Addressed comments

Author: davidbel

articles/virtual-desktop/authentication.md

@@ -5,7 +5,7 @@ services: virtual-desktop
 author: Heidilohr
 ms.service: virtual-desktop
 ms.topic: conceptual
-ms.date: 08/09/2022
+ms.date: 08/24/2022
 ms.author: helohr
 manager: femila
 ---
@@ -19,7 +19,7 @@ Azure Virtual Desktop supports different types of identities depending on which
 
 ### On-premises identity
 
-Since users must be discoverable through Azure Active Directory (Azure AD) to access the Azure Virtual Desktop, user identities that exist only in Active Directory Domain Services (AD DS) are not supported. This includes standalone Active Directory deployments with Active Directory Federation Services (AD FS).
+Since users must be discoverable through Azure Active Directory (Azure AD) to access the Azure Virtual Desktop, user identities that exist only in Active Directory Domain Services (AD DS) aren't supported. This includes standalone Active Directory deployments with Active Directory Federation Services (AD FS).
 
 ### Hybrid identity
 
@@ -61,7 +61,7 @@ To use a smart card to authenticate to Azure AD, you must first [configure AD FS
 
 ## Session host authentication
 
-If you haven't already enabled [single sign-on](#single-sign-on-sso) or saved your credentials locally, you'll also need to authenticate to the session host when launching a connection. These are the sign-in methods for the session host that the Azure Virtual Desktop clients currently support:
+If you haven't already enabled [single sign-on](#single-sign-on-sso) or saved your credentials locally, you'll also need to authenticate to the session host when launching a connection. The sign-in methods for the session host that the Azure Virtual Desktop clients currently support are:
 
 - The Windows Desktop client supports the following authentication methods:
     - Username and password
@@ -85,11 +85,11 @@ If you haven't already enabled [single sign-on](#single-sign-on-sso) or saved yo
 
 ### Single sign-on (SSO)
 
-SSO allows the connection to skip the session host credential prompt and automatically sign the user in to Windows. For session hosts that are Azure AD-joined or Hybrid Azure AD-joined, it is recommended to enable [SSO using Azure AD authentication](configure-single-sign-on.md). Azure AD authentication provides additional benefits including passwordless authentication and support for third-party identity providers.
+SSO allows the connection to skip the session host credential prompt and automatically sign the user in to Windows. For session hosts that are Azure AD-joined or Hybrid Azure AD-joined, it's recommended to enable [SSO using Azure AD authentication](configure-single-sign-on.md). Azure AD authentication provides other benefits including passwordless authentication and support for third-party identity providers.
 
 Azure Virtual Desktop also supports [SSO using Active Directory Federation Services (AD FS)](configure-adfs-sso.md) for the Windows Desktop and web clients.
 
-Without SSO, users will be prompted for the session host credentials for every connection. The only way to avoid being prompted is to save the credentials in the client. We recommend you only do this with secure devices to prevent other users from accessing your resources.
+Without SSO, users will be prompted for the session host credentials for every connection. The only way to avoid being prompted is to save the credentials in the client. We recommend you only save credentials on secure devices to prevent other users from accessing your resources.
 
 ### Smart card and Windows Hello for Business
 
@@ -106,16 +106,16 @@ Once you're connected to your remote app or desktop, you may be prompted for aut
 > This preview version is provided without a service level agreement, and is not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-Azure Virtual Desktop supports in-session passwordless authentication using [Windows Hello for Business](/security/identity-protection/hello-for-business/hello-overview) or security devices like FIDO keys. This functionality is enabled by default when the local PC and session hosts use a supported operating system, and you can configure it using the [WebAuthn redirection](configure-device-redirections.md#webauthn-redirection) RDP property. The supported operating systems are:
+Azure Virtual Desktop supports in-session passwordless authentication using [Windows Hello for Business](/security/identity-protection/hello-for-business/hello-overview) or security devices like FIDO keys. Passwordless authentication is currently only available when using an Insider version of Windows. When deploying new session hosts, choose one of the following images:
 
-- Windows 11 Enterprise single or multi-session with the [2022-09 Cumulative Updates for Windows 11]() or later installed.
-- Windows 10 Enterprise single or multi-session, versions 20H2 or later with the [2022-09 Cumulative Updates for Windows 10]() or later installed.
-- Windows Server, version 2022 with the [2022-09 Cumulative Update for Microsoft server operating system]() or later installed.
-- Windows Server, version 2019 with the [2022-09 Cumulative Update for Microsoft server operating system]() or later installed.
+- Windows 11 version 22H2 Enterprise, (Preview) - X64 Gen 2.
+- Windows 11 version 22H2 Enterprise multi-session, (Preview) - X64 Gen2.
 
-When enabled, all WebAuthn requests in the session are redirected to the local PC where you can use your local biometrics with Windows Hello for Business or locally attached security devices to complete the authentication process.
+Passwordless authentication is enabled by default when the local PC and session hosts use one of the supported operating systems above. You can disable it using the [WebAuthn redirection](configure-device-redirections.md#webauthn-redirection) RDP property.
 
-To access Azure AD resources using WebAuthn, the FIDO2 Security Key method must be enabled as an authentication method for users. This must also be done when using Windows Hello for Business. Follow the steps to [Enable FIDO2 security key method](../active-directory/authentication/howto-authentication-passwordless-security-key.md#enable-fido2-security-key-method).
+When enabled, all WebAuthn requests in the session are redirected to the local PC. You can use Windows Hello for Business or locally attached security devices to complete the authentication process.
+
+To access Azure AD resources with Windows Hello for Business or security devices, the FIDO2 Security Key method must be enabled as an authentication method for users. Follow the steps to [Enable FIDO2 security key method](../active-directory/authentication/howto-authentication-passwordless-security-key.md#enable-fido2-security-key-method).
 
 ### In-session smart card authentication
 
@@ -126,4 +126,4 @@ To use a smart card in your session, make sure you've installed the smart card d
 - Curious about other ways to keep your deployment secure? Check out [Security best practices](security-guide.md).
 - Having issues connecting to Azure AD-joined VMs? [Troubleshoot connections to Azure AD-joined VMs](troubleshoot-azure-ad-connections.md).
 - Having issues with in-session passwordless authentication? [Troubleshoot WebAuthn redirection](troubleshoot-device-redirections.md#webauthn-redirection).
-- Want to use smart cards from outside your corporate network? Review how to setup a [KDC Proxy server](key-distribution-center-proxy.md).
+- Want to use smart cards from outside your corporate network? Review how to set up a [KDC Proxy server](key-distribution-center-proxy.md).

articles/virtual-desktop/configure-device-redirections.md

@@ -3,13 +3,13 @@ title: Configure device redirection - Azure
 description: How to configure device redirection for Azure Virtual Desktop.
 author: Heidilohr
 ms.topic: how-to
-ms.date: 08/09/2022
+ms.date: 08/24/2022
 ms.author: helohr
 manager: femila
 ---
 # Configure device redirection
 
-Configuring device redirection for your Azure Virtual Desktop environment allows you to use printers, USB devices, microphones and other peripheral devices in the remote session. Some device redirection require changes to both Remote Desktop Protocol (RDP) properties and Group Policy settings.
+Configuring device redirection for your Azure Virtual Desktop environment allows you to use printers, USB devices, microphones and other peripheral devices in the remote session. Some device redirections require changes to both Remote Desktop Protocol (RDP) properties and Group Policy settings.
 
 ## Supported device redirection
 

articles/virtual-desktop/configure-single-sign-on.md

@@ -7,7 +7,7 @@ manager: femila
 
 ms.service: virtual-desktop
 ms.topic: how-to
-ms.date: 08/09/2022
+ms.date: 08/24/2022
 ms.author: helohr
 ---
 # Configure single sign-on for Azure Virtual Desktop
@@ -24,31 +24,33 @@ This article will walk you through the process of configuring single sign-on (SS
 
 ## Prerequisites
 
-Single sign-on is only available on the following session host operating systems:
+Single sign-on is currently only available when using an Insider version of Windows. When deploying new session hosts, choose one of the following images:
 
-  - Windows 11 Enterprise single or multi-session with the [2022-09 Cumulative Updates for Windows 11]() or later installed.
-  - Windows 10 Enterprise single or multi-session, versions 20H2 or later with the [2022-09 Cumulative Updates for Windows 10]() or later installed.
-  - Windows Server, version 2022 with the [2022-09 Cumulative Update for Microsoft server operating system]() or later installed.
-  - Windows Server, version 2019 with the [2022-09 Cumulative Update for Microsoft server operating system]() or later installed.
+  - Windows 11 version 22H2 Enterprise, (Preview) - X64 Gen 2.
+  - Windows 11 version 22H2 Enterprise multi-session, (Preview) - X64 Gen2.
 
