diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index d8a838a906..5a639e777f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -55,7 +55,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv 7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**. 8. In the details pane, right-click **Certificate Services Client � Auto-Enrollment** and select **Properties**. 9. Select **Enabled** from the **Configuration Model** list. -10. Select the **Renew expired certificates**, **update pending certificates**, **and remove revoked certificates** check box. +10. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box. 11. Select the **Update certificates that use certificate templates** check box. 12. Click **OK**. Close the **Group Policy Management Editor**.