diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs.md
similarity index 97%
rename from windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-settings-adfs.md
rename to windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs.md
index eafaf876ab..c5e4939fc8 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs.md
@@ -13,7 +13,7 @@ ms.topic: tutorial
# Configure Active Directory Federation Services - hybrid certificate trust
-[!INCLUDE [hello-hybrid-key-trust](includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [apply-to-hybrid-cert-trust](includes/apply-to-hybrid-cert-trust.md)]
The Windows Hello for Business certificate-based deployments use AD FS as the certificate registration authority (CRA).
The CRA is responsible for issuing and revoking certificates to users. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.\
@@ -81,4 +81,4 @@ Before moving to the next section, ensure the following steps are complete:
> - Update group memberships for the AD FS service account
> [!div class="nextstepaction"]
-> [Next: configure policy settings >](hybrid-cert-whfb-provision.md)
+> [Next: configure policy settings >](hybrid-cert-trust-enroll.md)
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
similarity index 95%
rename from windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-provision.md
rename to windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
index fe69fd26eb..1cf3d29281 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
@@ -2,12 +2,18 @@
title: Configure and provision Windows Hello for Business in a hybrid certificate trust model
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
ms.date: 12/15/2023
+appliesto:
+- ✅ Windows 11
+- ✅ Windows 10
+- ✅ Windows Server 2022
+- ✅ Windows Server 2019
+- ✅ Windows Server 2016
ms.topic: tutorial
---
# Configure and provision Windows Hello for Business - hybrid certificate trust
-[!INCLUDE [hello-hybrid-certificate-trust](includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [apply-to-hybrid-cert-trust](includes/apply-to-hybrid-cert-trust.md)]
## Policy Configuration
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
similarity index 97%
rename from windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-validate-pki.md
rename to windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
index a96beea39a..38b871bba1 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
@@ -12,7 +12,7 @@ ms.topic: tutorial
---
# Configure and validate the PKI in an hybrid certificate trust model
-[!INCLUDE [hello-hybrid-cert-trust](includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [apply-to-hybrid-cert-trust](includes/apply-to-hybrid-cert-trust.md)]
Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a *root of trust* for clients. The certificate ensures that clients don't communicate with rogue domain controllers.
@@ -80,6 +80,6 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
> - Validate the domain controllers configuration
> [!div class="nextstepaction"]
-> [Next: configure AD FS >](hybrid-cert-whfb-settings-adfs.md)
+> [Next: configure AD FS >](hybrid-cert-trust-adfs.md)
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
index e98baf7420..44cb5bf3a4 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
@@ -8,12 +8,12 @@ appliesto:
- ✅ Windows Server 2022
- ✅ Windows Server 2019
- ✅ Windows Server 2016
-ms.topic: how-to
+ms.topic: tutorial
---
# Hybrid certificate trust deployment
-[!INCLUDE [hello-hybrid-cert-trust](includes/hello-hybrid-cert-trust.md)]
+[!INCLUDE [apply-to-hybrid-cert-trust](includes/apply-to-hybrid-cert-trust.md)]
Hybrid environments are distributed systems that enable organizations to use on-premises and Microsoft Entra protected resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication and single sign-on to modern resources.
