+				<title>Sheet.1132</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1133-305" transform="translate(31.5,-41.4)">
+				<title>Sheet.1133</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1134-307" transform="translate(27,559.556)">
+				<title>Sheet.1134</title>
+			</g>
+			<g id="shape1131-309">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="596.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="group1136-312" transform="translate(567.534,-19.1441)">
+			<title>Object lifeline.1136</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1137-313" transform="translate(13.5,-6.3)">
+				<title>Sheet.1137</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1138-315" transform="translate(31.5,-41.4)">
+				<title>Sheet.1138</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1139-317" transform="translate(27,559.556)">
+				<title>Sheet.1139</title>
+			</g>
+			<g id="shape1136-319">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="589.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1141-323" transform="translate(128.822,-19.1441)">
+			<title>Object lifeline.1141</title>
+			<desc>LSA</desc>
+			<g id="shape1142-324" transform="translate(13.5,-6.3)">
+				<title>Sheet.1142</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1143-326" transform="translate(31.5,-41.4)">
+				<title>Sheet.1143</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1144-328" transform="translate(27,559.556)">
+				<title>Sheet.1144</title>
+			</g>
+			<g id="shape1141-330">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="596.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="group1146-333" transform="translate(238.5,-19.1441)">
+			<title>Object lifeline.1146</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1147-334" transform="translate(13.5,-6.3)">
+				<title>Sheet.1147</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1148-336" transform="translate(31.5,-41.4)">
+				<title>Sheet.1148</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1149-338" transform="translate(27,559.556)">
+				<title>Sheet.1149</title>
+			</g>
+			<g id="shape1146-340">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="589.5" class="st3">Credential<tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1151-344" transform="translate(457.856,-19.1441)">
+			<title>Object lifeline.1151</title>
+			<desc>Cloud Auth provider</desc>
+			<g id="shape1152-345" transform="translate(13.5,-6.3)">
+				<title>Sheet.1152</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1153-347" transform="translate(31.5,-41.4)">
+				<title>Sheet.1153</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1154-349" transform="translate(27,559.556)">
+				<title>Sheet.1154</title>
+			</g>
+			<g id="shape1151-351">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="12.67" y="589.5" class="st3">Cloud Auth<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1156-355" transform="translate(348.178,-19.1441)">
+			<title>Object lifeline.1156</title>
+			<desc>Kerberos provider</desc>
+			<g id="shape1157-356" transform="translate(13.5,-6.3)">
+				<title>Sheet.1157</title>
+				<rect x="0" y="586.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1158-358" transform="translate(31.5,-41.4)">
+				<title>Sheet.1158</title>
+				<path d="M9 612 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1159-360" transform="translate(27,559.556)">
+				<title>Sheet.1159</title>
+			</g>
+			<g id="shape1156-362">
+				<rect x="0" y="574.2" width="81" height="37.8" class="st1"/>
+				<text x="18.07" y="589.5" class="st3">Kerberos<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+	</g>
+</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-ct.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-ct.svg
new file mode 100644
index 0000000000..349f7cee4d
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-ct.svg
@@ -0,0 +1,541 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export auth-hybrid-join-ct.svg HAADJ-Auth-CertTrust -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		width="21.5in" height="24.5in" viewBox="0 0 1548 1764" xml:space="preserve" color-interpolation-filters="sRGB" class="st17">
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
+		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+		.st4 {font-size:1em}
+		.st5 {marker-end:url(#mrkr4-102);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
+		.st9 {marker-end:url(#mrkr3-117);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st10 {marker-end:url(#mrkr4-224);stroke:#ed7d31;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st11 {fill:#ed7d31;fill-opacity:1;stroke:#ed7d31;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st12 {fill:#d06d29;font-family:Calibri;font-size:0.833336em}
+		.st13 {marker-end:url(#mrkr3-239);stroke:#ed7d31;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st14 {fill:#ffffff;stroke:none;stroke-linecap:butt}
+		.st15 {fill:#002060;stroke:none;stroke-width:0.75}
+		.st16 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
+		.st17 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-102" class="st6" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<g id="lend3">
+			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr3-117" class="st6" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<marker id="mrkr4-224" class="st11" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<marker id="mrkr3-239" class="st11" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+	</defs>
+	<g>
+		<title>auth-hybrid-join-ct</title>
+		<g id="group1005-1" transform="translate(677.212,-1707.06)">
+			<title>Object lifeline.1005</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1006-2" transform="translate(13.5,-6.3)">
+				<title>Sheet.1006</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1007-4" transform="translate(31.5,-41.4)">
+				<title>Sheet.1007</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1008-6" transform="translate(27,584.306)">
+				<title>Sheet.1008</title>
+			</g>
+			<g id="shape1009-8" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1009</title>
+				<path d="M0 1764 L561.81 1764" class="st2"/>
+			</g>
+			<g id="shape1005-11">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="1741.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1015-15" transform="translate(19.1441,-1707.06)">
+			<title>Object lifeline.1015</title>
+			<desc>Winlogon</desc>
+			<g id="shape1016-16" transform="translate(13.5,-6.3)">
+				<title>Sheet.1016</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1017-18" transform="translate(31.5,-41.4)">
+				<title>Sheet.1017</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1018-20" transform="translate(27,585.853)">
+				<title>Sheet.1018</title>
+			</g>
+			<g id="shape1019-22" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1019</title>
+				<path d="M0 1764 L563.35 1764" class="st2"/>
