diff --git a/windows/security/book/application-security-application-and-driver-control.md b/windows/security/book/application-security-application-and-driver-control.md
index 76c079d89d..35029d3cfa 100644
--- a/windows/security/book/application-security-application-and-driver-control.md
+++ b/windows/security/book/application-security-application-and-driver-control.md
@@ -70,3 +70,12 @@ The Windows kernel is the most privileged software and is therefore a compelling
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
 - [Microsoft recommended driver block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)
+
+## Trusted signing
+
+It is a Microsoft fully managed end-to-end signing solution that simplifies the signing process and empowers 3rd party developers to easily build and distribute applications. This feature is currently in public preview and is part of Microsoft’s commitment to an open, inclusive, and secure ecosystem.
+
+:::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
+
+- [What is Trusted Signing](https://learn.microsoft.com/en-us/azure/trusted-signing/overview)
+- [Public Preview Blog](https://techcommunity.microsoft.com/t5/security-compliance-and-identity/trusted-signing-is-in-public-preview/ba-p/4103457)
diff --git a/windows/security/book/hardware-security-silicon-assisted-security.md b/windows/security/book/hardware-security-silicon-assisted-security.md
index 5a65ad9e76..3cbbe8093d 100644
--- a/windows/security/book/hardware-security-silicon-assisted-security.md
+++ b/windows/security/book/hardware-security-silicon-assisted-security.md
@@ -24,11 +24,11 @@ Since more privileged virtual trust levels (VTLs) can enforce their own memory p
 
 - [Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)
 
-**Virtualization-based security enclaves**, a tool to allow developers to use VBS by building a secure enclave within their applications, which lives in secure memory.
+A [**Virtualization-based security enclave**](https://learn.microsoft.com/en-us/windows/win32/trusted-execution/vbs-enclaves), is a software-based trusted execution environment (TEE) inside a host application. VBS enclaves enable developers to leverage VBS to protect their application's secrets from admin-level attacks. VBS enclaves are available on Windows 10 onwards on both x64 and ARM64.
 
-**Hypervisor-enforced Paging Translation (HVPT)**, overall security enhancement for the system. Protects linear address translations from being tampered with.
+**Hypervisor-enforced Paging Translation (HVPT)** is an overall security enhancement for the system. HVPT protects linear address translations from being tampered with, to protect sensitive system structures from write-what-where attacks. HVPT will be available on x64 machines as of Fall 2024.
 
-**Memory integrity**, also called Hypervisor-protected code integrity (HVCI), uses VBS to run Kernel Mode Code Integrity (KMCI) inside the secure VBS environment instead of the main Windows kernel. This helps prevent attacks that attempt to modify kernel-mode code for things like drivers. The KMCI checks that all kernel code is properly signed and hasn't been tampered with before it's allowed to run. Memory integrity ensures that only validated code can be executed in kernel mode. The hypervisor leverages processor virtualization extensions to enforce memory protections that prevent kernel-mode software from executing code that hasn't been first validated by the code integrity subsystem. Memory integrity protects against common attacks like WannaCry that rely on the ability to inject malicious code into the kernel. Memory integrity can prevent injection of malicious kernel-mode code even when drivers and other kernel-mode software have bugs.
+**Hypervisor-protected code integrity (HVCI)**, also called memory integrity, uses VBS to run Kernel Mode Code Integrity (KMCI) inside the secure VBS environment instead of the main Windows kernel. This helps prevent attacks that attempt to modify kernel-mode code for things like drivers. The KMCI checks that all kernel code is properly signed and hasn't been tampered with before it is allowed to run. HVCI ensures that only validated code can be executed in kernel mode. The hypervisor leverages processor virtualization extensions to enforce memory protections that prevent kernel-mode software from executing code that has not been first validated by the code integrity subsystem. HVCI protects against common attacks like WannaCry that rely on the ability to inject malicious code into the kernel. HVCI can prevent injection of malicious kernel-mode code even when drivers and other kernel-mode software have bugs.
 
 With new installs of Windows 11, OS support for VBS and HVCI is turned on by default for all devices that meet prerequisites.
 
diff --git a/windows/security/book/identity-protection-advanced-credential-protection.md b/windows/security/book/identity-protection-advanced-credential-protection.md
index 83606ffc5d..8c803c6252 100644
--- a/windows/security/book/identity-protection-advanced-credential-protection.md
+++ b/windows/security/book/identity-protection-advanced-credential-protection.md
@@ -57,7 +57,7 @@ Administrator credentials are highly privileged and must be protected. When Remo
 
 ## VBS Key Protection
 
-VBS key protection helps secure Windows keys using virtualization-based security (VBS). VBS uses the virtualization extension capability of the CPU to create an isolated runtime outside of the normal OS. When in use, VBS keys are isolated in a secure process, allowing key operations to occur without ever exposing the private key material outside of this space. At rest, private key material is encrypted by a TPM key which binds VBS keys to the device. Keys protected in this way cannot be dumped from process memory or exported in plain text from a user’s machine, preventing exfiltration attacks by any admin-level attacker.
+VBS key protection enables developers to secure cryptographic keys using virtualization-based security (VBS). VBS uses the virtualization extension capability of the CPU to create an isolated runtime outside of the normal OS. When in use, VBS keys are isolated in a secure process, allowing key operations to occur without ever exposing the private key material outside of this space. At rest, private key material is encrypted by a TPM key which binds VBS keys to the device. Keys protected in this way cannot be dumped from process memory or exported in plain text from a user’s machine, preventing exfiltration attacks by any admin-level attacker.
 
 ## Token protection
 
diff --git a/windows/security/book/identity-protection-passwordless-sign-in.md b/windows/security/book/identity-protection-passwordless-sign-in.md
index 00ee61f822..20e84ff4e3 100644
--- a/windows/security/book/identity-protection-passwordless-sign-in.md
+++ b/windows/security/book/identity-protection-passwordless-sign-in.md
@@ -102,6 +102,8 @@ Privacy is top of mind and more important than ever. Customers want to have grea
 
 Users can also take advantage of more granular settings to easily enable and disable differentiated presence sensing features like wake on approach, lock on leave, and adaptive dimming. We are also supporting developers with new APIs for presence sensing for thirdparty applications. Third-party applications can now access user presence information on devices with modern presence sensors.
 
+Newer presence sensors can support multi-person detection making them able to detect people looking at your screen and with Privacy Screen Dim intelligently dim it to warn you.
+
 :::image type="icon" source="images/learn-more.svg" border="false"::: **Learn more:**
 
 - [Presence sensing](/windows-hardware/design/device-experiences/sensors-presence-sensing)