From bc2d9f66b898dcaa2d24abbc1ea070c884b5d376 Mon Sep 17 00:00:00 2001
From: Madison Holdaas <41927737+maholdaa@users.noreply.github.com>
Date: Thu, 10 Oct 2024 10:56:23 -0700
Subject: [PATCH 01/13] Update device-limit-intune-azure.md

---
 memdocs/intune/enrollment/device-limit-intune-azure.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/memdocs/intune/enrollment/device-limit-intune-azure.md b/memdocs/intune/enrollment/device-limit-intune-azure.md
index 76c59e3f8b8..0642852c8b8 100644
--- a/memdocs/intune/enrollment/device-limit-intune-azure.md
+++ b/memdocs/intune/enrollment/device-limit-intune-azure.md
@@ -58,7 +58,8 @@ Intune device limit restrictions don't apply to devices enrolled via:
 - Co-management with Configuration Manager   
 - Automatic enrollment + group policy  
 - Automatic enrollment + device enrollment manager  
-- Automatic enrollment + bulk device enrollment    
+- Automatic enrollment + bulk device enrollment
+- Automatic enrollment initiated by user through desktop - for example using the Access school or work feature on the devices (Settings app > Accounts)      
 - Windows Autopilot  
 
 Devices enrolled via these methods are enrolled automatically or by an Intune admin, not by an employee or student, and are considered shared devices. Instead, you can apply the Microsoft Entra limit, where supported.   

From 5c299aa548735ea51dc611897b1ed0b6ab90483d Mon Sep 17 00:00:00 2001
From: Erik Reitan <Erikre@users.noreply.github.com>
Date: Mon, 14 Oct 2024 10:47:48 -0700
Subject: [PATCH 02/13] erikre-fresh-29876900

---
 memdocs/intune/developer/app-sdk-android-phase3.md | 2 +-
 memdocs/intune/developer/app-sdk-get-started.md    | 2 +-
 memdocs/intune/developer/app-sdk-ios-appendix.md   | 2 +-
 memdocs/intune/developer/app-sdk-ios-phase1.md     | 2 +-
 memdocs/intune/developer/app-sdk-ios-phase2.md     | 2 +-
 memdocs/intune/developer/app-sdk-ios-phase3.md     | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/memdocs/intune/developer/app-sdk-android-phase3.md b/memdocs/intune/developer/app-sdk-android-phase3.md
index 238d78cf475..4f761255e49 100644
--- a/memdocs/intune/developer/app-sdk-android-phase3.md
+++ b/memdocs/intune/developer/app-sdk-android-phase3.md
@@ -7,7 +7,7 @@ keywords: SDK
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer
diff --git a/memdocs/intune/developer/app-sdk-get-started.md b/memdocs/intune/developer/app-sdk-get-started.md
index aa084fae543..e29136338dd 100644
--- a/memdocs/intune/developer/app-sdk-get-started.md
+++ b/memdocs/intune/developer/app-sdk-get-started.md
@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/14/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer
diff --git a/memdocs/intune/developer/app-sdk-ios-appendix.md b/memdocs/intune/developer/app-sdk-ios-appendix.md
index 4970305c5a8..572c769813c 100644
--- a/memdocs/intune/developer/app-sdk-ios-appendix.md
+++ b/memdocs/intune/developer/app-sdk-ios-appendix.md
@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer
diff --git a/memdocs/intune/developer/app-sdk-ios-phase1.md b/memdocs/intune/developer/app-sdk-ios-phase1.md
index 6d56f7568bc..b604b982fae 100644
--- a/memdocs/intune/developer/app-sdk-ios-phase1.md
+++ b/memdocs/intune/developer/app-sdk-ios-phase1.md
@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer
diff --git a/memdocs/intune/developer/app-sdk-ios-phase2.md b/memdocs/intune/developer/app-sdk-ios-phase2.md
index 66ca3087b1d..0e3fa962ec8 100644
--- a/memdocs/intune/developer/app-sdk-ios-phase2.md
+++ b/memdocs/intune/developer/app-sdk-ios-phase2.md
@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer
diff --git a/memdocs/intune/developer/app-sdk-ios-phase3.md b/memdocs/intune/developer/app-sdk-ios-phase3.md
index 99cda664cbb..b8ae1b08e10 100644
--- a/memdocs/intune/developer/app-sdk-ios-phase3.md
+++ b/memdocs/intune/developer/app-sdk-ios-phase3.md
@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer

From f243c3a072bde7736e2858950044c2885da5c7ec Mon Sep 17 00:00:00 2001
From: Laura Newsad <lanewsad@microsoft.com>
Date: Mon, 14 Oct 2024 13:54:26 -0400
Subject: [PATCH 03/13] Update device-limit-intune-azure.md

Added reference/link to provide more context
---
 memdocs/intune/enrollment/device-limit-intune-azure.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/memdocs/intune/enrollment/device-limit-intune-azure.md b/memdocs/intune/enrollment/device-limit-intune-azure.md
index 0642852c8b8..9cd2b033fa1 100644
--- a/memdocs/intune/enrollment/device-limit-intune-azure.md
+++ b/memdocs/intune/enrollment/device-limit-intune-azure.md
@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 03/04/2024
+ms.date: 10/14/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -59,7 +59,7 @@ Intune device limit restrictions don't apply to devices enrolled via:
 - Automatic enrollment + group policy  
 - Automatic enrollment + device enrollment manager  
 - Automatic enrollment + bulk device enrollment
-- Automatic enrollment initiated by user through desktop - for example using the Access school or work feature on the devices (Settings app > Accounts)      
+- Automatic enrollment initiated by user through desktop (for example, when they [connect a work or school account in the Windows Settings app](https://support.microsoft.com/windows/manage-user-accounts-in-windows-104dc19f-6430-4b49-6a2b-e4dbd1dcdf32))  
 - Windows Autopilot  
 
 Devices enrolled via these methods are enrolled automatically or by an Intune admin, not by an employee or student, and are considered shared devices. Instead, you can apply the Microsoft Entra limit, where supported.   

From 04bdd67870d02b8221c418923d6a25f2d1a5a7b0 Mon Sep 17 00:00:00 2001
From: Erik Reitan <Erikre@users.noreply.github.com>
Date: Mon, 14 Oct 2024 10:56:00 -0700
Subject: [PATCH 04/13] erikre-fresh-29876900 1.2

---
 memdocs/intune/developer/app-sdk-ios-appendix.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/memdocs/intune/developer/app-sdk-ios-appendix.md b/memdocs/intune/developer/app-sdk-ios-appendix.md
index 572c769813c..e2c3f845dc3 100644
--- a/memdocs/intune/developer/app-sdk-ios-appendix.md
+++ b/memdocs/intune/developer/app-sdk-ios-appendix.md
@@ -61,16 +61,16 @@ To do this, the application should make use of the `registeredAccounts:` method.
 
 ### How often does the SDK retry enrollments?
 
-The SDK will automatically retry all previously failed enrollments on a 24-hour interval. The SDK does this to ensure that if a user's organization enabled MAM after the user signed in to the application, the user will successfully enroll and receive policies.
+The SDK automatically retries all previously failed enrollments on a 24-hour interval. The SDK does this to ensure that if a user's organization enabled MAM after the user signed in to the application, the user will successfully enroll and receive policies.
 
-The SDK will stop retrying when it detects that a user has successfully enrolled the application. This is because only one user can enroll an application at a particular time. If the user is unenrolled, the retries will begin again on the same 24-hour interval.
+The SDK stops retrying when it detects that a user has successfully enrolled the application. This is because only one user can enroll an application at a particular time. If the user is unenrolled, the retries begin again on the same 24-hour interval.
 
 ### Why does the user need to be deregistered?
 
-The SDK will take these actions in the background periodically:
+The SDK takes these actions in the background periodically:
 
-* If the application isn't yet enrolled, it will try to enroll all registered accounts every 24 hours.
-* If the application is enrolled, the SDK will check for MAM policy updates every 8 hours.
+* If the application isn't yet enrolled, it tries to enroll all registered accounts every 24 hours.
+* If the application is enrolled, the SDK checks for MAM policy updates every 8 hours.
 
 Deregistering a user notifies the SDK that the user will no longer use the application, and the SDK can stop any of the periodic events for that user account. It also triggers an app unenroll and selective wipe if necessary.
 
