From d42a7b0c3b97ca0c8f40495219e917f95e764845 Mon Sep 17 00:00:00 2001 From: Orlando Rodriguez <49177883+ojrb@users.noreply.github.com> Date: Mon, 13 May 2019 11:57:49 -0500 Subject: [PATCH] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 73a2919976..2e9bd1375c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -58,7 +58,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. -The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can use a 3rd Party enterprise certification authority too. The detailed requieriments for the Domain Controller certificate are shown below. +The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below. * The certificate must have a CRL distribution-point extension that points to a valid certificate revocation list (CRL). * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name)