@@ -117,7 +117,7 @@ To configure Windows Hello for Business, devices can be configured through a mob
> - Configure single sign-on (SSO) for Microsoft Entra joined devices
> [!div class="nextstepaction"]
-> [Next: configure and validate the Public Key Infrastructure >](hybrid-cert-trust-validate-pki.md)
+> [Next: configure and validate the Public Key Infrastructure >](hybrid-cert-trust-pki.md)
[AZ-1]: /azure/active-directory/hybrid/how-to-connect-sync-whatis
diff --git a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-on-premises-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/includes/_apply-to-on-premises-cert-trust-entra.md
similarity index 77%
rename from windows/security/identity-protection/hello-for-business/deploy/includes/hello-on-premises-cert-trust.md
rename to windows/security/identity-protection/hello-for-business/deploy/includes/_apply-to-on-premises-cert-trust-entra.md
index c5855e7890..902e4e5459 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-on-premises-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/_apply-to-on-premises-cert-trust-entra.md
@@ -5,6 +5,6 @@ ms.topic: include
[!INCLUDE [hello-intro](../../includes/hello-intro.md)]
- **Deployment type:** [!INCLUDE [hello-deployment-onpremises](../../includes/hello-deployment-onpremises.md)]
-- **Trust type:** [!INCLUDE [hello-trust-certificate](hello-trust-certificate.md)]
+- **Trust type:** [!INCLUDE [hello-trust-certificate](tooltip-cert-trust.md)]
- **Join type:** [!INCLUDE [hello-join-domain](../../includes/hello-join-domain.md)]
---
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-hybrid-cert-trust-aad.md b/windows/security/identity-protection/hello-for-business/deploy/includes/apply-to-hybrid-cert-trust-entra.md
similarity index 76%
rename from windows/security/identity-protection/hello-for-business/deploy/includes/hello-hybrid-cert-trust-aad.md
rename to windows/security/identity-protection/hello-for-business/deploy/includes/apply-to-hybrid-cert-trust-entra.md
index 55a5accef9..bbfb40269d 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-hybrid-cert-trust-aad.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/apply-to-hybrid-cert-trust-entra.md
@@ -5,6 +5,6 @@ ms.topic: include
[!INCLUDE [hello-intro](../../includes/hello-intro.md)]
- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](../../includes/hello-deployment-hybrid.md)]
-- **Trust type:** [!INCLUDE [hello-trust-certificate](hello-trust-certificate.md)]
+- **Trust type:** [!INCLUDE [hello-trust-certificate](tooltip-cert-trust.md)]
- **Join type:** [!INCLUDE [hello-join-aadj](../../includes/hello-join-aad.md)]
---
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/includes/apply-to-hybrid-cert-trust.md
similarity index 80%
rename from windows/security/identity-protection/hello-for-business/deploy/includes/hello-hybrid-cert-trust.md
rename to windows/security/identity-protection/hello-for-business/deploy/includes/apply-to-hybrid-cert-trust.md
index 181dfe565b..4950b31156 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/apply-to-hybrid-cert-trust.md
@@ -5,6 +5,6 @@ ms.topic: include
[!INCLUDE [hello-intro](../../includes/hello-intro.md)]
- **Deployment type:** [!INCLUDE [hello-deployment-hybrid](../../includes/hello-deployment-hybrid.md)]
-- **Trust type:** [!INCLUDE [hello-trust-certificate](hello-trust-certificate.md)]
+- **Trust type:** [!INCLUDE [hello-trust-certificate](tooltip-cert-trust.md)]
- **Join type:** [!INCLUDE [hello-join-aadj](../../includes/hello-join-aad.md)], [!INCLUDE [hello-join-hybrid](../../includes/hello-join-hybrid.md)]
---
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-trust-certificate.md b/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-cert-trust.md
similarity index 92%
rename from windows/security/identity-protection/hello-for-business/deploy/includes/hello-trust-certificate.md
rename to windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-cert-trust.md
index d31f45a8f0..191890e588 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/hello-trust-certificate.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-cert-trust.md
@@ -1,5 +1,5 @@
---
-ms.date: 12/08/2022
+ms.date: 12/15/2023
ms.topic: include
---
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
index 31b8883209..53fa558172 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
@@ -10,9 +10,10 @@ appliesto:
- ✅ Windows Server 2016
ms.topic: tutorial
---
+
# Prepare and deploy Active Directory Federation Services - on-premises certificate trust
-[!INCLUDE [hello-on-premises-cert-trust](includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [apply-to-on-premises-cert-trust-entra](includes/apply-to-on-premises-cert-trust-entra.md)]
Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS) role included with Windows Server. The on-premises certificate trust deployment model uses AD FS for *certificate enrollment* and *device registration*.
@@ -319,4 +320,4 @@ Each file in this folder represents a certificate in the service account's Perso
For detailed information about the certificate, use `Certutil -q -v `.
