PDE Intune Config Updates 4

windows/security/information-protection/personal-data-encryption/configure-pde-in-intune.md

@@ -1,5 +1,5 @@
 ---
-title: Configure Personal Data Encryption (PDE) in Intune
+title: Configure Personal Data Encryption (PDE) using Intune
 description: Configuring and enabling Personal Data Encryption (PDE) required and recommended policies in Intune
 author: frankroj
 ms.author: frankroj
@@ -15,7 +15,7 @@ ms.date: 03/10/2023
 <!-- Max 5963468 OS 32516487 -->
 <!-- Max 6946251 -->
 
-# Configure Personal Data Encryption (PDE) policies in Intune
+# Configure Personal Data Encryption (PDE) policies using Intune
 
 The various required and recommended policies needed for Personal Data Encryption (PDE) can be configured in Intune. The following links for both required and recommended policies contain step by step instructions on how to configure these policies in Intune.
 

windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md

@@ -1,6 +1,6 @@
 ---
-title: Disable ARSO in Intune
+title: Disable Winlogon automatic restart sign-on (ARSO) for PDE using Intune
-description: Disable ARSO in Intune
+description: Disable Winlogon automatic restart sign-on (ARSO) for PDE using Intune
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rhonnegowda
@@ -12,29 +12,33 @@ ms.localizationpriority: medium
 ms.date: 03/10/2023
 ---
 
-# Disable Winlogon automatic restart sign-on (ARSO) in Intune
+# Disable Winlogon automatic restart sign-on (ARSO) for PDE
 
-Winlogon automatic restart sign-on (ARSO) isn't supported for use with Personal Data Encryption (PDE). To disable ARSO using Intune, follow the below steps:
+Winlogon automatic restart sign-on (ARSO) isn't supported for use with Personal Data Encryption (PDE). For this reason, in order to use PDE, ARSO needs to be disabled.
+
+## Disable Winlogon automatic restart sign-on (ARSO) using Intune
+
+To disable ARSO using Intune, follow the below steps:
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. In the **Home** screen, select **Devices**.
+1. In the **Home** screen, select **Devices** in the left pane.
 
 1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
 
-1. In the **Devices | Configuration profiles screen**, select **Create profile**.
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
 
-1. In the **Create profile** window:
+1. In the **Create profile** window that opens:
 
    1. Under **Platform**, select **Windows 10 and later**.
 
    1. Under **Profile type**, select **Templates**.
 
-   1. When the templates appears, under **Template name**, select **Administrative templates**.
+   1. When the templates appear, under **Template name**, select **Administrative templates**.
 
-   1. Select **Create**.
+   1. Select **Create** to close the **Create profile** window.
 
-1. In the **Basics** page of the **Create profile** screen:
+1. The **Create profile** screen will open. In the **Basics** page:
 
    1. Next to **Name**, enter **Disable ARSO**.
 
@@ -44,7 +48,7 @@ Winlogon automatic restart sign-on (ARSO) isn't supported for use with Personal
 
 1. In the **Configuration settings** page:
 
-   1. At the top of the page, make sure **Computer Configuration** is selected.
+   1. On the left pane of the page, make sure **Computer Configuration** is selected.
 
    1. Under **Setting name**, scroll down and select **Windows Components**.
 
@@ -64,10 +68,31 @@ Winlogon automatic restart sign-on (ARSO) isn't supported for use with Personal
 
         > [!NOTE]
         >
-        > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
+        > Make sure to select **Add groups** under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
 
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select**.
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
 
-   1. Under **Groups**, ensure the correct group(s) are selected, and then select **Next**.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
 
 1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
+
+## Additional PDE configurations in Intune
+
+### Required prerequisites
+
+- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+
+### Security hardening recommendations
+
+- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+
+- [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+
+- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
+
+- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
+
+## More information
+
+- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)

windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md

@@ -1,6 +1,6 @@
 ---
-title: Disable hibernation in Intune
+title: Disable hibernation for PDE using Intune
-description: Disable hibernation in Intune
+description: Disable hibernation for PDE using Intune
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rhonnegowda
@@ -12,29 +12,31 @@ ms.localizationpriority: medium
 ms.date: 03/10/2023
 ---
 
-# Disable hibernation in Intune
+# Disable hibernation for PDE
 
-Hibernation files can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable hibernation.
+Hibernation files can potentially cause the keys used by Personal Data Encryption (PDE) to protect content to be exposed. For greatest security, disable hibernation.
 
