Merge branch 'master' into design

2025-06-21 13:23:36 +00:00 · 2021-04-30 16:02:16 -07:00
parent e98aaa7d73 5d89f1e59a
commit c9d8a0a273
20 changed files with 72 additions and 71 deletions
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@ -1,5 +1,5 @@
 ---
-title: Windows Hello for Business Trust New Installation (Windows Hello for Business)
+title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business)
 description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust depoyments rely on.
 keywords: identity, PIN, biometric, Hello, passport, WHFB
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Windows Hello for Business Certificate Trust New Installation
+# Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@ -1,5 +1,5 @@
 ---
-title: Configure Device Registration for Hybrid Windows Hello for Business
+title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
 description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business)
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/18/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Device Registration for Hybrid Windows Hello for Business
+# Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
 **Applies to**
 -  Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@ -1,5 +1,5 @@
 ---
-title: Hybrid Windows Hello for Business Prerequisites
+title: Hybrid Azure AD joined Windows Hello for Business Prerequisites
 description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Hybrid Windows Hello for Business Prerequisites
+# Hybrid Azure AD joined Windows Hello for Business Prerequisites
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@ -1,5 +1,5 @@
 ---
-title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business)
+title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business)
 description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Businesss.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Hybrid Windows Hello for Business Provisioning
+# Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning
 **Applies to**
 -   Windows 10, version 1703 or later
@ -27,7 +27,7 @@ ms.reviewer:
 ## Provisioning
 The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop.  Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
-![Event358](images/Event358.png)
+![Event358 from User Device Registration log showing Windows Hello for Business prerequisite check result](images/Event358.png)
 The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears.  Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**.
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
@ -1,5 +1,5 @@
 ---
-title: Configure Hybrid Windows Hello for Business - Active Directory (AD)
+title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD)
 description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business
 keywords: identity, PIN, biometric, Hello, passport, WHFB, ad
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Windows Hello for Business: Active Directory
+# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@ -1,5 +1,5 @@
 ---
-title:  Configuring Hybrid Windows Hello for Business - Active Directory Federation Services (ADFS)
+title:  Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS)
 description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business
 keywords: identity, PIN, biometric, Hello, passport, WHFB, adfs
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 01/14/2021
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Windows Hello for Business: Active Directory Federation Services
+# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services
 **Applies to**
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@ -1,5 +1,5 @@
 ---
-title: Configure Hybrid Windows Hello for Business Directory Synch
+title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch
 description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business
 keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect
 ms.prod: w10
@ -13,11 +13,11 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 10/23/2017
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Windows Hello for Business: Directory Synchronization
+# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
 **Applies to**
 - Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@ -1,5 +1,5 @@
 ---
-title: Configuring Hybrid Windows Hello for Business - Public Key Infrastructure (PKI)
+title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI)
 description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business
 keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI
 ms.prod: w10
@ -13,11 +13,11 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 01/14/2021
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Windows Hello for Business: Public Key Infrastructure
+# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
 **Applies to**
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@ -1,5 +1,5 @@
 ---
-title: Configuring Hybrid Windows Hello for Business - Group Policy
+title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy
 description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business
 keywords: identity, PIN, biometric, Hello, passport, WHFB
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Windows Hello for Business: Group Policy
+# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Windows Hello for Business
+# Configure Hybrid Azure AD joined Windows Hello for Business
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@ -1,5 +1,5 @@
 ---
-title: Windows Hello for Business Key Trust New Installation
+title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
 description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations.
 keywords: identity, PIN, biometric, Hello, passport, WHFB
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Windows Hello for Business Key Trust New Installation
+# Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
@ -1,5 +1,5 @@
 ---
-title: Configure Device Registration for Hybrid key trust Windows Hello for Business
+title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
 description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business)
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, device, registration
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Device Registration for Hybrid key trust Windows Hello for Business
+# Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
 **Applies to**
 -  Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@ -1,5 +1,5 @@
 ---
-title: Configure Directory Synchronization for Hybrid key trust Windows Hello for Business
+title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
 description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business)
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, directory, synchronization, AADConnect
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Directory Synchronization for Hybrid key trust Windows Hello for Business
+# Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
 **Applies to**
 -  Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@ -1,5 +1,5 @@
 ---
-title: Hybrid Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
+title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
 description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/20/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Hybrid Key trust Windows Hello for Business Prerequisites
+# Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites
 **Applies to**
 -   Windows 10, version 1703 or later
@ -74,7 +74,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
 * The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
 * The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.  
 * The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
-* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](./hello-hybrid-cert-whfb-settings-pki.md) for details.
+* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](./hello-hybrid-key-whfb-settings-pki.md) for details.
 > [!IMPORTANT]
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@ -1,5 +1,5 @@
 ---
-title: Hybrid Windows Hello for Business key trust Provisioning (Windows Hello for Business)
+title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business)
 description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/20/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Hybrid Windows Hello for Business Provisioning
+# Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
@ -1,5 +1,5 @@
 ---
-title: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD)
+title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD)
 description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD)
 keywords: identity, PIN, biometric, Hello, passport, WHFB, ad, key trust, key-trust
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/20/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configuring Hybrid key trust Windows Hello for Business: Active Directory
+# Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@ -1,5 +1,5 @@
 ---
-title: Hybrid Windows Hello for Business - Directory Synchronization
+title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization
 description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization
 keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect, Windows Hello, AD Connect, key trust, key-trust
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Windows Hello for Business: Directory Synchronization
+# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@ -1,5 +1,5 @@
 ---
-title: Configure Hybrid key trust Windows Hello for Business
+title: Configure Hybrid Azure AD joined key trust Windows Hello for Business
 description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI)
 keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI, Windows Hello, key trust, key-trust
 ms.prod: w10
@ -13,11 +13,11 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 01/14/2021
+ms.date: 04/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Windows Hello for Business: Public Key Infrastructure
+# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
 **Applies to**
@ -50,7 +50,8 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
 4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise's needs.
-    **Note**If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
+   > [!NOTE]
   > If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
 6. On the **Subject Name** tab, select the **Build from this Active Directory information** button if it is not already selected.  Select **None** from the **Subject name format** list.  Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**.
 8. Close the console.
@ -81,11 +82,12 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi
 The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list.  However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
 > [!NOTE]
-> A domain controller's certificate must chain to a certificate in the NTAuth store in Active Directory. By default, online "Enterprise" Active Directory Certificate Authority certificates are added to the NTAuth store at installation time. If you are using a third-party CA, this is not done by default. If the domain controller certificate does not chain to a trusted CA in the NTAuth store, user authentication will fail. 
+> The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail.
 >you can view
 >
-> You can view an AD forest's NTAuth store (NTAuthCertificates) using PKIVIEW.MSC from an ADCS CA. Open PKIView.msc, then click the Action menu -> Manage AD Containers. To see all certificates in the NTAuth store, run **Certutil -viewstore -enterprise NTAuth** from the command-line interface (Cmd.exe).
+>'''powershell
-
+>Certutil -view
-### Publish Certificate Templates to a Certificate Authority
+>Publish Certificate Templates to a Certificate Authority
 The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
@ -1,5 +1,5 @@
 ---
-title: Configure Hybrid Windows Hello for Business - Group Policy
+title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
 description: Configuring Hybrid key trust Windows Hello for Business - Group Policy
 keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, key trust, key-trust
 ms.prod: w10
@ -13,10 +13,10 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/20/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Windows Hello for Business: Group Policy
+# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
 **Applies to**
 -   Windows 10, version 1703 or later
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@ -1,5 +1,5 @@
 ---
-title: Configure Hybrid Windows Hello for Business key trust Settings
+title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings
 description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration.
 keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
 ms.prod: w10
@ -13,18 +13,17 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 08/19/2018
+ms.date: 4/30/2021
 ms.reviewer: 
 ---
-# Configure Hybrid Windows Hello for Business key trust settings
+# Configure Hybrid Azure AD joined Windows Hello for Business key trust settings
 **Applies to**
 -   Windows 10, version 1703 or later
 -   Hybrid deployment
 -   Key trust
- 
+You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business.
 You are ready to configure your hybrid key trust environment for Windows Hello for Business.
 > [!IMPORTANT]
 > Ensure your environment meets all the [prerequisites](hello-hybrid-key-trust-prereqs.md) before proceeding. Review the [New Installation baseline](hello-hybrid-key-new-install.md) section of this deployment document to learn how to prepare your environment for your Windows Hello for Business deployment.