From 17632365806f57bdc746345c20db58e38758f68b Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Tue, 27 Aug 2024 15:14:56 -0700
Subject: [PATCH 01/11] Add edits for MDE in GCCH

---
 .../intune-govt-service-description.md             |  3 ++-
 memdocs/intune/protect/mde-security-integration.md | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/memdocs/intune/fundamentals/intune-govt-service-description.md b/memdocs/intune/fundamentals/intune-govt-service-description.md
index eb9bc28b8b8..fce92431a30 100644
--- a/memdocs/intune/fundamentals/intune-govt-service-description.md
+++ b/memdocs/intune/fundamentals/intune-govt-service-description.md
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 08/01/2024
+ms.date: 09/23/2024
 ms.topic: article
 ms.service: microsoft-intune
 ms.suite: ems
@@ -73,6 +73,7 @@ The following features are available and supported in Microsoft GCC High and/or
 | --- | --- |
 | Standard MDM features | ✅ <br/><br/> You can use app policies, device configuration profiles, compliance policies, and more. |
 | Mobile Threat Defense (MTD) | ✅ <br/><br/>Mobile Threat Defense (MTD) connectors for Android and iOS/iPadOS devices with MTD vendors that **also support** the GCC High environment can be used. When you sign in to a GCC High tenant, you see the connectors that are available in these environments. |
+| Microsoft Defender for Endpoint security settings management | ✅ <br/><br/> On devices onboarded to Defender but not enrolled in Intune, you can use Intune endpoint security policies to manage Defender security settings. For more information on this feature, go to [Defender for Endpoint security settings management](../protect/mde-security-integration.md). |
 | Platform support | ✅ <br/><br/> You can use the same operating systems - Android, AOSP, iOS/iPadOS, Linux, macOS, and Windows. <br/><br/>- **Android (AOSP)**: There are some device restrictions. For more information, go to [Supported operating systems and browsers in Intune - AOSP](supported-devices-browsers.md#android). <br/>- **Linux**: Generally available (GA) in February 2024.|
 | Remote Help | ✅ <br/><br/> Remote Help is supported in GCC on Android, macOS, and Windows devices. It's not supported in GCC High or DoD.<br/><br/> For more information on this feature, go to [Remote Help in Microsoft Intune](../fundamentals/remote-help.md). |
 | Windows Autopilot device preparation | ✅ <br/><br/> Some features are available now, such as user-driven deployments, and some are still [in the planning phase](#in-the-planning-phase). For more information on the recent changes to Windows Autopilot device preparation, go to [Blog: Windows deployment with the next generation of Windows Autopilot](https://techcommunity.microsoft.com/t5/microsoft-intune-blog/windows-deployment-with-the-next-generation-of-windows-autopilot/ba-p/4148169). <br/><br/> To get started with Windows Autopilot device preparation, go to [Windows Autopilot Device Preparation overview](/autopilot/device-preparation/overview). |
diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md
index 4246eb69117..3920e09a396 100644
--- a/memdocs/intune/protect/mde-security-integration.md
+++ b/memdocs/intune/protect/mde-security-integration.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 07/03/2024
+ms.date: 09/23/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -70,6 +70,18 @@ When a supported device onboards to Microsoft Defender for Endpoint:
 
 Security settings management isn't yet supported with Government clouds. For more information, see [Feature parity with commercial](/microsoft-365/security/defender-endpoint/gov#feature-parity-with-commercial) in *Microsoft Defender for Endpoint for US Government customers*.
 
+### Government cloud support
+
+The Defender for Endpoint security settings management scenario is supported in the following tenants:
+
+- US Government Community (GCC) High
+- Department of Defense (DoD)
+
+For more information, see:
+
+- [Intune US Government service description](../fundamentals/intune-govt-service-description.md)
+- [Microsoft Defender for Endpoint for US Government customers](/microsoft-365/security/defender-endpoint/gov)
+
 ### Connectivity requirements
 
 Devices must have access to the following endpoint:

From 1a370cf8ff947ef8342d3ed06b383851c051fa57 Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Wed, 18 Sep 2024 15:29:05 -0700
Subject: [PATCH 02/11] Adding 'public preview' detail for this

