diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 51f56ffbbb..d62b5b232d 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -7,8 +7,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer: bobgil
manager: dansimp
---
@@ -37,6 +36,9 @@ manager: dansimp
Authentication/AllowSecondaryAuthenticationDevice
+
+ Authentication/ConfigureWebSignInAllowedUrls
+
Authentication/EnableFastFirstSignIn
@@ -359,6 +361,68 @@ The following list shows the supported values:
+
+**Authentication/ConfigureWebSignInAllowedUrls**
+
+
+
+
+ | Windows Edition |
+ Supported? |
+
+
+ | Home |
+  |
+
+
+ | Pro |
+  4 |
+
+
+ | Business |
+ 4 |
+
+
+ | Enterprise |
+ 4 |
+
+
+ | Education |
+ 4 |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+
+**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**Authentication/EnableFastFirstSignIn**
@@ -579,4 +643,3 @@ Footnotes:
- 8 - Available in Windows 10, version 2004.
-