From e8cdcf3d7512539238d80e12f062b7ae67892128 Mon Sep 17 00:00:00 2001
From: Nagappan Veerappan <naveerap@microsoft.com>
Date: Thu, 19 May 2022 11:08:02 -0700
Subject: [PATCH 1/2] Update hello-hybrid-key-whfb-settings-dir-sync.md

Enterprise Key admins
---
 .../hello-hybrid-key-whfb-settings-dir-sync.md                | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
index 3843fecaa8..30592d92d8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@@ -44,6 +44,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 5. In the **Enter the object names to select** text box, type the name of the service account used as an AD DS Connector account and click **OK**.
 6. Click **OK** to return to **Active Directory Users and Computers**.
 
+Note: If your AD has multiple domains in your forest. Your ADConnect accounts needs to be part of "Enterprise Key Admins" group to write the keys across other domain users.
+
 ### Section Review
 
 > [!div class="checklist"]
@@ -63,4 +65,4 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
 6. Configure Windows Hello for Business settings: Directory Synchronization (*You are here*)
-7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
\ No newline at end of file
+7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)

From 76e8709cc86bcb8b904cec2c62d01eaf9ed52b6d Mon Sep 17 00:00:00 2001
From: Aaron Czechowski <aczechowski@users.noreply.github.com>
Date: Thu, 19 May 2022 17:23:03 -0700
Subject: [PATCH 2/2] edit contribution

---
 .../hello-hybrid-key-whfb-settings-dir-sync.md                 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
index 30592d92d8..b964f460e9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@@ -44,7 +44,8 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 5. In the **Enter the object names to select** text box, type the name of the service account used as an AD DS Connector account and click **OK**.
 6. Click **OK** to return to **Active Directory Users and Computers**.
 
-Note: If your AD has multiple domains in your forest. Your ADConnect accounts needs to be part of "Enterprise Key Admins" group to write the keys across other domain users.
+> [!NOTE]
+> If your Active Directory forest has multiple domains, your ADConnect accounts need to be members of the **Enterprise Key Admins** group. This membership is needed to write the keys to other domain users.
 
 ### Section Review