+			</g>
+			<g id="shape1015-25">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="1748.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="group1020-28" transform="translate(567.534,-1707.06)">
+			<title>Object lifeline.1020</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1021-29" transform="translate(13.5,-6.3)">
+				<title>Sheet.1021</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1022-31" transform="translate(31.5,-41.4)">
+				<title>Sheet.1022</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1023-33" transform="translate(27,586.556)">
+				<title>Sheet.1023</title>
+			</g>
+			<g id="shape1024-35" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1024</title>
+				<path d="M0 1764 L564.06 1764" class="st2"/>
+			</g>
+			<g id="shape1020-38">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="1741.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1025-42" transform="translate(128.822,-1707.06)">
+			<title>Object lifeline.1025</title>
+			<desc>LSA</desc>
+			<g id="shape1026-43" transform="translate(13.5,-6.3)">
+				<title>Sheet.1026</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1027-45" transform="translate(31.5,-41.4)">
+				<title>Sheet.1027</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1028-47" transform="translate(27,591.056)">
+				<title>Sheet.1028</title>
+			</g>
+			<g id="shape1029-49" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1029</title>
+				<path d="M0 1764 L568.56 1764" class="st2"/>
+			</g>
+			<g id="shape1025-52">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="1748.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="group1030-55" transform="translate(238.5,-1707.06)">
+			<title>Object lifeline.1030</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1031-56" transform="translate(13.5,-6.3)">
+				<title>Sheet.1031</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1032-58" transform="translate(31.5,-41.4)">
+				<title>Sheet.1032</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1033-60" transform="translate(27,586.556)">
+				<title>Sheet.1033</title>
+			</g>
+			<g id="shape1034-62" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1034</title>
+				<path d="M0 1764 L564.06 1764" class="st2"/>
+			</g>
+			<g id="shape1030-65">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="1741.5" class="st3">Credential<tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1035-69" transform="translate(457.856,-1707.06)">
+			<title>Object lifeline.1035</title>
+			<desc>Cloud Auth provider</desc>
+			<g id="shape1036-70" transform="translate(13.5,-6.3)">
+				<title>Sheet.1036</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1037-72" transform="translate(31.5,-41.4)">
+				<title>Sheet.1037</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1038-74" transform="translate(27,586.556)">
+				<title>Sheet.1038</title>
+			</g>
+			<g id="shape1039-76" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1039</title>
+				<path d="M0 1764 L564.06 1764" class="st2"/>
+			</g>
+			<g id="shape1035-79">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="12.67" y="1741.5" class="st3">Cloud Auth<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1040-83" transform="translate(348.178,-1707.06)">
+			<title>Object lifeline.1040</title>
+			<desc>Kerberos provider</desc>
+			<g id="shape1041-84" transform="translate(13.5,-6.3)">
+				<title>Sheet.1041</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1042-86" transform="translate(31.5,-41.4)">
+				<title>Sheet.1042</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1043-88" transform="translate(27,584.306)">
+				<title>Sheet.1043</title>
+			</g>
+			<g id="shape1044-90" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1044</title>
+				<path d="M0 1764 L561.81 1764" class="st2"/>
+			</g>
+			<g id="shape1040-93">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="18.07" y="1741.5" class="st3">Kerberos<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="shape1045-97" transform="translate(270,-1689.06)">
+			<title>Self Message.1020</title>
+			<desc>User provides gesture</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="29.7821" y="1768.56" width="88.936" height="12.0001" class="st7"/>
+			<text x="29.78" y="1777.56" class="st8">User provides gesture</text>		</g>
+		<g id="shape1046-105" transform="translate(169.322,-1644.06)">
+			<title>Message.1021</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L210.88 1755" class="st5"/>
+			<rect x="22.2053" y="1748.31" width="86.1584" height="12.0001" class="st7"/>
+			<text x="22.21" y="1757.31" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1047-112" transform="translate(279,-1662.06)">
+			<title>Return Message.1028</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L-219.36 1755" class="st9"/>
+			<rect x="-117.64" y="1748.31" width="86.1584" height="12.0001" class="st7"/>
+			<text x="-117.64" y="1757.31" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1048-120" transform="translate(59.6441,-1644.06)">
+			<title>Message.1029</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L101.2 1755" class="st5"/>
+			<rect x="11.7599" y="1749" width="86.1584" height="12.0001" class="st7"/>
+			<text x="11.76" y="1758" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1049-127" transform="translate(59.6441,-1680.06)">
+			<title>Message.1027</title>
+			<desc>Show the WHFB Cred Prov</desc>
+			<path d="M0 1755 L210.88 1755" class="st5"/>
+			<rect x="13.9052" y="1750.56" width="107.544" height="12.0001" class="st7"/>
+			<text x="13.91" y="1759.56" class="st8">Show the WHFB Cred Prov</text>		</g>
+		<g id="shape1050-134" transform="translate(379.678,-1653.06)">
+			<title>Self Message.1036</title>
+			<desc>Get domain hint from computer</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="28.2406" y="1758.06" width="66.163" height="24.0002" class="st7"/>
+			<text x="28.24" y="1767.06" class="st8">Get domain hint <tspan x="30.39" dy="1.2em" class="st4">from computer</tspan></text>		</g>
+		<g id="shape1051-142" transform="translate(717.712,-1590.06)">
+			<title>Return Message.1051</title>
+			<desc>return list of domain controlers</desc>
+			<path d="M0 1755 L-329.03 1755" class="st9"/>
+			<rect x="-201.841" y="1743" width="74.6491" height="24.0002" class="st7"/>
+			<text x="-189.77" y="1752" class="st8">return list of <tspan x="-201.84" dy="1.2em" class="st4">domain controlers</tspan></text>		</g>
+		<g id="shape1052-150" transform="translate(388.678,-1536.06)">
+			<title>Message.1052</title>
+			<desc>KRB_AS_REQ w/signed preAuth data</desc>
+			<path d="M0 1755 L320.55 1755" class="st5"/>
+			<rect x="89.9266" y="1749" width="149.181" height="12.0001" class="st7"/>
+			<text x="89.93" y="1758" class="st8">KRB_AS_REQ w/signed preAuth data</text>		</g>
+		<g id="shape1053-157" transform="translate(708.712,-1545.06)">
