From b1ffb7f6f9d3c5045b64160255347086f8b40a6d Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 28 Dec 2022 12:36:39 -0500
Subject: [PATCH] updates

---
 .../hello-aad-join-cloud-only-deploy.md                   | 2 +-
 .../hello-for-business/hello-cert-trust-adfs.md           | 2 +-
 .../hello-cert-trust-policy-settings.md                   | 2 +-
 .../hello-cert-trust-validate-ad-prereq.md                | 2 +-
 .../hello-cert-trust-validate-deploy-mfa.md               | 2 +-
 .../hello-for-business/hello-cert-trust-validate-pki.md   | 2 +-
 .../hello-for-business/hello-deployment-cert-trust.md     | 2 +-
 .../hello-for-business/hello-deployment-key-trust.md      | 2 +-
 .../hello-for-business/hello-deployment-rdp-certs.md      | 6 +++---
 .../hello-for-business/hello-hybrid-aadj-sso-base.md      | 2 +-
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md      | 2 +-
 .../hello-for-business/hello-hybrid-aadj-sso.md           | 2 +-
 .../hello-for-business/hello-hybrid-cert-new-install.md   | 2 +-
 .../hello-for-business/hello-hybrid-cert-trust-devreg.md  | 2 +-
 .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +-
 .../hello-for-business/hello-hybrid-cert-trust.md         | 2 +-
 .../hello-hybrid-cert-whfb-provision.md                   | 2 +-
 .../hello-hybrid-cert-whfb-settings-ad.md                 | 2 +-
 .../hello-hybrid-cert-whfb-settings-adfs.md               | 2 +-
 .../hello-hybrid-cert-whfb-settings-dir-sync.md           | 2 +-
 .../hello-hybrid-cert-whfb-settings-pki.md                | 2 +-
 .../hello-hybrid-cert-whfb-settings-policy.md             | 2 +-
 .../hello-for-business/hello-hybrid-cert-whfb-settings.md | 2 +-
 .../hello-hybrid-cloud-kerberos-trust.md                  | 2 +-
 .../hello-hybrid-key-trust-validate-pki.md                | 2 +-
 .../hello-for-business/hello-hybrid-key-trust.md          | 2 +-
 .../hello-for-business/hello-key-trust-adfs.md            | 2 +-
 .../hello-for-business/hello-key-trust-policy-settings.md | 2 +-
 .../hello-key-trust-validate-ad-prereq.md                 | 2 +-
 .../hello-key-trust-validate-deploy-mfa.md                | 2 +-
 .../hello-for-business/hello-key-trust-validate-pki.md    | 2 +-
 .../includes/dc-certificate-deployment.md                 | 2 +-
 .../hello-for-business}/includes/hello-cloud.md           | 0
 .../hello-for-business/includes/hello-deployment-cloud.md | 8 ++++++++
 .../includes/hello-deployment-hybrid.md                   | 8 ++++++++
 .../includes/hello-deployment-onpremises.md               | 8 ++++++++
 .../includes/hello-hybrid-cert-trust-aad.md               | 0
 .../includes/hello-hybrid-cert-trust-ad.md                | 0
 .../includes/hello-hybrid-cert-trust.md                   | 0
 .../includes/hello-hybrid-cloudkerb-trust.md              | 0
 .../includes/hello-hybrid-key-trust-ad.md                 | 0
 .../includes/hello-hybrid-key-trust.md                    | 0
 .../includes/hello-hybrid-keycert-trust-aad.md            | 0
 .../hello-for-business}/includes/hello-intro.md           | 0
 .../hello-for-business/includes/hello-join-aad.md         | 8 ++++++++
 .../hello-for-business/includes/hello-join-domain.md      | 8 ++++++++
 .../hello-for-business/includes/hello-join-hybrid.md      | 8 ++++++++
 .../includes/hello-on-premises-cert-trust.md              | 0
 .../includes/hello-on-premises-key-trust.md               | 0
 .../includes/hello-trust-certificate.md                   | 8 ++++++++
 .../includes/hello-trust-cloud-kerberos.md                | 8 ++++++++
 .../hello-for-business/includes/hello-trust-key.md        | 8 ++++++++
 windows/security/includes/hello-deployment-cloud.md       | 8 --------
 windows/security/includes/hello-deployment-hybrid.md      | 8 --------
 windows/security/includes/hello-deployment-onpremises.md  | 8 --------
 windows/security/includes/hello-join-aad.md               | 8 --------
 windows/security/includes/hello-join-domain.md            | 8 --------
 windows/security/includes/hello-join-hybrid.md            | 8 --------
 windows/security/includes/hello-trust-certificate.md      | 8 --------
 windows/security/includes/hello-trust-cloud-kerberos.md   | 8 --------
 windows/security/includes/hello-trust-key.md              | 8 --------
 61 files changed, 106 insertions(+), 106 deletions(-)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-cloud.md (100%)
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-deployment-cloud.md
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-deployment-hybrid.md
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-deployment-onpremises.md
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-hybrid-cert-trust-aad.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-hybrid-cert-trust-ad.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-hybrid-cert-trust.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-hybrid-cloudkerb-trust.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-hybrid-key-trust-ad.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-hybrid-key-trust.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-hybrid-keycert-trust-aad.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-intro.md (100%)
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-join-aad.md
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-join-hybrid.md
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-on-premises-cert-trust.md (100%)
 rename windows/security/{ => identity-protection/hello-for-business}/includes/hello-on-premises-key-trust.md (100%)
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-trust-certificate.md
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-trust-cloud-kerberos.md
 create mode 100644 windows/security/identity-protection/hello-for-business/includes/hello-trust-key.md
 delete mode 100644 windows/security/includes/hello-deployment-cloud.md
 delete mode 100644 windows/security/includes/hello-deployment-hybrid.md
 delete mode 100644 windows/security/includes/hello-deployment-onpremises.md
 delete mode 100644 windows/security/includes/hello-join-aad.md
 delete mode 100644 windows/security/includes/hello-join-domain.md
 delete mode 100644 windows/security/includes/hello-join-hybrid.md
 delete mode 100644 windows/security/includes/hello-trust-certificate.md
 delete mode 100644 windows/security/includes/hello-trust-cloud-kerberos.md
 delete mode 100644 windows/security/includes/hello-trust-key.md

diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
index 004083bb85..1382df5771 100644
--- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Cloud-only deployment
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-cloud.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-cloud.md)]
 
 ## Introduction
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index d258d207f7..aa37d9804e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Prepare and deploy Active Directory Federation Services - on-premises certificate trust
 
-[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)]
 
 Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS) role included with Windows Server. The on-premises certificate trust deployment model uses AD FS for *certificate enrollment* and *device registration*.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index 870fc37596..a73ef3f3f2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -11,7 +11,7 @@ ms.topic: tutorial
 ---
 # Configure Windows Hello for Business group policy settings - on-premises certificate Trust
 
-[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)]
 
 On-premises certificate-based deployments of Windows Hello for Business need three Group Policy settings:
 - Enable Windows Hello for Business
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index bac1a4e528..629e59b1e2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Validate Active Directory prerequisites - on-premises certificate trust
 
-[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)]
 
 The key registration process for the on-premises deployment of Windows Hello for Business requires the Windows Server 2016 Active Directory or later schema.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index e5c4b9a2a4..f18107264e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -10,7 +10,7 @@ ms.topic: tutorial
 
 # Validate and deploy multi-factor authentication - on-premises certificate trust
 
-[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)]
 
 Windows Hello for Business requires users perform multi-factor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index 810a289475..3b2425c95d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Configure and validate the Public Key Infrastructure - on-premises certificate trust
 
-[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)]
 
 Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a root of trust for clients. The certificate ensures that clients don't communicate with rogue domain controllers. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index d19452cbd8..0775ea4e9d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Deployment guide overview - on-premises certificate trust
 
-[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)]
 
 Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
index 34d860c531..6104c34401 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Deployment guide overview - on-premises key trust
 
-[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
+[!INCLUDE [hello-on-premises-key-trust](./includes/hello-on-premises-key-trust.md)]
 
 Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment::
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index 5fe62506a6..e4cd07d400 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -12,9 +12,9 @@ appliesto:
 # Deploy certificates for remote desktop (RDP) sign-in
 
 This document describes Windows Hello for Business functionalities or scenarios that apply to:
-- **Deployment type:** [!INCLUDE [hybrid](../../includes/hello-deployment-hybrid.md)]
-- **Trust type:** [!INCLUDE [cloud-kerberos](../../includes/hello-trust-cloud-kerberos.md)], [!INCLUDE [key](../../includes/hello-trust-key.md)]
-- **Join type:** [!INCLUDE [hello-join-aadj](../../includes/hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](../../includes/hello-join-hybrid.md)]
+- **Deployment type:** [!INCLUDE [hybrid](./includes/hello-deployment-hybrid.md)]
+- **Trust type:** [!INCLUDE [cloud-kerberos](./includes/hello-trust-cloud-kerberos.md)], [!INCLUDE [key](./includes/hello-trust-key.md)]
+- **Join type:** [!INCLUDE [hello-join-aadj](./includes/hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](./includes/hello-join-hybrid.md)]
 ---
 
 Windows Hello for Business supports using a certificate as the supplied credential, when establishing a remote desktop connection to another Windows device. This document discusses three approaches for *cloud Kerberos trust* and *key trust* deployments, where authentication certificates can be deployed to an existing Windows Hello for Business user:
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 96c6e82af9..c4bf986ede 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -8,7 +8,7 @@ ms.topic: how-to
 ---
 # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-keycert-trust-aad.md)]
 
 ## Prerequisites
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index ceddc51ed4..2cc6e81fff 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -9,7 +9,7 @@ ms.topic: how-to
 
 # Using Certificates for AADJ On-premises Single-sign On
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust-aad.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust-aad.md)]
 
 If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 1acc6aa213..63a8074f3f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Azure AD Join Single Sign-on Deployment
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-keycert-trust-aad.md)]
 
 Windows Hello for Business combined with Azure Active Directory-joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential.  Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD-joined devices may need to access these resources.  With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory-joined devices using Windows Hello for Business, using a key or a certificate.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
index 234f257566..5ed3e561c2 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure.  Hybrid certificate trust deployments of Windows Hello for Business rely on these technologies
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index 997dbea6e9..bfecf22dea 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust-ad.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust-ad.md)]
 
 Your environment is federated and you're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication.  
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 56e0d50918..acac72ac78 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Hybrid Azure AD joined Windows Hello for Business Prerequisites
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
index caf8cfe867..e6a0f51747 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Hybrid Azure AD joined Certificate Trust Deployment
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index fa4284edd5..5a7e9bb3a0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 ## Provisioning
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
index 748cc46a44..441b9c95d7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema. 
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 83988357c9..847a69e6b9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 ## Federation Services
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 5002843385..311dd7d4b5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -9,7 +9,7 @@ ms.topic: article
 
 # Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 ## Directory Synchronization
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 2b43ffad0a..6e820da88a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -9,7 +9,7 @@ ms.topic: article
 
 # Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly-issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows between them and the client computer.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index ad8ff6984f..6f6b61f93a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust-ad.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust-ad.md)]
 
 ## Policy Configuration
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
index 360f679614..e099167250 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)]
 
 Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.  
 > [!IMPORTANT]
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
index aa375eaaf1..3f7bb9918a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@@ -8,7 +8,7 @@ ms.topic: article
 ---
 # Cloud Kerberos trust deployment
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cloudkerb-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cloudkerb-trust.md)]
 
 Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to successfully deploy Windows Hello for Business in a cloud Kerberos trust scenario.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md
index 4ccdf8010e..12f2d27a3e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Configure and validate the Public Key Infrastructure - hybrid key trust
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-key-trust.md)]
 
 Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a *root of trust* for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
index b8bf8e693d..29de80a2e4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
@@ -9,7 +9,7 @@ ms.topic: how-to
 ---
 # Hybrid key trust deployment
 
-[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-key-trust.md)]
+[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-key-trust.md)]
 
 Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in a hybrid key trust trust scenario.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index b08abdb82d..b0cf1c66b8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Prepare and deploy Active Directory Federation Services - on-premises key trust
 
-[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
+[!INCLUDE [hello-on-premises-key-trust](./includes/hello-on-premises-key-trust.md)]
 
 Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS) role included with Windows Server. The on-premises key trust deployment model uses AD FS for *key registration* and *device registration*.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index 03e7dbfe38..d9446b6eec 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Configure Windows Hello for Business group policy settings - on-premises key trust
 
-[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
+[!INCLUDE [hello-on-premises-key-trust](./includes/hello-on-premises-key-trust.md)]
 
 On-premises key trust deployments of Windows Hello for Business need one Group Policy setting: *Enable Windows Hello for Business*.
 The Group Policy setting determines whether users are allowed, and prompted, to enroll for Windows Hello for Business. It can be configured for computers or users.
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index e53e1d194f..07673151d3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Validate Active Directory prerequisites - on-premises key trust
 
-[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
+[!INCLUDE [hello-on-premises-key-trust](./includes/hello-on-premises-key-trust.md)]
 
 Key trust deployments need an adequate number of domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md) and the [Planning an adequate number of Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index 6088986d1e..65f12b5274 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -10,7 +10,7 @@ ms.topic: tutorial
 
 # Validate and deploy multi-factor authentication - on-premises key trust
 
-[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
+[!INCLUDE [hello-on-premises-key-trust](./includes/hello-on-premises-key-trust.md)]
 
 Windows Hello for Business requires users perform multi-factor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index e21fe61df1..e1524b84f7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -9,7 +9,7 @@ ms.topic: tutorial
 ---
 # Configure and validate the Public Key Infrastructure - on-premises key trust
 
-[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
+[!INCLUDE [hello-on-premises-key-trust](./includes/hello-on-premises-key-trust.md)]
 
 Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a root of trust for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
 
diff --git a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md
index e658d55e32..7eaedf722c 100644
--- a/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md
+++ b/windows/security/identity-protection/hello-for-business/includes/dc-certificate-deployment.md
@@ -30,7 +30,7 @@ Domain controllers automatically request a certificate from the *Domain controll
 <br>
 
 <details>
-<summary><b>Deploy the domain controller auto certificate enrollment GPO</summary>
+<summary><b>Deploy the domain controller auto certificate enrollment GPO</b></summary>
 
 Sign in to domain controller or management workstations with *Domain Administrator* equivalent credentials.
 
diff --git a/windows/security/includes/hello-cloud.md b/windows/security/identity-protection/hello-for-business/includes/hello-cloud.md
similarity index 100%
rename from windows/security/includes/hello-cloud.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-cloud.md
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-deployment-cloud.md b/windows/security/identity-protection/hello-for-business/includes/hello-deployment-cloud.md
new file mode 100644
index 0000000000..bbdeb4c308
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-deployment-cloud.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[cloud :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md#cloud-deployment "For organizations using Azure AD-only identities. Device management is usually done via Intune/MDM")
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-deployment-hybrid.md b/windows/security/identity-protection/hello-for-business/includes/hello-deployment-hybrid.md
new file mode 100644
index 0000000000..b762fc7f9b
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-deployment-hybrid.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[hybrid :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment "For organizations using Active Directory identities synchronized to Azure AD. Device management is usually done via Group Policy or Intune/MDM")
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-deployment-onpremises.md b/windows/security/identity-protection/hello-for-business/includes/hello-deployment-onpremises.md
new file mode 100644
index 0000000000..1537ad1e45
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-deployment-onpremises.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[on-premises :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment "For organizations using Active Directory identities, not synchronized to Azure AD. Device management is usually done via Group Policy")
\ No newline at end of file
diff --git a/windows/security/includes/hello-hybrid-cert-trust-aad.md b/windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cert-trust-aad.md
similarity index 100%
rename from windows/security/includes/hello-hybrid-cert-trust-aad.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cert-trust-aad.md
diff --git a/windows/security/includes/hello-hybrid-cert-trust-ad.md b/windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cert-trust-ad.md
similarity index 100%
rename from windows/security/includes/hello-hybrid-cert-trust-ad.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cert-trust-ad.md
diff --git a/windows/security/includes/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cert-trust.md
similarity index 100%
rename from windows/security/includes/hello-hybrid-cert-trust.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cert-trust.md
diff --git a/windows/security/includes/hello-hybrid-cloudkerb-trust.md b/windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cloudkerb-trust.md
similarity index 100%
rename from windows/security/includes/hello-hybrid-cloudkerb-trust.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-hybrid-cloudkerb-trust.md
diff --git a/windows/security/includes/hello-hybrid-key-trust-ad.md b/windows/security/identity-protection/hello-for-business/includes/hello-hybrid-key-trust-ad.md
similarity index 100%
rename from windows/security/includes/hello-hybrid-key-trust-ad.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-hybrid-key-trust-ad.md
diff --git a/windows/security/includes/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/includes/hello-hybrid-key-trust.md
similarity index 100%
rename from windows/security/includes/hello-hybrid-key-trust.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-hybrid-key-trust.md
diff --git a/windows/security/includes/hello-hybrid-keycert-trust-aad.md b/windows/security/identity-protection/hello-for-business/includes/hello-hybrid-keycert-trust-aad.md
similarity index 100%
rename from windows/security/includes/hello-hybrid-keycert-trust-aad.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-hybrid-keycert-trust-aad.md
diff --git a/windows/security/includes/hello-intro.md b/windows/security/identity-protection/hello-for-business/includes/hello-intro.md
similarity index 100%
rename from windows/security/includes/hello-intro.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-intro.md
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-join-aad.md b/windows/security/identity-protection/hello-for-business/includes/hello-join-aad.md
new file mode 100644
index 0000000000..d953bf92d2
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-join-aad.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[Azure AD join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../hello-how-it-works-technology.md#azure-active-directory-join "Devices that are Azure AD joined do not have any dependencies on Active Directory. Only local users accounts and Azure AD users can sign in to these devices")
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md b/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md
new file mode 100644
index 0000000000..ac84d2985c
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-join-domain.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[domain join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md "Devices that are domain joined do not have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices")
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-join-hybrid.md b/windows/security/identity-protection/hello-for-business/includes/hello-join-hybrid.md
new file mode 100644
index 0000000000..bc5fc707a6
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-join-hybrid.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[hybrid Azure AD join :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join "Devices that are hybrid Azure AD joined don't have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices. Active Directory users that are synchronized to Azure AD will have single-sign on to both Active Directory and Azure AD-protected resources")
\ No newline at end of file
diff --git a/windows/security/includes/hello-on-premises-cert-trust.md b/windows/security/identity-protection/hello-for-business/includes/hello-on-premises-cert-trust.md
similarity index 100%
rename from windows/security/includes/hello-on-premises-cert-trust.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-on-premises-cert-trust.md
diff --git a/windows/security/includes/hello-on-premises-key-trust.md b/windows/security/identity-protection/hello-for-business/includes/hello-on-premises-key-trust.md
similarity index 100%
rename from windows/security/includes/hello-on-premises-key-trust.md
rename to windows/security/identity-protection/hello-for-business/includes/hello-on-premises-key-trust.md
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-trust-certificate.md b/windows/security/identity-protection/hello-for-business/includes/hello-trust-certificate.md
new file mode 100644
index 0000000000..de516ad8cb
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-trust-certificate.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[certificate trust :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust "This trust type uses a certificate to authenticate the users to Active Directory. It's required to issue certificates to the users and to the domain controllers")
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-trust-cloud-kerberos.md b/windows/security/identity-protection/hello-for-business/includes/hello-trust-cloud-kerberos.md
new file mode 100644
index 0000000000..d12cfbf47b
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-trust-cloud-kerberos.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[cloud Kerberos trust :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#cloud-kerberos-trust "This trust type uses security keys to authenticate the users to Active Directory. It's not required to issue any certificates, making it the recommended choice for environments that do not need certificate authentication")
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/includes/hello-trust-key.md b/windows/security/identity-protection/hello-for-business/includes/hello-trust-key.md
new file mode 100644
index 0000000000..4d2d677f24
--- /dev/null
+++ b/windows/security/identity-protection/hello-for-business/includes/hello-trust-key.md
@@ -0,0 +1,8 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 12/08/2022
+ms.topic: include
+---
+
+[key trust :::image type="icon" source="../../../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust "This trust type uses a raw key to authenticate the users to Active Directory. It's not required to issue certificates to users, but it's required to deploy certificates to domain controllers")
\ No newline at end of file
diff --git a/windows/security/includes/hello-deployment-cloud.md b/windows/security/includes/hello-deployment-cloud.md
deleted file mode 100644
index 8152da9722..0000000000
--- a/windows/security/includes/hello-deployment-cloud.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[cloud :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#cloud-deployment "For organizations using Azure AD-only identities. Device management is usually done via Intune/MDM")
\ No newline at end of file
diff --git a/windows/security/includes/hello-deployment-hybrid.md b/windows/security/includes/hello-deployment-hybrid.md
deleted file mode 100644
index b35d4b548e..0000000000
--- a/windows/security/includes/hello-deployment-hybrid.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[hybrid :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment "For organizations using Active Directory identities synchronized to Azure AD. Device management is usually done via Group Policy or Intune/MDM")
\ No newline at end of file
diff --git a/windows/security/includes/hello-deployment-onpremises.md b/windows/security/includes/hello-deployment-onpremises.md
deleted file mode 100644
index 8746a5e9c7..0000000000
--- a/windows/security/includes/hello-deployment-onpremises.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[on-premises :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment "For organizations using Active Directory identities, not synchronized to Azure AD. Device management is usually done via Group Policy")
\ No newline at end of file
diff --git a/windows/security/includes/hello-join-aad.md b/windows/security/includes/hello-join-aad.md
deleted file mode 100644
index 5709970576..0000000000
--- a/windows/security/includes/hello-join-aad.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[Azure AD join :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join "Devices that are Azure AD joined do not have any dependencies on Active Directory. Only local users accounts and Azure AD users can sign in to these devices")
\ No newline at end of file
diff --git a/windows/security/includes/hello-join-domain.md b/windows/security/includes/hello-join-domain.md
deleted file mode 100644
index 0385e2089a..0000000000
--- a/windows/security/includes/hello-join-domain.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[domain join :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md "Devices that are domain joined do not have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices")
\ No newline at end of file
diff --git a/windows/security/includes/hello-join-hybrid.md b/windows/security/includes/hello-join-hybrid.md
deleted file mode 100644
index 3d3e75c6b6..0000000000
--- a/windows/security/includes/hello-join-hybrid.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[hybrid Azure AD join :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join "Devices that are hybrid Azure AD joined don't have any dependencies on Azure AD. Only local users accounts and Active Directory users can sign in to these devices. Active Directory users that are synchronized to Azure AD will have single-sign on to both Active Directory and Azure AD-protected resources")
\ No newline at end of file
diff --git a/windows/security/includes/hello-trust-certificate.md b/windows/security/includes/hello-trust-certificate.md
deleted file mode 100644
index ffc705fde0..0000000000
--- a/windows/security/includes/hello-trust-certificate.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[certificate trust :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust "This trust type uses a certificate to authenticate the users to Active Directory. It's required to issue certificates to the users and to the domain controllers")
\ No newline at end of file
diff --git a/windows/security/includes/hello-trust-cloud-kerberos.md b/windows/security/includes/hello-trust-cloud-kerberos.md
deleted file mode 100644
index 5ddac53ba9..0000000000
--- a/windows/security/includes/hello-trust-cloud-kerberos.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[cloud Kerberos trust :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#cloud-kerberos-trust "This trust type uses security keys to authenticate the users to Active Directory. It's not required to issue any certificates, making it the recommended choice for environments that do not need certificate authentication")
\ No newline at end of file
diff --git a/windows/security/includes/hello-trust-key.md b/windows/security/includes/hello-trust-key.md
deleted file mode 100644
index 133f7f5204..0000000000
--- a/windows/security/includes/hello-trust-key.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-author: paolomatarazzo
-ms.author: paoloma
-ms.date: 12/08/2022
-ms.topic: include
----
-
-[key trust :::image type="icon" source="../images/icons/information.svg" border="false":::](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust "This trust type uses a raw key to authenticate the users to Active Directory. It's not required to issue certificates to users, but it's required to deploy certificates to domain controllers")
\ No newline at end of file