---
 .../intune/fundamentals/intune-govt-service-description.md    | 4 ++--
 memdocs/intune/protect/mde-security-integration.md            | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/memdocs/intune/fundamentals/intune-govt-service-description.md b/memdocs/intune/fundamentals/intune-govt-service-description.md
index fce92431a30..e9564cf5a8b 100644
--- a/memdocs/intune/fundamentals/intune-govt-service-description.md
+++ b/memdocs/intune/fundamentals/intune-govt-service-description.md
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 09/23/2024
+ms.date: 09/19/2024
 ms.topic: article
 ms.service: microsoft-intune
 ms.suite: ems
@@ -73,7 +73,7 @@ The following features are available and supported in Microsoft GCC High and/or
 | --- | --- |
 | Standard MDM features | ✅ <br/><br/> You can use app policies, device configuration profiles, compliance policies, and more. |
 | Mobile Threat Defense (MTD) | ✅ <br/><br/>Mobile Threat Defense (MTD) connectors for Android and iOS/iPadOS devices with MTD vendors that **also support** the GCC High environment can be used. When you sign in to a GCC High tenant, you see the connectors that are available in these environments. |
-| Microsoft Defender for Endpoint security settings management | ✅ <br/><br/> On devices onboarded to Defender but not enrolled in Intune, you can use Intune endpoint security policies to manage Defender security settings. For more information on this feature, go to [Defender for Endpoint security settings management](../protect/mde-security-integration.md). |
+| Microsoft Defender for Endpoint security settings management (public preview)| ✅ <br/><br/> On devices onboarded to Defender but not enrolled in Intune, you can use Intune endpoint security policies to manage Defender security settings. For more information on this feature, go to [Defender for Endpoint security settings management](../protect/mde-security-integration.md). |
 | Platform support | ✅ <br/><br/> You can use the same operating systems - Android, AOSP, iOS/iPadOS, Linux, macOS, and Windows. <br/><br/>- **Android (AOSP)**: There are some device restrictions. For more information, go to [Supported operating systems and browsers in Intune - AOSP](supported-devices-browsers.md#android). <br/>- **Linux**: Generally available (GA) in February 2024.|
 | Remote Help | ✅ <br/><br/> Remote Help is supported in GCC on Android, macOS, and Windows devices. It's not supported in GCC High or DoD.<br/><br/> For more information on this feature, go to [Remote Help in Microsoft Intune](../fundamentals/remote-help.md). |
 | Windows Autopilot device preparation | ✅ <br/><br/> Some features are available now, such as user-driven deployments, and some are still [in the planning phase](#in-the-planning-phase). For more information on the recent changes to Windows Autopilot device preparation, go to [Blog: Windows deployment with the next generation of Windows Autopilot](https://techcommunity.microsoft.com/t5/microsoft-intune-blog/windows-deployment-with-the-next-generation-of-windows-autopilot/ba-p/4148169). <br/><br/> To get started with Windows Autopilot device preparation, go to [Windows Autopilot Device Preparation overview](/autopilot/device-preparation/overview). |
diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md
index 3920e09a396..737d9376a44 100644
--- a/memdocs/intune/protect/mde-security-integration.md
+++ b/memdocs/intune/protect/mde-security-integration.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 09/23/2024
+ms.date: 09/19/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -72,7 +72,7 @@ Security settings management isn't yet supported with Government clouds. For mor
 
 ### Government cloud support
 
-The Defender for Endpoint security settings management scenario is supported in the following tenants:
+As a public preview, the Defender for Endpoint security settings management scenario is supported in the following tenants:
 
 - US Government Community (GCC) High
 - Department of Defense (DoD)

From b54bb5a85f646644dd3680e993b9c4ba2eebd84c Mon Sep 17 00:00:00 2001
From: Meghan Daly - MSFT <42221156+meghandaly@users.noreply.github.com>
Date: Thu, 3 Oct 2024 09:23:53 -0400
Subject: [PATCH 03/11] Update app-sdk-android-phase1.md

Update supported Android OS versions.
---
 memdocs/intune/developer/app-sdk-android-phase1.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/memdocs/intune/developer/app-sdk-android-phase1.md b/memdocs/intune/developer/app-sdk-android-phase1.md
index 2b90fbda21d..0204f285ba7 100644
--- a/memdocs/intune/developer/app-sdk-android-phase1.md
+++ b/memdocs/intune/developer/app-sdk-android-phase1.md
@@ -166,8 +166,8 @@ The user is ***not*** required to sign into or even launch the Company Portal ap
 > [!NOTE]
 > Ensure that your app is compatible with the [Google Play requirements](https://developer.android.com/google/play/requirements/target-sdk).
 
