Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into uc-wkbk

2025-06-19 04:13:41 +00:00 · 2022-08-05 09:16:12 -07:00
parent 45b0504448 a068b68d99
commit 3ac65da643
10 changed files with 1142 additions and 1063 deletions
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@ -18,7 +18,7 @@ metadata:
  manager: dougeby
  ms.date: 03/28/2022 #Required; mm/dd/yyyy format.
  localization_priority: medium
-    
+
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 landingContent:
@ -34,7 +34,7 @@ landingContent:
          - text: Create mandatory user profiles
            url: mandatory-user-profile.md
          - text: Mobile device management (MDM)
-            url: mdm/index.md
+            url: mdm/index.yml
          - text: MDM for device updates
            url: mdm/device-update-management.md
          - text: Mobile device enrollment
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@ -3,7 +3,7 @@ title: Change history for MDM documentation
 description: This article lists new and updated articles for Mobile Device Management.
 author: aczechowski
 ms.author: aaroncz
-ms.reviewer: 
+ms.reviewer:
 manager: dougeby
 ms.topic: article
 ms.prod: w10
@ -60,7 +60,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 |New or updated article | Description|
 |--- | ---|
 |[BitLocker CSP](bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.|
-|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table. 
+|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with more details. Added policy timeline table.
 ## February 2020
@ -162,7 +162,7 @@ This article lists new and updated articles for the Mobile Device Management (MD
 |--- | ---|
 |[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
 |[SharedPC CSP](sharedpc-csp.md)|Updated values and supported operations.|
-|[Mobile device management](index.md)|Updated information about MDM Security Baseline.|
+|[Mobile device management](index.yml)|Updated information about MDM Security Baseline.|
 ## December 2018
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@ -1,77 +1,77 @@
 ---
-title: Implement server-side support for mobile application management on Windows
+title: Support for mobile application management on Windows
 description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
-ms.date: 06/26/2017
+ms.date: 08/03/2022
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ---
-# Implement server-side support for mobile application management on Windows 
+# Support for mobile application management on Windows
 The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP), starting in Windows 10, version 1703.
 ## Integration with Azure AD
-MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md).  
+MAM on Windows is integrated with Azure Active Directory (Azure AD) identity service. The MAM service supports Azure AD-integrated authentication for the user and the device during enrollment and the downloading of MAM policies. MAM integration with Azure AD is similar to mobile device management (MDM) integration. See [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md). 
-MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices will be enrolled to MAM or MDM, depending on the user’s actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device will be enrolled to MAM. If a user joins their device to Azure AD, it will be enrolled to MDM.  In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.  
+MAM enrollment is integrated with adding a work account flow to a personal device. If both MAM and Azure AD-integrated MDM services are provided in an organization, a user's personal devices will be enrolled to MAM or MDM, depending on the user’s actions. If a user adds their work or school Azure AD account as a secondary account to the machine, their device will be enrolled to MAM. If a user joins their device to Azure AD, it will be enrolled to MDM.  In general, a device that has a personal account as its primary account is considered a personal device and should be enrolled to MAM. An Azure AD join, and enrollment to MDM, should be used to manage corporate devices.
-On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft Office 365 or Microsoft Office Mobile. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**.  
+On personal devices, users can add an Azure AD account as a secondary account to the device while keeping their personal account as primary. Users can add an Azure AD account to the device from a supported Azure AD-integrated application, such as the next update of Microsoft Office 365 or Microsoft Office Mobile. Alternatively, users can add an Azure AD account from **Settings > Accounts > Access work or school**.
-Regular non-admin users can enroll to MAM.  
+Regular non-admin users can enroll to MAM. 
-## Integration with Windows Information Protection 
+## Integration with Windows Information Protection
-MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf.  
+MAM on Windows takes advantage of [built-in Windows Information Protection (WIP) policies](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip) to protect company data on the device. To protect user-owned applications on personal devices, MAM limits enforcement of WIP policies to [enlightened apps](/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip) and WIP-aware apps. Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect based on WIP policies. WIP-aware apps indicate to Windows that they don't handle personal data, and therefore, it's safe for Windows to protect data on their behalf. 
