Merge pull request #216197 from libbro2006/patch-1

prmerger-automator[bot] · web-flow · commit d5af7bd6bdb7 · 2022-11-02T16:57:45.000Z
Updating TAP &amp; WIndows devices setup information
diff --git a/articles/active-directory/authentication/howto-authentication-temporary-access-pass.md b/articles/active-directory/authentication/howto-authentication-temporary-access-pass.md
@@ -142,10 +142,15 @@ Users managing their security information at [https://aka.ms/mysecurityinfo](htt
 ![Screenshot of how users can manage a Temporary Access Pass in My Security Info.](./media/how-to-authentication-temporary-access-pass/tap-my-security-info.png)
 
 ### Windows device setup
-Users with a Temporary Access Pass can navigate the setup process on Windows 10 and 11 to perform device join operations and configure Windows Hello For Business. Temporary Access Pass usage for setting up Windows Hello for Business varies based on the devices joined state: 
-- During Azure AD Join setup, users can authenticate with a TAP (no password required) and setup Windows Hello for Business.
-- On already Azure AD Joined devices, users must first authenticate with another method such as a password, smartcard or FIDO2 key, before using TAP to set up Windows Hello for Business. 
-- On Hybrid Azure AD Joined devices, users must first authenticate with another method such as a password, smartcard or FIDO2 key, before using TAP to set up Windows Hello for Business. 
+Users with a Temporary Access Pass can navigate the setup process on Windows 10 and 11 to perform device join operations and configure Windows Hello for Business. Temporary Access Pass usage for setting up Windows Hello for Business varies based on the devices joined state. 
+
+For Azure AD Joined devices: 
+- During the Azure AD Join setup process, users can authenticate with a TAP (no password required) to join the device and register Windows Hello for Business.
+- On already joined devices, users must first authenticate with another method such as a password, smartcard or FIDO2 key, before using TAP to set up Windows Hello for Business. 
+- If the [Web sign-in](https://learn.microsoft.com/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) feature on Windows is also enabled, the user can use TAP to sign into the device. This is intended only for completing initial device setup, or recovery when the user does not know or have a password. 
+
+For Hybrid Azure AD Joined devices: 
+- Users must first authenticate with another method such as a password, smartcard or FIDO2 key, before using TAP to set up Windows Hello for Business. 
 
 ![Screenshot of how to enter Temporary Access Pass when setting up Windows 10.](./media/how-to-authentication-temporary-access-pass/windows-10-tap.png)
 
