passkey updates

includes/licensing/passkeys.md

@@ -7,13 +7,13 @@ ms.topic: include
 
 ## Windows edition and licensing requirements
 
-The following table lists the Windows editions that support Passkey:
+The following table lists the Windows editions that support passkeys:
 
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
 
-Passkey license entitlements are granted by the following licenses:
+Passkeys license entitlements are granted by the following licenses:
 
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|

windows/security/identity-protection/passkeys/index.md

@@ -1,5 +1,5 @@
 ---
-title: Passkey support in Windows
+title: Support for passkeys in Windows
 description: Learn about passkeys and how to use them on Windows devices.
 ms.collection: 
 - highpri
@@ -10,11 +10,14 @@ appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 ---
 
-# Passkey support in Windows
+# Support for passkeys in Windows
 
 Passkeys provide a more secure and convenient method to logging into websites and applications compared to passwords. Unlike passwords, which users must remember and type, passkeys are stored as secrets on a device and can use a device's unlock mechanism (such as biometrics or a PIN). Passkeys can be used without the need for other sign in challenges, making the authentication process faster, secure, and more convenient.
 
-Starting in Windows 11, version 22H2 with [KB5030310][KB-1], you can use passkeys with any applications or websites that support them to create and sign in with the Windows Hello native experience. Once a passkey is created and stored with Windows Hello, you can use Windows Hello (biometrics and PIN) or a companion device (phone or tablet) to sign in.
+You can use passkeys with any applications or websites that support them to create and sign in with the Windows Hello native experience. Once a passkey is created and stored with Windows Hello, you can use Windows Hello (biometrics and PIN) or a companion device (phone or tablet) to sign in.
+
+> [!NOTE]
+> Windows provides a *native experience* for passkey management starting in Windows 11, version 22H2 with [KB5030310][KB-1]. However, passkey support is available in all supported versions of Windows clients.
 
 This article describes how to create and use passkeys on Windows devices.
 
@@ -30,11 +33,7 @@ FIDO protocols prioritize user privacy, as they're designed to prevent online se
 
 Passkeys have several advantages over passwords, including their ease of use and intuitive nature. Unlike passwords, passkeys don't require a creation process, don't need to be remembered, and don't need to be safeguarded. Additionally, passkeys are unique to each website or application, preventing their reuse. They're highly secure because they're only stored on the user's devices, with the service only storing public keys. Passkeys are resistant to phishing attempts, as they're enforced by the browsers or operating systems to only be used for the appropriate service, rather than relying on human verification. Finally, passkeys provide cross-device and cross-platform authentication, meaning that a passkey from one device can be used to sign in on another device.
 
-## System requirements
-
-Windows provides a native experience for passkey management starting in Windows 11, version 22H2 with [KB5030310][KB-1].
-
-[!INCLUDE [passkey](../../../../includes/licensing/passkey.md)]
+[!INCLUDE [passkey](../../../../includes/licensing/passkeys.md)]
 
 ## User experiences
 
@@ -105,7 +104,7 @@ Pick one of the following options to learn how to save a passkey, based on where
   :::column-end:::
 :::row-end:::
 
-#### [:::image type="icon" source="images/qr-code.svg" border="false"::: **Phone or tablet**](#tab/mobile)
+#### [:::image type="icon" source="images/qr-code.svg" border="false"::: **New phone or tablet**](#tab/mobile)
 
 :::row:::
   :::column span="3":::
@@ -128,7 +127,7 @@ Pick one of the following options to learn how to save a passkey, based on where
   :::column-end:::
 :::row-end:::
 
-#### [:::image type="icon" source="images/phone.svg" border="false"::: **Linked device**](#tab/linked)
+#### [:::image type="icon" source="images/phone.svg" border="false"::: **Linked phone or tablet**](#tab/linked)
 
 :::row:::
   :::column span="3":::
@@ -236,7 +235,7 @@ Pick one of the following options to learn how to use a passkey, based on where
   :::column-end:::
 :::row-end:::
 
-#### [:::image type="icon" source="images/qr-code.svg" border="false"::: **Phone or tablet**](#tab/mobile)
+#### [:::image type="icon" source="images/qr-code.svg" border="false"::: **New phone or tablet**](#tab/mobile)
 
 :::row:::
   :::column span="3":::
@@ -256,7 +255,7 @@ Pick one of the following options to learn how to use a passkey, based on where
   :::column-end:::
 :::row-end:::
 
-#### [:::image type="icon" source="images/phone.svg" border="false"::: **Linked device**](#tab/linked)
+#### [:::image type="icon" source="images/phone.svg" border="false"::: **Linked phone or tablet**](#tab/linked)
 
 :::row:::
   :::column span="3":::
@@ -312,7 +311,7 @@ To view and manage passkeys saved for apps or websites, go to **Settings > Accou
 :::image type="content" source="images/delete-passkey.png" alt-text="Screenshot of the Settings app showing the delete option for a passkey." lightbox="images/delete-passkey.png" border="false":::
 
 > [!NOTE]
-> You can't delete the passkey used to sign in to your Windows device, either Microsoft Entra ID or Microsoft Account.
+> Some passkeys for *login.microsoft.com* can't be deleted, as they're used with Microsoft Entra ID and/or Microsoft Account for signing in to the device and Microsoft services.
 