-To make applications WIP-aware, app developers need to include the following data in the app resource file.  
+To make applications WIP-aware, app developers need to include the following data in the app resource file.
 ``` syntax
-// Mark this binary as Allowed for WIP (EDP) purpose  
+// Mark this binary as Allowed for WIP (EDP) purpose 
-    MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO EDPAUTOPROTECTIONALLOWEDAPPINFOID 
+    MICROSOFTEDPAUTOPROTECTIONALLOWEDAPPINFO EDPAUTOPROTECTIONALLOWEDAPPINFOID
-     BEGIN 
+     BEGIN
-         0x0001 
+         0x0001
-     END  
+     END 
 ```
 ## Configuring an Azure AD tenant for MAM enrollment
-MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. With Azure AD in Windows 10, version 1703, onward, the same cloud-based Management MDM app will support both MDM and MAM enrollments. If you've already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. The screenshot below illustrates the management app for an IT admin configuration.  
+MAM enrollment requires integration with Azure AD. The MAM service provider needs to publish the Management MDM app to the Azure AD app gallery. With Azure AD in Windows 10, version 1703, onward, the same cloud-based Management MDM app will support both MDM and MAM enrollments. If you've already published your MDM app, it needs to be updated to include MAM Enrollment and Terms of use URLs. The screenshot below illustrates the management app for an IT admin configuration. 
 :::image type="content" alt-text="Mobile application management app." source="images/implement-server-side-mobile-application-management.png":::
-MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that will contain both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM. 
+MAM and MDM services in an organization could be provided by different vendors. Depending on the company configuration, IT admin typically needs to add one or two Azure AD Management apps to configure MAM and MDM policies. For example, if both MAM and MDM are provided by the same vendor, then an IT Admin needs to add one Management app from this vendor that will contain both MAM and MDM policies for the organization. Alternatively, if the MAM and MDM services in an organization are provided by two different vendors, then two Management apps from the two vendors need to be configured for the company in Azure AD: one for MAM and one for MDM.
 > [!NOTE]
-> If the MDM service in an organization isn't integrated with Azure AD and uses auto-discovery, only one Management app for MAM needs to be configured.  
+> If the MDM service in an organization isn't integrated with Azure AD and uses auto-discovery, only one Management app for MAM needs to be configured. 
 ## MAM enrollment
-MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). MAM enrollment supports Azure AD [federated authentication](federated-authentication-device-enrollment.md) as the only authentication method.  
+MAM enrollment is based on the MAM extension of [[MS-MDE2] protocol](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). MAM enrollment supports Azure AD [federated authentication](federated-authentication-device-enrollment.md) as the only authentication method. 
-Below are protocol changes for MAM enrollment:  
+Below are protocol changes for MAM enrollment: 
- MDM discovery isn't supported.  
+- MDM discovery isn't supported.
 - APPAUTH node in [DMAcc CSP](dmacc-csp.md) is optional.
- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication. 
+- MAM enrollment variation of [MS-MDE2] protocol doesn't support the client authentication certificate, and therefore doesn't support the [MS-XCEP] protocol. Servers must use an Azure AD token for client authentication during policy syncs. Policy sync sessions must be performed over one-way SSL using server certificate authentication.
-Here's an example provisioning XML for MAM enrollment.  
+Here's an example provisioning XML for MAM enrollment.
 ```xml
-<wap-provisioningdoc version="1.1"> 
+<wap-provisioningdoc version="1.1">
-  <characteristic type="APPLICATION"> 
+  <characteristic type="APPLICATION">
-    <parm name="APPID" value="w7"/> 
+    <parm name="APPID" value="w7"/>
-    <parm name="PROVIDER-ID" value="MAM SyncML Server"/> 
+    <parm name="PROVIDER-ID" value="MAM SyncML Server"/>
-    <parm name="NAME" value="mddprov account"/> 
+    <parm name="NAME" value="mddprov account"/>
-    <parm name="ADDR" value="http://localhost:88"/> 
+    <parm name="ADDR" value="http://localhost:88"/>
-    <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+xml" /> 
+    <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+xml" />
-  </characteristic> 
+  </characteristic>
-</wap-provisioningdoc> 
+</wap-provisioningdoc>
 ```
 Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided above, the device would default to once every 24 hours.
