diff --git a/policies/totp/policy/TrustFrameworkExtensions_TOTP.xml b/policies/totp/policy/TrustFrameworkExtensions_TOTP.xml
index 4c9e4447..a1b58a9d 100644
--- a/policies/totp/policy/TrustFrameworkExtensions_TOTP.xml
+++ b/policies/totp/policy/TrustFrameworkExtensions_TOTP.xml
@@ -401,7 +401,6 @@
             <OutputClaim ClaimTypeReferenceId="otpCode" Required="true" />
           </OutputClaims>
           <ValidationTechnicalProfiles>
-            <ValidationTechnicalProfile ReferenceId="AzureMfa-BeginVerifyOTP" />
             <ValidationTechnicalProfile ReferenceId="AzureMfa-VerifyOTP" />
           </ValidationTechnicalProfiles>
           <UseTechnicalProfileForSessionManagement ReferenceId="SM-MFA-TOTP" />
@@ -762,8 +761,23 @@
         </OrchestrationStep>
 
         <!-- If the number of available devices isn't zero (user has enrolled before), 
-             render the TOTP verification page -->
+             begin the TOTP verification session -->
         <OrchestrationStep Order="3" Type="ClaimsExchange">
+          <Preconditions>
+            <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
+              <Value>numberOfAvailableDevices</Value>
+              <Value>0</Value>
+              <Action>SkipThisOrchestrationStep</Action>
+            </Precondition>
+          </Preconditions>
+          <ClaimsExchanges>
+            <ClaimsExchange Id="AuthenticatorForSignInBeginSession" TechnicalProfileReferenceId="AzureMfa-BeginVerifyOTP" />
+          </ClaimsExchanges>
+        </OrchestrationStep>
+
+        <!-- If the number of available devices isn't zero (user has enrolled before), 
+             render the TOTP verification page -->
+        <OrchestrationStep Order="4" Type="ClaimsExchange">
           <Preconditions>
             <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
               <Value>numberOfAvailableDevices</Value>
@@ -820,8 +834,23 @@
         </OrchestrationStep>
 
         <!-- If the number of available devices is zero (user hasn't enrolled before), 
-             render the TOTP verification page.  -->
+             begin the TOTP verification session.  -->
         <OrchestrationStep Order="4" Type="ClaimsExchange">
+          <Preconditions>
+            <Precondition Type="ClaimEquals" ExecuteActionsIf="false">
+              <Value>numberOfAvailableDevices</Value>
+              <Value>0</Value>
+              <Action>SkipThisOrchestrationStep</Action>
+            </Precondition>
+          </Preconditions>
+          <ClaimsExchanges>
+            <ClaimsExchange Id="AuthenticatorForSignInBeginSession" TechnicalProfileReferenceId="AzureMfa-BeginVerifyOTP" />
+          </ClaimsExchanges>
+        </OrchestrationStep>
+
+        <!-- If the number of available devices is zero (user hasn't enrolled before), 
+             render the TOTP verification page.  -->
+        <OrchestrationStep Order="5" Type="ClaimsExchange">
           <Preconditions>
             <Precondition Type="ClaimEquals" ExecuteActionsIf="false">
               <Value>numberOfAvailableDevices</Value>
diff --git a/policies/totp/policy/TrustFrameworkExtensions_TOTPMigration.xml b/policies/totp/policy/TrustFrameworkExtensions_TOTPMigration.xml
index a20b26f2..9e13cdb9 100644
--- a/policies/totp/policy/TrustFrameworkExtensions_TOTPMigration.xml
+++ b/policies/totp/policy/TrustFrameworkExtensions_TOTPMigration.xml
@@ -93,7 +93,7 @@
     <SubJourney Id="TotpFactor-Verify" Type="Call">
         <OrchestrationSteps>
             <!-- Additional step to call JIT TOTP Registration -->            
-            <OrchestrationStep Order="4" Type="ClaimsExchange">
+            <OrchestrationStep Order="5" Type="ClaimsExchange">
                 <Preconditions>
                   <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
                     <Value>extension_StrongAuthenticationAppSecretKey</Value>
@@ -111,7 +111,7 @@
               </OrchestrationStep>
               <!-- Additional Step to remove the lgacy TOTP Claim. -->
               <!-- Comment out this  Orchestration Step if you would like to retain the old secrets.-->
-              <OrchestrationStep Order="5" Type="ClaimsExchange">
+              <OrchestrationStep Order="6" Type="ClaimsExchange">
                 <Preconditions>
                   <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
                     <Value>extension_StrongAuthenticationAppSecretKey</Value>
diff --git a/policies/totp/readme.md b/policies/totp/readme.md
index 7ee61e73..246213f4 100644
--- a/policies/totp/readme.md
+++ b/policies/totp/readme.md
@@ -69,7 +69,7 @@ The below diagram depicts how the Just In Time TOTP migration works:
 
 ### Remove legacy TOTP secret claim
 
-Within the [TOTP Migration Extension](policy/TrustFrameworkExtensions_TOTPMigration.xml) file under the *TotpFactor-Verify* sub journey, orchestration Step 5 will call the delete legacy TOTP Secret technical profile (AAD-DeleteLegacyTOTPClaim). This call by default has 2 conditions.
+Within the [TOTP Migration Extension](policy/TrustFrameworkExtensions_TOTPMigration.xml) file under the *TotpFactor-Verify* sub journey, orchestration Step 6 will call the delete legacy TOTP Secret technical profile (AAD-DeleteLegacyTOTPClaim). This call by default has 2 conditions.
 
 1. The extension attribute used to store the legacy claim needs to exist.
 2. The number of registered devices is not 0