update

education/windows/school-deployment/configure-devices-overview.md

@@ -29,7 +29,7 @@ By organizing students, classrooms, or learning curricula into groups, you can p
 - For all devices, block apps from using location services.
 - For AP Computer Science, assign students apps to edit code.
 - For 12th grade History, enable web browsing to access academic articles.
-- For all Photography students, enable the device’s camera.
+- For all Photography students, enable the device's camera.
 
 *Out of the box, Intune for Education comes with default groups that enable you to manage All devices and All users. There are also two additional groups if you use Microsoft SDS: All teachers and All students.  SDS also creates individual groups for students and teachers of specific schools, which fold under the All teachers and All students groups. Beyond the defaults, groups can be customized to suit various needs. For example, if you have both Windows and iOS devices in your school, you can create groups, such as All iPads and All Windows 10 PCs.* 
 
@@ -98,7 +98,7 @@ You can manage the settings of several devices from a single touch point. For mo
 
 ## Endpoint security
 
-Intune for Education helps protect devices and school data with tools like security baselines and Windows Update policies. Through the Endpoint security node, you can configure device security and manage security tasks for devices at risk. The node configures and deploys Microsoft Defender for Endpoint to help prevent security breaches and gain visibility into your school’s security posture. 
+Intune for Education helps protect devices and school data with tools like security baselines and Windows Update policies. Through the Endpoint security node, you can configure device security and manage security tasks for devices at risk. The node configures and deploys Microsoft Defender for Endpoint to help prevent security breaches and gain visibility into your school's security posture. 
 
 ### Create security policies
 

education/windows/school-deployment/enroll-autopilot.md

@@ -25,7 +25,7 @@ For more information, see [Overview of Windows Autopilot][MEM-1].
 
 Windows Autopilot is especially useful in scenarios where devices are handed out to users without the need to build, maintain, and apply custom operating system images. These devices will be enrolled as school-owned devices. 
 
-A cloud-based provisioning technology, Windows Autopilot can be used to set up and preconfigure devices at the start of the school year. There’s no need to wipe devices or use custom OS images. The device must be preregistered, and the enrollment profile created and assigned in Intune for Education. When users sign in with their school account, they are automatically enrolled. 
+A cloud-based provisioning technology, Windows Autopilot can be used to set up and preconfigure devices at the start of the school year. There's no need to wipe devices or use custom OS images. The device must be preregistered, and the enrollment profile created and assigned in Intune for Education. When users sign in with their school account, they are automatically enrolled. 
 
 **NOTE:** A fix for the known TPM attestation issue can now be addressed by using the latest Bare Metal Recovery (BMR) with 5b CU. For more information, see [Support tip: Recovering from Windows Autopilot error code 0x81039023 on Windows 11 SE](https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-recovering-from-windows-autopilot-error-code/ba-p/3283743). 
 
@@ -42,7 +42,7 @@ Before setting up Windows Autopilot, consider these prerequisites:
 
 ### Register devices to Windows Autopilot
 
-Before deployment, devices must be registered with the Windows Autopilot deployment service. Each device’s unique hardware identity (known as a *hardware hash*) is captured and uploaded to the Autopilot service, and the device is associated with an Azure tenant ID. There are three main ways to register devices to Autopilot:
+Before deployment, devices must be registered with the Windows Autopilot deployment service. Each device's unique hardware identity (known as a *hardware hash*) is captured and uploaded to the Autopilot service, and the device is associated with an Azure tenant ID. There are three main ways to register devices to Autopilot:
 