@ -93,14 +93,14 @@ MAM on Windows supports the following configuration service providers (CSPs). Al
 - [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs.
 - [RootCaTrustedCertificates CSP](rootcacertificates-csp.md).
 - [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. 
+- [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
 ## Device lock policies and EAS
-MAM supports device lock policies similar to MDM. The policies are configured by DeviceLock area of Policy CSP and PassportForWork CSP. 
+MAM supports device lock policies similar to MDM. The policies are configured by DeviceLock area of Policy CSP and PassportForWork CSP.
-We don't recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client will behave as follows: 
+We don't recommend configuring both Exchange ActiveSync (EAS) and MAM policies for the same device. However, if both are configured, the client will behave as follows:
 - When EAS policies are sent to a device that already has MAM policies, Windows evaluates whether the existing MAM policies are compliant with the configured EAS policies, and reports compliance with EAS.
 - If the device is found to be compliant, EAS will report compliance with the server to allow mail to sync. MAM supports mandatory EAS policies only. Checking EAS compliance doesn't require device admin rights.
--- a/windows/client-management/mdm/index.yml
+++ b/windows/client-management/mdm/index.yml
@ -0,0 +1,79 @@
 ### YamlMime:Landing
 title: Mobile Device Management # < 60 chars
 summary: Find out how to enroll Windows devices and manage company security policies and business applications. # < 160 chars
 metadata:
  title: Mobile Device Management # Required; page title displayed in search results. Include the brand. < 60 chars.
  description: Find out how to enroll Windows devices and manage company security policies and business applications. # Required; article description that is displayed in search results. < 160 chars.
  ms.topic: landing-page # Required
  services: windows-10
  ms.prod: windows
  ms.collection:
    - windows-10
    - highpri
  ms.custom: intro-hub-or-landing
  author: vinaypamnani-msft
  ms.author: vinpa
  manager: aaroncz
  ms.date: 08/04/2022
  localization_priority: medium
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 landingContent:
  # Cards and links should be based on top customer tasks or top subjects
  # Start card title with a verb
  # Card (optional)
  - title: Device enrollment
    linkLists:
      - linkListType: overview
        links:
          - text: Mobile device enrollment
            url: mobile-device-enrollment.md
      - linkListType: concept
        links:
          - text: Enroll Windows devices
            url: mdm-enrollment-of-windows-devices.md
          - text: Automatic enrollment using Azure AD
            url: azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
          - text: Automatic enrollment using Group Policy
            url: enroll-a-windows-10-device-automatically-using-group-policy.md
          - text: Bulk enrollment
            url: bulk-enrollment-using-windows-provisioning-tool.md
  # Card (optional)
  - title: Device management
    linkLists:
      - linkListType: overview
        links:
          - text: Enterprise settings, policies, and app management
            url: windows-mdm-enterprise-settings.md
      - linkListType: concept
        links:
          - text: Enterprise app management
            url: enterprise-app-management.md
          - text: Device updates management
            url: device-update-management.md
          - text: Secured-core PC configuration lock
            url: config-lock.md
          - text: Diagnose MDM failures
            url: diagnose-mdm-failures-in-windows-10.md
  # Card (optional)
  - title: CSP reference
    linkLists:
      - linkListType: overview
        links:
          - text: Configuration service provider reference
            url: configuration-service-provider-reference.md
      - linkListType: reference
        links:
          - text: Policy CSP
            url: policy-configuration-service-provider.md
          - text: Policy CSP - Update
            url: policy-csp-update.md
          - text: DynamicManagement CSP
            url: dynamicmanagement-csp.md
          - text: BitLocker CSP
            url: bitlocker-csp.md
--- a/windows/client-management/mdm/mdm-overview.md
+++ b/windows/client-management/mdm/mdm-overview.md
@ -1,19 +1,18 @@
 ---
-title: Mobile device management
+title: Mobile Device Management overview
 description: Windows 10 and Windows 11 provide an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
-MS-HAID:
+ms.date: 08/04/2022
 - 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
 - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
 ms.topic: overview
 ms.prod: w10
 ms.technology: windows
-author: aczechowski
+ms.topic: article
-ms.author: aaroncz
+ms.prod: w10
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
 manager: aaroncz
