diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index ee723db1ff..f4e8cb2358 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -30,7 +30,7 @@ A "\*Session" credential implies that it is valid for the current user session.
 The credentials are also cleaned up when the WiFi or VPN connection is disconnected.
 
 > [!NOTE]
-> In Windows 10 version 21h2 or newer, "\*Session" credential is not visible in Credential Manager.
+> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager.
 
 For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it.
 For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).