 - **Complete the OEM registration process.** When you purchase devices from an OEM, that company can automatically register them with Windows Autopilot. Before an OEM can register devices, your school must grant permission. The OEM begins this process with approval granted by an Azure AD global administrator from the school. For Microsoft Surface registration, collect the details shown in this [documentation table](/surface/surface-autopilot-registration-support) before submitting the request to Microsoft Support. You can make requests using the [Microsoft Devices Autopilot Support](https://prod.support.services.microsoft.com/supportrequestform/0d8bf192-cab7-6d39-143d-5a17840b9f5f) form.
 - **Manually register devices with Windows Autopilot.** To manually register a device, you must first capture its hardware hash. Once this process has been completed, the hardware hash can be uploaded to the Windows Autopilot service using [Microsoft Intune](/mem/autopilot/add-devices), [Partner Center](https://msdn.microsoft.com/partner-center/autopilot), [Microsoft 365 Business & Office 365 Admin](https://support.office.com/article/Create-and-edit-AutoPilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa), or the [Microsoft Store](https://apps.microsoft.com/store/apps).
@@ -53,7 +53,7 @@ Before deployment, devices must be registered with the Windows Autopilot deploym
 
 ### Set up the devices
 
-It’s easy to set up Windows 11 SE devices with Windows Autopilot and Microsoft Endpoint Manager. First, you create a dynamic device group, and then you apply a Windows Autopilot deployment profile to each device in this group. Deployment profiles determine the deployment mode and customize the OOBE for your end users.
+It's easy to set up Windows 11 SE devices with Windows Autopilot and Microsoft Endpoint Manager. First, you create a dynamic device group, and then you apply a Windows Autopilot deployment profile to each device in this group. Deployment profiles determine the deployment mode and customize the OOBE for your end users.
 
 ### Create a dynamic device group
 

education/windows/school-deployment/manage-inventory-reporting.md

@@ -1,6 +1,6 @@
 ---
-title: # Microsoft Endpoint Manager support
+title: Device inventory and reporting
-description: # How to obtain Microsoft support from Microsoft Endpoint Manager admin center.
+description: Device inventory and reporting
 ms.date: 08/31/2022
 ms.prod: windows
 ms.technology: windows
@@ -16,7 +16,7 @@ appliesto:
 - ✅ <b>Windows 11</b>
 ---
 
-## Device inventory and reporting
+# Device inventory and reporting
 
 As an IT administrator, you can view current devices, applications, settings, and overall health in Microsoft Endpoint Manager. You can also download reports to review or share offline.
 
@@ -24,7 +24,7 @@ To access, view, and download reports:
 
 1. Go Microsoft Endpoint Manager, and then select **Reports**.
 
-:::image type="content" source="./image21.png" alt-text="Device inventory reports page in Intune for Education" border="true":::
+## ADD PIC Device inventory reports page in Intune for Education"
 
 2. Review the desired reports. For more information about common reports, see:
 
@@ -49,7 +49,7 @@ Windows Update for Business enables you to keep the Windows client devices in yo
 
 ### Microsoft Defender for Endpoint
 
-Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help networks prevent, detect, investigate, and respond to advanced threats. You can use Defender for Endpoint to help secure your entire school network. For more information, see [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide).
+Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help networks prevent, detect, investigate, and respond to advanced threats. You can use Defender for Endpoint to help secure your entire school network. For more information, see [Onboard devices and configure Microsoft Defender for Endpoint capabilities](/microsoft-365/security/defender-endpoint/onboard-configure).
 
 ### Microsoft Intelligent Security Graph
 
@@ -57,7 +57,7 @@ Microsoft Intelligent Security Graph (ISG) offers application control with a too
 
 ### Microsoft Endpoint Manager and DFCI support
 
-With DFCI profiles built into Intune for Education, Surface UEFI management extends the modern management stack to the UEFI hardware level. With DFCI profiles, you can dramatically simplify IT deployment and provisioning across the device’s lifecycle—all from the cloud. DFCI management requires the device to be enrolled with Windows Autopilot and be registered by a partner or OEM. For more information, see [Manage DFCI on Surface devices](/surface/surface-manage-dfci-guide).
+With DFCI profiles built into Intune for Education, Surface UEFI management extends the modern management stack to the UEFI hardware level. With DFCI profiles, you can dramatically simplify IT deployment and provisioning across the device'''s lifecycle—all from the cloud. DFCI management requires the device to be enrolled with Windows Autopilot and be registered by a partner or OEM. For more information, see [Manage DFCI on Surface devices](/surface/surface-manage-dfci-guide).
 