 ms.collection: highpri
 ms.date: 06/03/2022
 ---
-# Mobile device management
+# Mobile Device Management overview
 Windows 10 and Windows 11 provide an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
@ -43,7 +42,6 @@ For more information about the MDM policies defined in the MDM security baseline
 - [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 1809](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1809-MDM-SecurityBaseLine-Document-[Preview].zip)
 For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
--- a/windows/client-management/toc.yml
+++ b/windows/client-management/toc.yml
@ -1,7 +1,7 @@
 items:
 - name: Windows client management
  href: index.yml
-  items: 
+  items:
    - name: Client management tools and settings
      items:
        - name: Windows Tools/Administrative Tools
@ -29,30 +29,30 @@ items:
        - name: Windows libraries
          href: windows-libraries.md
    - name: Mobile device management (MDM)
-      items: 
+      items:
-        - name: Mobile Device Management     
+        - name: Mobile Device Management
-          href: mdm/index.md
+          href: mdm/index.yml
    - name: Configuration Service Provider (CSP)
-      items: 
+      items:
-        - name: CSP reference     
+        - name: CSP reference
          href: mdm/configuration-service-provider-reference.md
    - name: Troubleshoot Windows clients
-      items: 
+      items:
-        - name: Windows 10 support solutions      
+        - name: Windows 10 support solutions
          href: windows-10-support-solutions.md
        - name: Advanced troubleshooting for Windows networking
          href: troubleshoot-networking.md
-          items: 
+          items:
            - name: Advanced troubleshooting Wireless network connectivity
              href: advanced-troubleshooting-wireless-network-connectivity.md
            - name: Advanced troubleshooting 802.1X authentication
              href: advanced-troubleshooting-802-authentication.md
-              items: 
+              items:
                - name: Data collection for troubleshooting 802.1X authentication
                  href: data-collection-for-802-authentication.md
            - name: Advanced troubleshooting for TCP/IP
              href: troubleshoot-tcpip.md
-              items: 
+              items:
                - name: Collect data using Network Monitor
                  href: troubleshoot-tcpip-netmon.md
                - name: "Part 1: TCP/IP performance overview"
@ -60,7 +60,7 @@ items:
                - name: "Part 2: TCP/IP performance underlying network issues"
                  href: /troubleshoot/windows-server/networking/troubleshooting-tcpip-performance-underlying-network
                - name: "Part 3: TCP/IP performance known issues"
-                  href: /troubleshoot/windows-server/networking/tcpip-performance-known-issues                
+                  href: /troubleshoot/windows-server/networking/tcpip-performance-known-issues
                - name: Troubleshoot TCP/IP connectivity
                  href: troubleshoot-tcpip-connectivity.md
                - name: Troubleshoot port exhaustion
@ -69,7 +69,7 @@ items:
                  href: troubleshoot-tcpip-rpc-errors.md
        - name: Advanced troubleshooting for Windows startup
          href: troubleshoot-windows-startup.md
-          items: 
+          items:
            - name: How to determine the appropriate page file size for 64-bit versions of Windows
              href: determine-appropriate-page-file-size.md
            - name: Generate a kernel or complete crash dump
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@ -1,7 +1,7 @@
 ---
 title: Register your devices
 description:  This article details how to register devices in Autopatch
-ms.date: 07/06/2022
+ms.date: 08/04/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: how-to
@ -21,13 +21,14 @@ Before Microsoft can manage your devices in Windows Autopatch, you must have dev
 Windows Autopatch can take over software update management of supported devices as soon as an IT admin decides to have their tenant managed by the service. The Windows Autopatch software update management scope includes:
 - [Windows quality updates](../operate/windows-autopatch-wqu-overview.md)
 - [Windows feature updates](../operate/windows-autopatch-fu-overview.md)
 - [Microsoft 365 Apps for enterprise updates](../operate/windows-autopatch-microsoft-365-apps-enterprise.md)
 - [Microsoft Edge updates](../operate/windows-autopatch-edge.md)
 - [Microsoft Teams updates](../operate/windows-autopatch-teams.md)
 ### About the use of an Azure AD group to register devices
-You must choose what devices to manage with Windows Autopatch by either adding them through direct membership or by nesting other Azure AD dynamic/assigned groups into the **Windows Autopatch Device Registration** Azure AD assigned group. Windows Autopatch automatically runs every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices.
