diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 78fee5443a..7344f3ddf4 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -39,6 +39,9 @@ manager: dansimp
Authentication/ConfigureWebSignInAllowedUrls
+
+ Authentication/ConfigureWebcamAccessDomainNames
+
Authentication/EnableFastFirstSignIn
@@ -307,6 +310,55 @@ Specifies the list of domains that are allowed to be navigated to in AAD PIN res
**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Authentication/ConfigureWebcamAccessDomainNames**
+
+
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+
+Specifies the list of domain names that are allowed to access the webcam in Web Sign-in Windows device sign-in scenarios.
+
+Web Sign-in is only supported on Azure AD Joined PCs.
+
+**Example**: If your organization federates to "Contoso IDP" and your Web Sign-in portal at "signinportal.contoso.com" requires webcam access, the policy value should be "contoso.com".
+
+