updates

windows/security/identity-protection/web-sign-in/index.md

@@ -118,10 +118,11 @@ Here's a list of key scenarios that are supported by Web sign-in, and a brief an
 :::row:::
   :::column span="3":::
   **Sign in with a federated identity**\
-  If the Microsoft Entra ID tenant is federated with a third-party SAML-P identity provider (IdP), federated users can sign to the Windows devices.
-
-  > [!TIP]
-  > To simplify the sign in experience, configure the preferred tenant policy, as it automatically redirect the sign in prompt to the IdP. For more information, see
+  If the Microsoft Entra ID tenant is federated with a third-party SAML-P identity provider (IdP), federated users can sign using the Web sign-in credential provider.
+> [!TIP]
+> To improve the user experience for federated identities:
+> - Configure the *preferred Azure AD tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page. For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-1]
+> - Enable Windows Hello for Business. Once the user signs in, the user can enroll in Windows Hello for Business and then use it to sign in to the device
   :::column-end:::
   :::column span="1":::
   :::image type="content" source="images/web-sign-in-federated-auth.png" border="false" lightbox="images/web-sign-in-federated-auth.gif" alt-text="Animation of the sign in experience with a federated user.":::
@@ -130,19 +131,12 @@ Here's a list of key scenarios that are supported by Web sign-in, and a brief an
 
 ## Important considerations
 
-Here's a list of important considerations to keep in mind when configuring Web sign-in:
+Here's a list of important considerations to keep in mind when configuring or using Web sign-in:
 
-- Cached credentials are not supported. If the device is offline, the user can't use the Web sign-in credential provider to sign in
+- Cached credentials are not supported with Web sign-in. If the device is offline, the user can't use the Web sign-in credential provider to sign in
 - When signing off, the user is not displayed in the user selection list
 - Once enabled, the Web sign-in credential provider is the default credential provider for new users signing in to the device. To change the default credential provider, you can use the [DefaultCredentialProvider][WIN-2] ADMX-backed policy
 
-### Sign in with federated identities
-
-In case of federated identities, here are some tips to improve the user experience:
-
-- Configure the *preferred Azure AD tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page. For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-1]
-- Enable Windows Hello for Business. Once the user signs in, the user can enroll in Windows Hello for Business and then use it to sign in to the device
-
 ### Known issues
 
 - If you attempt to sign in while the device is offline, you will receive the following message: *It doesn't look that you're connected to the Internet. Check your connection and try again.*. Selecting the *Back to sign-in* option doesn't bring you back to the lock screen. As a workaround, you can press <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the lock screen.
@@ -156,6 +150,7 @@ To provide feedback for Windows Hello for Business passwordless experience, open
 [AAD-1]: /azure/active-directory/authentication/howto-authentication-passwordless-phone
 [AAD-2]: /azure/active-directory/authentication/concept-authentication-passwordless
 [AAD-3]: /azure/active-directory/authentication/howto-authentication-temporary-access-pass
+[FHUB]: feedback-hub://?tabid=2&newFeedback=true&feedbackType=1
 [INT-1]: /mem/intune/configuration/custom-settings-windows-10
 [KB-1]: https://support.microsoft.com/kb/5030310
 [WIN-1]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname