diff --git a/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png b/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png
index 8f804b9185..92585d5426 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png and b/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 34d2a618b4..8eeb11bcc2 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -139,12 +139,16 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </ul>
 </td></tr>
 <tr>
+<td style="vertical-align:top"><a href="applicationcontrol-csp.md" data-raw-source="[ApplicationControl CSP](applicationcontrol-csp.md)">ApplicationControl CSP</a></td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
+</td></tr>
+<tr>
 <td style="vertical-align:top"><a href="enrollmentstatustracking-csp.md" data-raw-source="[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)">EnrollmentStatusTracking CSP</a></td>
 <td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
 </td></tr>
 <tr>
-<td style="vertical-align:top"><a href="applicationcontrol-csp.md" data-raw-source="[ApplicationControl CSP](applicationcontrol-csp.md)">ApplicationControl CSP</a></td>
-<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
+<td style="vertical-align:top"><a href="passportforwork-csp.md" data-raw-source="[PassportForWork CSP](passportforwork-csp.md)">PassportForWork CSP</a></td>
+<td style="vertical-align:top"><p>Added the following new nodes in Windows 10, version 1903:<br>SecurityKey, SecurityKey/UseSecurityKeyForSignin</p>
 </td></tr>
 </tbody>
 </table>
@@ -1893,6 +1897,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 |--- | ---|
 |[Policy CSP](policy-configuration-service-provider.md)|Added the following list:<br>Policies supported by HoloLens 2|
 |[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
+|[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:<br>SecurityKey, SecurityKey/UseSecurityKeyForSignin|
 |[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:<br>LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
 |Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider|
 
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 63bdce6713..b7b64e75fe 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -9,14 +9,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 10/31/2018
+ms.date: 07/19/2019
 ---
 
 # PassportForWork CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to login to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
 
 > [!IMPORTANT]
@@ -231,8 +228,6 @@ If you set this policy to true, Windows requires all users on managed devices to
 
 Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.
 
-
-
 Supported operations are Add, Get, Delete, and Replace.
 
 *Not supported on Windows Holographic and Windows Holographic for Business.*
@@ -269,6 +264,23 @@ Added in Windows 10, version 1803. List of plugins (comma separated) that the pa
 
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
+<a href="" id="securitykey"></a>**SecurityKey** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1903. Interior node.
+
+Scope is permanent. Supported operation is Get.
+
+
+<a href="" id="securitykey-usesecuritykeyforsignin"></a>**SecurityKey/UseSecurityKeyForSignin** (only for ./Device/Vendor/MSFT)  
+Added in Windows 10, version 1903. Enables users to sign-in to their device with a [FIDO2 security key](https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys) that is compatible with Microsoft’s implementation.
+
+Scope is dynamic. Supported operations are Add, Get, Replace, and Delete.
+
+Value type is integer. 
+
+Valid values:  
+- 0 (default) - disabled.
+- 1 - enabled.
+
 ## Examples
 
 Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM.
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index f9dcc69e22..7eaea8a237 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -9,19 +9,16 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 07/26/2017
+ms.date: 07/29/2019
 ---
 
 # PassportForWork DDF
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic shows the OMA DM device description framework (DDF) for the **PassportForWork** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1809.
+The XML below is for Windows 10, version 1903.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -47,7 +44,7 @@ The XML below is for Windows 10, version 1809.
             <Permanent />
           </Scope>
           <DFType>
-            <MIME>com.microsoft/1.5/MDM/PassportForWork</MIME>
+            <MIME>com.microsoft/1.6/MDM/PassportForWork</MIME>
           </DFType>
         </DFProperties>
         <Node>
@@ -1264,7 +1261,7 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re
                     <Replace />
                 </AccessType>
                 <DefaultValue>False</DefaultValue>
-                <Description>Enables/Disables Dynamic Lock</Description>
+                <Description>Enables/Disables Dyanamic Lock</Description>
                 <DFFormat>
                     <bool />
                 </DFFormat>
@@ -1304,6 +1301,52 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re
             </DFProperties>
           </Node>
         </Node>
+        <Node>
+          <NodeName>SecurityKey</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <Description>Security Key</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>UseSecurityKeyForSignin</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <DefaultValue>0</DefaultValue>
+                <Description>Use security key for signin. 0 is disabled. 1 is enable. If you do not configure this policy setting, the default is disabled.</Description>
+                <DFFormat>
+                    <int />
+                </DFFormat>
+                <Occurrence>
+                    <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
       </Node>
 </MgmtTree>
 ```