+			<title>Self Message.1030</title>
+			<desc>PreAuth data validation</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="29.4303" y="1762.56" width="53.7163" height="24.0002" class="st7"/>
+			<text x="29.43" y="1771.56" class="st8">PreAuth data<tspan x="36.23" dy="1.2em" class="st4">validation</tspan></text>		</g>
+		<g id="shape1054-165" transform="translate(717.712,-1518.06)">
+			<title>Return Message.1031</title>
+			<desc>KRB_AS_REP w/KDC cert and TGT</desc>
+			<path d="M0 1755 L-329.03 1755" class="st9"/>
+			<rect x="-232.522" y="1749" width="136.011" height="12.0001" class="st7"/>
+			<text x="-232.52" y="1758" class="st8">KRB_AS_REP w/KDC cert and TGT</text>		</g>
+		<g id="shape1056-172" transform="translate(379.678,-1509.06)">
+			<title>Self Message.1033</title>
+			<desc>Kdc cert chains and validates</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="30.5772" y="1758.06" width="83.9899" height="24.0002" class="st7"/>
+			<text x="56.08" y="1767.06" class="st8">Kdc cert<tspan x="30.58" dy="1.2em" class="st4"> </tspan>chains and validates</text>		</g>
+		<g id="shape1057-180" transform="translate(379.678,-1473.06)">
+			<title>Self Message.1034</title>
+			<desc>KDC cert include KDC Authentication EKU (1.3.6.1.5.2.3.5)</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="30.1199" y="1752.06" width="98.4045" height="36.0003" class="st7"/>
+			<text x="45.92" y="1761.06" class="st8">KDC cert include <tspan x="30.12" dy="1.2em" class="st4">KDC Authentication EKU</tspan><tspan
+						x="47.18" dy="1.2em" class="st4">(1.3.6.1.5.2.3.5)</tspan></text>		</g>
+		<g id="shape1058-189" transform="translate(379.678,-1437.06)">
+			<title>Self Message.1035</title>
+			<desc>KDC cert subject alternate name matches domain DNS</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="31.6208" y="1762.56" width="131.403" height="24.0002" class="st7"/>
+			<text x="31.62" y="1771.56" class="st8">KDC cert subject alternate name<tspan x="53.78" dy="1.2em" class="st4">matches domain DNS</tspan></text>		</g>
+		<g id="shape1059-197" transform="translate(379.678,-1581.06)">
+			<title>Self Message.1037</title>
+			<desc>WHFB privKey signs preAuth data</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="32.2506" y="1762.56" width="76.1432" height="24.0002" class="st7"/>
+			<text x="41.49" y="1771.56" class="st8">WHFB privKey<tspan x="32.25" dy="1.2em" class="st4">signs preAuth data</tspan></text>		</g>
+		<g id="shape1060-205" transform="translate(388.678,-1608.06)">
+			<title>Message.1060</title>
+			<desc>DcLocator via DNS</desc>
+			<path d="M0 1755 L320.55 1755" class="st5"/>
+			<rect x="127.361" y="1749" width="74.3118" height="12.0001" class="st7"/>
+			<text x="127.36" y="1758" class="st8">DcLocator via DNS</text>		</g>
+		<g id="shape1061-212" transform="translate(388.678,-1410.06)">
+			<title>Return Message.1061</title>
+			<desc>TGT</desc>
+			<path d="M0 1755 L-219.36 1755" class="st9"/>
+			<rect x="-117.705" y="1749" width="16.0546" height="12.0001" class="st7"/>
+			<text x="-117.71" y="1758" class="st8">TGT</text>		</g>
+		<g id="shape1062-219" transform="translate(169.322,-1374.06)">
+			<title>Message.1062</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L320.55 1755" class="st10"/>
+			<rect x="121.438" y="1749" width="86.1584" height="12.0001" class="st7"/>
+			<text x="121.44" y="1758" class="st12">Collected Credentials</text>		</g>
+		<g id="shape1063-227" transform="translate(498.356,-1374.06)">
+			<title>Message.1030</title>
+			<desc>Request Nonce</desc>
+			<path d="M0 1755 L101.2 1755" class="st10"/>
+			<rect x="24.0404" y="1749" width="61.5973" height="12.0001" class="st7"/>
+			<text x="24.04" y="1758" class="st12">Request Nonce</text>		</g>
+		<g id="shape1064-234" transform="translate(608.034,-1356.06)">
+			<title>Return Message.1033</title>
+			<desc>Nonce</desc>
+			<path d="M0 1755 L-109.68 1755" class="st13"/>
+			<rect x="-67.9323" y="1749" width="26.1867" height="12.0001" class="st7"/>
+			<text x="-67.93" y="1758" class="st12">Nonce</text>		</g>
+		<g id="shape1065-242" transform="translate(608.034,-1248.06)">
+			<title>Return Message.1034</title>
+			<desc>PRT w/Session key</desc>
+			<path d="M0 1755 L-109.68 1755" class="st13"/>
+			<rect x="-92.4709" y="1749" width="75.264" height="12.0001" class="st7"/>
+			<text x="-92.47" y="1758" class="st12">PRT w/Session key</text>		</g>
+		<g id="shape1066-249" transform="translate(489.356,-1347.06)">
+			<title>Self Message.1066</title>
+			<desc>Sign nonce WHFB privkey</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="31.1334" y="1762.56" width="57.0218" height="24.0002" class="st7"/>
+			<text x="37.6" y="1771.56" class="st12">Sign nonce <tspan x="31.13" dy="1.2em" class="st4">WHFB privkey</tspan></text>		</g>
+		<g id="shape1067-257" transform="translate(498.356,-1302.06)">
+			<title>Message.1037</title>
+			<desc>Signed Nonce</desc>
+			<path d="M0 1755 L101.2 1755" class="st10"/>
+			<rect x="27.0751" y="1749" width="55.5279" height="12.0001" class="st7"/>
+			<text x="27.08" y="1758" class="st12">Signed Nonce</text>		</g>
+		<g id="shape1068-264" transform="translate(599.034,-1311.06)">
+			<title>Self Message.1038</title>
+			<desc>Validate signature WHFB pubkey</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="30.1128" y="1762.56" width="73.707" height="24.0002" class="st14"/>
+			<text x="30.11" y="1771.56" class="st12">Validate signature<tspan x="37.22" dy="1.2em" class="st4"> </tspan>WHFB pubkey</text>		</g>
+		<g id="shape1069-272" transform="translate(599.034,-1275.06)">
+			<title>Self Message.1039</title>
+			<desc>Validate Nonce</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="36.0309" y="1768.56" width="61.8709" height="12.0001" class="st7"/>
+			<text x="36.03" y="1777.56" class="st12">Validate Nonce</text>		</g>
+		<g id="shape1070-279" transform="translate(489.356,-1239.06)">
+			<title>Self Message.1040</title>
+			<desc>Decrypt Session key w/ Transport key</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="30.5154" y="1762.56" width="80.7575" height="24.0002" class="st7"/>
+			<text x="30.52" y="1771.56" class="st12">Decrypt Session key <tspan x="36.27" dy="1.2em" class="st4">w/ Transport key</tspan></text>		</g>
+		<g id="shape1071-287" transform="translate(489.356,-1203.06)">
+			<title>Self Message.1041</title>
+			<desc>Import Session Key to TPM</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="29.9916" y="1762.56" width="77.3053" height="24.0002" class="st7"/>
+			<text x="29.99" y="1771.56" class="st12">Import Session Key<tspan x="53.91" dy="1.2em" class="st4">to TPM</tspan></text>		</g>
+		<g id="shape1072-295" transform="translate(498.938,-1161)">
+			<title>Return Message.1035</title>
+			<desc>Successful Authentication</desc>
+			<path d="M0 1755 L-329.62 1755" class="st13"/>
