From 18b493e825b310c0c776c81c394fda3fd0697c8d Mon Sep 17 00:00:00 2001
From: zwhitt-microsoft <101152161+zwhitt-microsoft@users.noreply.github.com>
Date: Wed, 5 Oct 2022 10:24:17 -0700
Subject: [PATCH] Clarified UEFI Lock for VBS disablement

---
 .../credential-guard/credential-guard-manage.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 3dd90ce7bb..e4519a4e80 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -328,7 +328,7 @@ Instructions are given below for how to disable Virtualization-Based Security (V
      > [!IMPORTANT]
      > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
 
-1. If Windows Defender Credential Guard is running when disabling Virtualization-Based Security, run the following bcdedit commands after turning off all Virtualization-Based Security Group Policy and registry settings in steps 1 and 2 above:
+1. If Windows Defender Credential Guard is running when disabling Virtualization-Based Security and either feature was enabled with UEFI Lock, the EFI (firmware) variables must be cleared using bcdedit. From an elevated command prompt, run the following bcdedit commands after turning off all Virtualization-Based Security Group Policy and registry settings as described in steps 1 and 2 above:
 
      >
      > ```cmd