-To disable hibernation using Intune:
+## Disable hibernation using Intune
+
+To disable hibernation using Intune, follow the below steps:
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. In the **Home** screen, select **Devices**.
+1. In the **Home** screen, select **Devices** in the left pane.
 
 1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
 
-1. In the **Devices | Configuration profiles screen**, select **Create profile**.
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
 
-1. In the **Create profile** window:
+1. In the **Create profile** window that opens:
 
    1. Under **Platform**, select **Windows 10 and later**.
 
    1. Under **Profile type**, select **Settings catalog**.
 
-   1. Select **Create**.
+   1. Select **Create** to close the **Create profile** window.
 
-1. In the **Basics** page of the **Create profile** screen:
+1. The **Create profile** screen will open. In the **Basics** page:
 
    1. Next to **Name**, enter **Disable Hibernation**.
 
@@ -46,11 +48,11 @@ To disable hibernation using Intune:
 
    1. select **Add settings**.
 
-   1. In the **Settings picker** window:
+   1. In the **Settings picker** window that opens:
 
       1. Under **Browse by category**, scroll down and select **Power**.
 
-      1. When the settings for the **Power** category appear under **Setting name**, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
+      1. When the settings for the **Power** category appear under **Setting name** in the lower pane, select **Allow Hibernate**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
 
    1. Change **Allow Hibernate** from **Allow** to **Block** by selecting the slider next to the option.
 
@@ -66,8 +68,29 @@ To disable hibernation using Intune:
         >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
 
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select**.
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
 
-   1. Under **Groups**, ensure the correct group(s) are selected, and then select **Next**.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
 
 1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
+
+## Additional PDE configurations in Intune
+
+### Required prerequisites
+
+- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+
+- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
+
+### Security hardening recommendations
+
+- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+
+- [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+
+- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
+
+## More information
+
+- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)

windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md

@@ -1,6 +1,6 @@
 ---
-title: Disable kernel-mode crash dumps and live dumps in Intune
+title: Disable kernel-mode crash dumps and live dumps for PDE using Intune
-description: Disable kernel-mode crash dumps and live dumps in Intune
+description: Disable kernel-mode crash dumps and live dumps for PDE using Intune
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rhonnegowda
@@ -12,29 +12,31 @@ ms.localizationpriority: medium
 ms.date: 03/10/2023
 ---
 
-# Disable kernel-mode crash dumps and live dumps in Intune
+# Disable kernel-mode crash dumps and live dumps for PDE
 
-Kernel-mode crash dumps and live dumps can potentially cause the keys used by PDE to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps.
+Kernel-mode crash dumps and live dumps can potentially cause the keys used by Personal Data Encryption (PDE) to protect content to be exposed. For greatest security, disable kernel-mode crash dumps and live dumps.
 
-To disable kernel-mode crash dumps and live dumps using Intune:
+## Disable kernel-mode crash dumps and live dumps using Intune
+
+To disable kernel-mode crash dumps and live dumps using Intune, follow the below steps:
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. In the **Home** screen, select **Devices**.
+1. In the **Home** screen, select **Devices** in the left pane.
 
 1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
 
-1. In the **Devices | Configuration profiles screen**, select **Create profile**.
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
 
-1. In the **Create profile** window:
+1. In the **Create profile** window that opens:
 
    1. Under **Platform**, select **Windows 10 and later**.
 
    1. Under **Profile type**, select **Settings catalog**.
 
-   1. Select **Create**.
+   1. Select **Create** to close the **Create profile** window.
 
-1. In the **Basics** page of the **Create profile** screen:
+1. The **Create profile** screen will open. In the **Basics** page:
 
    1. Next to **Name**, enter **Disable Kernel-Mode Crash Dumps**.
 
@@ -45,11 +47,12 @@ To disable kernel-mode crash dumps and live dumps using Intune:
 1. In the **Configuration settings** page:
 
    1. Select **Add settings**.
-   1. In the **Settings picker** pane:
+
+   1. In the **Settings picker** window that opens:
 
       1. Under **Browse by category**, scroll down and select **Memory Dump**.
 
-      1. When the settings for the **Memory Dump** category appear under **Setting name**, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
+      1. When the settings for the **Memory Dump** category appear under **Setting name** in the lower pane, select both **Allow Crash Dump** and **Allow Live Dump**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
 
    1. Change both **Allow Live Dump** and **Allow Crash Dump** from **Allow** to **Block** by selecting the slider next to each option, and then select **Next**.
 
@@ -63,8 +66,29 @@ To disable kernel-mode crash dumps and live dumps using Intune:
         >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
 
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select**.
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
 
-   1. Under **Groups**, ensure the correct group(s) are selected, and then select **Next**.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
 
 1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
+
+## Additional PDE configurations in Intune
+
+### Required prerequisites
+
+- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+
+- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
+
+### Security hardening recommendations
+
+- [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+
+- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
+
+- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
+
+## More information
+
+- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)

windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md

@@ -1,6 +1,6 @@
 ---
-title: Disable allowing users to select when a password is required when resuming from connected standby in Intune
+title: Disable allowing users to select when a password is required when resuming from connected standby for PDE using Intune
-description: Disable allowing users to select when a password is required when resuming from connected standby in Intune
+description: Disable allowing users to select when a password is required when resuming from connected standby for PDE using Intune
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rhonnegowda
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 03/10/2023
 ---
 
-# Disable allowing users to select when a password is required when resuming from connected standby in Intune
+# Disable allowing users to select when a password is required when resuming from connected standby for PDE
 
 When the **Disable allowing users to select when a password is required when resuming from connected standby** policy isn't configured, the outcome between on-premises Active Directory joined devices and workgroup devices, including Azure Active Directory joined devices, is different:
 
@@ -32,53 +32,55 @@ When the **Disable allowing users to select when a password is required when res
 
 Because of this undesired outcome, it's recommended to explicitly disable this policy on Azure AD joined devices instead of leaving it at the default of **Not configured**.
 
+## Disable allowing users to select when a password is required when resuming from connected standby using Intune
+
 To disable the policy **Disable allowing users to select when a password is required when resuming from connected standby** using Intune, follow the below steps:
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-2. In the **Home** screen, select **Devices**.
+1. In the **Home** screen, select **Devices** in the left pane.
 
-3. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
+1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
 
-4. In the **Devices | Configuration profiles screen**, select **Create profile**.
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
 
-5. In the **Create profile** window:
+1. In the **Create profile** window that opens:
 
    1. Under **Platform**, select **Windows 10 and later**.
 
-   2. Under **Profile type**, select **Settings catalog**.
+   1. Under **Profile type**, select **Settings catalog**.
 
-   3. Select **Create**.
+   1. Select **Create** to close the **Create profile** window.
 
-6. In the **Basics** page of the **Create profile** screen:
+1. The **Create profile** screen will open. In the **Basics** page:
 
     1. Next to **Name**, enter **Disable allowing users to select when a password is required when resuming from connected standby**.
 
-    2. Next to **Description**, enter a description.
+    1. Next to **Description**, enter a description.
 
-    3. Select **Next**.
+    1. Select **Next**.
 
-7. In the **Configuration settings** page:
+1. In the **Configuration settings** page:
 
    1. Select **Add settings**.
 
-   2. In the **Settings picker** window:
+   1. In the **Settings picker** window that opens:
 
-      1. Under **Browse by category**, expand **Administrative Templates** by selecting the **>** to the left of it.
+      1. Under **Browse by category**, expand **Administrative Templates**.
 
-      2. Under **Administrative Templates**, scroll down and expand **System**.
+      1. Under **Administrative Templates**, scroll down and expand **System**.
 
-      3. Under **System**, scroll down and select **Logon**.
+      1. Under **System**, scroll down and select **Logon**.
 
-      4. When the settings for the **Logon** subcategory appear under **Setting name**, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
+      1. When the settings for the **Logon** subcategory appear under **Setting name** in the lower pane, select **Allow users to select when a password is required when resuming from connected standby**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
 
-   3. Leave the slider for **Allow users to select when a password is required when resuming from connected standby** at the default of **Disabled**.
+   1. Leave the slider for **Allow users to select when a password is required when resuming from connected standby** at the default of **Disabled**.
 
-   4. select **Next**.
+   1. select **Next**.
 
-8. In the **Scope tags** page, configure if necessary and then select **Next**.
+1. In the **Scope tags** page, configure if necessary and then select **Next**.
 
-9. In the **Assignments** page:
+1. In the **Assignments** page:
 
    1. Under **Included groups**, select **Add groups**.
 
@@ -86,8 +88,29 @@ To disable the policy **Disable allowing users to select when a password is requ
         >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
 
-   2. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select**.
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
 
-   3. Under **Groups**, ensure the correct group(s) are selected, and then select **Next**.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
 
-10. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
+1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
+
+## Additional PDE configurations in Intune
+
+### Required prerequisites
+
+- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+
+- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
+
+### Security hardening recommendations
+
+- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+
+- [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+
+- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
+
+## More information
+
+- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)

windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md

@@ -1,6 +1,6 @@
 ---
-title: Disable Windows Error Reporting (WER)/Disable user-mode crash dumps in Intune
+title: Disable Windows Error Reporting (WER)/Disable user-mode crash dumps for PDE using Intune
-description: Disable Windows Error Reporting (WER)/Disable user-mode crash dumps in Intune
+description: Disable Windows Error Reporting (WER)/Disable user-mode crash dumps for PDE using Intune
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rhonnegowda
@@ -20,21 +20,21 @@ To disable Windows Error Reporting (WER) and user-mode crash dumps using Intune,
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. In the **Home** screen, select **Devices**.
+1. In the **Home** screen, select **Devices** in the left pane.
 
 1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
 
-1. In the **Devices | Configuration profiles screen**, select **Create profile**.
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
 
-1. In the **Create profile** window:
+1. In the **Create profile** window that opens:
 
    1. Under **Platform**, select **Windows 10 and later**.
 
    1. Under **Profile type**, select **Settings catalog**.
 
-   1. Select **Create**.
+   1. Select **Create** to close the **Create profile** window.
 
-1. In the **Basics** page of the **Create profile** screen:
+1. The **Create profile** screen will open. In the **Basics** page:
 
    1. Next to **Name**, enter **Disable Windows Error Reporting (WER)**.
 
@@ -46,15 +46,15 @@ To disable Windows Error Reporting (WER) and user-mode crash dumps using Intune,
 
    1. Select **Add settings**.
 
-   1. In the **Settings picker** window:
+   1. In the **Settings picker** window that opens:
 
-      1. Under **Browse by category**, expand **Administrative Templates** by selecting the **>** to the left of it.
+      1. Under **Browse by category**, expand **Administrative Templates**.
 
       1. Under **Administrative Templates**, scroll down and expand **Windows Components**.
 
-      1. Under **Windows Components**, scroll down and select **Windows Error Reporting**.
+      1. Under **Windows Components**, scroll down and select **Windows Error Reporting**. Make sure to only select **Windows Error Reporting** and not to expand it.
 
-      1. When the settings for the **Windows Error Reporting** subcategory appear under **Setting name**, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
+      1. When the settings for the **Windows Error Reporting** subcategory appear under **Setting name** in the lower pane, select **Disable Windows Error Reporting**, and then select the **X** in the top right corner of the **Settings picker** window to close the window.
 
    1. Change **Disable Windows Error Reporting** from **Disabled** to **Enabled** by selecting the slider next to the option.
 
@@ -70,8 +70,29 @@ To disable Windows Error Reporting (WER) and user-mode crash dumps using Intune,
         >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
 
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select**.
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
 
-   1. Under **Groups**, ensure the correct group(s) are selected, and then select **Next**.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
 
 1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
+
+## Additional PDE configurations in Intune
+
+### Required prerequisites
+
+- [Enable Personal Data Encryption (PDE)](../pde-in-intune/intune-enable-pde.md)
+
+- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
+
+### Security hardening recommendations
+
+- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+
+- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
+
+- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
+
+## More information
+
+- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)

windows/security/information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md

@@ -1,6 +1,6 @@
 ---
-title: Enable Personal Data Encryption (PDE) in Intune
+title: Enable Personal Data Encryption (PDE) using Intune
-description: Enable Personal Data Encryption (PDE) in Intune
+description: Enable Personal Data Encryption (PDE) using Intune
 author: frankroj
 ms.author: frankroj
 ms.reviewer: rhonnegowda
@@ -12,19 +12,26 @@ ms.localizationpriority: medium
 ms.date: 03/10/2023
 ---
 
-# Enable Personal Data Encryption (PDE) in Intune
+# Enable Personal Data Encryption (PDE)
+
+By default, Personal Data Encryption (PDE) is not enabled on devices. Before PDE can be used on a device, it needs to be enabled.  This can be done via a custom OMA-URI policy assigned to the device.
+
+> [!NOTE]
+> Enabling the PDE policy on devices only enables the PDE feature. It does not protect any content. To protect content via PDE, use the [PDE APIs](/uwp/api/windows.security.dataprotection.userdataprotectionmanager). The PDE APIs can be used to create custom applications and scripts to specify which content to protect and at what level to protect the content. Additionally, the PDE APIs can't be used to protect content until the PDE policy has been enabled.
+
+## Enable Personal Data Encryption (PDE) using Intune
 
 To enable Personal Data Encryption (PDE) using Intune, follow the below steps:
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. In the **Home** screen, select **Devices**.
+1. In the **Home** screen, select **Devices** in the left pane.
 
