From b79655738ca53fcdfea4f52488e1b9a84e5cde87 Mon Sep 17 00:00:00 2001
From: Alexander Klizhentas <klizhentas@gmail.com>
Date: Thu, 25 Nov 2021 09:47:05 -0800
Subject: [PATCH] Improve docs for per-session MFA

Better note that removes confusion.
---
 .../access-controls/guides/per-session-mfa.mdx  | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/docs/pages/access-controls/guides/per-session-mfa.mdx b/docs/pages/access-controls/guides/per-session-mfa.mdx
index d0503daeefb..77c4c9fefd8 100644
--- a/docs/pages/access-controls/guides/per-session-mfa.mdx
+++ b/docs/pages/access-controls/guides/per-session-mfa.mdx
@@ -12,19 +12,24 @@ security feature that protects users against compromises of their on-disk
 Teleport certificates.
 
 <Admonition type="note">
-  Per-session MFA checks don't apply to regular Teleport logins (`tsh login` or
-  logging into the Web UI). We encourage you to enable login MFA in your SSO
-  provider and/or for all [local Teleport
-  users](../../setup/reference/authentication.mdx#local).
+  In addition to per-session MFA, enable login MFA in your SSO provider and/or for all [local Teleport
+  users](../../setup/reference/authentication.mdx#local) to improve security.
 </Admonition>
 
-<Admonition type="warning">
+<Details
+  title="Version warning"
+  opened={false}
+  scope={["oss", "enterprise"]}
+  scopeOnly={true}
+  min="6.1"
+>
   Per-session MFA checks were introduced in Teleport v6.1. To enforce the
   checks, you must update **all** `teleport` binaries in your deployment. If
   only Auth and Proxy services are updated, these checks will *not* be properly
   enforced. Additionally, only v6.1 or newer `tsh` binaries implement
   per-session MFA checks.
-</Admonition>
+</Details>
+
 
 ## Prerequisites