From c9c6f020437e40ba4b7bd9a718490878af101d65 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 22 Aug 2023 10:30:11 -0400
Subject: [PATCH] updates

---
 .../passwordless-experience.md                | 34 ---------------
 .../hello-for-business/toc.yml                |  4 --
 .../passwordless-experience.md                | 42 +++++++++++++++++++
 windows/security/identity-protection/toc.yml  |  4 ++
 4 files changed, 46 insertions(+), 38 deletions(-)
 delete mode 100644 windows/security/identity-protection/hello-for-business/passwordless-experience.md
 create mode 100644 windows/security/identity-protection/passwordless-experience.md

diff --git a/windows/security/identity-protection/hello-for-business/passwordless-experience.md b/windows/security/identity-protection/hello-for-business/passwordless-experience.md
deleted file mode 100644
index 52107bdbf3..0000000000
--- a/windows/security/identity-protection/hello-for-business/passwordless-experience.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Passwordless experience
-description: Learn how Passworless experience allows your users to move away from passwords.
-ms.collection: 
-  - highpri
-  - tier1
-ms.date: 08/15/2023
-ms.topic: how-to
----
-
-# Passwordless experience
-
-## Enable Passwordless experience with Intune
-
-[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
-
-| Category | Setting name | Value |
-|--|--|--|
-| **Authentication** | Enable Passwordless Experience | Enabled |
-
-[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
-
-Alternatively, you can configure devices using a [custom policy][INT-3] with the [Policy CSP][CSP-1]. 
-
-| Setting |
-|--------|
-| - **OMA-URI:** `./Device/Vendor/MSFT/Policy/Config/Authentication/EnablePasswordlessExperience`<br>- **Data type:** int<br>- **Value:** `1`|
-
-<!--links used in this document-->
-
-[CSP-1]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions
-
-[MEM-1]: /mem/intune/configuration/settings-catalog
-[MEM-2]: /mem/intune/configuration/custom-settings-windows-10
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index 79e0d39f68..0d9572d99e 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -4,8 +4,6 @@ items:
 - name: Concepts
   expanded: true
   items:
-  - name: Passwordless strategy
-    href: passwordless-strategy.md
   - name: Why a PIN is better than a password
     href: hello-why-pin-is-better-than-password.md
   - name: Windows Hello biometrics in the enterprise
@@ -110,8 +108,6 @@ items:
     href: hello-and-password-changes.md
 - name: Windows Hello for Business features
   items:
-  - name: Passwordless experience
-    href: passwordless-experience.md
   - name: PIN reset
     href: hello-feature-pin-reset.md
   - name: Dual enrollment
diff --git a/windows/security/identity-protection/passwordless-experience.md b/windows/security/identity-protection/passwordless-experience.md
new file mode 100644
index 0000000000..a23936037b
--- /dev/null
+++ b/windows/security/identity-protection/passwordless-experience.md
@@ -0,0 +1,42 @@
+---
+title: Passwordless experience
+description: Learn how Passworless experience enables your organization to move away from passwords.
+ms.collection: 
+  - highpri
+  - tier1
+ms.date: 08/15/2023
+ms.topic: how-to
+---
+
+# Passwordless experience
+
+## Overview
+
+Starting in Windows 11, version 22H2 with [KB5030310](https://support.microsoft.com/kb/5030310)
+
+Starting in Windows 11, version 23H2, Passwordless experience is a security feature that enables your organization to move away from passwords. Once enable, Windows users can sign in to their devices using Windows Hello for Business or a FIDO2 security key only. This feature is available for Azure Active Directory (Azure AD) joined devices only.
+
+This article explains how to enable Passwordless experience for your organization and describes the user experience.
+
+## Enable Passwordless experience with Intune
+
+<!--[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]-->
+
+| Category | Setting name | Value |
+|--|--|--|
+| **Authentication** | Enable Passwordless Experience | Enabled |
+
+<!--[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]-->
+
+Alternatively, you can configure devices using a [custom policy][INT-3] with the [Policy CSP][CSP-1]. 
+
+| Setting |
+|--------|
+| <li> OMA-URI:**`./Device/Vendor/MSFT/Policy/Config/Authentication/EnablePasswordlessExperience`**</li><li>Data type:**int**</li><li>Value:**`1`**</li>|
+
+<!--links used in this document-->
+
+[CSP-1]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions
+
+[MEM-1]: /mem/intune/configuration/settings-catalog
+[MEM-2]: /mem/intune/configuration/custom-settings-windows-10
\ No newline at end of file
diff --git a/windows/security/identity-protection/toc.yml b/windows/security/identity-protection/toc.yml
index d8e6726e39..d62a17ae55 100644
--- a/windows/security/identity-protection/toc.yml
+++ b/windows/security/identity-protection/toc.yml
@@ -3,6 +3,10 @@ items:
     href: index.md
   - name: Passwordless sign-in
     items:
+    - name: Passwordless strategy
+      href: passwordless-strategy.md
+    - name: Passwordless experience
+      href: passwordless-experience.md
     - name: Windows Hello for Business 🔗
       href: hello-for-business/index.md
     - name: Windows presence sensing