-Single sign-on can be enabled for connections to Azure AD-joined VMs. SSO can also be used to access Hybrid Azure AD-joined VMs, but only after creating a Kerberos Server object. This solution is not supported with VMs joined to Azure AD Domain Services.
+Single sign-on can be enabled for connections to Azure AD-joined VMs. SSO can also be used to access Hybrid Azure AD-joined VMs, but only after creating a Kerberos Server object. This solution isn't supported with VMs joined to Azure AD Domain Services.
 
 > [!NOTE]
 > Hybrid Azure AD-joined Windows Server 2019 VMs don't support SSO.
 
-Currently, the [Windows Desktop client](./user-documentation/connect-windows-7-10.md) is the only client that supports SSO. The local PC must be running Windows 10 or later. There is no domain join requirement for the local PC.
+Currently, the [Windows Desktop client](./user-documentation/connect-windows-7-10.md) is the only client that supports SSO. The local PC must be running Windows 10 or later. There's no domain join requirement for the local PC.
 
-This feature is currently supported in the Azure Public, Azure Government and Azure China clouds.
+SSO is currently supported in the Azure Public cloud.
 
 ## Enable single sign-on
 
-If your host pool contains Hybrid Azure AD-joined session hosts, you must first enable Azure AD Kerberos in your environment by creating a Kerberos Server object. This enables the authentication needed with the domain controller. It is also recommended to enable Azure AD Kerberos for Azure AD-joined session hosts if you plan to access legacy kerberos based applications or network shares and want a single sign-on experience. To enable Azure AD Kerberos in your environment, follow the steps to [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object).
+If your host pool contains Hybrid Azure AD-joined session hosts, you must first enable Azure AD Kerberos in your environment by creating a Kerberos Server object. Azure AD Kerberos enables the authentication needed with the domain controller. We recommended you also enable Azure AD Kerberos for Azure AD-joined session hosts if you have a Domain Controller (DC). Azure AD Kerberos provides a single sign-on experience when accessing legacy kerberos based applications or network shares. To enable Azure AD Kerberos in your environment, follow the steps to [Create a Kerberos Server object](../active-directory/authentication/howto-authentication-passwordless-security-key-on-premises.md#create-a-kerberos-server-object) on your DC.
 
-To enable SSO on your host pool, you must [customize an RDP property](customize-rdp-properties.md). You can find the **Azure AD Authentication** property under the **Connection information** tab in the Azure Portal or set the **enablerdsaadauth:i:1** property using PowerShell.
+To enable SSO on your host pool, you must [customize an RDP property](customize-rdp-properties.md). You can find the **Azure AD Authentication** property under the **Connection information** tab in the Azure portal or set the **enablerdsaadauth:i:1** property using PowerShell.
 
 > [!IMPORTANT]
 > If you enable SSO on your Hybrid Azure AD-joined VMs before you create the Kerberos server object, you won't be able to connect to the VMs, and you'll see an error message saying the specific log on session doesn't exist.
 
+### Allow remote desktop connection dialog
+
+When enabling single sign-on, you'll currently be prompted to authenticate to Azure AD and allow the remote desktop connection when launching a connection to a new host. Azure AD remembers up to 15 hosts for 30 days before prompting again. This dialog will be removed in a later release.
+
 ## Next steps
 
 - Enable [in-session passwordless authentication](authentication.md#in-session-passwordless-authentication)

articles/virtual-desktop/customize-rdp-properties.md

@@ -3,7 +3,7 @@ title: Customize RDP properties with PowerShell - Azure
 description: How to customize RDP Properties for Azure Virtual Desktop with PowerShell cmdlets.
 author: Heidilohr
 ms.topic: how-to
-ms.date: 08/09/2022
+ms.date: 08/24/2022
 ms.author: helohr 
 ms.custom: devx-track-azurepowershell
 manager: femila
@@ -13,7 +13,7 @@ manager: femila
 >[!IMPORTANT]
 >This content applies to Azure Virtual Desktop with Azure Resource Manager Azure Virtual Desktop objects. If you're using Azure Virtual Desktop (classic) without Azure Resource Manager objects, see [this article](./virtual-desktop-fall-2019/customize-rdp-properties-2019.md).
 
