diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 103f9f3d54..a53b5977d6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -7,6 +7,9 @@ appliesto:
 ms.topic: article
 ---
 # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
+
+[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)]
+
 ## Prerequisites
 
 Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices.  Unlike hybrid Azure AD-joined devices, Azure AD-joined devices don't have a relationship with your Active Directory domain.  This factor changes the way in which users authenticate to Active Directory.  Validate the following configurations to ensure they support Azure AD-joined devices.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 8a2009474b..84377c36b5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -9,6 +9,8 @@ ms.topic: article
 
 # Using Certificates for AADJ On-premises Single-sign On
 
+[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)]
+
 If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices.
 
 > [!IMPORTANT]
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
index 05694db88f..4b65d68e29 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@@ -8,10 +8,7 @@ ms.topic: article
 ---
 # Hybrid cloud Kerberos trust deployment
 
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [cloud Kerberos trust](hello-hybrid-cloud-kerberos-trust.md)\
-✅ **Device registration type:** [Azure AD join](hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](hello-how-it-works-technology.md#hybrid-azure-ad-join)
+[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cloudkerb-trust.md)]
 
 <br>
 
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
rename to windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md
diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/retired/reset-security-key.md
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/reset-security-key.md
rename to windows/security/identity-protection/hello-for-business/retired/reset-security-key.md
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index e76276cdca..732561a038 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -13,14 +13,6 @@
     href: hello-biometrics-in-enterprise.md
   - name: How Windows Hello for Business works
     href: hello-how-it-works.md
-  - name: Technical deep dive
-    items:
-    - name: Provisioning
-      href: hello-how-it-works-provisioning.md
-    - name: Authentication
-      href: hello-how-it-works-authentication.md
-    - name: WebAuthn APIs
-      href: webauthn-apis.md
 - name: Deployment guides
   items:
   - name: Windows Hello for Business deployment overview
@@ -125,6 +117,8 @@
         href: hello-cert-trust-validate-deploy-mfa.md
       - name: Configure Windows Hello for Business policy settings
         href: hello-cert-trust-policy-settings.md
+    - name: Planning for Domain Controller load
+      href: hello-adequate-domain-controllers.md
 - name: How-to Guides
   items:
   - name: Prepare people to use Windows Hello
@@ -159,10 +153,14 @@
     href: hello-and-password-changes.md
 - name: Reference
   items:
+  - name: How Windows Hello for Business provisioning works
+    href: hello-how-it-works-provisioning.md
+  - name: How Windows Hello for Business authentication works
+    href: hello-how-it-works-authentication.md
+  - name: WebAuthn APIs
+    href: webauthn-apis.md
   - name: Technology and terminology
     href: hello-how-it-works-technology.md
-  - name: How many Domain Controllers?
-    href: hello-adequate-domain-controllers.md
   - name: Frequently Asked Questions (FAQ)
     href: hello-faq.yml
   - name: Windows Hello for Business videos
diff --git a/windows/security/includes/hello-hybrid-cloudkerb-trust.md b/windows/security/includes/hello-hybrid-cloudkerb-trust.md
new file mode 100644
index 0000000000..4f68be791b
--- /dev/null
+++ b/windows/security/includes/hello-hybrid-cloudkerb-trust.md
@@ -0,0 +1,8 @@
+This document describes Windows Hello for Business functionalities or scenarios that apply to:\
+✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
+✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\
+✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)
+
+<br>
+
+---
diff --git a/windows/security/includes/hello-hybrid-keycert-trust-aad.md b/windows/security/includes/hello-hybrid-keycert-trust-aad.md
new file mode 100644
index 0000000000..a8d82200d3
--- /dev/null
+++ b/windows/security/includes/hello-hybrid-keycert-trust-aad.md
@@ -0,0 +1,7 @@
+This document describes Windows Hello for Business functionalities or scenarios that apply to:\
+✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
+✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust), [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
+✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)
+<br>
+
+---
diff --git a/windows/security/includes/hello-template.md b/windows/security/includes/hello-template.md
deleted file mode 100644
index 8bf862c83f..0000000000
--- a/windows/security/includes/hello-template.md
+++ /dev/null
@@ -1,15 +0,0 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [cloud-only](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\
-✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
-✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\
-✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\
-✅ **Device registration type:** Active Directory domain join\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)\
-✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)\
-✅ **Device registration type:** [Azure AD registration](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-ad-registration)
-
-<br>
-
----