-The SDK fully supports Android API 28 (Android 9.0) through Android API 34 (Android 14).
-In order to target Android API 34 (Android 14), you must use Intune App SDK `v10.0.0` or later.
+The SDK fully supports Android API 28 (Android 9.0) through Android API 35 (Android 15).
+In order to target Android API 35 (Android 15), you must use Intune App SDK `v11.0.0` or later.
 
 APIs 26 through 27 (Android 8.0 - 8.1) are in limited support.
 The Company Portal app isn't supported below Android API 26 (Android 8.0).

From a9b5a2e27f902920bc9438d4e1f187e85efb224b Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 4 Oct 2024 16:44:02 -0400
Subject: [PATCH 04/11] Add link to blog

Add link to blog for more info.
---
 .../comanage/autopilot-enrollment.md          | 30 +++++++++++--------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/memdocs/configmgr/comanage/autopilot-enrollment.md b/memdocs/configmgr/comanage/autopilot-enrollment.md
index 37bcd03bce7..2e024859165 100644
--- a/memdocs/configmgr/comanage/autopilot-enrollment.md
+++ b/memdocs/configmgr/comanage/autopilot-enrollment.md
@@ -83,12 +83,12 @@ The following components are required to support Autopilot into co-management:
 
 - Windows devices running one of the following versions:
 
-  - Windows 11
+    - Windows 11
 
-> [!NOTE]
-  > For Windows 11 devices, if a device has not been targeted with a co-management settings policy, the management authority will be set to Intune, during the Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and thus Intune will continue to manage all the co-management workloads. To mitigate this, you must create a co-management settings policy and set **automatically install the Configuration Manager client** to **No** and in Advanced settings, keep default settings for **Override co-management policy and use Intune for all workloads.**
+        > [!NOTE]
+        > For Windows 11 devices, if a device has not been targeted with a co-management settings policy, the management authority will be set to Intune, during the Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and thus Intune will continue to manage all the co-management workloads. To mitigate this, you must create a co-management settings policy and set **automatically install the Configuration Manager client** to **No** and in Advanced settings, keep default settings for **Override co-management policy and use Intune for all workloads.**
 
-  - At least Windows 10, version 20H2, with the latest cumulative update
+    - A [currently supported](/windows/release-health/supported-versions-windows-client#windows-10-supported-versions-by-servicing-option) version of Windows 10.
 
 - Register the device for Autopilot. For more information, see [Windows Autopilot registration overview](/autopilot/registration-overview).
 
@@ -127,19 +127,25 @@ Use these recommendations for a more successful deployment:
 
 ## Limitations
 
-Autopilot into co-management currently doesn't support the following functionality:
+ - For Windows 11 devices in Microsoft Entra hybrid joined scenario, the management authority will be set to Microsoft Intune during the Windows Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and thus Microsoft Intune will continue to manage all the co-management workloads.
 
-- Microsoft Entra hybrid joined devices - If the device is targeted with co-management settings policy, in Microsoft Entra hybrid join scenario, the autopilot provisioning times out during ESP phase.
+    To change the management authority to Configuration Manager, set the following registry key value:
 
-> [!NOTE]
->
-> For Windows 11 devices in Microsoft Entra hybrid joined scenario, the management authority will be set to Intune, during the Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and thus Intune will continue to manage all the co-management workloads. To mitigate this, along with Configuration Manager client installation, registry value **ConfigInfo** in registry path **HKLM\SOFTWARE\Microsoft\DeviceManageabilityCSP\Provider\MS DM Server** must be set to **2** which will set the management authority as Configuration Manager.
+    - Path: **HKLM\SOFTWARE\Microsoft\DeviceManageabilityCSP\Provider\MS DM Server**.
+    - Value: **ConfigInfo**
+    - REG_SZ: **2**
+    
+    For more information, see [Co-management settings: Windows Autopilot with co-management](https://techcommunity.microsoft.com/t5/microsoft-intune-blog/co-management-settings-windows-autopilot-with-co-management/ba-p/3638500).
+
+- Autopilot into co-management currently doesn't support the following functionality:
+
+    - Microsoft Entra hybrid joined devices - If the device is targeted with co-management settings policy, in Microsoft Entra hybrid join scenario, the autopilot provisioning times out during ESP phase.
 
