updates

education/windows/tutorial-managed-installer/create-policies.md

@@ -20,17 +20,12 @@ The following table details the two policy types to allow apps to run:
 | WDAC Supplemental policy | Directly allows apps meeting the rule criteria to run | For executables that are blocked by the E-Mode policy (Visible from the Event Viewer in the [CodeIntegrity events](./troubleshoot.md)) | Low |
 | AppLocker policy | Sets an app to be considered as a managed installer | Only for executables that do installations or updates which are blocked by the E-Mode policy | High |
 
-> **Note**
+> [!NOTE]
->
 > The specifics of the policy you will need to write vary from app to app. Public documentation can help you determine which rules would be useful for your app.
 
 ## WDAC supplemental policies
 
-WDAC supplemental policies can be created and then deployed through Intune.\
+WDAC supplemental policies can be created and then deployed through Intune.
-
-Watch Jeffrey Sutherland explain ...
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWWReO]
 
 Follow the instructions below for authoring and deploying these policies.
 
@@ -91,6 +86,11 @@ Set-CiPolicyIdInfo - FilePath <"Path to .xml from step 3"> -SupplementsBasePolic
 > [!NOTE]
 > If you have created multiple supplemental policies for different apps, it's recommended to merge all supplemental policies together before deploying. You can merge policies using the WDAC Wizard.
 
+In the following video, Jeffrey Sutherland explains how to create a supplemental policy for an app that is blocked by the Windows 11 SE E-Mode policy.
+
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RWWReO]
+
+
 
 ### Writing a supplemental policy for a UWP LOB app
 

education/windows/tutorial-managed-installer/deploy-apps.md

@@ -33,7 +33,7 @@ The following table provides an overview of the applications types that can be d
 The addition of Win32 applications to Intune consists of repackaging the apps and defining the commands to silently install them. The process is described in the article [Add, assign, and monitor a Win32 app in Microsoft Intune][MEM-1].
 
 > [!IMPORTANT]
-> There are known limitations that might prevent a specific app from being installed. For more information, see the next section [validate applications](validate-apps.md#known-limitations).
+> There are known limitations that might prevent a specific app from being installed. For more information, see the next section [validate applications](validate-apps.md).
 
 > [!NOTE]
 > While Win32 apps can be deployed through the Microsoft Store integration with Intune, it's currently an unsupported deployment method for Windows 11 SE.
@@ -45,7 +45,7 @@ The addition of Win32 applications to Intune consists of repackaging the apps an
 For private, line-of-business (LOB) UWP apps, [deploy as line-of-business apps][MEM-2]
 
 > [!IMPORTANT]
-> UWP apps require the creation and deployment of supplemental policies. For more information, see the next section [validate applications](validate-apps.md#known-limitations).
+> UWP apps require the creation and deployment of supplemental policies. For more information, see the next section [validate applications](validate-apps.md).
 
 ### Microsoft Store apps
 

education/windows/tutorial-managed-installer/validate-apps.md

@@ -53,11 +53,11 @@ To check the installation status of an app from the Intune portal:
 1. Select the application you want to check
 1. From the **Overview** page, you can verify the overall installation status
     
-    :::image type="content" source="./images/intune-app-install-overview.png" alt-text="Microsoft Intune admin center - App installation details.":::
+    :::image type="content" source="./images/intune-app-install-overview.png" alt-text="Microsoft Intune admin center - App installation details." lightbox="./images/intune-app-install-overview.png":::
 
 1. From the **Device install status** page, you can verify the installation status for each device, and the status code that indicates the cause of the failure
     
-    :::image type="content" source="./images/intune-app-install-status.png" alt-text="Microsoft Intune admin center - App installation status for each device.":::
+    :::image type="content" source="./images/intune-app-install-status.png" alt-text="Microsoft Intune admin center - App installation status for each device." lightbox="./images/intune-app-install-status.png":::
 
 > [!NOTE]
 > A Win32 application may install correctly, but report to Intune as failed.\
@@ -83,7 +83,7 @@ Checking for compatibility often means to execute the app and verify its functio
 
 Here are things to pay attention to:
 
-- Know how the apps you deploy are updated, whether through auto-updates and if they offer controls for automatic updates
+- Know how the apps you deploy are updated, and if they offer controls for automatic updates
 - Dialogs may pop up during the app use, indicating that something is blocked
 - Multiple apps are installed, especially if one app appears to be a launcher/updater. For example, Adobe Photoshop includes the Adobe Creative Cloud launcher, which updates Photoshop and other apps
 - Any messages indicating that the app is doing pre-installation work or downloading more content
@@ -103,13 +103,11 @@ Semi-compatible apps may run without problems initially, but in the future they
 Incompatible apps may launch initially, but immediately begin to download more resources.\
 These apps are eventually blocked before any of their functionalities can be accessed. Or, these apps may not launch due to a dependent file blocked by the Windows 11 SE base policy.
 
-See [here][WIN-1] for the common classes of incompatible apps.
-
 ### Visual error notifications
 
 You may see a dialog indicating **This app won't run on your PC**. Check the indicated executable and verify that it matches the executable of the installed application.
 
-:::image type="content" source="images/image7.png" alt-text="Add more info.":::
+:::image type="content" source="images/winse-app-block.png" alt-text="Windows SE - error window while opening an app.":::
 
 ### Event Viewer
 
@@ -129,9 +127,9 @@ To learn about known limitations with apps deployed via a managed installer, see
 Before moving on to the next section, ensure that you've completed the following tasks:
 
 > [!div class="checklist"]
-> - No Intune installation errors
+> - Verified any installation errors from Intune
-> - No errors when opening the app from the device
+> - Verified the app installation on the device
-> - *CI Policy* in the Event Viewer logs don't show app's executables getting blocked
+> - Checked for any errors when opening the app from the device
 
 ## Next steps