@@ -80,7 +80,7 @@ This method should be called before the user is signed out of the application.
 
 ### Are there any other ways that an application can be unenrolled?
 
-Yes, the IT admin can send a selective wipe command to the application. This will deregister and unenroll the user, and it will wipe the user's data. The SDK automatically handles this scenario and sends a notification via the unenroll delegate method.
+Yes, the IT admin can send a selective wipe command to the application. This will deregister and unenroll the user, and it wipes the user's data. The SDK automatically handles this scenario and sends a notification via the unenroll delegate method.
 
 ### Is there a sample app that demonstrates how to integrate the SDK?
 

From 3f8a6349ae50bf384c7c7dc243422d0d12506c7f Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Mon, 14 Oct 2024 11:02:05 -0700
Subject: [PATCH 05/13] Freshness/quality reivew for October 2024.

---
 .../protect/sentinelone-mobile-threat-defense-connector.md  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/memdocs/intune/protect/sentinelone-mobile-threat-defense-connector.md b/memdocs/intune/protect/sentinelone-mobile-threat-defense-connector.md
index 257df17d45a..6b8dbd05d31 100644
--- a/memdocs/intune/protect/sentinelone-mobile-threat-defense-connector.md
+++ b/memdocs/intune/protect/sentinelone-mobile-threat-defense-connector.md
@@ -8,7 +8,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 01/10/2024
+ms.date: 10/14/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -35,7 +35,7 @@ ms.collection:
 
 You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by SentinelOne, a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the SentinelOne app.
 
-You can configure Conditional Access policies based on SentinelOne risk assessment enabled through Intune device compliance policies for enrolled devices, which you can use to allow or block noncompliant devices to access corporate resources based on detected threats. For unenrolled devices, you can use app protection policies to enforce a block or selective wipe based on detected threats.
+You can configure Conditional Access policies that are based on SentinelOne risk assessment, enabled through Intune device compliance policies for enrolled devices. You can use these policies to allow or block noncompliant devices access to corporate resources based on detected threats. For unenrolled devices, you can use app protection policies to enforce a block or selective wipe based on detected threats.
 
 ## Supported platforms
 
@@ -51,7 +51,7 @@ You can configure Conditional Access policies based on SentinelOne risk assessme
 
 ## How do Intune and SentinelOne help protect your company resources?
 
-The SentinelOne app for Android and iOS/iPadOS captures file system, network stack, device, and application telemetry where available, then sends the telemetry data to the SentinelOne cloud service to assess the device's risk for mobile threats.
+For Android and iOS/iPadOS The SentinelOne app captures file system, network stack, device, and application telemetry where available. Then the app sends the  data to the SentinelOne cloud service to assess the device's risk for mobile threats.
 
 - **Support for enrolled devices** - Intune device compliance policy includes a rule for Mobile Threat Defense (MTD), which can use risk assessment information from SentinelOne. When the MTD rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the SentinelOne app installed in their devices to resolve the issue and regain access to corporate resources. To support using SentinelOne with enrolled devices:
 

From 48f08cf088edef9870539315a99e07843d21d30d Mon Sep 17 00:00:00 2001
From: Erik Reitan <Erikre@users.noreply.github.com>
Date: Mon, 14 Oct 2024 11:04:27 -0700
Subject: [PATCH 06/13] erikre-fresh-29876900 1.3

---
 memdocs/intune/developer/app-sdk-get-started.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/memdocs/intune/developer/app-sdk-get-started.md b/memdocs/intune/developer/app-sdk-get-started.md
index e29136338dd..32d5f711591 100644
--- a/memdocs/intune/developer/app-sdk-get-started.md
+++ b/memdocs/intune/developer/app-sdk-get-started.md
@@ -51,7 +51,7 @@ You _**do not need**_ to register your app. For internal [line-of-business (LOB)
 
 You _**must**_ first register your app with Microsoft Intune and agree to the registration terms. IT administrators can then apply an app protection policy to the managed app, which will be listed as an [Partner productivity apps](../apps/apps-supported-intune-apps.md#partner-productivity-apps).
 
-Until registration has been finished and confirmed by the Microsoft Intune team, Intune administrators won't have the option to apply app protection policy to your app's deep link. Microsoft will also add your app to its [Microsoft Intune Partners page](https://www.microsoft.com/cloud-platform/microsoft-intune-apps). There, the app's icon will be displayed to show that it supports Intune app protection policies.
+Until registration has been finished and confirmed by the Microsoft Intune team, Intune administrators won't have the option to apply app protection policy to your app's deep link. Microsoft will also add your app to its Microsoft Intune Partners page. There, the app's icon will be displayed to show that it supports Intune app protection policies.
 
 ### The registration process
 To begin the registration process, and if you aren't already working with a Microsoft contact, fill out the [Microsoft Intune App Partner Questionnaire](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR80SNPjnVA1KsGiZ89UxSdVUMEpZNUFEUzdENENOVEdRMjM5UEpWWjJFVi4u).
@@ -67,7 +67,7 @@ We'll use the email addresses listed in your questionnaire response to reach out
 
 2. After we receive all necessary information from you, we'll send you the Microsoft Intune App Partner Agreement to sign. This agreement describes the terms that your company must accept before it becomes a Microsoft Intune app partner.
 
-3. You'll be notified when your app is successfully registered with the Microsoft Intune service and when your app is featured on the [Microsoft Intune partners](https://www.microsoft.com/cloud-platform/microsoft-intune-apps) site.
+3. You'll be notified when your app is successfully registered with the Microsoft Intune service and when your app is featured on the Microsoft Intune partners site.
 
 4. Finally, your app's deep link will be added to the next monthly Intune Service update. For example, if the registration information is finished in July, the deep link will be supported in mid-August.
 

From 88db9bb200376acae0b3a2764e0066f7b95cdc73 Mon Sep 17 00:00:00 2001
From: ErikjeMS <erikje@microsoft.com>
Date: Mon, 14 Oct 2024 11:14:03 -0700
Subject: [PATCH 07/13] 54355210

---
 windows-365/enterprise/end-of-support.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/windows-365/enterprise/end-of-support.md b/windows-365/enterprise/end-of-support.md
index f98c9578e09..ebcb3c12b7c 100644
--- a/windows-365/enterprise/end-of-support.md
+++ b/windows-365/enterprise/end-of-support.md
@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 07/25/2024
+ms.date: 10/14/2024
 ms.topic: how-to
 ms.service: windows-365
 ms.subservice: windows-365-enterprise
@@ -51,10 +51,22 @@ Windows 365 tracks end of support information in Microsoft Intune on the **Provi
 
 These status values for custom images also appear under the **OS support status** column on the **Device images** page.
 
+Images can be removed prior End of Support date and go through warning and unsupported states. While in warning you can use existing provisioning policies to deploy your devices but not create new provisioning policies. In unsupported state no provisioning is possible. Detailed information is provided in message center for planned removals of images.
+
 ## Provisioning policies
 
 Starting on the end of support date, gallery images that use the expired OS won’t be selectable for newly created provisioning policies. The images also won’t be available for use when editing existing provisioning policies.
 
+## Removed images
+
+Gallery images might rarely be removed prior to the End of Support date. Such removed images go through the same **Warning** and **Unsupported** states as the OS.
+
+While in the Warning state, you can use existing provisioning policies to deploy devices using the image, but you can’t create new provisioning policies using the image.
+
+For images in the  **Unsupported** state, no provisioning is possible.
+
+For more information about planned removal of images, see the Message Center. 
+
 <!-- ########################## -->
 ## Next steps
 

From 0baaa0a0c304b92d3f79eaf0be93e286d6bf3156 Mon Sep 17 00:00:00 2001
From: ErikjeMS <erikje@microsoft.com>
Date: Mon, 14 Oct 2024 11:15:11 -0700
Subject: [PATCH 08/13] change

---
 windows-365/enterprise/end-of-support.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows-365/enterprise/end-of-support.md b/windows-365/enterprise/end-of-support.md
index ebcb3c12b7c..9768b4d327e 100644
--- a/windows-365/enterprise/end-of-support.md
+++ b/windows-365/enterprise/end-of-support.md
@@ -51,8 +51,6 @@ Windows 365 tracks end of support information in Microsoft Intune on the **Provi
 
 These status values for custom images also appear under the **OS support status** column on the **Device images** page.
 
