From fadf0fce8e3507bfaaf44f9ea91f0e852a9c9147 Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Fri, 25 Jan 2019 14:37:34 -0800
Subject: [PATCH] edits

---
 .../security/identity-protection/vpn/vpn-conditional-access.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index ccd3bb3219..061a75c254 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -79,7 +79,7 @@ Two client-side configuration service providers are leveraged for VPN device com
    - Upon request, forwards the Health Attestation Certificate (received from HAS) and related runtime information to the MDM server for verification
    
 >[!NOTE]
->Enabling SSO is not necessarily required unless you want VPN users to be issued Kerberos tickets to access on-premises resources using a certificate issued by the on-premises CA; not the cloud certificate issued by AAD.
+>Enabling SSO is not necessarily required unless you want VPN users to be issued Kerberos tickets to access on-premises resources using a certificate issued by the on-premises CA; not the cloud certificate issued by Azure AD.
 
 
 ## Client connection flow