+You must choose what devices to manage with Windows Autopatch by either adding them through direct membership or by nesting other Azure AD dynamic/assigned groups into the **Windows Autopatch Device Registration** Azure AD assigned group. Windows Autopatch automatically runs its discover devices function every hour to discover new devices added to this group. Once new devices are discovered, Windows Autopatch attempts to register these devices.
 > [!NOTE]
 > Devices that are intended to be managed by the Windows Autopatch service **must** be added into the **Windows Autopatch Device Registration** Azure AD assigned group. Devices can only be added to this group if they have an Azure AD device ID. Windows Autopatch scans the Azure AD group hourly to discover newly added devices to be registered. You can also use the **Discover devices** button in either the Ready or Not ready tab to register devices on demand.
@ -48,7 +49,7 @@ Azure AD groups synced up from:
 > The **Windows Autopatch Device Registration** Azure AD group only supports one level of Azure AD nested groups.
 > [!TIP]
-> You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the Windows Autopatch Device Registration Azure AD group on demand.
+> You can also use the **Discover Devices** button in either the Ready or Not ready tab to discover devices from the **Windows Autopatch Device Registration** Azure AD group on demand.
 ### Clean up dual state of Hybrid Azure AD joined and Azure registered devices in your Azure AD tenant
@ -78,7 +79,7 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
 	> [!NOTE]
 	> Windows Autopatch doesn't support device emulators that don't generate Serial number, Model and Manufacturer. Devices that use a non-supported device emulator fail the **Intune or Cloud-Attached** pre-requisite check. Additionally, devices with duplicated serial numbers will fail to register with Windows Autopatch.
-See [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md) for more details.
+For more information, see [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md).
 ## About the Ready and Not ready tabs
@ -111,7 +112,7 @@ Registering your devices in Windows Autopatch does the following:
 ## Steps to register devices
-### Physical devices
+Any device (either physical or virtual) that contains an Azure AD device ID can be added into the **Windows Autopatch Device Registration** Azure AD group to be registered with Windows Autopatch.
 **To register physical devices into Windows Autopatch:**
@ -126,15 +127,9 @@ Registering your devices in Windows Autopatch does the following:
 Once devices or Azure AD groups containing devices are added to the **Windows Autopatch Device Registration** group, Windows Autopatch discovers these devices, and runs software-based prerequisite checks to try to register them with its service.
-### Virtual devices
+### Windows Autopatch on Windows 365 Enterprise Workloads
-#### Windows Autopatch on Windows 365 Enterprise Workloads
+With Windows 365 Enterprise, IT admins are given the option to register devices with the Windows Autopatch service as part of the Windows 365 provisioning policy creation. This option provides a seamless experience for admins and users to ensure your Cloud PCs are always up to date. When IT admins decide to manage their Windows 365 Cloud PCs with Windows Autopatch, the Windows 365 provisioning policy creation process calls Windows Autopatch device registration APIs to register devices on behalf of the IT admin.
 With Windows 365 Enterprise, you can include Windows Autopatch onboarding as part of your provision process providing a seamless experience for admins and users to ensure your Cloud PCs are always up to date.
 #### Deploy Windows Autopatch on a Windows 365 Provisioning Policy
 For general guidance, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
 **To deploy Windows Autopatch on a Windows 365 Provisioning Policy:**
@ -149,20 +144,22 @@ For general guidance, see [Create a Windows 365 Provisioning Policy](/windows-36
 1. Assign your policy accordingly and select **Next**.
 1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch.
 For general guidance, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
 #### Deploy Autopatch on Windows 365 for existing Cloud PC
-All your existing Windows 365 Enterprise workloads can be registered into Windows Autopatch by leveraging the same method as your physical devices. For more information, see [Physical devices](#physical-devices).
+All your existing Windows 365 Enterprise workloads can be registered into Windows Autopatch by leveraging the same method for any other physical or virtual device. See [steps to register devices](#steps-to-register-devices) for more details.
-#### Contact support
+### Contact support for device registration-related incidents
-Support is available either through Windows 365, or Windows Autopatch for update related incidents.
+Support is available either through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.
 - For Windows 365 support, see [Get support](/mem/get-support).  
 - For Windows Autopatch support, see [Submit a support request](/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request).  
 ## Device management lifecycle scenarios
-There's a few more device lifecycle management scenarios to consider when planning to register devices in Windows Autopatch.
+There's a few more device management lifecycle scenarios to consider when planning to register devices in Windows Autopatch.
 ### Device refresh
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@ -1,7 +1,7 @@
 ---
 title: Prerequisites
 description:  This article details the prerequisites needed for Windows Autopatch
-ms.date: 06/30/2022
+ms.date: 08/04/2022
 ms.prod: w11
 ms.technology: windows
 ms.topic: conceptual
@ -41,7 +41,6 @@ Windows Autopatch is included with Window 10/11 Enterprise E3 or higher. The fol
 The following Windows OS 10 editions, 1809 builds and architecture are supported in Windows Autopatch:
 - x64 architecture
 - Windows 10 (1809+)/11 Pro
 - Windows 10 (1809+)/11 Enterprise
 - Windows 10 (1809+)/11 Pro for Workstations
@ -51,8 +50,9 @@ The following Windows OS 10 editions, 1809 builds and architecture are supported
 Windows Autopatch fully supports co-management. The following co-management requirements apply:
 - Use a currently supported [Configuration Manager version](/mem/configmgr/core/servers/manage/updates#supported-versions).
- Ensure ConfigMgr is connected to the internet and [cloud-attach with Intune](/mem/configmgr/cloud-attach/overview).
+- ConfigMgr must be [cloud-attached with Intune (Co-management)](/mem/configmgr/cloud-attach/overview) and must have the following Co-management workloads enabled:
- Ensure ConfigMgr is co-managed. For more information, see [Paths to co-management](/mem/configmgr/comanage/quickstart-paths).
+	- Set the [Windows Update workload](/mem/configmgr/comanage/workloads#windows-update-policies) to Pilot Intune or Intune.
- Set the [Windows Update workload](/mem/configmgr/comanage/workloads#windows-update-policies) to Pilot Intune or Intune.
+	- Set the [Device configuration workload](/mem/configmgr/comanage/workloads#device-configuration) to Pilot Intune or Intune.
- Set the [Device configuration workload](/mem/configmgr/comanage/workloads#device-configuration) to Pilot Intune or Intune.
+	- Set the [Office Click-to-Run apps workload](/mem/configmgr/comanage/workloads#office-click-to-run-apps) to Pilot Intune or Intune.
- Set the [Office Click-to-Run apps workload](/mem/configmgr/comanage/workloads#office-click-to-run-apps) to Pilot Intune or Intune.
+
 For more information, see [paths to co-management](/mem/configmgr/comanage/quickstart-paths).
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@ -16,7 +16,7 @@ metadata:
  ms.author: dansimp #Required; microsoft alias of author; optional team alias.
  ms.date: 09/20/2021
  localization_priority: Priority
-    
+
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 landingContent: