updates

education/windows/tutorial-deploy-apps-winse/deploy-apps.md

@@ -19,9 +19,9 @@ The following table provides an overview of the applications types that can be d
 |**Installer/App type**|**Installer extensions**|**Available installation methods via Intune**|**Considerations for Windows 11 SE**|
 |-|-|-|-|
 |[Win32][WIN-1]|`.exe`<br>`.msi`|- Intune Management Extension (IME)<br> - Microsoft Store integration|⚠️ There are known limitations that might prevent an app to install or run.|
-|[Universal Windows Platform (UWP)][WIN-2]|`.appx`<br>`.appxbundle`<br>`.msix`<br>|- For private apps: line-of-business (LOB) apps<br>- For public apps: Microsoft Store integration|⛔ It's currently unsupported to deploy UWP apps.<!--⚠️ LOB apps require a supplemental policy.<br><br>⛔ It's currently unsupported to use the Microsoft Store to deploy UWP apps.-->|
+|[Universal Windows Platform (UWP)][WIN-2]|`.appx`<br>`.appxbundle`<br>`.msix`<br>|- For public apps: Microsoft Store integration<br>- For private apps: line-of-business (LOB) apps|✅ UWP public apps are supported.<br><br>⛔ UWP private apps are currently unsupported.<!--⚠️ LOB apps require a supplemental policy.-->|
-|[Progressive Web Apps (PWAs)][EDGE-2] |`.msix`|- Settings catalog policies<br>- Microsoft Store integration|✅ PWAs are supported.<!--<br><br>⛔ It's currently unsupported to use the Microsoft Store to deploy PWAs.-->|
+|[Progressive Web Apps (PWAs)][EDGE-2] |`.msix`|- Settings catalog policies<br>- Microsoft Store integration|✅ PWAs are supported.|
-|Web links| n/a |- Windows web links|✅ Web links are supported. |
+|Web links| n/a |- Windows web links|✅ Web links are supported.|
 
 > [!IMPORTANT]
 > Although you'll be able to install apps on Windows 11 SE devices via Intune, some apps may not perform well on these devices due those apps' minimum spec requirements.
@@ -38,7 +38,13 @@ There are known limitations that might prevent applications to install or execut
 
 ## UWP apps
 
-It's currently unsupported to deploy UWP apps.
+### Microsoft Store apps
+
+Public UWP apps available in the Microsoft Store are supported for Windows 11 SE.
+
+### Line of business apps
+
+Private UWP apps are currently unsupported for Windows 11 SE.
 
 <!--### Line of business apps
 
@@ -47,16 +53,11 @@ For private, line-of-business (LOB) UWP apps, [deploy as line-of-business apps][
 > [!IMPORTANT]
 > UWP apps require the creation and deployment of supplemental policies. For more information, see the next section [validate applications](validate-apps.md).
 
-### Microsoft Store apps
-
-Public UWP apps available in the Microsoft Store aren't currently supported for Windows 11 SE.
 -->
 ## PWA apps
 
 PWAs can be deployed using the [Force-installed web Apps][EDGE-1] option via [settings catalog policies][MEM-3], or using the Microsoft Store integration with Intune.
 
-<!--PWAs available in the Microsoft Store aren't currently supported for Windows 11 SE.-->
-
 ## Web links
 
 Web link can be deployed via Intune using [Windows web links][MEM-4], and will be available in the Start menu of the targeted devices.

education/windows/tutorial-deploy-apps-winse/troubleshoot.md

@@ -76,29 +76,22 @@ Use the Event Viewer to see if a supplemental policy is deployed correctly. Thes
 
 ## AppLocker policy validation
 
-> [!NOTE]
+To query AppLocker policies and validate that they're configured correctly, follow these steps:
-> The validation process described below requires the deployment of a PowerShell script from Intune to the Windows SE devices. This script will be used to query the AppLocker policy and validate that the policy is configured correctly. The script will also be used to validate the AppLocker service status.
 
-You can query the existing AppLocker policy via PowerShell.
+1. Open the **Local Security Policy** mmc console (`secpol.msc`)
-
+1. Select **Security Settings > Application Control Policies**
-```PowerShell
+1. Right-click **AppLocker** and select **Export Policy…**
-get-applockerpolicy -xml -effective
+  :::image type="content" source="images/applocker-export-policy.png" alt-text="Export the AppLocker policies from the Local Security Policy mmc console." lightbox="images/applocker-export-policy.png" border="false":::
-```
+1. For the policy that sets the Intune Management Extension as a Managed installer, *MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE* should be nested under a RuleCollection section of Type *ManagedInstaller*
-
-- For the policy that sets the Intune Management Extension as a Managed installer, *MICROSOFT.MANAGEMENT.SERVICES.INTUNEWINDOWSAGENT.EXE* should be nested under a RuleCollection section of Type *ManagedInstaller*
   :::image type="content" source="images/applocker-policy-validation.png" alt-text="Xml file generated by the get-applockerpolicy PowerShell cmdlet." lightbox="images/applocker-policy-validation.png":::
-- For any policies you added to set other executables you want to be managed installers, look for the rules you defined nested under a RuleCollection section of Type *ManagedInstaller*
+1. For any policies you added to set other executables you want to be managed installers, look for the rules you defined nested under a RuleCollection section of Type *ManagedInstaller*
 
-You can check the AppLocker service status with the following commands:
+### AppLocker service
 
-```cmd
+To verify that the AppLocker service is running, follow these steps:
-sc.exe query appidsvc
-sc.exe query applockerfltr
-```
 
-When executing the `sc.exe query` commands, the **STATE** property should show a state of **4 RUNNING** for both services:
+1. Open the **Services** mmc console (`services.msc`)
-
+1. Verify that the service **Application Identity** has a status of **Running**
-:::image type="content" source="images/sc-commands.png" alt-text="Output of the command sc.exe query." lightbox="images/sc-commands.png":::
 
 ### AppLocker event log validation