 ### Microsoft Defender SmartScreen
 

education/windows/school-deployment/manage-overview.md

@@ -1,6 +1,6 @@
 ---
-title: # Microsoft Endpoint Manager support
+title: Manage devices with Microsoft Intune
-description: # How to obtain Microsoft support from Microsoft Endpoint Manager admin center.
+description: Manage devices with Microsoft Intune
 ms.date: 08/31/2022
 ms.prod: windows
 ms.technology: windows
@@ -22,7 +22,7 @@ Microsoft Intune delivers streamlined remote management throughout the school ye
 
 ## Remote device management
 
-With Intune for Education, you can manage groups, applications, resources, and individual needs of multiple students. There are several ways to manage students’ devices, including organizing what groups they belong to; determining what apps they have access to; and configuring device settings, customizations, and restrictions. You can also monitor when users sign in and troubleshoot devices remotely.
+With Intune for Education, you can manage groups, applications, resources, and individual needs of multiple students. There are several ways to manage students' devices, including organizing what groups they belong to; determining what apps they have access to; and configuring device settings, customizations, and restrictions. You can also monitor when users sign in and troubleshoot devices remotely.
 
 ## Managing groups
 
@@ -33,7 +33,7 @@ By organizing students, classrooms, or learning curricula into groups, you can p
 - For all devices, block apps from using location services.
 - For AP Computer Science, assign students apps to edit code.
 - For 12th grade History, enable web browsing to access academic articles.
-- For all Photography students, enable the device’s camera.
+- For all Photography students, enable the device's camera.
 
 *Out of the box, Intune for Education comes with default groups that enable you to manage All devices and All users. There are also two additional groups if you use Microsoft SDS: All teachers and All students.  SDS also creates individual groups for students and teachers of specific schools, which fold under the All teachers and All students groups. Beyond the defaults, groups can be customized to suit various needs. For example, if you have both Windows and iOS devices in your school, you can create groups, such as All iPads and All Windows 10 PCs.* 
 
@@ -65,7 +65,7 @@ Managing devices from the cloud has dramatically simplified IT deployment and pr
 The following prerequisites are required to manage DFCI with Intune:
 
 - The device must be managed with Intune, as DFCI management is not supported with Set Up School PCs (provisioning package) enrollments. For more information, see [DFCI Management](/mem/autopilot/dfci-management). 
-- The device should be registered through Windows Autopilot in Intune. The device must be registered for Windows Autopilot by a [Microsoft CSP partner](https://partner.microsoft.com/membership/cloud-solution-provider) or registered directly by the OEM. **NOTE:** Devices manually registered for Autopilot (such as by importing a CSV file) are not allowed to use DFCI. By design, DFCI management requires external attestation of the device’s commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot.
+- The device should be registered through Windows Autopilot in Intune. The device must be registered for Windows Autopilot by a [Microsoft CSP partner](https://partner.microsoft.com/membership/cloud-solution-provider) or registered directly by the OEM. **NOTE:** Devices manually registered for Autopilot (such as by importing a CSV file) are not allowed to use DFCI. By design, DFCI management requires external attestation of the device's commercial acquisition through an OEM or a Microsoft CSP partner registration to Windows Autopilot.
 - The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process or as a firmware update that you install. Work with your device vendors to determine the [manufacturers that support DFCI](/mem/autopilot/dfci-management). 
 
 ### Manage DFCI profiles with Autopilot
@@ -89,7 +89,7 @@ Create a [DFCI profile](/surface/surface-manage-dfci-guide), and then assign it
 1. For the profile type, select **Templates**, and then select **Device Firmware Configuration Interface**. 
 1. Enter a name and description for the profile. 
 