+			<rect x="-217.15" y="1749" width="104.674" height="12.0001" class="st7"/>
+			<text x="-217.15" y="1758" class="st12">Successful Authentication</text>		</g>
+		<g id="shape1074-302" transform="translate(50.6441,-1401.06)">
+			<title>Self Message.1043</title>
+			<desc>Load User Desktop</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="30.4588" y="1764.06" width="76.2943" height="12.0001" class="st14"/>
+			<text x="30.46" y="1773.06" class="st8">Load User Desktop</text>		</g>
+		<g id="shape1075-309" transform="translate(169.322,-1410.06)">
+			<title>Return Message.1075</title>
+			<desc>Success</desc>
+			<path d="M0 1755 L-109.68 1755" class="st9"/>
+			<rect x="-70.391" y="1749" width="31.1039" height="12.0001" class="st7"/>
+			<text x="-70.39" y="1758" class="st8">Success</text>		</g>
+		<g id="shape1076-316" transform="translate(29.661,-1667.66)">
+			<title>State.1090</title>
+			<desc>A</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st15"/>
+			<text x="5.6" y="1758.36" class="st16">A</text>		</g>
+		<g id="shape1077-319" transform="translate(35.161,-1397.66)">
+			<title>State.1077</title>
+			<desc>E</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st15"/>
+			<text x="6.42" y="1758.36" class="st16">E</text>		</g>
+		<g id="shape1078-322" transform="translate(358.161,-1557.16)">
+			<title>State.1078</title>
+			<desc>B</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st15"/>
+			<text x="5.92" y="1758.36" class="st16">B</text>		</g>
+		<g id="shape1079-325" transform="translate(358.661,-1469.16)">
+			<title>State.1079</title>
+			<desc>C</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st15"/>
+			<text x="6.13" y="1758.36" class="st16">C</text>		</g>
+		<g id="shape1080-328" transform="translate(147.161,-1422.84)">
+			<title>State.1080</title>
+			<desc>D</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st15"/>
+			<text x="5.43" y="1758.36" class="st16">D</text>		</g>
+		<g id="shape1081-331" transform="translate(147.161,-1366.32)">
+			<title>State.1081</title>
+			<desc>F</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st15"/>
+			<text x="6.63" y="1758.36" class="st16">F</text>		</g>
+		<g id="shape1082-334" transform="translate(470.161,-1296.16)">
+			<title>State.1082</title>
+			<desc>G</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st15"/>
+			<text x="5.38" y="1758.36" class="st16">G</text>		</g>
+		<g id="group1083-337" transform="translate(677.212,-1110.6)">
+			<title>Object lifeline.1083</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1084-338" transform="translate(13.5,-6.3)">
+				<title>Sheet.1084</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1085-340" transform="translate(31.5,-41.4)">
+				<title>Sheet.1085</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1086-342" transform="translate(27,559.556)">
+				<title>Sheet.1086</title>
+			</g>
+			<g id="shape1083-344">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="1741.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1088-348" transform="translate(19.1441,-1110.6)">
+			<title>Object lifeline.1088</title>
+			<desc>Winlogon</desc>
+			<g id="shape1089-349" transform="translate(13.5,-6.3)">
+				<title>Sheet.1089</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1090-351" transform="translate(31.5,-41.4)">
+				<title>Sheet.1090</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1091-353" transform="translate(27,559.556)">
+				<title>Sheet.1091</title>
+			</g>
+			<g id="shape1088-355">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="1748.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="group1093-358" transform="translate(567.534,-1110.6)">
+			<title>Object lifeline.1093</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1094-359" transform="translate(13.5,-6.3)">
+				<title>Sheet.1094</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1095-361" transform="translate(31.5,-41.4)">
+				<title>Sheet.1095</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1096-363" transform="translate(27,559.556)">
+				<title>Sheet.1096</title>
+			</g>
+			<g id="shape1093-365">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="1741.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1098-369" transform="translate(128.822,-1110.6)">
+			<title>Object lifeline.1098</title>
+			<desc>LSA</desc>
+			<g id="shape1099-370" transform="translate(13.5,-6.3)">
+				<title>Sheet.1099</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1100-372" transform="translate(31.5,-41.4)">
+				<title>Sheet.1100</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1101-374" transform="translate(27,559.556)">
+				<title>Sheet.1101</title>
+			</g>
+			<g id="shape1098-376">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="1748.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="group1103-379" transform="translate(238.5,-1110.6)">
+			<title>Object lifeline.1103</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1104-380" transform="translate(13.5,-6.3)">
+				<title>Sheet.1104</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1105-382" transform="translate(31.5,-41.4)">
+				<title>Sheet.1105</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1106-384" transform="translate(27,559.556)">
+				<title>Sheet.1106</title>
+			</g>
+			<g id="shape1103-386">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="1741.5" class="st3">Credential<tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1108-390" transform="translate(457.856,-1110.6)">
+			<title>Object lifeline.1108</title>
+			<desc>Cloud Auth provider</desc>
+			<g id="shape1109-391" transform="translate(13.5,-6.3)">
+				<title>Sheet.1109</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1110-393" transform="translate(31.5,-41.4)">
+				<title>Sheet.1110</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1111-395" transform="translate(27,559.556)">
+				<title>Sheet.1111</title>
+			</g>
+			<g id="shape1108-397">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="12.67" y="1741.5" class="st3">Cloud Auth<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1113-401" transform="translate(348.178,-1110.6)">
+			<title>Object lifeline.1113</title>
+			<desc>Kerberos provider</desc>
+			<g id="shape1114-402" transform="translate(13.5,-6.3)">
+				<title>Sheet.1114</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1115-404" transform="translate(31.5,-41.4)">
+				<title>Sheet.1115</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1116-406" transform="translate(27,559.556)">
+				<title>Sheet.1116</title>
+			</g>
+			<g id="shape1113-408">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="18.07" y="1741.5" class="st3">Kerberos<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+	</g>
+</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-kt.svg b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-kt.svg
