diff --git a/windows/security/identity-protection/images/passwordless-experience/edge-on.png b/windows/security/identity-protection/images/passwordless-experience/edge-on.png
new file mode 100644
index 0000000000..98003decd5
Binary files /dev/null and b/windows/security/identity-protection/images/passwordless-experience/edge-on.png differ
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-experience-off.png b/windows/security/identity-protection/images/passwordless-experience/lock-screen-off.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/passwordless-experience-off.png
rename to windows/security/identity-protection/images/passwordless-experience/lock-screen-off.png
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-experience-on.png b/windows/security/identity-protection/images/passwordless-experience/lock-screen-on.png
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/passwordless-experience-on.png
rename to windows/security/identity-protection/images/passwordless-experience/lock-screen-on.png
diff --git a/windows/security/identity-protection/images/passwordless-experience/uac-off.png b/windows/security/identity-protection/images/passwordless-experience/uac-off.png
new file mode 100644
index 0000000000..7ec1062b8e
Binary files /dev/null and b/windows/security/identity-protection/images/passwordless-experience/uac-off.png differ
diff --git a/windows/security/identity-protection/images/passwordless-experience/uac-on.png b/windows/security/identity-protection/images/passwordless-experience/uac-on.png
new file mode 100644
index 0000000000..c24992bbee
Binary files /dev/null and b/windows/security/identity-protection/images/passwordless-experience/uac-on.png differ
diff --git a/windows/security/identity-protection/passwordless-experience.md b/windows/security/identity-protection/passwordless-experience.md
index 96d4c14385..b2147a3048 100644
--- a/windows/security/identity-protection/passwordless-experience.md
+++ b/windows/security/identity-protection/passwordless-experience.md
@@ -14,6 +14,7 @@ ms.topic: how-to
 
 This feature allows organizations to configure devices with a policy that promotes a passwordless user experience on Microsoft Entra joined devices.
 Passwords are inherently not secure and can be stolen through social engineering attacks. While the goal is to have fully passwordless accounts in the organization, this is a fundamental step toward that goal.
+we continue to invest in a journey towards passwordless.
 
 >[!NOTE]
 >Microsoft Entra hybrid joined devices and Active Directory domain joined devices are currently out of scope.
@@ -46,31 +47,68 @@ Alternatively, you can configure devices using a [custom policy][INT-2] with the
 |--------|
 | <li> OMA-URI:**`./Device/Vendor/MSFT/Policy/Config/Authentication/EnablePasswordlessExperience`**</li><li>Data type:**int**</li><li>Value:**`1`**</li>|
 
+## End-user experiences
+
+### Lock screen experience
+
 :::row:::
   :::column span="2":::
-  **Passwordless experience turned off**: The user can sign in using a password, as indicated by the presence of the password credential provider icon :::image type="icon" source="../images/icons/key.svg" border="false"::: in the Windows lock screen.
+  **Passwordless experience turned off**: end-users can sign in using a password, as indicated by the presence of the password credential provider icon :::image type="icon" source="../images/icons/key.svg" border="false"::: in the Windows lock screen.
   :::column-end:::
   :::column span="2":::
-  **Passwordless experience turned on**: The password credential provider icon :::image type="icon" source="../images/icons/key.svg" border="false"::: is missing for a user who enrolled in Windows Hello for Business or signed in with FIDO2 keys.
+  :::image type="content" source="images/passwordless-experience/lock-screen-off.png" lightbox="images/passwordless-experience/lock-screen-off.png" alt-text="Screenshot of the Windows lock screen showing the fingerprint, PIN and password credential providers.":::
   :::column-end:::
 :::row-end:::
 :::row:::
   :::column span="2":::
-  :::image type="content" source="hello-for-business/passwordless-experience-off.png" alt-text="Screenshot of the Windows lock screen showing the fingerprint, PIN and password credential providers.":::
+  **Passwordless experience turned on**: the password credential provider icon :::image type="icon" source="../images/icons/key.svg" border="false"::: is missing for a user who enrolled in Windows Hello for Business or signed in with FIDO2 keys.
   :::column-end:::
   :::column span="2":::
-  :::image type="content" source="hello-for-business/passwordless-experience-on.png" alt-text="Screenshot of the Windows lock screen showing the fingerprint and PIN credential providers only. The password credential provider is missing.":::
+  :::image type="content" source="images/passwordless-experience/lock-screen-on.png" lightbox="images/passwordless-experience/lock-screen-on.png" alt-text="Screenshot of the Windows lock screen showing the fingerprint and PIN credential providers only. The password credential provider is missing.":::
   :::column-end:::
 :::row-end:::
 
+### UAC prompt experience
 
+Depending on [how UAC is configured][UAC-1], end-users will see different experiences when they need to elevate their privileges.
 
+:::row:::
+  :::column span="2":::
+  **Passwordless experience turned off**: UAC elevation allows the user to authenticate using a password.
+  :::column-end:::
+  :::column span="2":::
+  :::image type="content" source="images/passwordless-experience/uac-off.png" lightbox="images/passwordless-experience/uac-off.png" alt-text="Screenshot of the UAC prompt showing username and password fields.":::
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="2":::
+  **Passwordless experience turned on**: UAC elevation prompts doesn't allow the user to use a password.
+  :::column-end:::
+  :::column span="2":::
+  :::image type="content" source="images/passwordless-experience/uac-on.png" lightbox="images/passwordless-experience/uac-on.png" alt-text="Screenshot of the UAC prompt showing fingerprint and PIN options only.":::
+  :::column-end:::
+:::row-end:::
 
-'EnablePasswordlessExperience' is a policy (MDM) that promotes a passwordless user experience on AADJ machines (Hybrid is out of scope for now). It supports Windows core authentication scenarios without requiring passwords. This is a step towards a world without passwords, as we continue to invest in a journey towards passwordless.
+### RDP experience
 
-The existing GP, once configured, disables passwords for "All accounts", so there is no strong recovery mechanism to get on the machine. RDP, RunAs, and in-session auth scenarios are not supported with this GP.
+### Password Manager in a web browser
 
-However, our new feature will hide passwords from In-session auth scenarios like Password Manager in a web browser, Run as administrator, etc. It will also exclude 'Other User' from the policy, so you can log in from this account as a backup mechanism.
+:::row:::
+  :::column span="2":::
+  **Passwordless experience turned off**: UAC elevation allows the user to authenticate using a password.
+  :::column-end:::
+  :::column span="2":::
+  :::image type="content" source="images/passwordless-experience/uac-off.png" lightbox="images/passwordless-experience/uac-off.png" alt-text="Screenshot of the UAC prompt showing username and password fields.":::
+  :::column-end:::
+:::row-end:::
+:::row:::
+  :::column span="2":::
+  **Passwordless experience turned on**: UAC elevation prompts doesn't allow the user to use a password.
+  :::column-end:::
+  :::column span="2":::
+  :::image type="content" source="images/passwordless-experience/uac-on.png" lightbox="images/passwordless-experience/uac-on.png" alt-text="Screenshot of the UAC prompt showing fingerprint and PIN options only.":::
+  :::column-end:::
+:::row-end:::
 
 Once the EnablePasswordlessExperience policy is set:
 
@@ -85,13 +123,15 @@ Q: What is the difference between the existing GP and the new policy?
 A: This new policy is a comprehensive policy for hiding passwords from Windows, compared to the existing GP
 
 Q: What happens if a user cannot sign in with biomentrics and forgot their PIN?
-A: The user can use the PIN Reset feature reset their PIN. Once the PIN Reset feature is configured, a user can reset a PIN from the lock screen and the Settings app.
-    :::image type="content" source="hello-for-business/images/pinreset/pin-reset.gif" alt-text="Animation showing the PIN Reset feature from the lock screen." lightbox="hello-for-business/images/pinreset/pin-reset.gif":::
+A: The user can use the PIN Reset feature to reset their PIN. Once the PIN Reset feature is configured, a user can reset a PIN from the lock screen and the Settings app.
+
+Q: What's the difference between the group policy and the new policy?
+A: The existing GP, once configured, disables passwords for "All accounts", so there is no strong recovery mechanism to get on the machine. RDP, RunAs, and in-session auth scenarios are not supported with this GP. The new policy hides passwords from in-session auth scenarios like Password Manager in a web browser, Run as administrator, etc. It also excludes *Other User* from the policy, so you can sign in from this account as a backup mechanism.
 
 ## Recover a passwordless credential
 
 This feature aims to improve:
-- ​Above-lock Pin Reset flow
+
 -  Web Sign-in Infrastructure
   - On demand web-based experience for credential recovery
   - Enable a web sign in policy : Cred provider primarily used as a bootstrap mechanism for enterprises [enablewebsignin][CSP-2]​
@@ -121,8 +161,10 @@ Example: When TPM is cleared out/something goes wrong, on demand web-based exper
 This new work moves the Web Sign-in infrastructure from the Cloud Host Experience (CHX) WebApp to the newly written Login Web Host (LWH) for the September moment. This now provides better security, reliability to support the existing as well as new workflows. We are using the same LWH infra previously built for EDU scenarios. This means, in addition to TAP, it is now opened to all AAD auth methods.
 PIN Reset flow is still the same, we have made some improvements, which include a reliable UI experience when a user clicks on "I forgot my PIN", on the first click, the user will be redirected to the MFA web app for authentication and can change the PIN seamlessly.
 
+
 <!--links used in this document-->
 
 [CSP-1]: /windows/client-management/mdm/policy-csp-authentication#enablepasswordlessexperience
 [CSP-2]: /windows/client-management/mdm/policy-csp-authentication#enablewebsignin
 [INT-2]: /mem/intune/configuration/custom-settings-windows-10
+[UAC-1]: /windows/security/application-security/application-control/user-account-control/settings-and-configuration?tabs=intune