-![Profile creation page for devices in Microsoft Endpoint Manager admin center](./image24.png)
+## ADD PIC HERE Profile creation page for devices in Microsoft Endpoint Manager admin center
 
 6. In **Configuration settings**, review the available settings in the UEFI configuration.
 1. Select **Assignments**.
@@ -123,18 +123,18 @@ For more information, see [Configuring the DFCI environment and managing UEFI co
 
 ## Microsoft Surface Management Portal
 
-Located in the Microsoft Endpoint Manager admin center, the Microsoft Surface Management Portal enables you to self-serve, manage, and monitor your school’s Intune-managed Surface devices at scale. Get insights into device compliance, support activity, warranty coverage, and more. When Surface Laptop SE devices are enrolled in cloud management and users sign in for the first time, information automatically flows into the Surface Management Portal, giving you a single pane of glass for Surface-specific administration activities.
+Located in the Microsoft Endpoint Manager admin center, the Microsoft Surface Management Portal enables you to self-serve, manage, and monitor your school's Intune-managed Surface devices at scale. Get insights into device compliance, support activity, warranty coverage, and more. When Surface Laptop SE devices are enrolled in cloud management and users sign in for the first time, information automatically flows into the Surface Management Portal, giving you a single pane of glass for Surface-specific administration activities.
 
 To access and use the Surface Management Portal: 
 
 1. In the Microsoft Endpoint Manager admin center, select **All services** → **Surface Management Portal**.
 
-:::image type="content" source="./image26.png" alt-text="Surface Management Portal monitoring page in Microsoft Endpoint Manager admin center" border="true":::
+## ADD PIC HERE Surface Management Portal monitoring page in Microsoft Endpoint Manager admin center
 
 2. To display insights for all your Surface devices, select **Monitor**. This shows devices that are out of compliance or not registered, have critically low storage, require updates, or are currently inactive. 
 1. To see details on each insights category, select **View report**. This displays diagnostic information that you can customize and export. 
 
-To see the device’s warranty information, select **Device warranty and coverage**.
+To see the device's warranty information, select **Device warranty and coverage**.
 
 5. To see support requests and their status, select **Support requests**.
 

education/windows/school-deployment/manage-remote-actions.md

@@ -1,6 +1,6 @@
 ---
-title: # Microsoft Endpoint Manager support
+title: Microsoft Endpoint Manager support
-description: # How to obtain Microsoft support from Microsoft Endpoint Manager admin center.
+description: Microsoft Endpoint Manager support
 ms.date: 08/31/2022
 ms.prod: windows
 ms.technology: windows
@@ -19,8 +19,6 @@ appliesto:
 # Microsoft Endpoint Manager support
 
 
-
-
 ## Remote actions
 
 The following list includes some everyday actions you can perform on school devices. To see a complete list of what can be done on which device, simply select **All devices** and choose a specific device.
@@ -39,4 +37,4 @@ The following list includes some everyday actions you can perform on school devi
 - [Wipe](/mem/intune/remote-actions/devices-wipe)
 - [Synchronize Device](/mem/intune/remote-actions/device-sync)
 
-:::image type="content" source="./image20.png" alt-text="Bulk device action page in Microsoft Endpoint Manager admin center" border="true":::
+## ADD PIC HERE Bulk device action page in Microsoft Endpoint Manager admin center

education/windows/school-deployment/microsoft-education.md

@@ -1,6 +1,6 @@
 ---
 title: Microsoft Education
-description: # How to obtain Microsoft support from Microsoft Endpoint Manager admin center.
+description: Microsoft Education
 ms.date: 08/31/2022
 ms.prod: windows
 ms.technology: windows

education/windows/school-deployment/reset-wipe.md

@@ -34,7 +34,7 @@ With Intune for Education, wiping can be performed remotely:
 1. Choose a device, and then select **Autopilot Reset**. 
 1. To confirm the reset, select **Autopilot Reset** again. A message appears when the reset is initiated. The device will reset the next time it connects to the Internet. 
 
-:::image type="content" source="./image17.png" alt-text="Using Autopilot Reset in Microsoft Endpoint Manager admin center" border="true":::
+## ADD PIC HERE Using Autopilot Reset in Microsoft Endpoint Manager admin center
 
 ### Factory reset (wipe)
 
@@ -47,11 +47,11 @@ To perform a factory reset:
 1. **NOTE:** We recommend keeping the enrollment state and associated user account. This option ensures that the Wipe action cannot be circumvented by turning off the device.
 1. Select **Yes** to reset the device to its factory defaults and delete the Intune object.
 
-:::image type="content" source="./image18.png" alt-text="Using factory reset in Microsoft Endpoint Manager admin center" border="true":::
+## ADD PIC HERE Using factory reset in Microsoft Endpoint Manager admin center
 
 ## Wiping and removing a device
 
-With this action, a device’s data is wiped, and the device is removed from the school deployment. This action should only be performed for devices that are no longer going to be used. To completely remove a device, you need to perform two actions: 
+With this action, a device's data is wiped, and the device is removed from the school deployment. This action should only be performed for devices that are no longer going to be used. To completely remove a device, you need to perform two actions: 
 
 1. Perform a [factory reset (wipe)](#) on the device.
 1. Complete one of the following actions, depending on Intune enrollment:
@@ -79,4 +79,4 @@ To delete devices that are enrolled in Intune:
 1. Select **Devices** → **Azure AD devices**. 
 1. Follow the steps outlined in [Delete devices from the Azure Active Directory portal](/mem/intune/remote-actions/devices-wipe).
 
-:::image type="content" source="./image19.png" alt-text="Device and account deletion page in Azure Active Directory admin center" border="true":::
+## ADD PIC HERE Device and account deletion page in Azure Active Directory admin center

education/windows/school-deployment/set-up-microsoft-intune.md

@@ -165,4 +165,4 @@ ________________________________________________________
 With the Intune service configured, you can start enrolling and managing students' and teachers' devices.
 > [!div class="nextstepaction"]
 > [< Set up your tenant](set-up-your-tenant.md)
-> [Enroll devices >](enrollment-overview.md)
+> [Enroll devices >](enroll-overview.md)

education/windows/school-deployment/set-up-your-tenant.md

@@ -1,6 +1,6 @@
 ---
 title: Set up your tenant
-description: # How to obtain Microsoft support from Microsoft Endpoint Manager admin center.
+description: How to create and prepare your tenant for an education environment 
 ms.date: 08/31/2022
 ms.prod: windows
 ms.technology: windows

education/windows/school-deployment/toc.yml

@@ -1,12 +1,12 @@
 items: 
   - name: Introduction
-    href: index.yml
+    href: index.md
   - name: Microsoft Education
     href: microsoft-education.md
   - name: 1 . Prepare your tenant
     items:
       - name: Overview
-        href: prepare-tenant-overview.md
+        href: set-up-your-tenant.md
       - name: Set up your tenant
         href: set-up-your-tenant.md
       - name: Set up Microsoft Intune

education/windows/school-deployment/troubleshoot-overview.md

@@ -1,6 +1,6 @@
 ---
-title: # Microsoft Endpoint Manager support
+title: How to contact Microsoft Support
-description: # How to obtain Microsoft support from Microsoft Endpoint Manager admin center.
+description: How to contact Microsoft Support
 ms.date: 08/31/2022
 ms.prod: windows
 ms.technology: windows
@@ -16,7 +16,7 @@ appliesto:
 - ✅ <b>Windows 11</b>
 ---
 
-## How to contact Microsoft Support
+# How to contact Microsoft Support
 
 Microsoft provides global technical, pre-sales, billing, and subscription support for cloud-based device management services. This support includes Microsoft Intune, Configuration Manager, Windows 365, and Microsoft Managed Desktop.