MicrosoftDocs · v-dirichards · Apr 30, 2026 · Apr 20, 2026 · Apr 30, 2026 · Apr 30, 2026
diff --git a/docs/identity/authentication/concept-registration-mfa-sspr-combined.md b/docs/identity/authentication/concept-registration-mfa-sspr-combined.md
@@ -114,9 +114,14 @@ Users can go to [Security info](https://aka.ms/mysecurityinfo), or they can sele
 
 
 ### Session controls for Combined Registration
-By default Combined registration enforces all MFA capable users to strongly authenticate prior to registering or managing their security info. If a user is currently signed in, and previously completed MFA as part of a valid session, no additional MFA is required by default, unless a user is attempting to add or modify a passkey (FIDO2) method. Adding or modifying a passkey (FIDO2) method requires users to have strongly authenticated within the past 5 minutes. If MFA hasn't been completed in the past 5 minutes, the user is asked to sign-in and complete fresh MFA. Organizations can modify the authentication requirements by defining [Conditional Access policies for securing security info registration.](~/identity/conditional-access/policy-all-users-security-info-registration.md).
+By default, Combined registration enforces all MFA capable users to strongly authenticate prior to registering or managing their security info.
+
+- Adding or modifying a passkey (FIDO2) method requires users to have strongly authenticated within the past 5 minutes. If MFA hasn't been completed in the past 5 minutes, the user is asked to sign-in and complete fresh MFA.
+- Starting August 25, 2025, as announced in MC1135479, users are required to complete multi-factor authentication (MFA) when managing credentials or accessing My Sign Ins if they haven’t done so within the last 10 minutes of their current session.
+Enforcing Authentication Strengths to security info registration can conflict with both aforementioned requirements, with end-users potentially experiencing the error message *"Let’s try something else. Another sign-in method is required to access this resource. Close your browser and try again, but choose another way to sign-in"*. Changes can be made at the tenant level, such as enforcing "Sign-in frequency: every time" to the "Register security info" user action or enabling Passkeys for Windows Hello for Business users, or at the user level, such as ensuring they authenticate with a session at most 10 minutes old or ensuring they authenticate with a combination of methods included in the enforced Authentication Strength.
+
+Organizations can modify the authentication requirements by defining [Conditional Access policies for securing security info registration.](~/identity/conditional-access/policy-all-users-security-info-registration.md).
 
-Combined registration sessions are only valid for 15 minutes. If a user's registration or management actions take longer than this time period, the session expires and the user is asked to sign back in to continue. 
 
 ## Key usage scenarios