new file mode 100644
index 0000000000..05f8168142
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/images/howitworks/auth/hybrid-entra-join-kt.svg
@@ -0,0 +1,540 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by Microsoft Visio, SVG Export auth-hybrid-join-kt.svg HAADJ-Auth-KeyTrust -->
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:ev="http://www.w3.org/2001/xml-events"
+		width="21.5in" height="24.5in" viewBox="0 0 1548 1764" xml:space="preserve" color-interpolation-filters="sRGB" class="st16">
+	<style type="text/css">
+	<![CDATA[
+		.st1 {fill:#ffffff;stroke:#e9eff7;stroke-width:0.75}
+		.st2 {stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st3 {fill:#5b9bd5;font-family:Calibri;font-size:1.00001em;font-weight:bold}
+		.st4 {font-size:1em}
+		.st5 {marker-end:url(#mrkr4-102);stroke:#5b9bd5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st6 {fill:#5b9bd5;fill-opacity:1;stroke:#5b9bd5;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st7 {fill:#ffffff;stroke:none;stroke-linecap:butt;stroke-width:7.2}
+		.st8 {fill:#4f87bb;font-family:Calibri;font-size:0.833336em}
+		.st9 {marker-end:url(#mrkr3-117);stroke:#5b9bd5;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st10 {marker-end:url(#mrkr4-223);stroke:#ed7d31;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st11 {fill:#ed7d31;fill-opacity:1;stroke:#ed7d31;stroke-opacity:1;stroke-width:0.23584905660377}
+		.st12 {fill:#d06d29;font-family:Calibri;font-size:0.833336em}
+		.st13 {marker-end:url(#mrkr3-238);stroke:#ed7d31;stroke-dasharray:7,5;stroke-linecap:round;stroke-linejoin:round;stroke-width:1}
+		.st14 {fill:#002060;stroke:none;stroke-width:0.75}
+		.st15 {fill:#ffffff;font-family:Calibri;font-size:1.16666em;font-weight:bold}
+		.st16 {fill:none;fill-rule:evenodd;font-size:12px;overflow:visible;stroke-linecap:square;stroke-miterlimit:3}
+	]]>
+	</style>
+
+	<defs id="Markers">
+		<g id="lend4">
+			<path d="M 2 1 L 0 0 L 2 -1 L 2 1 " style="stroke:none"/>
+		</g>
+		<marker id="mrkr4-102" class="st6" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<g id="lend3">
+			<path d="M 2 1 L 0 0 L 2 -1 " style="stroke-linecap:round;stroke-linejoin:round;fill:none"/>
+		</g>
+		<marker id="mrkr3-117" class="st6" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<marker id="mrkr4-223" class="st11" refX="-8.48" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend4" transform="scale(-4.24,-4.24) "/>
+		</marker>
+		<marker id="mrkr3-238" class="st11" orient="auto" markerUnits="strokeWidth" overflow="visible">
+			<use xlink:href="#lend3" transform="scale(-4.24,-4.24) "/>
+		</marker>
+	</defs>
+	<g>
+		<title>auth-hybrid-join-kt</title>
+		<g id="group1005-1" transform="translate(677.212,-1707.06)">
+			<title>Object lifeline.1005</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1006-2" transform="translate(13.5,-6.3)">
+				<title>Sheet.1006</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1007-4" transform="translate(31.5,-41.4)">
+				<title>Sheet.1007</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1008-6" transform="translate(27,600.056)">
+				<title>Sheet.1008</title>
+			</g>
+			<g id="shape1009-8" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1009</title>
+				<path d="M0 1764 L577.56 1764" class="st2"/>
+			</g>
+			<g id="shape1005-11">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="1741.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1015-15" transform="translate(19.1441,-1707.06)">
+			<title>Object lifeline.1015</title>
+			<desc>Winlogon</desc>
+			<g id="shape1016-16" transform="translate(13.5,-6.3)">
+				<title>Sheet.1016</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1017-18" transform="translate(31.5,-41.4)">
+				<title>Sheet.1017</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1018-20" transform="translate(27,591.056)">
+				<title>Sheet.1018</title>
+			</g>
+			<g id="shape1019-22" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1019</title>
+				<path d="M0 1764 L568.56 1764" class="st2"/>
+			</g>
+			<g id="shape1015-25">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="1748.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="group1020-28" transform="translate(567.534,-1707.06)">
+			<title>Object lifeline.1020</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1021-29" transform="translate(13.5,-6.3)">
+				<title>Sheet.1021</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1022-31" transform="translate(31.5,-41.4)">
+				<title>Sheet.1022</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1023-33" transform="translate(27,600.056)">
+				<title>Sheet.1023</title>
+			</g>
+			<g id="shape1024-35" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1024</title>
+				<path d="M0 1764 L577.56 1764" class="st2"/>
+			</g>
+			<g id="shape1020-38">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="1741.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1025-42" transform="translate(128.822,-1707.06)">
+			<title>Object lifeline.1025</title>
+			<desc>LSA</desc>
+			<g id="shape1026-43" transform="translate(13.5,-6.3)">
+				<title>Sheet.1026</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1027-45" transform="translate(31.5,-41.4)">
+				<title>Sheet.1027</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1028-47" transform="translate(27,591.056)">
+				<title>Sheet.1028</title>
+			</g>
+			<g id="shape1029-49" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1029</title>
+				<path d="M0 1764 L568.56 1764" class="st2"/>
+			</g>
+			<g id="shape1025-52">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="1748.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="group1030-55" transform="translate(238.5,-1707.06)">
+			<title>Object lifeline.1030</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1031-56" transform="translate(13.5,-6.3)">
+				<title>Sheet.1031</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1032-58" transform="translate(31.5,-41.4)">
+				<title>Sheet.1032</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1033-60" transform="translate(27,595.556)">
+				<title>Sheet.1033</title>
+			</g>
+			<g id="shape1034-62" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1034</title>
+				<path d="M0 1764 L573.06 1764" class="st2"/>
+			</g>
+			<g id="shape1030-65">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="1741.5" class="st3">Credential<tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1035-69" transform="translate(457.856,-1707.06)">
+			<title>Object lifeline.1035</title>
+			<desc>Cloud Auth provider</desc>
+			<g id="shape1036-70" transform="translate(13.5,-6.3)">
+				<title>Sheet.1036</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1037-72" transform="translate(31.5,-41.4)">
+				<title>Sheet.1037</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1038-74" transform="translate(27,595.556)">
+				<title>Sheet.1038</title>
+			</g>
+			<g id="shape1039-76" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1039</title>
+				<path d="M0 1764 L573.06 1764" class="st2"/>
+			</g>
+			<g id="shape1035-79">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="12.67" y="1741.5" class="st3">Cloud Auth<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1040-83" transform="translate(348.178,-1707.06)">
+			<title>Object lifeline.1040</title>
+			<desc>Kerberos provider</desc>
+			<g id="shape1041-84" transform="translate(13.5,-6.3)">
+				<title>Sheet.1041</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1042-86" transform="translate(31.5,-41.4)">
+				<title>Sheet.1042</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1043-88" transform="translate(27,595.556)">
+				<title>Sheet.1043</title>
+			</g>
+			<g id="shape1044-90" transform="translate(1804.5,1764) rotate(90)">
+				<title>Sheet.1044</title>
+				<path d="M0 1764 L573.06 1764" class="st2"/>
+			</g>
+			<g id="shape1040-93">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="18.07" y="1741.5" class="st3">Kerberos<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="shape1045-97" transform="translate(270,-1689.06)">
+			<title>Self Message.1020</title>
+			<desc>User provides gesture</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="32.0321" y="1768.56" width="88.936" height="12.0001" class="st7"/>
+			<text x="32.03" y="1777.56" class="st8">User provides gesture</text>		</g>
+		<g id="shape1046-105" transform="translate(169.322,-1644.06)">
+			<title>Message.1021</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L210.88 1755" class="st5"/>
+			<rect x="22.2053" y="1748.31" width="86.1584" height="12.0001" class="st7"/>
+			<text x="22.21" y="1757.31" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1047-112" transform="translate(279,-1662.06)">
+			<title>Return Message.1028</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L-219.36 1755" class="st9"/>
+			<rect x="-117.64" y="1748.31" width="86.1584" height="12.0001" class="st7"/>
+			<text x="-117.64" y="1757.31" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1048-120" transform="translate(59.6441,-1644.06)">
+			<title>Message.1029</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L101.2 1755" class="st5"/>
+			<rect x="11.7599" y="1749" width="86.1584" height="12.0001" class="st7"/>
+			<text x="11.76" y="1758" class="st8">Collected Credentials</text>		</g>
+		<g id="shape1049-127" transform="translate(59.6441,-1680.06)">
+			<title>Message.1027</title>
+			<desc>Show the WHFB Cred Prov</desc>
+			<path d="M0 1755 L210.88 1755" class="st5"/>
+			<rect x="13.9052" y="1750.56" width="107.544" height="12.0001" class="st7"/>
+			<text x="13.91" y="1759.56" class="st8">Show the WHFB Cred Prov</text>		</g>
+		<g id="shape1050-134" transform="translate(379.678,-1653.06)">
+			<title>Self Message.1036</title>
+			<desc>Get domain hint from computer</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="28.2406" y="1760.31" width="66.163" height="24.0002" class="st7"/>
+			<text x="28.24" y="1769.31" class="st8">Get domain hint <tspan x="30.39" dy="1.2em" class="st4">from computer</tspan></text>		</g>
+		<g id="shape1051-142" transform="translate(717.712,-1590.06)">
+			<title>Return Message.1051</title>
+			<desc>return list of domain controlers</desc>
+			<path d="M0 1755 L-329.03 1755" class="st9"/>
+			<rect x="-201.841" y="1743" width="74.6491" height="24.0002" class="st7"/>
+			<text x="-189.77" y="1752" class="st8">return list of <tspan x="-201.84" dy="1.2em" class="st4">domain controlers</tspan></text>		</g>
+		<g id="shape1052-150" transform="translate(388.678,-1536.06)">
+			<title>Message.1052</title>
+			<desc>KRB_AS_REQ w/signed preAuth data</desc>
+			<path d="M0 1755 L320.55 1755" class="st5"/>
+			<rect x="89.9266" y="1749" width="149.181" height="12.0001" class="st7"/>
+			<text x="89.93" y="1758" class="st8">KRB_AS_REQ w/signed preAuth data</text>		</g>
+		<g id="shape1053-157" transform="translate(708.712,-1545.06)">
+			<title>Self Message.1030</title>
+			<desc>PreAuth data validation</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="29.4303" y="1762.56" width="53.7163" height="24.0002" class="st7"/>
+			<text x="29.43" y="1771.56" class="st8">PreAuth data<tspan x="36.23" dy="1.2em" class="st4">validation</tspan></text>		</g>
+		<g id="shape1054-165" transform="translate(717.712,-1518.06)">
+			<title>Return Message.1031</title>
+			<desc>KRB_AS_REP w/KDC cert and TGT</desc>
+			<path d="M0 1755 L-329.03 1755" class="st9"/>
+			<rect x="-232.522" y="1749" width="136.011" height="12.0001" class="st7"/>
+			<text x="-232.52" y="1758" class="st8">KRB_AS_REP w/KDC cert and TGT</text>		</g>
+		<g id="shape1056-172" transform="translate(379.678,-1509.06)">
+			<title>Self Message.1033</title>
+			<desc>Kdc cert chains and validates</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="29.8377" y="1770.81" width="116.969" height="12.0001" class="st7"/>
+			<text x="29.84" y="1779.81" class="st8">Kdc cert chains and validates</text>		</g>
+		<g id="shape1057-179" transform="translate(379.678,-1473.06)">
+			<title>Self Message.1034</title>
+			<desc>KDC cert include KDC Authentication EKU (1.3.6.1.5.2.3.5)</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="34.6199" y="1756.56" width="98.4045" height="36.0003" class="st7"/>
+			<text x="50.42" y="1765.56" class="st8">KDC cert include <tspan x="34.62" dy="1.2em" class="st4">KDC Authentication EKU</tspan><tspan
+						x="51.68" dy="1.2em" class="st4">(1.3.6.1.5.2.3.5)</tspan></text>		</g>
+		<g id="shape1058-188" transform="translate(379.678,-1437.06)">
+			<title>Self Message.1035</title>
+			<desc>KDC certsubject alternate name matches domain DNS</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="28.2511" y="1762.56" width="129.142" height="24.0002" class="st7"/>
+			<text x="28.25" y="1771.56" class="st8">KDC certsubject alternate name<tspan x="49.28" dy="1.2em" class="st4">matches domain DNS</tspan></text>		</g>
+		<g id="shape1059-196" transform="translate(379.678,-1581.06)">
+			<title>Self Message.1037</title>
+			<desc>WHFB privKey signs preAuth data</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="32.2506" y="1758.06" width="76.1432" height="24.0002" class="st7"/>
+			<text x="41.49" y="1767.06" class="st8">WHFB privKey<tspan x="32.25" dy="1.2em" class="st4">signs preAuth data</tspan></text>		</g>
+		<g id="shape1060-204" transform="translate(388.678,-1608.06)">
+			<title>Message.1060</title>
+			<desc>DcLocator via DNS</desc>
+			<path d="M0 1755 L320.55 1755" class="st5"/>
+			<rect x="127.361" y="1749" width="74.3118" height="12.0001" class="st7"/>
+			<text x="127.36" y="1758" class="st8">DcLocator via DNS</text>		</g>
+		<g id="shape1061-211" transform="translate(388.678,-1410.06)">
+			<title>Return Message.1061</title>
+			<desc>TGT</desc>
+			<path d="M0 1755 L-219.36 1755" class="st9"/>
+			<rect x="-117.705" y="1749" width="16.0546" height="12.0001" class="st7"/>
+			<text x="-117.71" y="1758" class="st8">TGT</text>		</g>
+		<g id="shape1062-218" transform="translate(169.322,-1374.06)">
+			<title>Message.1062</title>
+			<desc>Collected Credentials</desc>
+			<path d="M0 1755 L320.55 1755" class="st10"/>
+			<rect x="121.438" y="1749" width="86.1584" height="12.0001" class="st7"/>
+			<text x="121.44" y="1758" class="st12">Collected Credentials</text>		</g>
+		<g id="shape1063-226" transform="translate(498.356,-1374.06)">
+			<title>Message.1030</title>
+			<desc>Request Nonce</desc>
+			<path d="M0 1755 L101.2 1755" class="st10"/>
+			<rect x="24.0404" y="1749" width="61.5973" height="12.0001" class="st7"/>
+			<text x="24.04" y="1758" class="st12">Request Nonce</text>		</g>
+		<g id="shape1064-233" transform="translate(608.034,-1356.06)">
+			<title>Return Message.1033</title>
+			<desc>Nonce</desc>
+			<path d="M0 1755 L-109.68 1755" class="st13"/>
+			<rect x="-67.9323" y="1749" width="26.1867" height="12.0001" class="st7"/>
+			<text x="-67.93" y="1758" class="st12">Nonce</text>		</g>
+		<g id="shape1065-241" transform="translate(608.034,-1248.06)">
+			<title>Return Message.1034</title>
+			<desc>PRT w/Session key</desc>
+			<path d="M0 1755 L-109.68 1755" class="st13"/>
+			<rect x="-92.4709" y="1749" width="75.264" height="12.0001" class="st7"/>
+			<text x="-92.47" y="1758" class="st12">PRT w/Session key</text>		</g>
+		<g id="shape1066-248" transform="translate(489.356,-1347.06)">
+			<title>Self Message.1066</title>
+			<desc>Sign nonce WHFB privkey</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="31.1334" y="1762.56" width="57.0218" height="24.0002" class="st7"/>
+			<text x="37.6" y="1771.56" class="st12">Sign nonce <tspan x="31.13" dy="1.2em" class="st4">WHFB privkey</tspan></text>		</g>
+		<g id="shape1067-256" transform="translate(498.356,-1302.06)">
+			<title>Message.1037</title>
+			<desc>Signed Nonce</desc>
+			<path d="M0 1755 L101.2 1755" class="st10"/>
+			<rect x="27.0751" y="1749" width="55.5279" height="12.0001" class="st7"/>
+			<text x="27.08" y="1758" class="st12">Signed Nonce</text>		</g>
+		<g id="shape1068-263" transform="translate(599.034,-1311.06)">
+			<title>Self Message.1038</title>
+			<desc>Validate signature WHFB pubkey</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="30.1128" y="1762.56" width="73.707" height="24.0002" class="st7"/>
+			<text x="30.11" y="1771.56" class="st12">Validate signature<tspan x="37.22" dy="1.2em" class="st4"> </tspan>WHFB pubkey</text>		</g>
+		<g id="shape1069-271" transform="translate(599.034,-1275.06)">
+			<title>Self Message.1039</title>
+			<desc>Validate Nonce</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="31.5309" y="1766.31" width="61.8709" height="12.0001" class="st7"/>
+			<text x="31.53" y="1775.31" class="st12">Validate Nonce</text>		</g>
+		<g id="shape1070-278" transform="translate(489.356,-1239.06)">
+			<title>Self Message.1040</title>
+			<desc>Decrypt Session key w/ Transport key</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="32.7654" y="1762.56" width="80.7575" height="24.0002" class="st7"/>
+			<text x="32.77" y="1771.56" class="st12">Decrypt Session key <tspan x="38.52" dy="1.2em" class="st4">w/ Transport key</tspan></text>		</g>
+		<g id="shape1071-286" transform="translate(489.356,-1203.06)">
+			<title>Self Message.1041</title>
+			<desc>Import Session Key to TPM</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st10"/>
+			<rect x="34.4916" y="1762.56" width="77.3053" height="24.0002" class="st7"/>
+			<text x="34.49" y="1771.56" class="st12">Import Session Key<tspan x="58.41" dy="1.2em" class="st4">to TPM</tspan></text>		</g>
+		<g id="shape1072-294" transform="translate(498.356,-1158.06)">
+			<title>Return Message.1035</title>
+			<desc>Successful Authentication</desc>
+			<path d="M0 1755 L-329.03 1755" class="st13"/>
+			<rect x="-216.854" y="1749" width="104.674" height="12.0001" class="st7"/>
+			<text x="-216.85" y="1758" class="st12">Successful Authentication</text>		</g>
+		<g id="shape1074-301" transform="translate(50.6441,-1401.06)">
+			<title>Self Message.1043</title>
+			<desc>Load User Desktop</desc>
+			<path d="M9 1764 L27 1764 L27 1782 L17.48 1782" class="st5"/>
+			<rect x="30.4588" y="1768.56" width="76.2943" height="12.0001" class="st7"/>
+			<text x="30.46" y="1777.56" class="st8">Load User Desktop</text>		</g>
+		<g id="shape1075-308" transform="translate(169.322,-1410.06)">
+			<title>Return Message.1075</title>
+			<desc>Success</desc>
+			<path d="M0 1755 L-109.68 1755" class="st9"/>
+			<rect x="-70.391" y="1749" width="31.1039" height="12.0001" class="st7"/>
+			<text x="-70.39" y="1758" class="st8">Success</text>		</g>
+		<g id="group1076-315" transform="translate(676.068,-1107)">
+			<title>Object lifeline.1076</title>
+			<desc>Domain Controller</desc>
+			<g id="shape1077-316" transform="translate(13.5,-6.3)">
+				<title>Sheet.1077</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1078-318" transform="translate(31.5,-41.4)">
+				<title>Sheet.1078</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1079-320" transform="translate(27,600.056)">
+				<title>Sheet.1079</title>
+			</g>
+			<g id="shape1076-322">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="20.96" y="1741.5" class="st3">Domain <tspan x="15.34" dy="1.2em" class="st4">Controller</tspan></text>			</g>
+		</g>
+		<g id="group1081-326" transform="translate(18,-1107)">
+			<title>Object lifeline.1081</title>
+			<desc>Winlogon</desc>
+			<g id="shape1082-327" transform="translate(13.5,-6.3)">
+				<title>Sheet.1082</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1083-329" transform="translate(31.5,-41.4)">
+				<title>Sheet.1083</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1084-331" transform="translate(27,591.056)">
+				<title>Sheet.1084</title>
+			</g>
+			<g id="shape1081-333">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.38" y="1748.7" class="st3">Winlogon</text>			</g>
+		</g>
+		<g id="group1086-336" transform="translate(566.39,-1107)">
+			<title>Object lifeline.1086</title>
+			<desc>Microsoft Entra ID</desc>
+			<g id="shape1087-337" transform="translate(13.5,-6.3)">
+				<title>Sheet.1087</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1088-339" transform="translate(31.5,-41.4)">
+				<title>Sheet.1088</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1089-341" transform="translate(27,600.056)">
+				<title>Sheet.1089</title>
+			</g>
+			<g id="shape1086-343">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="16.32" y="1741.5" class="st3">Microsoft <tspan x="20.44" dy="1.2em" class="st4">Entra ID</tspan></text>			</g>
+		</g>
+		<g id="group1091-347" transform="translate(127.678,-1107)">
+			<title>Object lifeline.1091</title>
+			<desc>LSA</desc>
+			<g id="shape1092-348" transform="translate(13.5,-6.3)">
+				<title>Sheet.1092</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1093-350" transform="translate(31.5,-41.4)">
+				<title>Sheet.1093</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1094-352" transform="translate(27,591.056)">
+				<title>Sheet.1094</title>
+			</g>
+			<g id="shape1091-354">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="31.49" y="1748.7" class="st3">LSA</text>			</g>
+		</g>
+		<g id="group1096-357" transform="translate(237.356,-1107)">
+			<title>Object lifeline.1096</title>
+			<desc>Credential Provider</desc>
+			<g id="shape1097-358" transform="translate(13.5,-6.3)">
+				<title>Sheet.1097</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1098-360" transform="translate(31.5,-41.4)">
+				<title>Sheet.1098</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1099-362" transform="translate(27,595.556)">
+				<title>Sheet.1099</title>
+			</g>
+			<g id="shape1096-364">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="14.72" y="1741.5" class="st3">Credential<tspan x="19.26" dy="1.2em" class="st4">Provider</tspan></text>			</g>
+		</g>
+		<g id="group1101-368" transform="translate(456.712,-1107)">
+			<title>Object lifeline.1101</title>
+			<desc>Cloud Auth provider</desc>
+			<g id="shape1102-369" transform="translate(13.5,-6.3)">
+				<title>Sheet.1102</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1103-371" transform="translate(31.5,-41.4)">
+				<title>Sheet.1103</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1104-373" transform="translate(27,595.556)">
+				<title>Sheet.1104</title>
+			</g>
+			<g id="shape1101-375">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="12.67" y="1741.5" class="st3">Cloud Auth<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="group1106-379" transform="translate(347.034,-1107)">
+			<title>Object lifeline.1106</title>
+			<desc>Kerberos provider</desc>
+			<g id="shape1107-380" transform="translate(13.5,-6.3)">
+				<title>Sheet.1107</title>
+				<rect x="0" y="1738.8" width="54" height="25.2" class="st1"/>
+			</g>
+			<g id="shape1108-382" transform="translate(31.5,-41.4)">
+				<title>Sheet.1108</title>
+				<path d="M9 1764 a0 0 0 1 1 0 0 a0 0 0 1 1 0 0 Z" class="st1"/>
+			</g>
+			<g id="shape1109-384" transform="translate(27,595.556)">
+				<title>Sheet.1109</title>
+			</g>
+			<g id="shape1106-386">
+				<rect x="0" y="1726.2" width="81" height="37.8" class="st1"/>
+				<text x="18.07" y="1741.5" class="st3">Kerberos<tspan x="19.24" dy="1.2em" class="st4">provider</tspan></text>			</g>
+		</g>
+		<g id="shape1110-390" transform="translate(28.861,-1664.76)">
+			<title>State.1090</title>
+			<desc>A</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st14"/>
+			<text x="5.6" y="1758.36" class="st15">A</text>		</g>
+		<g id="shape1111-393" transform="translate(28.861,-1399.5)">
+			<title>State.1111</title>
+			<desc>E</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st14"/>
+			<text x="6.42" y="1758.36" class="st15">E</text>		</g>
+		<g id="shape1112-396" transform="translate(361.074,-1552.5)">
+			<title>State.1112</title>
+			<desc>B</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st14"/>
+			<text x="5.92" y="1758.36" class="st15">B</text>		</g>
+		<g id="shape1113-399" transform="translate(361.074,-1471.5)">
+			<title>State.1113</title>
+			<desc>C</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st14"/>
+			<text x="6.13" y="1758.36" class="st15">C</text>		</g>
+		<g id="shape1114-402" transform="translate(139.561,-1425.36)">
+			<title>State.1114</title>
+			<desc>D</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st14"/>
+			<text x="5.43" y="1758.36" class="st15">D</text>		</g>
+		<g id="shape1115-405" transform="translate(139.561,-1359)">
+			<title>State.1115</title>
+			<desc>F</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st14"/>
+			<text x="6.63" y="1758.36" class="st15">F</text>		</g>
+		<g id="shape1116-408" transform="translate(472.561,-1322.16)">
+			<title>State.1116</title>
+			<desc>G</desc>
+			<path d="M0 1754.16 A9.83896 9.83896 0 0 1 19.68 1754.16 A9.83896 9.83896 0 1 1 0 1754.16 Z" class="st14"/>
+			<text x="5.38" y="1758.36" class="st15">G</text>		</g>
+	</g>
+</svg>
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/prov-aadj-federated.png b/windows/security/identity-protection/hello-for-business/images/howitworks/prov/aadj-federated.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/prov-aadj-federated.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/prov/aadj-federated.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/prov-aadj-managed.png b/windows/security/identity-protection/hello-for-business/images/howitworks/prov/aadj-managed.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/prov-aadj-managed.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/prov/aadj-managed.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/prov-haadj-cloudtrust-managed.png b/windows/security/identity-protection/hello-for-business/images/howitworks/prov/haadj-cloudtrust-managed.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/prov-haadj-cloudtrust-managed.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/prov/haadj-cloudtrust-managed.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/prov-haadj-instant-certtrust-federated.png b/windows/security/identity-protection/hello-for-business/images/howitworks/prov/haadj-instant-certtrust-federated.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/prov-haadj-instant-certtrust-federated.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/prov/haadj-instant-certtrust-federated.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/prov-haadj-keytrust-managed.png b/windows/security/identity-protection/hello-for-business/images/howitworks/prov/haadj-keytrust-managed.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/prov-haadj-keytrust-managed.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/prov/haadj-keytrust-managed.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/prov-onprem-certtrust.png b/windows/security/identity-protection/hello-for-business/images/howitworks/prov/onprem-certtrust.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/prov-onprem-certtrust.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/prov/onprem-certtrust.png
diff --git a/windows/security/identity-protection/hello-for-business/images/howitworks/prov-onprem-keytrust.png b/windows/security/identity-protection/hello-for-business/images/howitworks/prov/onprem-keytrust.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/images/howitworks/prov-onprem-keytrust.png
rename to windows/security/identity-protection/hello-for-business/images/howitworks/prov/onprem-keytrust.png