Merge pull request #47698 from lootle1/MR49

Technical Review 1003299: Understand Conditional Access policies usin…

Author: Jill Grant

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/1-introduction.yml

@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: Learn about policy and security management using Microsoft Intune. 
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: ErikRe
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/2-policy-management-groups.yml

@@ -4,7 +4,7 @@ title: Learn about policy management based on groups
 metadata:
   title: Learn about policy management based on groups
   description: Understand the concepts surrounding policy management based on groups.
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: Erikre
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/3-conditional-access.yml

@@ -4,7 +4,7 @@ title: Understand Conditional Access
 metadata:
   title: Understand Conditional Access
   description: Understand the concepts behind Conditional Access.
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: Erikre
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/4-use-conditional-access.yml

@@ -4,7 +4,7 @@ title: Learn about using Conditional Access
 metadata:
   title: Learn about using Conditional Access
   description: Understand the two common types of Conditional Access.
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: Erikre
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/5-benefits-conditional-access.yml

@@ -4,7 +4,7 @@ title: Understand the benefits of Conditional Access
 metadata:
   title: Understand the benefits of Conditional Access
   description: Learn about the benefits of Conditional Access.
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: Erikre
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/6-implement-security-rules.yml

@@ -4,7 +4,7 @@ title: Learn about implementing security rules
 metadata:
   title: Learn about implementing security rules
   description: Understand the capabilities behind keeping device secure using Microsoft Intune.
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: Erikre
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/7-knowledge-check.yml

@@ -3,7 +3,7 @@ uid: learn.policy-security-management-using-microsoft-endpoint-manager.7-knowled
 metadata:
   title: Knowledge check
   description: Knowledge check
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: Erikre 
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/8-summary.yml

@@ -4,7 +4,7 @@ title: Summary
 metadata:
   title: Summary
   description: Microsoft Intune - Summary.
-  ms.date: 05/05/2023
+  ms.date: 10/28/2024
   author: Erikre
   ms.author: erikre
   ms.topic: unit

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/2-policy-management-groups.md

@@ -27,11 +27,11 @@ After your device is enrolled, it becomes *managed*. Your organization can assig
 
 ## Apps
 
-After you've added an app to Microsoft Intune, you can assign the app to users and devices. It's important to note that you can assign an app to a device whether or not the device is managed by Intune.
+After you've added an app to Microsoft Intune, you can assign the app to users and devices. It's important to note that you can assign an app to a device whether Intune manages it or not.
 
 In Intune, you can determine who has access to an app by assigning groups of users to include and exclude. Before you assign groups to the app, you must set the assignment type for an app. The assignment type makes the app available, required, or uninstalls the app.
 
-To set the availability of an app, you include and exclude app assignments to a group of users or devices by using a combination of include and exclude group assignments. This capability can be useful when you make the app available by including a large group, then narrow the selected users by also excluding a smaller group. The smaller group might be a test group or an executive group.
+To set the availability of an app, you include and exclude app assignments to a group of users or devices. You can accomplish this using a combination of include and exclude group assignments. This capability can be useful when you make the app available by including a large group. Then narrow the selected users by also excluding a smaller group. The smaller group might be a test group or an executive group.
 
 As a best practice, create and assign apps specifically for your user groups and separately for your device groups.
 
@@ -45,17 +45,17 @@ You can assign policies to groups using Intune. When you assign policies, you ca
 
 ## User groups vs. device groups
 
-Many users ask when to use user groups and when to use device groups. The answer depends on your goal. Here's some guidance to get you started:
+Many users ask when to utilize user groups versus device groups. The answer depends on your goal. Here's some guidance to get you started:
 
 ### Device groups
 
 If you want to apply settings on a device regardless of who's signed in, assign your profiles to a device group. Settings applied to device groups always go with the device, not the user. Device groups are commonly used for shared and specialized devices.
 
 For example:
 
-- Device groups are useful for managing devices that don't have a dedicated user. For example, you have devices that print tickets, scan inventory, are shared by shift workers, are assigned to a specific warehouse, and so on. Put these devices in a device group and assign your profiles to this device group.
+- Device groups are useful for managing devices that don't have a dedicated user. For example, you have devices that print tickets, scan inventory, share information across shift workers, assign tickets to specific warehouses, and so on. Put these devices in a device group and assign your profiles to this device group.
 - You create a Device Firmware Configuration Interface (DFCI) Intune profile that updates settings in the BIOS. For example, you configure this profile to disable the device camera or lock down the boot options to prevent users from booting up another OS. This profile is a good scenario to assign to a device group.
-- On some specific Windows devices, you always want to control some Microsoft Edge settings, regardless of who's using the device. For example, you want to block all downloads, limit all cookies to the current browsing session, and delete the browsing history. For this scenario, put these specific Windows devices in a device group, then create an Administrative Template in Intune, add these device settings, and assign this profile to the device group.
+- On some specific Windows devices, you always want to control some Microsoft Edge settings, regardless of who's using the device. For example, you want to block all downloads, limit all cookies to the current browsing session, and delete the browsing history. For this scenario, put these specific Windows devices in a device group. Then create an Administrative Template in Intune, add these device settings, and assign this profile to the device group.
 
 To summarize, use device groups when you don't care who's signed in on the device, or if anyone is signed in. You want your settings to always be on the device.
 
@@ -71,4 +71,4 @@ For example:
 
   For example, you want to block untrusted ActiveX controls in your Office apps. You can create an Administrative Template in Intune, configure this setting, and assign this profile to a user group.
 
-To summarize, use user groups when you want your settings and rules to always go with the user, whatever device they use.
+To summarize, utilize user groups when you want your settings and rules to always go with the user, whatever device they use.

learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/4-use-conditional-access.md

@@ -21,7 +21,7 @@ With co-management, Intune evaluates every device in your network to determine h
 
    - This evaluation is pre-security breach and configuration-based.  
 
-   - For co-managed devices, Configuration Manager also does configuration-based evaluation; for example, required updates or apps compliance. Intune combines this evaluation along with its own assessment.  
+   - For co-managed devices, Configuration Manager also does configuration-based evaluation for things like required updates or apps compliance. Intune combines this evaluation along with its own assessment.  
 
 1. Intune detects active security incidents on a device. It uses the intelligent security of Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection or Windows Defender ATP) and other mobile threat-defense providers. These partners run ongoing behavioral analysis on devices. This analysis detects active incidents, then passes this information to Intune for real-time compliance evaluation.  
 
@@ -65,7 +65,7 @@ Conditional Access for PCs provides capabilities similar to those available for
 
 #### Bring your own device (BYOD)
 
-- **Workplace join and Intune management:** Here the user can join their personal devices to access corporate resources and services. You can use Workplace join and enroll devices into Intune MDM to receive device-level policies, which are another option to evaluate Conditional Access criteria.
+- **Workplace join and Intune management:** The user can join their personal devices to access corporate resources and services. You can use Workplace join and enroll devices into Intune MDM to receive device-level policies, which are another option to evaluate Conditional Access criteria.
 
 ## App-based Conditional Access