ZT updates

windows/security/zero-trust-windows-device-health.md

@@ -27,6 +27,12 @@ The [Zero Trust Principles](https://www.microsoft.com/security/business/zero-tru
 
 The Zero Trust concept of **verify explicitly** applies to the risks introduced by both devices and users. Windows provides IT administrators the attestation and measurements to determine whether a device meets requirements and can be trusted. Microsoft Intune and Azure Active Directory can be used to manage and enforce access. Plus, IT Administrators can easily customize Windows to meet specific user and policy requirements for access, privacy, compliance, and more.
 
+Zero Trust moves enterprise defenses from static, network-based perimeters to focus on users, assets, and resources. Both [Conditional access](/azure/active-directory/conditional-access/overview) and Device health attestation are used to help grant access to corporate resources.
+
+[Conditional access](/azure/active-directory/conditional-access/overview) evaluates identity signals to confirm that users are who they say they are. Access can then be allowed or blocked based on this information.
+
+For devices, each device needs to prove that it hasn't been tampered with and is in a good state. Windows 11 supports remote attestation to help confirm device compliance. This helps users access corporate resources whether they’re in the office, at home, or when they’re traveling. This capability is critical part of enabling hybrid, modern work environment.
+
 ## Device health attestation on Windows
  Many security risks can emerge during the boot process as this process can be the most privileged component of the whole system. Zero Trust principles state that all endpoints are untrusted unless they are verified. The verification process uses remote attestation as the secure channel to determine and present the device’s health. Remote attestation determines: