add note to ios config features article

Author: emmwalshh

defender-endpoint/ios-configure-features.md

@@ -30,7 +30,7 @@ ms.date: 08/29/2024
 Want to experience Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 > [!NOTE]
-> Defender for Endpoint on iOS would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device.
+> Defender for Endpoint on iOS would use a VPN in order to provide the Web Protection feature. This isn't a regular VPN and is a local/self-looping VPN that doesn't take traffic outside the device.
 
 ## Conditional Access with Defender for Endpoint on iOS
 
@@ -59,7 +59,7 @@ While enabled by default, there might be some cases that require you to disable
 
 ## Disable web protection
 
-Web protection is one of the key features of Defender for Endpoint and it requires a VPN to provide that capability. The VPN used is a local/loopback VPN and not a traditional VPN, however there are several reasons for which customers might not prefer the VPN. If you don't want to set up a VPN, you can disable web protection and deploy Defender for Endpoint without that feature. Other Defender for Endpoint features continue to work.
+Web protection is one of the key features of Defender for Endpoint and it requires a VPN to provide that capability. The VPN used is a local/loopback VPN and not a traditional VPN, however there are several reasons for which customers might not prefer the VPN. If you don't want to set up a VPN, you can disable web protection and deploy Defender for Endpoint without that feature. Other Defender for Endpoint features continues to work.
 
 This configuration is available for both the enrolled (MDM) devices and unenrolled (MAM) devices. For customers with MDM, admins can configure web protection through managed devices in the App Config. For customers without enrollment, using MAM, admins can configure the web protection through managed apps in the App Config.
 
@@ -98,7 +98,7 @@ Use the following steps to disable web protection for unenrolled devices.
    - Select **Next**, and then assign this profile to targeted devices/users.
 
 > [!NOTE]
-> The `WebProtection` key is not applicable for the Control Filter in the list of supervised devices. If you want to disable web protection for supervised devices, you can remove the Control Filter profile.
+> The `WebProtection` key isn't applicable for the Control Filter in the list of supervised devices. If you want to disable web protection for supervised devices, you can remove the Control Filter profile.
 
 ## Configure network protection
 
@@ -167,6 +167,10 @@ Use the following procedure to set up MAM config for unenrolled devices for netw
 
 6. Review and create the configuration policy.
 
+> [!NOTE]
+> **Open Wi-Fi Network Alert:**
+> An alert is generated whenever a user connects to an open Wi-Fi network. If the user reconnects to the same network within a seven-day period, no new alert is generated. However, connecting to a different open Wi-Fi network results in an immediate alert.
+
 ## Coexistence of multiple VPN profiles
 
 Apple iOS doesn't support multiple device-wide VPNs to be active simultaneously. While multiple VPN profiles can exist on the device, only one VPN can be active at a time.
@@ -179,7 +183,7 @@ Microsoft Defender for Endpoint can be configured to send threat signals to be u
 
 Follow the steps in the following link to set up app protection policies with Microsoft Defender for Endpoint [Configure Defender risk signals in app protection policy (MAM)](ios-install-unmanaged.md)
 
-For more details on MAM or app protection policy, see [iOS app protection policy settings](/mem/intune/apps/app-protection-policy-settings-ios).
+For more information on MAM or app protection policy, see [iOS app protection policy settings](/mem/intune/apps/app-protection-policy-settings-ios).
 
 ## Privacy controls
 
@@ -235,11 +239,11 @@ Users see a toggle for **Unsafe Site Info**. This toggle is only visible if admi
 
 If enabled by an admin, users can specify whether to send unsafe site info to their organization. By default, it's set to `false`, which means unsafe site information isn't sent. If user toggles it to `true`, unsafe site details are sent.
 
-Turning privacy controls on or off doesn't impact the device compliance check or conditional access.
+Turning privacy controls on or off doesn't affect the device compliance check or conditional access.
 
 > [!NOTE]
-> On Supervised devices with the configuration profile, Microsoft Defender for Endpoint can access the entire URL and if it is found to be phishing, it is blocked.
-> On an Unsupervised device, Microsoft Defender for Endpoint has access to only the domain name, and if the domain is not a phishing URL, it won't be blocked.
+> On Supervised devices with the configuration profile, Microsoft Defender for Endpoint can access the entire URL and if it's found to be phishing, it's blocked.
+> On an Unsupervised device, Microsoft Defender for Endpoint has access to only the domain name, and if the domain isn't a phishing URL, it won't be blocked.
 