-- Autopilot pre-provisioning.
+    - Autopilot pre-provisioning.
 
-- Workloads switched to **Pilot Intune** with pilot collections. This functionality is dependent upon collection evaluation, which doesn't happen until after the client is installed and registered. Since the client won't get the correct policy until later in the Autopilot process, it can cause indeterminate behaviors.
+    - Workloads switched to **Pilot Intune** with pilot collections. This functionality is dependent upon collection evaluation, which doesn't happen until after the client is installed and registered. Since the client won't get the correct policy until later in the Autopilot process, it can cause indeterminate behaviors.
 
-- Clients that authenticate with PKI certificates. You can't provision the certificate on the device before the Configuration Manager client installs and needs to authenticate to the CMG. Microsoft Entra ID is recommended for client authentication. For more information, see [Plan for CMG client authentication: Microsoft Entra ID](../core/clients/manage/cmg/plan-client-authentication.md#azure-ad).
+    - Clients that authenticate with PKI certificates. You can't provision the certificate on the device before the Configuration Manager client installs and needs to authenticate to the CMG. Microsoft Entra ID is recommended for client authentication. For more information, see [Plan for CMG client authentication: Microsoft Entra ID](../core/clients/manage/cmg/plan-client-authentication.md#azure-ad).
 
 ## Configure
 

From e3cdc369d7e64a17e5056b477be13cbc952fc4b2 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 4 Oct 2024 17:01:10 -0400
Subject: [PATCH 05/11] Update autopilot-enrollment.md

---
 memdocs/configmgr/comanage/autopilot-enrollment.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/memdocs/configmgr/comanage/autopilot-enrollment.md b/memdocs/configmgr/comanage/autopilot-enrollment.md
index 2e024859165..524a2a189ef 100644
--- a/memdocs/configmgr/comanage/autopilot-enrollment.md
+++ b/memdocs/configmgr/comanage/autopilot-enrollment.md
@@ -85,8 +85,12 @@ The following components are required to support Autopilot into co-management:
 
     - Windows 11
 
-        > [!NOTE]
-        > For Windows 11 devices, if a device has not been targeted with a co-management settings policy, the management authority will be set to Intune, during the Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and thus Intune will continue to manage all the co-management workloads. To mitigate this, you must create a co-management settings policy and set **automatically install the Configuration Manager client** to **No** and in Advanced settings, keep default settings for **Override co-management policy and use Intune for all workloads.**
+        For Windows 11 devices, if a device has not been targeted with a co-management settings policy, the management authority will be set to Microsoft Intune during the Autopilot process. Installing the Configuration Manager client as Win32 app doesn't change management authority to Configuration Manager and Microsoft Intune will continue to manage all the co-management workloads. To set the management authority to Configuration Manager, create a co-management settings policy with the following Advanced settings:
+
+        - **Automatically install the Configuration Manager client>**: **No**
+        - **Override co-management policy and use Intune for all workloads.**: **No**
+
+        For additional information, see [Co-management settings: Windows Autopilot with co-management](https://techcommunity.microsoft.com/t5/microsoft-intune-blog/co-management-settings-windows-autopilot-with-co-management/ba-p/3638500).
 
     - A [currently supported](/windows/release-health/supported-versions-windows-client#windows-10-supported-versions-by-servicing-option) version of Windows 10.
 

From 1f6c48e6e85da6d30f17462afdd23952166c0e75 Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Fri, 4 Oct 2024 14:05:17 -0700
Subject: [PATCH 06/11] Freshness and technical improvements

---
 memdocs/intune/protect/certificates-configure.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/memdocs/intune/protect/certificates-configure.md b/memdocs/intune/protect/certificates-configure.md
index 2b3a24ce2ad..6d44aad1193 100644
--- a/memdocs/intune/protect/certificates-configure.md
+++ b/memdocs/intune/protect/certificates-configure.md
@@ -1,13 +1,13 @@
 ---
 # required metadata
 
-title: Learn about the types of certificate that are supported by Microsoft Intune
+title: Types of certificate that are supported by Microsoft Intune
 description: Learn about Microsoft Intune's support for Simple Certificate Enrollment Protocol (SCEP), Public Key Cryptography Standards (PKCS) certificates.
 keywords:
 author: lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 08/21/2023
+ms.date: 10/04/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -120,11 +120,13 @@ When you use a Microsoft Certification Authority (CA):
 