-Images can be removed prior End of Support date and go through warning and unsupported states. While in warning you can use existing provisioning policies to deploy your devices but not create new provisioning policies. In unsupported state no provisioning is possible. Detailed information is provided in message center for planned removals of images.
-
 ## Provisioning policies
 
 Starting on the end of support date, gallery images that use the expired OS won’t be selectable for newly created provisioning policies. The images also won’t be available for use when editing existing provisioning policies.

From f0ee3b638d49ddb45170c4f4490a13368467afd4 Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Mon, 14 Oct 2024 13:19:30 -0700
Subject: [PATCH 09/13] Freshness review. UI and details remain current.

---
 memdocs/intune/protect/encryption-monitor.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/memdocs/intune/protect/encryption-monitor.md b/memdocs/intune/protect/encryption-monitor.md
index e9a1291db8f..ce2c1926234 100644
--- a/memdocs/intune/protect/encryption-monitor.md
+++ b/memdocs/intune/protect/encryption-monitor.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 01/18/2024
+ms.date: 10/14/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -55,7 +55,7 @@ The encryption report supports reporting on devices that run the following opera
 
 ### Report details
 
-The Encryption report pane displays a list of the devices you manage with high-level details about those devices. You can select a device from the list to drill-in and view additional details from the devices [Device encryption status](#device-encryption-status) pane.
+The Encryption report pane displays a list of the devices you manage with high-level details about those devices. You can select a device from the list to drill-in and view more details from the devices [Device encryption status](#device-encryption-status) pane.
 
 - **Device name** - The name of the device.
 - **OS** – The device platform, such as Windows or macOS.
@@ -76,7 +76,7 @@ The Encryption report pane displays a list of the devices you manage with high
 
     For more information on Windows prerequisites for encryption, see the [BitLocker configuration service provider (CSP)](/windows/client-management/mdm/bitlocker-csp) in the Windows documentation.
 
-  - **Not ready**: The device doesn't have full encryption capabilities, but may still support encryption.
+  - **Not ready**: The device doesn't have full encryption capabilities, but might still support encryption.
   - **Not applicable**: There isn't enough information to classify this device.
 
 - **Encryption status** – Whether the OS drive is encrypted. 
@@ -166,7 +166,7 @@ When you select a device from the Encryption report, Intune displays the **Devic
 
   - Recovery key backup failed.
 
-    *Consider: Check the Event log on device to see why the recovery key backup failed. You may need to run the **manage-bde** command to manually escrow recovery keys.*
+    *Consider: Check the devices Event log to see why the recovery key backup failed. You might need to run the **manage-bde** command to manually escrow recovery keys.*
 
   - A fixed drive is unprotected.
 
@@ -178,15 +178,15 @@ When you select a device from the Encryption report, Intune displays the **Devic
 
   - Windows Recovery Environment (WinRE) isn't configured.
   
-    *Consider: Need to run command line to configure the WinRE on separate partition; as that was not detected. For more information, see [REAgentC command-line options](/windows-hardware/manufacture/desktop/reagentc-command-line-options).*
+    *Consider: Need to run command line to configure the WinRE on separate partition; as that wasn't detected. For more information, see [REAgentC command-line options](/windows-hardware/manufacture/desktop/reagentc-command-line-options).*
 
   - A TPM isn't available for BitLocker, either because it isn't present, it's been made unavailable in the Registry, or the OS is on a removable drive.
 
-    *Consider: The BitLocker policy applied to this device requires a TPM, but on this device, the BitLocker CSP has detected that the TPM may be disabled at the BIOS level.*
+    *Consider: The BitLocker policy applied to this device requires a TPM, but on this device, the BitLocker CSP detects that the TPM might be disabled at the BIOS level.*
 
   - The TPM isn't ready for BitLocker.
 
-    *Consider: The BitLocker CSP sees that this device has an available TPM, but the TPM may need to be initialized. Consider running **intialize-tpm** on the machine to initialize the TPM.*
+    *Consider: The BitLocker CSP sees that this device has an available TPM, but the TPM might need to be initialized. Consider running **intialize-tpm** on the machine to initialize the TPM.*
 
   - The network isn't available, which is required for recovery key backup.
 
@@ -200,7 +200,7 @@ This report can be of use in identifying problems for groups of devices. For exa
 
 ## Manage recovery keys
 
-For details on managing recovery keys, see the following in the Intune documentation:
+For details on managing recovery keys, see the following Intune documentation:
 
 macOS FileVault:
 

From 8e88d8f230631c9a83c5477a95e441c878be01a7 Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Mon, 14 Oct 2024 13:24:56 -0700
Subject: [PATCH 10/13] Freshness review. UI and details remain current.

---
 .../protect/blackberry-mobile-threat-defense-connector.md   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/memdocs/intune/protect/blackberry-mobile-threat-defense-connector.md b/memdocs/intune/protect/blackberry-mobile-threat-defense-connector.md
index af6b80a3db0..fc99019d54f 100644
--- a/memdocs/intune/protect/blackberry-mobile-threat-defense-connector.md
+++ b/memdocs/intune/protect/blackberry-mobile-threat-defense-connector.md
@@ -8,7 +8,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 01/23/2024
+ms.date: 10/14/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -33,7 +33,7 @@ ms.collection:
 
 # Use BlackBerry Protect Mobile with Intune
 
-Control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by BlackBerry Protect Mobile (powered by Cylance AI), a mobile threat defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the BlackBerry Protect Mobile app.
+You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by BlackBerry Protect Mobile (powered by Cylance AI), a mobile threat defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the BlackBerry Protect Mobile app.
 
 You can configure Conditional Access policies based on a BlackBerry Protect risk assessment, enabled through Intune device compliance policies for enrolled devices. You can set up your policies to allow or block noncompliant devices from accessing corporate resources based on detected threats. For unenrolled devices, you can use app protection policies to enforce a block or selective wipe based on detected threats.
 
@@ -55,7 +55,7 @@ For more information about how to integrate BlackBerry UES with Microsoft Intune
 
 ## How do Intune and the BlackBerry MTD connector help protect your company resources?
 
-The CylancePROTECT app for Android and iOS/iPadOS captures file system, network stack, device, and application telemetry where available, then sends the telemetry data to the Cylance AI Protection cloud service to assess the device's risk for mobile threats.
+For Android and iOS/iPadOS, the CylancePROTECT app captures file system, network stack, device, and application telemetry where available, then sends the data to the Cylance AI Protection cloud service to assess the device's risk for mobile threats.
 
 - **Support for enrolled devices** - Intune device compliance policy includes a rule for MTD, which can use risk assessment information from CylancePROTECT (BlackBerry). When the MTD rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources, such as Exchange Online and SharePoint Online. Users also receive guidance from the BlackBerry Protect app installed on their devices to resolve the issue and regain access to corporate resources. To support using BlackBerry Protect with enrolled devices:
   - [Add MTD apps to devices](../protect/mtd-apps-ios-app-configuration-policy-add-assign.md)

From 6c70e1aa0237435c760d68f903c36c524736d1c8 Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Mon, 14 Oct 2024 13:41:59 -0700
Subject: [PATCH 11/13] Freshness review. UI and details remain current.

---
 .../protect/microsoft-tunnel-monitor.md       | 26 +++++++++----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/memdocs/intune/protect/microsoft-tunnel-monitor.md b/memdocs/intune/protect/microsoft-tunnel-monitor.md
index 8b1b6c0536c..7bc3069cca5 100644
--- a/memdocs/intune/protect/microsoft-tunnel-monitor.md
+++ b/memdocs/intune/protect/microsoft-tunnel-monitor.md
@@ -1,11 +1,11 @@
 ---
-title: Monitor the status of the Microsoft Tunnel VPN solution for Microsoft Intune
-description: Monitor the status of Microsoft Tunnel Gateway, a VPN server that runs on Linux. With the Microsoft Tunnel, cloud-based devices you manage with Intune can reach your on-premises infrastructure. 
+title: Monitor the Microsoft Tunnel VPN solution for Microsoft Intune
+description: Monitor the status of Microsoft Tunnel Gateway, a VPN server that runs on Linux. Microsoft Tunnel enables your Intune managed cloud-based devices to reach your on-premises infrastructure.
 keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 1/23/2024
+ms.date: 10/14/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -96,7 +96,7 @@ Default values for server health metrics:
   
   Plan to replace a revoked TLS certificate.
 
-  To learn  more about Online Certificate Status Protocol (OCSP), see [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) at wikipedia.org.
+  To learn more about Online Certificate Status Protocol (OCSP), see [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol) at wikipedia.org.
 
 - **Internal network accessibility** – Status from the most recent check of the internal URL. You configure the URL as part of a [Tunnel Site configuration](../protect/microsoft-tunnel-configure.md#to-create-a-site-configuration).
   - *Healthy* - The server can access the URL specified in the site properties.
@@ -124,7 +124,7 @@ Default values for server health metrics:
 
 - **Server logs** – Determines if logs have been uploaded to the server within the last 60 minutes.
   - *Healthy* - Server logs were uploaded within the last 60 minutes.
-  - *Unhealthy* - Server logs have not been uploaded in the last 60 minutes.
+  - *Unhealthy* - Server logs haven't been uploaded in the last 60 minutes.
 
 ## Manage health status thresholds
 
@@ -188,7 +188,7 @@ Microsoft Tunnel logs information to the Linux server logs in the *syslog* forma
 
 - **mstunnel-agent**: Display agent logs.
 - **mstunnel_monitor**: Display monitoring task logs.
-- **ocserv** -  Display server logs.
+- **ocserv** - Display server logs.
 - **ocserv-access** - Display access logs.
 
   By default, access logging is disabled. Enabling access logs can reduce performance, depending on the number of active connections and usage patterns on the server. Logging for DNS connections increases the verbosity of the logs, which can become noisy.
@@ -210,7 +210,7 @@ Microsoft Tunnel logs information to the Linux server logs in the *syslog* forma
 
 - **OCSERV_TELEMETRY** - Display telemetry details for connections to Tunnel.
 
-  Telemetry logs have the following format, with the values for *bytes_in*, *bytes_out*, and *duration* being used only for disconnect operations: `<operation><client_ip><server_ip><gateway_ip><assigned_ip><user_id><device_id><user_agent><bytes_in><bytes_out><duration>` For example:  
+  Telemetry logs have the following format, with the values for *bytes_in*, *bytes_out*, and *duration* being used only for disconnect operations: `<operation><client_ip><server_ip><gateway_ip><assigned_ip><user_id><device_id><user_agent><bytes_in><bytes_out><duration>` For example:
 
   - *Oct 20 19:32:15 mstunnel ocserv[4806]: OCSERV_TELEMETRY,connect,31258,73.20.85.75,172.17.0.3,169.254.0.1,169.254.107.209,3780e1fc-3ac2-4268-a1fd-dd910ca8c13c, 5A683ECC-D909-4E5F-9C67-C0F595A4A70E,MobileAccess iOS 1.1.34040102*
 
@@ -255,7 +255,7 @@ Each set of logs that Intune collects and uploads is identified as a separate se
 - A *start* and *end* time of the log collection
 - When the upload was generated
 - The log sets *verbosity level*
-- An *Incident ID*  that can be used to identify that specific log set
+- An *Incident ID* that can be used to identify that specific log set
 
 :::image type="content" source="./media/microsoft-tunnel-monitor/send-server-logs-tab.png" alt-text="Screen capture that shows the Send verbose server logs interface.":::
 
@@ -282,13 +282,13 @@ The following are known issues for Microsoft Tunnel.
 
 #### Clients can successfully use the Tunnel when Server health status shows as offline<!-- 14878305 -->
 
-**Issue**: On the [Tunnel *Health status* tab](../protect/microsoft-tunnel-monitor.md), a server’s health status reports as offline indicating that it's disconnected, even though users can reach the tunnel server and connect to the organization’s resources.  
+**Issue**: On the [Tunnel *Health status* tab](../protect/microsoft-tunnel-monitor.md), a server’s health status reports as offline indicating that it's disconnected, even though users can reach the tunnel server and connect to the organization’s resources.
 
 **Solution**: To resolve this issue, you must reinstall Microsoft Tunnel, which re-enrolls the Tunnel server agent with Intune. To prevent this issue, install updates for the Tunnel agent and server soon after they're released. Use the Tunnel server health metrics in the Microsoft Intune admin center to monitor server health.
 
 #### With Podman, you see “Error executing checkup” in the mstunnel_monitor log<!-- 14878316 -->
 
-**Issue**: Podman fails to identify or see the active containers are running, and reports “Error executing checkup” in the [mstunnel_monitor log](../protect/microsoft-tunnel-monitor.md#view-microsoft-tunnel-logs) of the Tunnel server.  The following are examples of the errors: 
+**Issue**: Podman fails to identify or see the active containers are running, and reports “Error executing checkup” in the [mstunnel_monitor log](../protect/microsoft-tunnel-monitor.md#view-microsoft-tunnel-logs) of the Tunnel server. The following are examples of the errors:
 
 - Agent:
   ```
@@ -316,14 +316,14 @@ The following are known issues for Microsoft Tunnel.
 
 **Solution**: To resolve this issue, manually [restart the Podman containers](https://docs.podman.io/en/latest/markdown/podman-restart.1.html). Podman should then be able to identify the containers. If the problem persists, or returns, consider using ***cron*** to create a job that automatically restarts the containers when this issue is seen.
 
-#### With Podman, you see System.DateTime errors in the mstunnel-agent log<!-- 14878334  -->
+#### With Podman, you see System.DateTime errors in the mstunnel-agent log<!-- 14878334 -->
 
 **Issue**: When you use Podman, the mstunnel-agent log might contain errors similar to the following entries:
 
 - `Failed to parse version-info.json for version information.`
 - `System.Text.Json.JsonException: The JSON value could not be converted to System.DateTime`
 
-This issue occurs due to differences in formatting dates between Podman and Tunnel Agent. These errors don't indicate a fatal issue or prevent connectivity.  Beginning with containers released after October 2022, the formatting issues should be resolved.  
+This issue occurs due to differences in formatting dates between Podman and Tunnel Agent. These errors don't indicate a fatal issue or prevent connectivity. Beginning with containers released after October 2022, the formatting issues should be resolved.
 
 **Solution**: To resolve these issues, update the agent container (Podman or Docker) to the latest version. As new sources of these errors are discovered, we'll continue to fix them in subsequent version updates.
 
@@ -339,6 +339,6 @@ For guidance on viewing Tunnel logs, see [View Microsoft Tunnel logs](#view-micr
 
 If this issue persists, consider automating the restart command by using the cron scheduling utility. See [How to use cron on Linux](https://opensource.com/article/21/7/cron-linux) at *opensource.com*.
 
-## Next steps
+## Related content
 
 [Reference for Microsoft Tunnel](../protect/microsoft-tunnel-reference.md)

From ce32838729619bfd27db18b1d9086d534888ab7e Mon Sep 17 00:00:00 2001
From: ErikjeMS <erikje@microsoft.com>
Date: Mon, 14 Oct 2024 14:15:34 -0700
Subject: [PATCH 12/13] change

---
 windows-365/enterprise/end-of-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows-365/enterprise/end-of-support.md b/windows-365/enterprise/end-of-support.md
index 9768b4d327e..0c86ca1bf28 100644
--- a/windows-365/enterprise/end-of-support.md
+++ b/windows-365/enterprise/end-of-support.md
@@ -63,7 +63,7 @@ While in the Warning state, you can use existing provisioning policies to deploy
 
 For images in the  **Unsupported** state, no provisioning is possible.
 
-For more information about planned removal of images, see the Message Center. 
+Planned removals are always accompanied by proactive message center communications.
 
 <!-- ########################## -->
 ## Next steps

From 5cd12d1b3a953078dd509ba878e023d237dbf0db Mon Sep 17 00:00:00 2001
From: ErikjeMS <erikje@microsoft.com>
Date: Mon, 14 Oct 2024 14:24:13 -0700
Subject: [PATCH 13/13] change

---
 windows-365/enterprise/end-of-support.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows-365/enterprise/end-of-support.md b/windows-365/enterprise/end-of-support.md
index 0c86ca1bf28..a6cf36f7c5f 100644
--- a/windows-365/enterprise/end-of-support.md
+++ b/windows-365/enterprise/end-of-support.md
@@ -63,7 +63,7 @@ While in the Warning state, you can use existing provisioning policies to deploy
 
 For images in the  **Unsupported** state, no provisioning is possible.
 
-Planned removals are always accompanied by proactive message center communications.
+Planned removals are always preceded by proactive message center communications.
 
 <!-- ########################## -->
 ## Next steps