MicrosoftDocs
diff --git a/‎.openpublishing.redirection.active-directory.json
Lines changed: 15 additions & 0 deletions b/‎.openpublishing.redirection.active-directory.json
Lines changed: 15 additions & 0 deletions
diff --git a/‎articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md
Lines changed: 5 additions & 3 deletions b/‎articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md
Lines changed: 5 additions & 3 deletions
diff --git a/‎articles/active-directory/devices/TOC.yml
Lines changed: 38 additions & 26 deletions b/‎articles/active-directory/devices/TOC.yml
Lines changed: 38 additions & 26 deletions
@@ -7085,6 +7085,21 @@
             "redirect_url": "/azure/active-directory/reports-monitoring/overview-reports",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/active-directory/hybrid/how-to-connect-fed-hybrid-azure-ad-join-post-config-tasks.md",
+            "redirect_url": "/azure/active-directory/devices/howto-hybrid-azure-ad-join",
+            "redirect_document_id": true
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-federated-domains.md",
+            "redirect_url": "/azure/active-directory/devices/howto-hybrid-azure-ad-join",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/active-directory/devices/hybrid-azuread-join-managed-domains.md",
+            "redirect_url": "/azure/active-directory/devices/howto-hybrid-azure-ad-join",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/active-directory/reporting-azure-monitor-diagnostics-azure-storage-account.md",
             "redirect_url": "/azure/active-directory/reports-monitoring/quickstart-azure-monitor-route-logs-to-storage-account",
 
@@ -22,9 +22,11 @@ Organizations who have deployed Microsoft Intune can use the information returne
 * Requiring a PIN to unlock
 * Requiring device encryption
 * Requiring a minimum or maximum operating system version
-* Requiring a device is not jailbroken or rooted
+* Requiring a device isn't jailbroken or rooted
 
-This policy compliance information is forwarded to Azure AD where Conditional Access can make decisions to grant or block access to resources. More information about device compliance policies can be found in the article, [Set rules on devices to allow access to resources in your organization using Intune](/intune/protect/device-compliance-get-started)
+Policy compliance information is sent to Azure AD where Conditional Access decides to grant or block access to resources. More information about device compliance policies can be found in the article, [Set rules on devices to allow access to resources in your organization using Intune](/intune/protect/device-compliance-get-started)
+
+Requiring a hybrid Azure AD joined device is dependent on your devices already being hybrid Azure AD joined. For more information, see the article [Configure hybrid Azure AD join](../devices/howto-hybrid-azure-ad-join.md).
 
 ## Template deployment
 
@@ -59,7 +61,7 @@ After confirming your settings using [report-only mode](howto-conditional-access
 
 ### Known behavior
 
-On Windows 7, iOS, Android, macOS, and some third-party web browsers Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
+On Windows 7, iOS, Android, macOS, and some third-party web browsers, Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
 
 ## Next steps
 
 
@@ -7,13 +7,7 @@
 - name: Tutorials
   expanded: false
   items:
-  - name: Configure hybrid Azure AD join for managed domains
-    href: hybrid-azuread-join-managed-domains.md
-  - name: Configure hybrid Azure AD join for federated domains
-    href: hybrid-azuread-join-federated-domains.md
-  - name: Configure hybrid Azure AD join manually
-    href: hybrid-azuread-join-manual.md
-  - name: Configure Azure AD join during Windows 10 first-run experience
+  - name: Azure AD join during Windows 10 first-run experience
     href: azuread-joined-devices-frx.md
 - name: Concepts
   expanded: true
@@ -33,16 +27,37 @@
 - name: How-to guides
   expanded: false
   items:
-  - Name: Plan your Azure AD device deployment
+  - name: Plan your Azure AD device deployment
     href: plan-device-deployment.md
-  - name: Plan your Azure AD join implementation
-    href: azureadjoin-plan.md
-  - name: Assign local admins to Azure AD joined devices
-    href: assign-local-admin.md
-  - name: Plan your hybrid Azure AD join implementation
-    href: hybrid-azuread-join-plan.md
-  - name: Controlled validation of hybrid Azure AD join
-    href: hybrid-azuread-join-control.md
+  - name: Azure AD join
+    expanded: false
+    items:
+    - name: Plan your Azure AD join implementation
+      href: azureadjoin-plan.md
+    - name: Assign local admins to Azure AD joined devices
+      href: assign-local-admin.md
+  - name: Hybrid Azure AD join
+    expanded: false
+    items:
+    - name: Plan your hybrid Azure AD join implementation
+      href: hybrid-azuread-join-plan.md
+    - name: Targeted hybrid Azure AD join deployment
+      href: hybrid-azuread-join-control.md 
+    - name: Configure hybrid Azure AD join
+      href: howto-hybrid-azure-ad-join.md
+    - name: Verifying hybrid Azure AD join
+      href: howto-hybrid-join-verify.md
+    - name: Troubleshoot hybrid Azure AD join
+      expanded: false
+      items:
+      - name: Troubleshoot hybrid Azure AD joined Windows current version
+        href: troubleshoot-hybrid-join-windows-current.md
+      - name: Troubleshoot pending device state
+        href: /troubleshoot/azure/active-directory/pending-devices
+      - name: Troubleshoot using dsregcmd
+        href: troubleshoot-device-dsregcmd.md
+      - name: Troubleshoot hybrid Azure AD joined down level Windows devices
+        href: troubleshoot-hybrid-join-windows-legacy.md
   - name: Manage device identities
     href: device-management-azure-portal.md
   - name: Manage stale devices
@@ -55,16 +70,6 @@
     href: howto-device-identity-virtual-desktop-infrastructure.md
   - name: Frequently asked questions
     href: faq.yml
-  - name: Troubleshoot device identities
-    items: 
-    - name: Troubleshoot hybrid Azure AD joined Windows current devices
-      href: troubleshoot-hybrid-join-windows-current.md
-    - name: Troubleshoot pending device state
-      href: /troubleshoot/azure/active-directory/pending-devices
-    - name: Troubleshoot using dsregcmd
-      href: troubleshoot-device-dsregcmd.md
-    - name: Troubleshoot hybrid Azure AD joined down level Windows devices
-      href: troubleshoot-hybrid-join-windows-legacy.md
   - name: Enterprise state roaming
     items:
     - name: What is enterprise state roaming?
@@ -81,6 +86,13 @@
       href: enterprise-state-roaming-windows-settings-reference.md
 - name: Reference
   items:
+  - name: Hybrid Azure AD join reference
+    expanded: false
+    items:
+    - name: Configure hybrid Azure AD join manually
+      href: hybrid-azuread-join-manual.md
+    - name: Enable older operating systems
+      href: howto-hybrid-join-downlevel.md
   - name: Enforce TLS 1.2
     href: reference-device-registration-tls-1-2.md
   - name: Graph APIs