Update articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-kcd.md

githubarpyka · msmimart · web-flow · commit 2ba9be76b7d8 · 2020-03-05T08:17:44.000+01:00
This is fine. Thank you!

Co-Authored-By: Michele Martin &lt;36167252+msmimart@users.noreply.github.com&gt;
diff --git a/articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-kcd.md b/articles/active-directory/manage-apps/application-proxy-configure-single-sign-on-with-kcd.md
@@ -63,7 +63,7 @@ The Active Directory configuration varies, depending on whether your Application
 
 #### Connector and application server in different domains
 1. For a list of prerequisites for working with KCD across domains, see [Kerberos Constrained Delegation across domains](https://technet.microsoft.com/library/hh831477.aspx).
-2. Use the `principalsallowedtodelegateto` property of the service account (computer or dedicated domain user account) of the web application to enable Kerberos authentication delegation from the Application Proxy (connector). The application server is running in the context of `webserviceaccount` and the delegating server is `connectorcomputeraccount`. Run the commands below on a Domain Controller (must be Windows Server 2012 R2 at least) in the domain of `webserviceaccount`. Use flat names (non UPN) for both accounts.
+2. Use the `principalsallowedtodelegateto` property of the service account (computer or dedicated domain user account) of the web application to enable Kerberos authentication delegation from the Application Proxy (connector). The application server is running in the context of `webserviceaccount` and the delegating server is `connectorcomputeraccount`. Run the commands below on a Domain Controller (running Windows Server 2012 R2 or later) in the domain of `webserviceaccount`. Use flat names (non UPN) for both accounts.
 
 If the `webserviceaccount` is a computer account, use these commands:
 
