Updated forensic evidence

dknappettmsft · dknappettmsft · commit 1c655dde24e9 · 2024-08-13T11:39:56.000+01:00
diff --git a/articles/virtual-desktop/TOC.yml b/articles/virtual-desktop/TOC.yml
@@ -464,11 +464,8 @@
       - name: Watermarking
         displayName: security
         href: watermarking.md
-      - name: Configure clipboard transfer direction
-        displayName: security
-        href: clipboard-transfer-direction-data-types.md
-      - name: Configure forensic evidence
-        displayName: security, purview
+      - name: Onboard to Purview forensic evidence
+        displayName: security, purview insider risk management
         href: purview-forensic-evidence.md
   - name: Connect
     items:
@@ -528,6 +525,9 @@
       - name: Clipboard
         displayName: devices, peripherals, redirections, copy, paste
         href: redirection-configure-clipboard.md
+      - name: Clipboard transfer direction and data types
+        displayName: security, unidirectional, copy, paste
+        href: clipboard-transfer-direction-data-types.md
       - name: Drives and storage
         displayName: devices, peripherals, redirections, usb, drives, storage, flash drive
         href: redirection-configure-drives-storage.md
diff --git a/articles/virtual-desktop/clipboard-transfer-direction-data-types.md b/articles/virtual-desktop/clipboard-transfer-direction-data-types.md
@@ -1,13 +1,13 @@
 ---
 title: Configure the clipboard transfer direction in Azure Virtual Desktop
-description: Learn how to configure the clipboard transfer direction and types of data that can be copied in Azure Virtual Desktop from session host to client, or client to session host.
+description: Learn how to configure the clipboard transfer direction and data types that can be copied in Azure Virtual Desktop from session host to client, or client to session host.
 ms.topic: how-to
 author: dknappettmsft
 ms.author: daknappe
 ms.date: 08/13/2024
 ---
 
-# Configure the clipboard transfer direction and types of data that can be copied in Azure Virtual Desktop
+# Configure the clipboard transfer direction and data types that can be copied in Azure Virtual Desktop
 
 Clipboard redirection in Azure Virtual Desktop allows users to copy and paste content, such as text, images, and files between the user's device and the remote session in either direction. You might want to limit the direction of the clipboard for users, to help prevent data exfiltration or malicious files being copied to a session host. You can configure whether users can use the clipboard from session host to client, or client to session host, and the types of data that can be copied, from the following options:
 
diff --git a/articles/virtual-desktop/purview-forensic-evidence.md b/articles/virtual-desktop/purview-forensic-evidence.md
@@ -1,42 +1,42 @@
 ---
-title: Microsoft Purview forensic evidence for Azure Virtual Desktop
-description: Learn about Microsoft Purview forensic evidence for Azure Virtual Desktop.
+title: Onboard Azure Virtual Desktop session hosts to forensic evidence from Microsoft Purview Insider Risk Management
+description: Learn how to onboard Azure Virtual Desktop session hosts to forensic evidence. When using Azure Virtual Desktop with forensic evidence, you can set policies to trigger recordings of desktop and RemoteApp sessions automatically.
 ms.topic: how-to
 author: sipastak
 ms.author: sipastak
-ms.date: 07/09/2024
+ms.date: 08/13/2024
 ---
 
-# Microsoft Purview forensic evidence for Azure Virtual Desktop
+# Onboard Azure Virtual Desktop session hosts to forensic evidence from Microsoft Purview Insider Risk Management
 
 [Forensic evidence](/purview/insider-risk-management-forensic-evidence) is an opt-in add-on feature in Microsoft Purview Insider Risk Management that gives security teams visual insights into potential insider data security incidents. Forensic evidence includes customizable event triggers and built-in user privacy protection controls, enabling security teams to better investigate, understand and respond to potential insider data risks like unauthorized data exfiltration of sensitive data. 
 
 You set the right policies for your organization, including what risky events are the highest priority for capturing forensic evidence, what data is most sensitive, and whether users are notified when forensic capturing is activated. 
 	
-When using forensic evidence for Azure Virtual Desktop, you can set policies to trigger recordings of application and desktop sessions automatically. Forensic evidence capturing is off by default and policy creation requires dual authorization.
+When using Azure Virtual Desktop with forensic evidence, you can set policies to trigger recordings of desktop and RemoteApp sessions automatically. Forensic evidence capturing is off by default and policy creation requires dual authorization.
 
 ## Prerequisites
 
 Before you can use forensic evidence for Azure Virtual Desktop, you need: 
 
-- A personal desktop host pool with direct assignment.
+- A personal desktop host pool with direct assignment. Pooled host pools aren't supported.
 
-- Session hosts running Windows 11, version 23H2, and using a VM SKU with minimum 8 vCPU and 16 GB of RAM such as [Standard D8as v5](../virtual-machines/dasv5-dadsv5-series.md).
+- Session hosts running Windows 11 Enterprise, version 23H2, and using a VM SKU with minimum of 8 vCPU and 16 GB memory, such as [Standard D8as v5](../virtual-machines/dasv5-dadsv5-series.md).
 
-- Session hosts must be Microsoft [Entra ID-joined](/entra/identity/devices/concept-directory-join) or [Entra ID hybrid-joined](/entra/identity/devices/concept-hybrid-join) and enrolled with Intune.
+- Session hosts must be Microsoft [Entra ID-joined](/entra/identity/devices/concept-directory-join) or [Entra ID hybrid-joined](/entra/identity/devices/concept-hybrid-join) and enrolled with Microsoft Intune.
 
 - Microsoft 365 E5 license, which contains both Intune and Insider Risk Management licenses.
 
-## Configure forensic evidence
+## Onboard session hosts to forensic evidence
 
-To configure forensic evidence for Azure Virtual Desktop:
+To onboard your session hosts to forensic evidence:
 
-1. Ensure a user is assigned to a personal desktop using direct assignment. For more information, see [Configure direct assignment](configure-host-pool-personal-desktop-assignment-type.md#configure-direct-assignment). 
+1. Ensure a user is assigned to a personal desktop using direct assignment. Follow the steps in [Configure direct assignment](configure-host-pool-personal-desktop-assignment-type.md#configure-direct-assignment) to assign a user to a personal desktop.
 
 1. You need to onboard your session hosts to Purview. Follow the steps in [Onboard Windows devices into Microsoft Purview](/purview/device-onboarding-overview) to onboard your session hosts.
 
-1. To install the Purview client and configure forensic evidence, follow the steps in [Get started with insider risk management forensic evidence](/purview/insider-risk-management-forensic-evidence-configure?tabs=purview-portal) .
+1. Install the Purview client and configure forensic evidence. Follow the steps in [Get started with insider risk management forensic evidence](/purview/insider-risk-management-forensic-evidence-configure) to install the Purview client and configure forensic evidence.
 
 ## Related content
 
-- [Manage insider risk management forensic evidence](/purview/insider-risk-management-forensic-evidence-manage?tabs=purview-portal)
+- [Manage insider risk management forensic evidence](/purview/insider-risk-management-forensic-evidence-manage)
