diff --git a/windows/security/book/application-security-application-isolation.md b/windows/security/book/application-security-application-isolation.md
index e5a3c7de59..7ce3cfdfd1 100644
--- a/windows/security/book/application-security-application-isolation.md
+++ b/windows/security/book/application-security-application-isolation.md
@@ -63,9 +63,14 @@ With Windows Subsystem for Linux (WSL) you can run a Linux environment on your W
 - **Auto proxy**: This new networking setting enforces WSL to use Windows' HTTP proxy information. Turn on when using a proxy on Windows, as it makes that proxy automatically apply to WSL distributions
 - **Intune/MDM setting in WSL**: Microsoft Defender for Endpoint (MDE) now integrates with WSL, providing the ability to monitor what's running inside of your WSL distros and report them to your online MDE dashboards
 
+## Virtualization-based security enclave
+
+A **Virtualization-based security enclave** is a software-based trusted execution environment (TEE) inside a host application. VBS enclaves enable developers to use VBS to protect their application's secrets from admin-level attacks. VBS enclaves are available on Windows 10 onwards on both x64 and ARM64.
+
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
 - [Hyper-V Firewall](/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall)
 - [DNS Tunneling](/windows/wsl/networking#dns-tunneling)
 - [Auto proxy](/windows/wsl/networking#auto-proxy)
 - [Intune/MDM setting in WSL](/windows/wsl/intune)
+- [Virtualization-based security enclave](/windows/win32/trusted-execution/vbs-enclaves)
diff --git a/windows/security/book/hardware-security-silicon-assisted-security.md b/windows/security/book/hardware-security-silicon-assisted-security.md
index a6ee197b2e..0e07746026 100644
--- a/windows/security/book/hardware-security-silicon-assisted-security.md
+++ b/windows/security/book/hardware-security-silicon-assisted-security.md
@@ -24,16 +24,11 @@ Since more privileged virtual trust levels (VTLs) can enforce their own memory p
 
 With new installs of Windows 11, OS support for VBS and HVCI is turned on by default for all devices that meet prerequisites.
 
-### Virtualization-based security enclave
-
-A **Virtualization-based security enclave** is a software-based trusted execution environment (TEE) inside a host application. VBS enclaves enable developers to use VBS to protect their application's secrets from admin-level attacks. VBS enclaves are available on Windows 10 onwards on both x64 and ARM64.
-
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
 - [Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)
 - [Enable virtualization-based protection of code integrity](../hardware-security/enable-virtualization-based-protection-of-code-integrity.md)
 - [Hypervisor-protected Code Integrity (HVCI)](/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity)
-- [Virtualization-based security enclave](/windows/win32/trusted-execution/vbs-enclaves)
 
 ### Hardware-enforced stack protection