 When you use a third-party (non-Microsoft) Certification Authority (CA):
 
-- To use SCEP certificate profiles:
+- SCEP certificate profiles don't require use of the Microsoft Intune Certificate Connector. Instead, the third-party CA handles the certificate issuance and management directly. To use SCEP certificate profiles without the Intune Certificate Connector:
   - Configure integration with a third-party CA from [one of our supported partners](certificate-authority-add-scep-overview.md#third-party-certification-authority-partners). Setup includes following the instructions from the third-party CA to complete integration of their CA with Intune.
   - [Create an application in Microsoft Entra ID](certificate-authority-add-scep-overview.md#set-up-third-party-ca-integration) that delegates rights to Intune to do SCEP certificate challenge validation.
+  
+  For more information, see [Set up third-party CA integration](../protect/certificate-authority-add-scep-overview.md#set-up-third-party-ca-integration)
 
-- PKCS imported certificates require you to [Install the Certificate Connector for Microsoft Intune](certificate-connector-install.md).
+- PKCS imported certificates require use of the Microsoft Intune Certificate Connector. See [Install the Certificate Connector for Microsoft Intune](certificate-connector-install.md).
 
 - Deploy certificates by using the following mechanisms:
   - [Trusted certificate profiles](certificates-trusted-root.md#create-trusted-certificate-profiles) to deploy the Trusted Root CA certificate from your root or intermediate (issuing) CA to devices
@@ -152,10 +154,9 @@ When you use a third-party (non-Microsoft) Certification Authority (CA):
 
 [!INCLUDE [windows-phone-81-windows-10-mobile-support](../includes/windows-phone-81-windows-10-mobile-support.md)]
 
+ !INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)]
 
- [!INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)]
-
-## Next steps
+## Related content
 
 More resources:
 

From 827cddebb98d34c8167332108252391f3f4ddacc Mon Sep 17 00:00:00 2001
From: brenduns <brenduns@microsoft.com>
Date: Fri, 4 Oct 2024 14:10:10 -0700
Subject: [PATCH 07/11] Minor fix

---
 memdocs/intune/protect/certificates-configure.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/memdocs/intune/protect/certificates-configure.md b/memdocs/intune/protect/certificates-configure.md
index 6d44aad1193..cda2beba9d0 100644
--- a/memdocs/intune/protect/certificates-configure.md
+++ b/memdocs/intune/protect/certificates-configure.md
@@ -58,7 +58,8 @@ To provision a user or device with a specific type of certificate, Intune uses a
 
 In addition to the three certificate types and provisioning methods, you need a trusted root certificate from a trusted Certification Authority (CA). The CA can be an on-premises Microsoft Certification Authority, or a [third-party Certification Authority](certificate-authority-add-scep-overview.md). The trusted root certificate establishes a trust from the device to your root or intermediate (issuing) CA from which the other certificates are issued. To deploy this certificate, you use the *trusted certificate* profile, and deploy it to the same devices and users that receive the certificate profiles for SCEP, PKCS, and imported PKCS.
 
-> [!TIP]  
+> [!TIP]
+>
 > Intune also supports use of [Derived credentials](derived-credentials.md) for environments that require use of smartcards.
 
 ### What’s required to use certificates
@@ -154,7 +155,7 @@ When you use a third-party (non-Microsoft) Certification Authority (CA):
 
 [!INCLUDE [windows-phone-81-windows-10-mobile-support](../includes/windows-phone-81-windows-10-mobile-support.md)]
 
- !INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)]
+[!INCLUDE [android-device-administrator-support](../includes/android-device-administrator-support.md)]
 
 ## Related content
 

From 47401db79b5b2717119400dc6ed8bba50476a800 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 4 Oct 2024 17:13:08 -0400
Subject: [PATCH 08/11] Additional changes

Additional changes
---
 memdocs/configmgr/comanage/autopilot-enrollment.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/memdocs/configmgr/comanage/autopilot-enrollment.md b/memdocs/configmgr/comanage/autopilot-enrollment.md
index 524a2a189ef..3df9507d8a6 100644
--- a/memdocs/configmgr/comanage/autopilot-enrollment.md
+++ b/memdocs/configmgr/comanage/autopilot-enrollment.md
@@ -85,9 +85,9 @@ The following components are required to support Autopilot into co-management:
 
