Merge pull request #7021 from saudmish/patch-21

Corrections in Cloud PC authentication section

Author: PRMerger16

windows-365/enterprise/identity-authentication.md

@@ -91,11 +91,13 @@ This authentication triggers an Azure Active Directory prompt, allowing any cred
 
 ### Cloud PC authentication
 
-Users must authenticate with the Windows 365 service when:
+Users must authenticate to their Cloud PC when:
 
 - They navigate to the URL that maps directly to their Cloud PC.
 - They use a [Remote Desktop client](/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients) to connect to their Cloud PC.
 
+This authentication request is processed by Azure AD for Azure AD Joined Cloud PCs and on-premises Active Directory for Hybrid Azure AD Joined Cloud PCs.
+
 >[!NOTE]
 >If a user launches the web browser URL that maps directly to their Cloud PC, they will encounter the Windows 365 service authentication first, then encounter the Cloud PC authentication.
 
@@ -105,6 +107,8 @@ The following credential types are supported for Cloud PC authentication:
     - Smartcard
     - [Windows Hello for Business certificate trust](/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust)
     - [Windows Hello for Business key trust with certificates](/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs)
+>[!NOTE]
+>Smartcard and Windows Hello authentication require the Windows desktop client to be able to perform Kerberos authentication when used with Hybrid AADJ. This requires the physical client to have line of sight to a domain controller.
 - Windows store client
     - Username and password
 - Web client