diff --git a/windows/security/identity-protection/hello-for-business/includes/expiration.md b/windows/security/identity-protection/hello-for-business/includes/expiration.md
index f73356aa04..498fe0730d 100644
--- a/windows/security/identity-protection/hello-for-business/includes/expiration.md
+++ b/windows/security/identity-protection/hello-for-business/includes/expiration.md
@@ -15,3 +15,6 @@ The default value is 0.
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[devicetenantidpoliciespincomplexityexpiration](/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexityexpiration)<br><br>`./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[usertenantidpoliciespincomplexityexpiration](/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexityexpiration) |
 | **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity**|
+
+> [!NOTE]
+> Starting with Windows 11, version 24H2, Windows Hello is further hardened by default to use Virtualization-based security (VBS) to isolate credentials. This enhancement is automatically applied on devices that support VBS and have it enabled. However, it's important to note that PIN expiration is not supported on such devices. This change aims to enhance security by ensuring that credentials are protected in a more secure environment.
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/includes/history.md b/windows/security/identity-protection/hello-for-business/includes/history.md
index 3aad27181a..80d06d2b1b 100644
--- a/windows/security/identity-protection/hello-for-business/includes/history.md
+++ b/windows/security/identity-protection/hello-for-business/includes/history.md
@@ -18,3 +18,6 @@ The default value is 0.
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[devicetenantidpoliciespincomplexityhistory](/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciespincomplexityhistory)<br><br>`./User/Vendor/MSFT/PassportForWork/{TenantId}/Policies/PINComplexity/`[usertenantidpoliciespincomplexityhistory](/windows/client-management/mdm/passportforwork-csp#usertenantidpoliciespincomplexityhistory) |
 | **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity** |
+
+> [!NOTE]
+> Starting with Windows 11, version 24H2, Windows Hello is further hardened by default to use Virtualization-based security (VBS) to isolate credentials. This enhancement is automatically applied on devices that support VBS and have it enabled. However, it's important to note that PIN history is not supported on such devices. This change aims to enhance security by ensuring that credentials are protected in a more secure environment.