 ## Provide feedback
 

windows/security/identity-protection/toc.yml

@@ -13,8 +13,8 @@ items:
       href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key
     - name: Windows passwordless experience
       href: passwordless-experience/index.md
-    - name: Passkey
-      href: passkey/index.md
+    - name: Passkeys
+      href: passkeys/index.md
     - name: Smart Cards
       href: smart-cards/toc.yml
     - name: Virtual smart cards

windows/security/includes/sections/identity.md

@@ -13,7 +13,7 @@ ms.topic: include
 | **[Windows presence sensing](https://support.microsoft.com/windows/managing-presence-sensing-settings-in-windows-11-82285c93-440c-4e15-9081-c9e38c1290bb)** | Windows presence sensing provides another layer of data security protection for hybrid workers. Windows 11 devices can intelligently adapt to your presence to help you stay secure and productive, whether you're working at home, the office, or a public environment. Windows presence sensing combines presence detection sensors with Windows Hello facial recognition to automatically lock your device when you leave, and then unlock your device and sign you in using Windows Hello facial recognition when you return. Requires OEM supporting hardware. |
 | **[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)** | Windows Hello biometrics also supports enhanced sign-in security, which uses specialized hardware and software components to raise the security bar even higher for biometric sign in. <br><br>Enhanced sign-in security biometrics uses VBS and the TPM to isolate user authentication processes and data and secure the pathway by which the information is communicated. These specialized components protect against a class of attacks that include biometric sample injection, replay, tampering, and more. <br><br>For example, fingerprint readers must implement Secure Device Connection Protocol, which uses key negotiation and a Microsoft-issued certificate to protect and securely store user authentication data. For facial recognition, components such as the Secure Devices (SDEV) table and process isolation with trustlets help prevent additional class of attacks. |
 | **[Windows passwordless experience](/windows/security/identity-protection/passwordless-experience)** | Windows passwordless experience is a security policy that aims to create a more user-friendly experience for Microsoft Entra joined devices by eliminating the need for passwords in certain authentication scenarios. By enabling this policy, users will not be given the option to use a password in these scenarios, which helps organizations transition away from passwords over time. |
-| **[Passkey](/windows/security/identity-protection/passkey)** | Passkeys provide a more secure and convenient method to logging into websites and applications compared to passwords. Unlike passwords, which users must remember and type, passkeys are stored as secrets on a device and can use a device's unlock mechanism (such as biometrics or a PIN). Passkeys can be used without the need for other sign in challenges, making the authentication process faster, secure, and more convenient. |
+| **[Passkeys](/windows/security/identity-protection/passkey)** | Passkeys provide a more secure and convenient method to logging into websites and applications compared to passwords. Unlike passwords, which users must remember and type, passkeys are stored as secrets on a device and can use a device's unlock mechanism (such as biometrics or a PIN). Passkeys can be used without the need for other sign in challenges, making the authentication process faster, secure, and more convenient. |
 | **[FIDO2 security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)** | Fast Identity Online (FIDO) defined CTAP and WebAuthN specifications are becoming the open standard for providing strong authentication that is non-phishable, user-friendly, and privacy-respecting with implementations from major platform providers and relying parties. FIDO standards and certifications are becoming recognized as the leading standard for creating secure authentication solutions across enterprises, governments, and consumer markets. <br><br>Windows 11 can use external FIDO2 security keys for authentication alongside or in addition to Windows Hello which is also a FIDO2 certified passwordless solution. Windows 11 can be used as a FIDO authenticator for many popular identity management services. |
 | **[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)** | Organizations also have the option of using smart cards, an authentication method that pre-dates biometric sign in. Smart cards are tamper-resistant, portable storage devices that can enhance Windows security when authenticating clients, signing code, securing e-mail, and signing in with Windows domain accounts. Smart cards can only be used to sign into domain accounts, not local accounts. When a password is used to sign into a domain account, Windows uses the Kerberos version 5 (v5) protocol for authentication. If you use a smart card, the operating system uses Kerberos v5 authentication with X.509 v3 certificates. |
 

windows/security/index.yml

@@ -78,7 +78,7 @@ productDirectory:
         - url: /windows/security/identity-protection/web-sign-in
           text: Web sign-in for Windows
         - url: /windows/security/identity-protection/passkey
-          text: Passkey support in Windows 
+          text: Support for passkeys in Windows
         - url: /windows/security/operating-system-security/virus-and-threat-protection/microsoft-defender-smartscreen/enhanced-phishing-protection
           text: Enhanced phishing protection with SmartScreen
         - url: /windows/security/identity-protection