 ## Optional permissions
 
@@ -272,21 +276,21 @@ End users install and open the Microsoft Defender app to start onboarding.
 - Later, the user can enable web protection from within the app, which installs the VPN configuration on the device.
 
 > [!NOTE]
-> Optional Permission is different from Disable Web Protection. Optional VPN Permission only helps to skip the permission during onboarding but its available for the end user to later review and enable it. While Disable Web Protection allows users to onboard the Defender for Endpoint app without the Web Protection. It cannot be enabled later.
+> Optional Permission is different from Disable Web Protection. Optional VPN Permission only helps to skip the permission during onboarding but it's available for the end user to later review and enable it. While Disable Web Protection allows users to onboard the Defender for Endpoint app without the Web Protection. It can't be enabled later.
 
 ## Jailbreak detection
 
 Microsoft Defender for Endpoint has the capability of detecting unmanaged and managed devices that are jailbroken. These jailbreak checks are done periodically. If a device is detected as jailbroken, these events occur:
 
-- A high-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access is set up based on device risk score, then the device is blocked from accessing corporate data.
-- User data on app is cleared. When user opens the app after jailbreaking, the VPN profile (only Defender for Endpoint loopback VPN Profile) also is deleted, and no web protection is offered. VPN profiles delivered by Intune are not removed.
+- A high-risk alert is reported to the Microsoft Defender portal. If device Compliance and Conditional Access are set up based on device risk score, then the device is blocked from accessing corporate data.
+- User data on app is cleared. When user opens the app after jailbreaking, the VPN profile (only Defender for Endpoint loopback VPN Profile) also is deleted, and no web protection is offered. VPN profiles delivered by Intune aren't removed.
 
 ### Configure compliance policy against jailbroken devices
 
 To protect corporate data from being accessed on jailbroken iOS devices, we recommend that you set up the following compliance policy on Intune.
 
 > [!NOTE]
-> Jailbreak detection is a capability provided by Microsoft Defender for Endpoint on iOS. However, we recommend that you setup this policy as an additional layer of defense against jailbreak scenarios.
+> Jailbreak detection is a capability provided by Microsoft Defender for Endpoint on iOS. However, we recommend that you set up this policy as an extra layer of defense against jailbreak scenarios.
 
 Follow the steps below to create a compliance policy against jailbroken devices.
 
@@ -313,7 +317,7 @@ Follow the steps below to create a compliance policy against jailbroken devices.
 Defender for Endpoint on iOS enables admins to configure custom indicators on iOS devices as well. For more information on how to configure custom indicators, see [Overview of indicators](indicators-overview.md).
 
 > [!NOTE]
-> Defender for Endpoint on iOS supports creating custom indicators only for URLs and domains. IP based custom indicators is not supported on iOS.
+> Defender for Endpoint on iOS supports creating custom indicators only for URLs and domains. IP based custom indicators aren't supported on iOS.
 >
 > For iOS, no alerts are generated on Microsoft Defender XDR when the URL or domain set in the indicator is accessed.
 
@@ -379,7 +383,7 @@ Once the client versions are deployed to target iOS devices, processing starts.
 
 Defender for Endpoint on iOS supports deployment without sign out button in the app to prevent users from signing out of the Defender app. This is important to prevent users from tampering the device. 
 
-This configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. Admins can use the following steps to configure the Disable sign out
+This configuration is available for both the enrolled (MDM) devices and unenrolled (MAM) devices. Admins can use the following steps to configure the Disable sign out
 
 ### Configure disable sign out using MDM
 
@@ -394,7 +398,7 @@ This configuration is available for both the enrolled (MDM) devices as well as u
 4. On the **Settings** page, select **Use configuration designer**, and add `DisableSignOut` as the key. Set its value type as `String`.
 
    - By default, `DisableSignOut = false`.
-   - An admin can set `DisableSignOut = true` to disable the sign-out button in the app. Users don't see the sign out button once the policy is pushed.
+   - An admin can set `DisableSignOut = true` to disable the sign out button in the app. Users don't see the sign out button once the policy is pushed.
 
 5. Select **Next**, and then assign this policy to targeted devices/users.
 
@@ -411,15 +415,15 @@ This configuration is available for both the enrolled (MDM) devices as well as u
 4. On the **Settings** page, add `DisableSignOut` as the key, and set its value as `true`.
 
    - By default, `DisableSignOut = false`.
-   - An admin can set `DisableSignOut = true` to disable the sign-out button in the app. Users don't see the sign-out button once the policy is pushed.
+   - An admin can set `DisableSignOut = true` to disable the sign out button in the app. Users don't see the sign out button once the policy is pushed.
 
 5. Select **Next**, and then assign this policy to targeted devices/users.
 
 ## Device tagging
 
 Defender for Endpoint on iOS enables bulk tagging the mobile devices during onboarding by allowing the admins to set up tags via Intune. Admin can configure the device tags through Intune via configuration policies and push them to user's devices. Once the User installs and activates Defender, the client app passes the device tags to the Microsoft Defender portal. The Device tags appear against the devices in the Device Inventory. 
 
-This configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. Admins can use the following steps to configure the Device tags.
+This configuration is available for both the enrolled (MDM) devices and unenrolled (MAM) devices. Admins can use the following steps to configure the Device tags.
 
 ### Configure device tags using MDM
 
@@ -458,13 +462,13 @@ This configuration is available for both the enrolled (MDM) devices as well as u
 5. Select **Next**, and then assign this policy to targeted devices/users.
 
 > [!NOTE] 
-> The Microsoft Defender app must be opened for tags to be synced with Intune and passed to the Microsoft Defender portal. It may take up to 18 hours for tags to reflect in the portal.
+> The Microsoft Defender app must be opened for tags to be synced with Intune and passed to the Microsoft Defender portal. It might take up to 18 hours for tags to reflect in the portal.
 
 ## Suppress OS update notifications
 
-A configuration is available for customers to suppress OS update notification in Defender for Endpoint on iOS. Once the config key is set in the Intune App configuration policies, Defender for Endpoint will not send any notifications on the device for OS updates. However, when you open the Microsoft Defender app, the Device Health card is visible and show the state of your OS. 
+A configuration is available for customers to suppress OS update notification in Defender for Endpoint on iOS. Once the config key is set in the Intune App configuration policies, Defender for Endpoint won't send any notifications on the device for OS updates. However, when you open the Microsoft Defender app, the Device Health card is visible and show the state of your OS. 
 
-This configuration is available for both the enrolled (MDM) devices as well as unenrolled (MAM) devices. Admins can use the following steps to suppress the OS update Notification.
+This configuration is available for both the enrolled (MDM) devices and unenrolled (MAM) devices. Admins can use the following steps to suppress the OS update Notification.
 
 ### Configure OS update notifications using MDM
 
@@ -517,12 +521,12 @@ Use the following steps to configure the option to send feedback data to Microso
 4. On the **Settings** page, select **Use configuration designer** and add `DefenderFeedbackData` as the key, and set its value type as `Boolean`.
 
    - To remove the ability of end-users to provide feedback, set the value as `false` and assign this policy to users. By default, this value is set to `true`. For US Government customers, the default value is set to 'false'.
-   - For users with key set as `true`, there is an option to send Feedback data to Microsoft within the app (**Menu** \> **Help & Feedback** \> **Send Feedback to Microsoft**).
+   - For users with key set as `true`, there's an option to send Feedback data to Microsoft within the app (**Menu** \> **Help & Feedback** \> **Send Feedback to Microsoft**).
 
 5. Select **Next** and assign this profile to targeted devices/users.
 
 ## Report unsafe sites
 
-Phishing websites impersonate trustworthy websites for the purpose of obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page to report a website that could be a phishing site.
+Phishing websites impersonate trustworthy websites by obtaining your personal or financial information. Visit the [Provide feedback about network protection](https://www.microsoft.com/wdsi/filesubmission/exploitguard/networkprotection) page to report a website that could be a phishing site.
 
 [!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]