modified: education/windows/tutorial-managed-installer/considerations.md

modified:   education/windows/tutorial-managed-installer/deploy-apps.md
	modified:   education/windows/tutorial-managed-installer/toc.yml
	modified:   education/windows/tutorial-managed-installer/validate-apps.md

education/windows/tutorial-managed-installer/checklists.md

@@ -1,43 +0,0 @@
----
-title: Checklists for managed installer
-description: Differnet checklists for managed installer
-ms.date: 03/02/2023
-ms.topic: checklist
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE, version 22H2 and later</a>
----
-
-# Checklists for managed installer
-
-This article contains a list of checklists related to the tasks in the Managed installer tutorial.
-These checklists help to ensure that your Windows 11 SE devices are set up with a managed installer and that app deployment completed correctly.
-
-## Deploy an application via Intune
-
-> [!div class="checklist"]
-> - intunewin package created (for Win32 apps)
-> - Package uploaded via Intune (for Win32 apps)
-> - Assign the package to the correct groups
-
-## Validate application deployment
-
-> [!div class="checklist"]
-> - No Intune installation errors
-> - No errors when opening the app from the device
-> - *CI Policy* in the Event Viewer logs don't show app's executables being blocked
-
-## Create additional policies for incompatible apps
-### WDAC supplemental policy
-
-> [!div class="checklist"]
-> - Signed .cip .p7b file with Device Guard
-> - Targets Base policy: `82443e1e-8a39-4b4a-96a8-f40ddc00b9f3`
-> - Policy created in Intune and assigned to the correct groups
-> - Policy applied in Event Viewer
-
-### AppLocker
-
-> [!div class="checklist"]
-> - Only applied to an updater or installer
-> - Merge option used
-> - Policy created in Intune and assigned to the correct groups

education/windows/tutorial-managed-installer/considerations.md

@@ -20,7 +20,9 @@ Autopilot and the Enrollment Status Page are compatible with Windows 11 SE. Howe
 An example of this is if you deployed an app via the Store for Education, but have not written a supplemental policy to allow that app's PackageFamilyName.
 In summary, if you choose to block device use on the installation of apps, you must ensure that apps are also not blocked from installation.
 
-![](./images/autopilot.png)
+:::image type="content" source="./images/autopilot.png" alt-text="Autopilot showing an error in OOBE on Windows 11 SE." border="false":::
+
+
 
 ### ESP mitigations
 

education/windows/tutorial-managed-installer/deploy-apps.md

@@ -61,6 +61,15 @@ PWAs available in the Microsoft Store aren't currently supported for Windows 11
 
 Web link can be deployed via Intune using [web apps][MEM-4], and will be available in the Start menu of the targeted devices.
 
+## Section review
+
+Before moving on to the next section, ensure that you've completed the following tasks:
+
+> [!div class="checklist"]
+> - `.intunewin` package created (for Win32 apps)
+> - App uploaded via Intune (for Win32 apps)
+> - App assigned to the correct groups
+
 ## Next steps
 
 Advance to the next article to learn how to validate the applications deployed to Windows 11 SE devices.

education/windows/tutorial-managed-installer/toc.yml

@@ -7,9 +7,7 @@ items:
     href: validate-apps.md
   - name: 3. Create additional policies
     href: create-policies.md
-  - name: Considerations for your tenant
-    href: considerations.md
   - name: Troubleshoot and get help
-    href: troubleshoot-managed-installer.md
+    href: troubleshoot.md
-  - name: Checklists
+  - name: Considerations for your tenant
-    href: checklists.md
+    href: considerations.md

education/windows/tutorial-managed-installer/validate-apps.md

@@ -123,7 +123,36 @@ You may see a dialog indicating *This app won't run on your PC*. Check the indic
 
 More detail can be obtained when looking for events where executables were blocked in the Event Viewer. For more information, see [Troubleshooting - Event Viewer](./Troubleshooting#event-viewer).
 
----
+## Section review
+
+Before moving on to the next section, ensure that you've completed the following tasks:
+
+> [!div class="checklist"]
+> - No Intune installation errors
+> - No errors when opening the app from the device
+> - *CI Policy* in the Event Viewer logs don't show app's executables being blocked
+
+If there are any errors, create a WDAC supplemental policy
+
+> [!div class="checklist"]
+> - Signed .cip .p7b file with Device Guard
+> - Targets Base policy: `82443e1e-8a39-4b4a-96a8-f40ddc00b9f3`
+> - Policy created in Intune and assigned to the correct groups
+> - Policy applied in Event Viewer
+
+If there are any errors, create an AppLocker policy
+
+> [!div class="checklist"]
+> - Only applied to an updater or installer
+> - Merge option used
+> - Policy created in Intune and assigned to the correct groups
+
+## Next steps
+
+Advance to the next article to learn how to troubleshoot common errors when deploying apps with managed installer.
+
+> [!div class="nextstepaction"]
+> [Next: troubleshoot >](troubleshoot.md)
 
 [M365-1]: https://learn.microsoft.com/microsoft-365/education/deploy/microsoft-store-for-education