diff --git a/windows/security/identity-protection/web-sign-in/index.md b/windows/security/identity-protection/web-sign-in/index.md
index 105c621741..3974a7516c 100644
--- a/windows/security/identity-protection/web-sign-in/index.md
+++ b/windows/security/identity-protection/web-sign-in/index.md
@@ -118,10 +118,11 @@ Here's a list of key scenarios that are supported by Web sign-in, and a brief an
:::row:::
:::column span="3":::
**Sign in with a federated identity**\
- If the Microsoft Entra ID tenant is federated with a third-party SAML-P identity provider (IdP), federated users can sign to the Windows devices.
-
- > [!TIP]
- > To simplify the sign in experience, configure the preferred tenant policy, as it automatically redirect the sign in prompt to the IdP. For more information, see
+ If the Microsoft Entra ID tenant is federated with a third-party SAML-P identity provider (IdP), federated users can sign using the Web sign-in credential provider.
+> [!TIP]
+> To improve the user experience for federated identities:
+> - Configure the *preferred Azure AD tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page. For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-1]
+> - Enable Windows Hello for Business. Once the user signs in, the user can enroll in Windows Hello for Business and then use it to sign in to the device
:::column-end:::
:::column span="1":::
:::image type="content" source="images/web-sign-in-federated-auth.png" border="false" lightbox="images/web-sign-in-federated-auth.gif" alt-text="Animation of the sign in experience with a federated user.":::
@@ -130,19 +131,12 @@ Here's a list of key scenarios that are supported by Web sign-in, and a brief an
## Important considerations
-Here's a list of important considerations to keep in mind when configuring Web sign-in:
+Here's a list of important considerations to keep in mind when configuring or using Web sign-in:
-- Cached credentials are not supported. If the device is offline, the user can't use the Web sign-in credential provider to sign in
+- Cached credentials are not supported with Web sign-in. If the device is offline, the user can't use the Web sign-in credential provider to sign in
- When signing off, the user is not displayed in the user selection list
- Once enabled, the Web sign-in credential provider is the default credential provider for new users signing in to the device. To change the default credential provider, you can use the [DefaultCredentialProvider][WIN-2] ADMX-backed policy
-### Sign in with federated identities
-
-In case of federated identities, here are some tips to improve the user experience:
-
-- Configure the *preferred Azure AD tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page. For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-1]
-- Enable Windows Hello for Business. Once the user signs in, the user can enroll in Windows Hello for Business and then use it to sign in to the device
-
### Known issues
- If you attempt to sign in while the device is offline, you will receive the following message: *It doesn't look that you're connected to the Internet. Check your connection and try again.*. Selecting the *Back to sign-in* option doesn't bring you back to the lock screen. As a workaround, you can press Ctrl+Alt+Delete to get back to the lock screen.
@@ -156,6 +150,7 @@ To provide feedback for Windows Hello for Business passwordless experience, open
[AAD-1]: /azure/active-directory/authentication/howto-authentication-passwordless-phone
[AAD-2]: /azure/active-directory/authentication/concept-authentication-passwordless
[AAD-3]: /azure/active-directory/authentication/howto-authentication-temporary-access-pass
+[FHUB]: feedback-hub://?tabid=2&newFeedback=true&feedbackType=1
[INT-1]: /mem/intune/configuration/custom-settings-windows-10
[KB-1]: https://support.microsoft.com/kb/5030310
[WIN-1]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname