Corrections in Cloud PC authentication section

Looks like a copy/paste error (should be that the user must authenticate to the cloud PC, not the Windows 365 service. Using full term of AADJ and HAADJ to avoid turning the acronym into a verb (AADJed/HAADJed) - feel free to adjust.

Finally - added a section that Smartcard and Windows Hello for Business require line of sight to the DCs.

Author: saudmish

windows-365/enterprise/identity-authentication.md

@@ -91,11 +91,13 @@ This authentication triggers an Azure Active Directory prompt, allowing any cred
 
 ### Cloud PC authentication
 
-Users must authenticate with the Windows 365 service when:
+Users must authenticate to their Cloud PC when:
 
 - They navigate to the URL that maps directly to their Cloud PC.
 - They use a [Remote Desktop client](/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients) to connect to their Cloud PC.
 
+This authentication request is processed by Azure AD for Azure AD Joined Cloud PCs and on-premises Active Directory for Hybrid Azure AD Joined Cloud PCs.
+
 >[!NOTE]
 >If a user launches the web browser URL that maps directly to their Cloud PC, they will encounter the Windows 365 service authentication first, then encounter the Cloud PC authentication.
 
@@ -105,6 +107,8 @@ The following credential types are supported for Cloud PC authentication:
     - Smartcard
     - [Windows Hello for Business certificate trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust)
     - [Windows Hello for Business key trust with certificates](/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs)
+>[!NOTE]
+>Smartcard and Windows Hello authentication require the Windows desktop client to be able to perform Kerberos authentication when used with Hybrid AADJ. This requires the physical client to have line of sight to a domain controller.
 - Windows store client
     - Username and password
 - Web client