From cefd60d7cfc9816f300090d7c7f72b34babc4782 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 18 Aug 2021 11:38:52 +0500
Subject: [PATCH 1/3] Update hello-hybrid-aadj-sso-cert.md

---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md       | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index b8ce7af3da..2a7ae63ab9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -200,9 +200,10 @@ Sign-in to the issuing certificate authority or management workstations with _Do
 5. On the **Subject** tab, select **Supply in the request**.
 6. On the **Cryptography** tab, validate the **Minimum key size** is **2048**.
 7. On the **Security** tab, click **Add**.
-8. Type **NDES server** in the **Enter the object names to select** text box and click **OK**.
-9. Select **NDES server** from the **Group or users names** list. In the **Permissions for** section, select the **Allow** check box for the **Enroll** permission. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
-10. Click on the **Apply** to save changes and close the console.
+8. Select **Object Types**, then, in the appeared window, choose **Computers** and click **OK**
+9. Type **NDES server** in the **Enter the object names to select** text box and click **OK**.
+10. Select **NDES server** from the **Group or users names** list. In the **Permissions for** section, select the **Allow** check box for the **Enroll** permission. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
+11. Click on the **Apply** to save changes and close the console.
 
 ### Create an Azure AD joined Windows Hello for Business authentication certificate template
 During Windows Hello for Business provisioning,  Windows 10 requests an authentication certificate from Microsoft Intune, which requests the authentication certificate on behalf of the user.  This task configures the Windows Hello for Business authentication certificate template.  You use the name of the certificate template when configuring the NDES Server.

From 731d2d151e9bef92702af7f5a1d1eea84ce3e373 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 18 Aug 2021 15:11:18 +0500
Subject: [PATCH 2/3] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 2a7ae63ab9..f40d2342c4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -200,7 +200,7 @@ Sign-in to the issuing certificate authority or management workstations with _Do
 5. On the **Subject** tab, select **Supply in the request**.
 6. On the **Cryptography** tab, validate the **Minimum key size** is **2048**.
 7. On the **Security** tab, click **Add**.
-8. Select **Object Types**, then, in the appeared window, choose **Computers** and click **OK**
+8. Select **Object Types**, then, in the window that appears, choose **Computers** and click **OK**.
 9. Type **NDES server** in the **Enter the object names to select** text box and click **OK**.
 10. Select **NDES server** from the **Group or users names** list. In the **Permissions for** section, select the **Allow** check box for the **Enroll** permission. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
 11. Click on the **Apply** to save changes and close the console.

From 284e553ef58ee88b56e186712376be34b83a2086 Mon Sep 17 00:00:00 2001
From: Angela Fleischmann <v-angelaf@microsoft.com>
Date: Fri, 29 Jul 2022 16:10:50 -0600
Subject: [PATCH 3/3] Update hello-hybrid-aadj-sso-cert.md

https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/d0e0503d-1a23-49be-b642-4ac390655030#CORRECTNESS
Line 339: Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials. > Sign in to the certificate authority or management workstations with an _enterprise admin_ -equivalent credential.
Line 854: When finished click **Select**. > When finished, click **Select**.
---
 .../hello-for-business/hello-hybrid-aadj-sso-cert.md          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index f8ba4366ea..53931e113c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -336,7 +336,7 @@ The certificate authority may only issue certificates for certificate templates
 > [!Important]
 > Ensure you publish the **AADJ WHFB Authentication** certificate templates to the certificate authority that Microsoft Intune uses by way of the NDES servers. The NDES configuration asks you to choose a certificate authority from which it requests certificates.  You need to publish that certificate templates to that issuing certificate authority.  The **NDES-Intune Authentication** certificate is directly enrolled and can be published to any certificate authority.
 
-Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
+Sign in to the certificate authority or management workstations with an _enterprise admin_ -equivalent credential.
 
 1. Open the **Certificate Authority** management console.
 
@@ -851,7 +851,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
    ![Azure AD new group creation.](images/aadjcert/azureadcreatewhfbcertgroup.png)
 
-8. Click **Members**.  Use the  **Select members** pane to add members to this group. When finished click **Select**.
+8. Click **Members**.  Use the  **Select members** pane to add members to this group. When finished, click **Select**.
 
 9. Click **Create**.