-Customizing a host pool's Remote Desktop Protocol (RDP) properties, such as multi-monitor experience and audio redirection, lets you deliver an optimal experience for your users based on their needs. If you'd like to change the default RDP file properties, you can customize RDP properties in Azure Virtual Desktop by either using the Azure portal or by using the *-CustomRdpProperty* parameter in the **Update-AzWvdHostPool** cmdlet.
+You can customize a host pool's Remote Desktop Protocol (RDP) properties, such as multi-monitor experience and audio redirection, to deliver an optimal experience for your users based on their needs. If you'd like to change the default RDP file properties, you can customize RDP properties in Azure Virtual Desktop by either using the Azure portal or by using the *-CustomRdpProperty* parameter in the **Update-AzWvdHostPool** cmdlet.
 
 See [supported RDP file settings](/windows-server/remote/remote-desktop-services/clients/rdp-files?context=%2fazure%2fvirtual-desktop%2fcontext%2fcontext) for a full list of supported properties and their default values.
 
@@ -115,7 +115,7 @@ CustomRdpProperty : audiocapturemode:i:1;audiomode:i:0;
 
 ## Reset all custom RDP properties
 
-You can reset individual custom RDP properties to their default values by following the instructions in [Add or edit a single custom RDP property](#add-or-edit-a-single-custom-rdp-property), or you can reset all custom RDP properties for a host pool by running the following PowerShell cmdlet:
+You can reset individual custom RDP properties to their default values by following the instructions in [Add or edit a single custom RDP property](#add-or-edit-a-single-custom-rdp-property). You can also reset all custom RDP properties for a host pool by running the following PowerShell cmdlet:
 
 ```powershell
 Update-AzWvdHostPool -ResourceGroupName <resourcegroupname> -Name <hostpoolname> -CustomRdpProperty ""
@@ -132,7 +132,7 @@ CustomRdpProperty : <CustomRDPpropertystring>
 
 ## Next steps
 
-Now that you've customized the RDP properties for a given host pool, you can sign in to a Azure Virtual Desktop client to test them as part of a user session. These next how-to guides will tell you how to connect to a session using the client of your choice:
+Now that you've customized the RDP properties for a given host pool, you can sign in to an Azure Virtual Desktop client to test them as part of a user session. These next how-to guides will tell you how to connect to a session using the client of your choice:
 
 - [Connect with the Windows Desktop client](./user-documentation/connect-windows-7-10.md)
 - [Connect with the web client](./user-documentation/connect-web.md)

articles/virtual-desktop/deploy-azure-ad-joined-vm.md

@@ -7,7 +7,7 @@ manager: femila
 
 ms.service: virtual-desktop
 ms.topic: how-to
-ms.date: 08/09/2022
+ms.date: 08/24/2022
 ms.author: helohr
 ---
 
@@ -28,7 +28,7 @@ User accounts can be cloud-only or synced users from the same Azure AD tenant.
 
 ## Known limitations
 
-The following known limitations may impact access to your on-premises or Active Directory domain-joined resources and should be considered when deciding whether Azure AD-joined VMs are right for your environment. We currently recommend Azure AD-joined VMs for scenarios where users only need access to cloud-based resources or Azure AD-based authentication.
+The following known limitations may affect access to your on-premises or Active Directory domain-joined resources and should be considered when deciding whether Azure AD-joined VMs are right for your environment. We currently recommend Azure AD-joined VMs for scenarios where users only need access to cloud-based resources or Azure AD-based authentication.
 
 - Azure Virtual Desktop (classic) doesn't support Azure AD-joined VMs.
 - Azure AD-joined VMs don't currently support external identities, such as Azure AD Business-to-Business (B2B) and Azure AD Business-to-Consumer (B2C).