 1. In the **Devices | Overview** screen, under **Policy**, select **Configuration Profiles**.
 
-1. In the **Devices | Configuration profiles screen**, select **Create profile**.
+1. In the **Devices | Configuration profiles** screen, make sure **Profiles** is selected at the top, and then select **Create profile**.
 
-1. In the **Create profile** window:
+1. In the **Create profile** window that opens:
 
    1. Under **Platform**, select **Windows 10 and later**.
 
@@ -32,9 +39,9 @@ To enable Personal Data Encryption (PDE) using Intune, follow the below steps:
 
    1. When the templates appears, under **Template name**, select **Custom**.
 
-   1. Select **Create**.
+   1. Select **Create** to close the **Create profile** window.
 
-1. In the **Basics** page of the **Custom** screen:
+1. The **Custom** screen will open. In the **Basics** page:
 
    1. Next to **Name**, enter **Personal Data Encryption**.
 
@@ -44,21 +51,24 @@ To enable Personal Data Encryption (PDE) using Intune, follow the below steps:
 
 1. In **Configuration settings** page:
 
-   1. Select **Add**.
+   1. Next to **OMA-URI Settings**, select **Add**.
 
-   1. In the **Add Row** pane:
+   1. In the **Add Row** window that opens:
 
        1. Next to **Name**, enter **Personal Data Encryption**.
+
        1. Next to **Description**, enter a description.
-       1. Next to **OMA-URI**, enter in **./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption**.
+
+       1. Next to **OMA-URI**, enter in **`./User/Vendor/MSFT/PDE/EnablePersonalDataEncryption`**.
+
        1. Next to **Data type**, select **Integer**.
+
        1. Next to **Value**, enter in **1**.
-       1. Select **Save**.
+
+       1. Select **Save** to close the **Add Row** window.
 
    1. Select **Next**
 
-1. In the **Scope tags** page, configure if necessary and then select **Next**.
-
 1. In the **Assignments** page:
 
    1. Under **Included groups**, select **Add groups**.
@@ -67,10 +77,32 @@ To enable Personal Data Encryption (PDE) using Intune, follow the below steps:
         >
         > Make sure to add the correct groups under **Included groups** and not under **Excluded groups**. Accidentally adding the desired device groups under **Excluded groups** will result in those devices being excluded and they won't receive the configuration profile.
 
-   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select**.
+   1. In the **Select groups to include** window that opens, select the groups that the configuration profile should be assigned to, and then select **Select** to close the **Select groups to include** window.
 
-   1. Under **Groups**, ensure the correct group(s) are selected, and then select **Next**.
+   1. Under **Included groups** > **Groups**, ensure the correct group(s) are selected, and then select **Next**.
 
 1. In **Applicability Rules**, configure if necessary and then select **Next**.
 
 1. In **Review + create** page, review the configuration to make sure everything is configured correctly, and then select **Create**.
+
+## Additional PDE configurations in Intune
+
+### Required prerequisites
+
+- [Disable Winlogon automatic restart sign-on (ARSO)](../pde-in-intune/intune-disable-arso.md)
+
+### Security hardening recommendations
+
+- [Disable kernel-mode crash dumps and live dumps](../pde-in-intune/intune-disable-memory-dumps.md)
+
+- [Disable Windows Error Reporting (WER)/Disable user-mode crash dumps](../pde-in-intune/intune-disable-wer.md)
+
+- [Disable hibernation](../pde-in-intune/intune-disable-hibernation.md)
+
+- [Disable allowing users to select when a password is required when resuming from connected standby](../pde-in-intune/intune-disable-password-connected-standby.md)
+
+## More information
+
+- [Personal Data Encryption (PDE)](../overview-pde.md)
+- [Personal Data Encryption (PDE) FAQ](../faq-pde.yml)
+