> [!div class="nextstepaction"]
-> [Next: validate and deploy multi-factor authentication (MFA) >](on-premises-cert-trust-validate-deploy-mfa.md)
\ No newline at end of file
+> [Next: validate and deploy multi-factor authentication (MFA) >](on-premises-cert-trust-mfa.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
similarity index 93%
rename from windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-policy-settings.md
rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
index cb4507303c..016c4b4c9e 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
@@ -2,11 +2,18 @@
title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
ms.date: 12/15/2023
+appliesto:
+- ✅ Windows 11
+- ✅ Windows 10
+- ✅ Windows Server 2022
+- ✅ Windows Server 2019
+- ✅ Windows Server 2016
ms.topic: tutorial
---
+
# Configure Windows Hello for Business group policy settings - on-premises certificate Trust
-[!INCLUDE [hello-on-premises-cert-trust](includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [apply-to-on-premises-cert-trust-entra](includes/apply-to-on-premises-cert-trust-entra.md)]
On-premises certificate-based deployments of Windows Hello for Business need three Group Policy settings:
@@ -73,7 +80,7 @@ The application of the Windows Hello for Business Group Policy object uses secur
## Other Related Group Policy settings
-There are other Windows Hello for Business policy settings you can configure to manage your Windows Hello for Business deployment. These policy settings are computer-based policy setting; so they are applicable to any user that sign-in from a computer with these policy settings.
+There are other Windows Hello for Business policy settings you can configure to manage your Windows Hello for Business deployment. These policy settings are computer-based policy setting; so they are applicable to any user that sign-in from a computer with these policy settings.
### Use a hardware security device
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md
similarity index 95%
rename from windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-deploy-mfa.md
rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md
index a5ac9c0c48..35fd08dd4d 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md
@@ -13,7 +13,7 @@ ms.topic: tutorial
# Validate and deploy multifactor authentication - on-premises certificate trust
-[!INCLUDE [hello-on-premises-cert-trust](includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [apply-to-on-premises-cert-trust-entra](includes/apply-to-on-premises-cert-trust-entra.md)]
Windows Hello for Business requires users perform multifactor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
@@ -28,4 +28,4 @@ For information about third-party authentication methods, see [Configure Additio
Follow the integration and deployment guide for the authentication provider you plan to integrate to AD FS. Make sure that the authentication provider is selected as a multifactor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies, see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
> [!div class="nextstepaction"]
-> [Next: configure Windows Hello for Business Policy settings >](on-premises-cert-trust-policy-settings.md)
+> [Next: configure Windows Hello for Business Policy settings >](on-premises-cert-trust-enroll.md)
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md
similarity index 96%
rename from windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-pki.md
rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md
index 8f20023a12..98f3054069 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md
@@ -1,7 +1,7 @@
---
title: Configure and validate the Public Key Infrastructure in an on-premises certificate trust model
description: Configure and validate the Public Key Infrastructure the Public Key Infrastructure when deploying Windows Hello for Business in a certificate trust model.
-ms.date: 09/07/2023
+ms.date: 12/15/2023
appliesto:
- ✅ Windows 11
- ✅ Windows 10
@@ -13,7 +13,7 @@ ms.topic: tutorial
# Configure and validate the Public Key Infrastructure - on-premises certificate trust
-[!INCLUDE [hello-on-premises-cert-trust](includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [apply-to-on-premises-cert-trust-entra](includes/apply-to-on-premises-cert-trust-entra.md)]
Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a root of trust for clients. The certificate ensures that clients don't communicate with rogue domain controllers. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate.
diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md
index 5e46ec13cc..392bdfcf57 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md
@@ -13,7 +13,7 @@ ms.topic: tutorial
# Deployment guide for the on-premises certificate trust model
-[!INCLUDE [hello-on-premises-cert-trust](includes/hello-on-premises-cert-trust.md)]
+[!INCLUDE [apply-to-on-premises-cert-trust-entra](includes/apply-to-on-premises-cert-trust-entra.md)]
Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment.
@@ -40,4 +40,4 @@ Sign-in to a domain controller or to a management workstation with a *Domain Adm
1. Select **OK**
> [!div class="nextstepaction"]
-> [Next: validate and configure a PKI >](on-premises-cert-trust-validate-pki.md)
\ No newline at end of file
+> [Next: validate and configure a PKI >](on-premises-cert-trust-pki.md)
\ No newline at end of file