add phone sign-in content

windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md

@@ -16,13 +16,35 @@ author: jdeckerMS
 -   Windows 10
 -   Windows 10 Mobile
 
+In Windows 10, Version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call. 
+
 You can create a Group Policy or mobile device management (MDM) policy that will allow users to sign in to a work PC or their company's VPN using the credentials stored on their Windows 10 phone.
 
  ## Prerequisites
  
+ - Both phone and PC must be running Windows 10, Version 1607.
+ - Both phone and PC must have Bluetooth.
+ - The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
+ - The phone must be joined to Azure AD or have a work account added.
+ - VPN configuration profile must use certificate-based authentication.
  
+## Set policies and get the app
+
+To enable phone sign-in, you must enable the following policies using Group Policy or MDM.
+
+-  Group Policy: **Computer Configuration** or **User Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Microsoft Passport for Work**
+    - Enable **Use Microsoft Passport for Work**
+    - Enable **Remote Passport**
+- MDM: 
+    - Set **UsePassportForWork** to **True**
+    - Set **Remote\UseRemotePassport** to **True**
+
+To distribute the **Phone Sign-in** app, your organization must have set up Windows Store for Business, with Microsoft added as a Line of Business (LOB) publisher.
+ - The **Phone Sign-in** app must be added to Windows Store for Business for your organization.
+ - Users must install the **Phone sign-in** app on the phone.
 
 
+[Tell people how to sign in using their phone.](prepare-people-to-use-microsoft-passport.md#bmk-remote)
 
 ## Related topics
 

windows/keep-secure/prepare-people-to-use-microsoft-passport.md

@@ -55,14 +55,16 @@ If your policy allows it, people can add Windows Hello to their Passport. Window
 ## <a href="" id="bmk-remote"></a>Use a phone to sign in to a PC
 
 If your enterprise enables phone sign-in, users can pair a phone running Windows 10 Mobile to a PC running Windows 10 and then use an app on the phone to sign in to the PC using their Microsoft Passport credentials.
-> **Note:**  Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
+
  
 **Prerequisites:**
 -   The PC must be joined to the Active Directory domain or Azure AD cloud domain.
 -   The PC must have Bluetooth connectivity.
 -   The phone must be joined to the Azure AD cloud domain, or the user must have added a work account to their personal phone.
--   The free **Phone Sign-in** app must be installed on the phone.
+-   The **Phone Sign-in** app must be installed on the phone.
+
 **Pair the PC and phone**
+
 1.  On the PC, go to **Settings** &gt; **Devices** &gt; **Bluetooth**. Tap the name of the phone and then tap **Pair** to begin pairing.
 
     ![bluetooth pairing](images/btpair.png)
@@ -72,9 +74,11 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows
     ![bluetooth pairing passcode](images/bt-passcode.png)
     
 3.  On the PC, tap **Yes**.
+
 **Sign in to PC using the phone**
+
 1.  Open the **Phone Sign-in** app and tap the name of the PC to sign in to.
-    > **Note: **  The first time that you run the Phone-Sign app, you must add an account.
+    > **Note: **  The first time that you run the **Phone Sign-in** app, you must add an account.
      
 2.  Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account.