From 792b13f2bc6221a805ecfb988c1f5d661a72c25d Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 28 Apr 2025 06:56:18 -0400
Subject: [PATCH] updates

---
 .../hello-for-business/includes/expiration.md        | 12 +++++-------
 .../hello-for-business/includes/history.md           |  9 ++++-----
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/includes/expiration.md b/windows/security/identity-protection/hello-for-business/includes/expiration.md
index 88a546837d..9972048e4a 100644
--- a/windows/security/identity-protection/hello-for-business/includes/expiration.md
+++ b/windows/security/identity-protection/hello-for-business/includes/expiration.md
@@ -16,11 +16,9 @@ The default value is 0.
 | **CSP** | `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[devicetenantidpoliciespincomplexityexpiration](/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexityexpiration)<br><br>`./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[usertenantidpoliciespincomplexityexpiration](/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexityexpiration) |
 | **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity**|
 
-> [!NOTE]
-> Starting with Windows 11, version 23H2, Windows Hello uses Virtualization-based security (VBS) to isolate credentials on devices that support [Enhanced Security Settings (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security).
->
-> Starting with Windows 11, version 24H2, Windows Hello uses VBS to isolate credentials on all devices that have VBS enabled.
->
-> On such devices, PIN expiration is not supported.
-
 
+> [!IMPORTANT]
+> PIN expiration is not supported on:
+>
+> - Devices with [Enhanced Security Settings (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) enabled, since Windows Hello uses Virtualization-based Security (VBS) to isolate credentials.
+> - Starting with Windows 11, version 24H2, on all devices that have with VBS enabled.
diff --git a/windows/security/identity-protection/hello-for-business/includes/history.md b/windows/security/identity-protection/hello-for-business/includes/history.md
index 2b1c3e1f91..46ac380c74 100644
--- a/windows/security/identity-protection/hello-for-business/includes/history.md
+++ b/windows/security/identity-protection/hello-for-business/includes/history.md
@@ -19,9 +19,8 @@ The default value is 0.
 | **CSP** | `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[devicetenantidpoliciespincomplexityhistory](/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexityhistory)<br><br>`./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[usertenantidpoliciespincomplexityhistory](/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexityhistory) |
 | **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity** |
 
-> [!NOTE]
-> Starting with Windows 11, version 23H2, Windows Hello uses Virtualization-based security (VBS) to isolate credentials on devices that support [Enhanced Security Settings (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security).
+> [!IMPORTANT]
+> PIN history is not supported on:
 >
-> Starting with Windows 11, version 24H2, Windows Hello uses VBS to isolate credentials on all devices that have VBS enabled.
->
-> On such devices, PIN history is not supported.
+> - Devices with [Enhanced Security Settings (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) enabled, since Windows Hello uses Virtualization-based Security (VBS) to isolate credentials.
+> - Starting with Windows 11, version 24H2, on all devices that have with VBS enabled.
\ No newline at end of file