     - Windows 11
 
-        For Windows 11 devices, if a device has not been targeted with a co-management settings policy, the management authority will be set to Microsoft Intune during the Autopilot process. Installing the Configuration Manager client as Win32 app doesn't change management authority to Configuration Manager and Microsoft Intune will continue to manage all the co-management workloads. To set the management authority to Configuration Manager, create a co-management settings policy with the following Advanced settings:
+        For Windows 11 devices, if a device has not been targeted with a co-management settings policy, the management authority will be set to Microsoft Intune during the Autopilot process. Installing the Configuration Manager client as Win32 app doesn't change management authority to Configuration Manager and Microsoft Intune will continue to manage all the co-management workloads. To set the management authority to Configuration Manager, create a co-management settings policy with the following Advanced settings:<br>
 
-        - **Automatically install the Configuration Manager client>**: **No**
+        - **Automatically install the Configuration Manager client.**: **No**
         - **Override co-management policy and use Intune for all workloads.**: **No**
 
         For additional information, see [Co-management settings: Windows Autopilot with co-management](https://techcommunity.microsoft.com/t5/microsoft-intune-blog/co-management-settings-windows-autopilot-with-co-management/ba-p/3638500).
@@ -131,11 +131,11 @@ Use these recommendations for a more successful deployment:
 
 ## Limitations
 
- - For Windows 11 devices in Microsoft Entra hybrid joined scenario, the management authority will be set to Microsoft Intune during the Windows Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and thus Microsoft Intune will continue to manage all the co-management workloads.
+ - For Windows 11 devices in Microsoft Entra hybrid joined scenario, the management authority will be set to Microsoft Intune during the Windows Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and Microsoft Intune will continue to manage all the co-management workloads.
 
-    To change the management authority to Configuration Manager, set the following registry key value:
+    To change the management authority to Configuration Manager, set the following registry key value:<br>
 
-    - Path: **HKLM\SOFTWARE\Microsoft\DeviceManageabilityCSP\Provider\MS DM Server**.
+    - Path: **HKLM\SOFTWARE\Microsoft\DeviceManageabilityCSP\Provider\MS DM Server**
     - Value: **ConfigInfo**
     - REG_SZ: **2**
     

From 358da92682d47e4cc83c6268b6bdfd38d2aa1758 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 4 Oct 2024 17:18:08 -0400
Subject: [PATCH 09/11] Add breaks

Add breaks
---
 memdocs/configmgr/comanage/autopilot-enrollment.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/memdocs/configmgr/comanage/autopilot-enrollment.md b/memdocs/configmgr/comanage/autopilot-enrollment.md
index 3df9507d8a6..c66b33772e5 100644
--- a/memdocs/configmgr/comanage/autopilot-enrollment.md
+++ b/memdocs/configmgr/comanage/autopilot-enrollment.md
@@ -9,7 +9,7 @@ ms.topic: how-to
 ms.localizationpriority: medium
 author: gowdhamankarthikeyan
 ms.author: gokarthi
-ms.reviewer: mstewart,aaroncz
+ms.reviewer: mstewart,aaroncz,frankroj
 manager: apoorvseth
 ms.collection: tier3
 ---
@@ -86,7 +86,7 @@ The following components are required to support Autopilot into co-management:
     - Windows 11
 
         For Windows 11 devices, if a device has not been targeted with a co-management settings policy, the management authority will be set to Microsoft Intune during the Autopilot process. Installing the Configuration Manager client as Win32 app doesn't change management authority to Configuration Manager and Microsoft Intune will continue to manage all the co-management workloads. To set the management authority to Configuration Manager, create a co-management settings policy with the following Advanced settings:<br>
-
+<br>
         - **Automatically install the Configuration Manager client.**: **No**
         - **Override co-management policy and use Intune for all workloads.**: **No**
 
@@ -134,7 +134,7 @@ Use these recommendations for a more successful deployment:
  - For Windows 11 devices in Microsoft Entra hybrid joined scenario, the management authority will be set to Microsoft Intune during the Windows Autopilot process. Installing Configuration Manager client as Win32 app does not change management authority to Configuration Manager and Microsoft Intune will continue to manage all the co-management workloads.
 
     To change the management authority to Configuration Manager, set the following registry key value:<br>
-
+<br>
     - Path: **HKLM\SOFTWARE\Microsoft\DeviceManageabilityCSP\Provider\MS DM Server**
     - Value: **ConfigInfo**
     - REG_SZ: **2**

From bb07cbdcd14874babaf719f33a746215c2f04909 Mon Sep 17 00:00:00 2001
From: ErikjeMS <erikje@microsoft.com>
Date: Mon, 7 Oct 2024 14:10:21 -0700
Subject: [PATCH 10/11] update ms.reviewer

---
 windows-365/business-continuity-disaster-recovery.md | 2 +-
 windows-365/enterprise/architecture.md               | 2 +-
 windows-365/enterprise/encryption.md                 | 2 +-
 windows-365/enterprise/identity-authentication.md    | 2 +-
 windows-365/enterprise/privacy-personal-data.md      | 2 +-
 windows-365/enterprise/resilience.md                 | 2 +-
 windows-365/enterprise/security.md                   | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows-365/business-continuity-disaster-recovery.md b/windows-365/business-continuity-disaster-recovery.md
index 0dea3973f92..e8e3e19fc56 100644
--- a/windows-365/business-continuity-disaster-recovery.md
+++ b/windows-365/business-continuity-disaster-recovery.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: docoombs
+ms.reviewer: docoombs, olivchen, rkiran
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/architecture.md b/windows-365/enterprise/architecture.md
index 03d9b335a38..2d54a184886 100644
--- a/windows-365/enterprise/architecture.md
+++ b/windows-365/enterprise/architecture.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: thhickli
+ms.reviewer: thhickli, mattsha, rikiran
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/encryption.md b/windows-365/enterprise/encryption.md
index ddb9d695c68..77c0a7ffc8c 100644
--- a/windows-365/enterprise/encryption.md
+++ b/windows-365/enterprise/encryption.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: anbiswas
+ms.reviewer: ryclar, pratikshah, saudm, jonshi
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/identity-authentication.md b/windows-365/enterprise/identity-authentication.md
index e3b0756907f..4eb9178d540 100644
--- a/windows-365/enterprise/identity-authentication.md
+++ b/windows-365/enterprise/identity-authentication.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: davidbel
+ms.reviewer: davidbel, pratikshah
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/privacy-personal-data.md b/windows-365/enterprise/privacy-personal-data.md
index 3ddd714e171..f72b33bac28 100644
--- a/windows-365/enterprise/privacy-personal-data.md
+++ b/windows-365/enterprise/privacy-personal-data.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: anbiswas
+ms.reviewer: tnevins1, pratikshah
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/resilience.md b/windows-365/enterprise/resilience.md
index ef7b894a036..5ed749c8b86 100644
--- a/windows-365/enterprise/resilience.md
+++ b/windows-365/enterprise/resilience.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: thhickli
+ms.reviewer: thhickli, rkiran
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/security.md b/windows-365/enterprise/security.md
index 5e6fc627a48..57f1f94ea5c 100644
--- a/windows-365/enterprise/security.md
+++ b/windows-365/enterprise/security.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: chrimo
+ms.reviewer: lakasa, pratikshah, saudm, jonshi
 ms.suite: ems
 search.appverid: 
 #ms.tgt_pltfrm:

From 379cec97f5b134664cfa4bf1a9a2a939661505e6 Mon Sep 17 00:00:00 2001
From: ErikjeMS <erikje@microsoft.com>
Date: Mon, 7 Oct 2024 14:17:24 -0700
Subject: [PATCH 11/11] add comment

---
 windows-365/business-continuity-disaster-recovery.md | 2 ++
 windows-365/enterprise/architecture.md               | 2 ++
 windows-365/enterprise/encryption.md                 | 2 ++
 windows-365/enterprise/identity-authentication.md    | 2 ++
 windows-365/enterprise/privacy-personal-data.md      | 2 ++
 windows-365/enterprise/resilience.md                 | 2 ++
 windows-365/enterprise/security.md                   | 2 ++
 7 files changed, 14 insertions(+)

diff --git a/windows-365/business-continuity-disaster-recovery.md b/windows-365/business-continuity-disaster-recovery.md
index e8e3e19fc56..029605ee5dd 100644
--- a/windows-365/business-continuity-disaster-recovery.md
+++ b/windows-365/business-continuity-disaster-recovery.md
@@ -29,6 +29,8 @@ ms.collection:
 - tier1
 ---
 
+<!--ms.reviewer review required before publish-->
+
 # Business continuity and disaster recovery overview
 
 Windows 365 provides highly resilient user cloud pcs, including:
diff --git a/windows-365/enterprise/architecture.md b/windows-365/enterprise/architecture.md
index 2d54a184886..924fde7b5e0 100644
--- a/windows-365/enterprise/architecture.md
+++ b/windows-365/enterprise/architecture.md
@@ -29,6 +29,8 @@ ms.collection:
 - tier2
 ---
 
+<!--ms.reviewer review required before publish-->
+
 # Windows 365 architecture
 
 Windows 365 provides a per-user per-month license model by hosting Cloud PCs on behalf of customers in Microsoft Azure. In this model, there’s no need to consider storage, compute infrastructure architecture, or costs. The Windows 365 architecture also lets you use your existing investments in Azure networking and security. Each Cloud PC is provisioned according to the configuration you define in the Windows 365 section of the Microsoft Intune admin center.
diff --git a/windows-365/enterprise/encryption.md b/windows-365/enterprise/encryption.md
index 77c0a7ffc8c..c83fa6ff1ba 100644
--- a/windows-365/enterprise/encryption.md
+++ b/windows-365/enterprise/encryption.md
@@ -29,6 +29,8 @@ ms.collection:
 - tier2
 ---
 
+<!--ms.reviewer review required before publish-->
+
 # Data encryption in Windows 365
 
 Windows 365 encrypts data at rest and in transit as explained in this article.
diff --git a/windows-365/enterprise/identity-authentication.md b/windows-365/enterprise/identity-authentication.md
index 4eb9178d540..bd36d73aa95 100644
--- a/windows-365/enterprise/identity-authentication.md
+++ b/windows-365/enterprise/identity-authentication.md
@@ -29,6 +29,8 @@ ms.collection:
 - tier2
 ---
 
+<!--ms.reviewer review required before publish-->
+
 # Windows 365 identity and authentication
 
 A Cloud PC user's identity defines which access management services manage that user and Cloud PC. This identity defines:
diff --git a/windows-365/enterprise/privacy-personal-data.md b/windows-365/enterprise/privacy-personal-data.md
index f72b33bac28..2e3185bfc3f 100644
--- a/windows-365/enterprise/privacy-personal-data.md
+++ b/windows-365/enterprise/privacy-personal-data.md
@@ -30,6 +30,8 @@ ms.collection:
 - essentials-privacy
 ---
 
+<!--ms.reviewer review required before publish-->
+
 # Privacy, customer data, and customer content in Windows 365
 
 Windows 365 is a cloud-based service that lets you provision and manage Cloud PC for your users. You manage the Cloud PCs with the rest of your devices by using Microsoft Intune (Windows 365 Enterprise) or a self-serviced experience (Windows 365 Business). This documentation provides details on data platform and privacy compliance for Windows 365. Unless otherwise specified, the term Windows 365 in this document refers to both Windows 365 Enterprise and the Windows 365 Business. Where the details below differ, each product is called out individually.
diff --git a/windows-365/enterprise/resilience.md b/windows-365/enterprise/resilience.md
index 5ed749c8b86..256891b7655 100644
--- a/windows-365/enterprise/resilience.md
+++ b/windows-365/enterprise/resilience.md
@@ -29,6 +29,8 @@ ms.collection:
 - tier2
 ---
 
+<!--ms.reviewer review required before publish-->
+
 # Windows 365 service resilience
 
 Windows 365 is designed to provide a resilient and reliable service for organizations and end users, connecting to, and using their Cloud PCs. 
diff --git a/windows-365/enterprise/security.md b/windows-365/enterprise/security.md
index 57f1f94ea5c..3bfc4398950 100644
--- a/windows-365/enterprise/security.md
+++ b/windows-365/enterprise/security.md
@@ -30,6 +30,8 @@ ms.collection:
 - essentials-security
 ---
 
+<!--ms.reviewer review required before publish-->
+
 # Windows 365 security
 
 Windows 365 provides an end-to-end connection flow for users to do their work effectively and securely. Windows 365 is built with [Zero Trust](/security/zero-trust/zero-trust-overview) in mind, providing the foundation for you to implement controls to better secure your environment across the 6 pillars of Zero Trust. You can implement Zero Trust controls for the following categories: