Line edits

lootle1 · lootle1 · commit 84edefb708e2 · 2024-10-29T09:29:06.000-05:00
diff --git a/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/2-policy-management-groups.md b/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/2-policy-management-groups.md
@@ -31,7 +31,7 @@ After you've added an app to Microsoft Intune, you can assign the app to users a
 
 In Intune, you can determine who has access to an app by assigning groups of users to include and exclude. Before you assign groups to the app, you must set the assignment type for an app. The assignment type makes the app available, required, or uninstalls the app.
 
-To set the availability of an app, you include and exclude app assignments to a group of users or devices by using a combination of include and exclude group assignments. This capability can be useful when you make the app available by including a large group, then narrow the selected users by also excluding a smaller group. The smaller group might be a test group or an executive group.
+To set the availability of an app, you include and exclude app assignments to a group of users or devices. You can accomplish this using a combination of include and exclude group assignments. This capability can be useful when you make the app available by including a large group. Then narrow the selected users by also excluding a smaller group. The smaller group might be a test group or an executive group.
 
 As a best practice, create and assign apps specifically for your user groups and separately for your device groups.
 
@@ -45,7 +45,7 @@ You can assign policies to groups using Intune. When you assign policies, you ca
 
 ## User groups vs. device groups
 
-Many users ask when to use user groups and when to use device groups. The answer depends on your goal. Here's some guidance to get you started:
+Many users ask when to utilize user groups versus device groups. The answer depends on your goal. Here's some guidance to get you started:
 
 ### Device groups
 
@@ -55,7 +55,7 @@ For example:
 
 - Device groups are useful for managing devices that don't have a dedicated user. For example, you have devices that print tickets, scan inventory, are shared by shift workers, are assigned to a specific warehouse, and so on. Put these devices in a device group and assign your profiles to this device group.
 - You create a Device Firmware Configuration Interface (DFCI) Intune profile that updates settings in the BIOS. For example, you configure this profile to disable the device camera or lock down the boot options to prevent users from booting up another OS. This profile is a good scenario to assign to a device group.
-- On some specific Windows devices, you always want to control some Microsoft Edge settings, regardless of who's using the device. For example, you want to block all downloads, limit all cookies to the current browsing session, and delete the browsing history. For this scenario, put these specific Windows devices in a device group, then create an Administrative Template in Intune, add these device settings, and assign this profile to the device group.
+- On some specific Windows devices, you always want to control some Microsoft Edge settings, regardless of who's using the device. For example, you want to block all downloads, limit all cookies to the current browsing session, and delete the browsing history. For this scenario, put these specific Windows devices in a device group. Then create an Administrative Template in Intune, add these device settings, and assign this profile to the device group.
 
 To summarize, use device groups when you don't care who's signed in on the device, or if anyone is signed in. You want your settings to always be on the device.
 
@@ -71,4 +71,4 @@ For example:
 
   For example, you want to block untrusted ActiveX controls in your Office apps. You can create an Administrative Template in Intune, configure this setting, and assign this profile to a user group.
 
-To summarize, use user groups when you want your settings and rules to always go with the user, whatever device they use.
+To summarize, utilize user groups when you want your settings and rules to always go with the user, whatever device they use.
diff --git a/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/4-use-conditional-access.md b/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/4-use-conditional-access.md
@@ -21,7 +21,7 @@ With co-management, Intune evaluates every device in your network to determine h
 
    - This evaluation is pre-security breach and configuration-based.  
 
-   - For co-managed devices, Configuration Manager also does configuration-based evaluation; for example, required updates or apps compliance. Intune combines this evaluation along with its own assessment.  
+   - For co-managed devices, Configuration Manager also does configuration-based evaluation for things like required updates or apps compliance. Intune combines this evaluation along with its own assessment.  
 
 1. Intune detects active security incidents on a device. It uses the intelligent security of Microsoft Defender for Endpoint (formerly Microsoft Defender Advanced Threat Protection or Windows Defender ATP) and other mobile threat-defense providers. These partners run ongoing behavioral analysis on devices. This analysis detects active incidents, then passes this information to Intune for real-time compliance evaluation.  
 
diff --git a/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/5-benefits-conditional-access.md b/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/5-benefits-conditional-access.md
@@ -1,9 +1,9 @@
-Every IT team is obsessed with network security. It's mandatory to make sure that every device meets your security and business requirements before accessing your network. With Conditional Access, you can determine the following factors:
+Every IT team is obsessed with network security. It's mandatory to make sure that every device meets your security and business requirements before accessing your network. With Conditional Access, you can determine if:
 
-- If every device is encrypted
-- If malware is installed  
-- If its settings are updated
-- If it's jailbroken or rooted  
+- Every device is encrypted.
+- Malware is installed.
+- Its settings are updated.
+- It's jailbroken or rooted.
 
 Conditional Access combines granular control over organizational data with a user experience that maximizes worker productivity on any device from any location.
 
diff --git a/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/6-implement-security-rules.md b/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/6-implement-security-rules.md
@@ -4,9 +4,9 @@ You can use the *Endpoint security* node in Microsoft Intune to configure device
 
 The Endpoint security node groups the tools that are available through Intune that you use to keep devices secure:
 
-- **Review the status of all your managed devices**: You can view device compliance from a high level and drill into specific devices to understand which compliance policies aren't met so you can resolve them.
+- **Review the status of all your managed devices**: You can view device compliance from a high level, and drill into specific devices to understand which compliance policies aren't met so you can resolve them.
 - **Deploy security baselines that establish best practice security configurations for devices**: Intune includes security baselines for Windows devices and a growing list of applications, like Microsoft Defender for Endpoint and Microsoft Edge. Security baselines are pre-configured groups of Windows settings that help you apply a known group of settings and default values that the relevant security teams recommend. You can use security baselines to rapidly deploy a *best practice* configuration of device and application settings to protect your users and devices. Security baselines are supported for devices that run Windows 10 version 1809 and later.
 - **Manage security configurations on devices through tightly focused policies**: Each endpoint-security policy focuses on aspects of device security like antivirus, disk encryption, firewalls, and several areas made available through integration with Microsoft Defender for Endpoint.
-- **Establish device and user requirements through compliance policy**: With compliance policies, you set the rules devices and users must meet to be considered compliant. Rules can include OS versions, password requirements, device-threat levels, and more. When you integrate with Microsoft Entra Conditional Access policies to enforce compliance policies, you can gate access to corporate resources for both managed devices and devices that aren’t managed yet. Endpoint security policies are one of several methods in Intune to configure settings on devices. When managing settings, it's important to understand what other methods are in use in your environment that can configure your devices, and avoid conflicts.
-- **Integrate Intune with your Microsoft Defender for Endpoint**: By integrating with Microsoft Defender for Endpoint, you gain access to security tasks. Security tasks closely tie Microsoft Defender for Endpoint and Intune together to help your security team identify devices that are at risk and hand off detailed remediation steps to Intune admins who can then act.
-- **Integrate Configuration Manager with Microsoft Defender for Endpoint**: Using tenant attach in a co-managed endpoint management scenario, you can integrate Configuration Manager with Microsoft Defender for Endpoint to gain access to security tasks that help enterprises detect, investigate, and respond to advanced attacks on their networks.
+- **Establish device and user requirements through compliance policy**: With compliance policies, you set the rules devices and users must meet to be considered compliant. Rules can include OS versions, password requirements, device-threat levels, and more. When you integrate with Microsoft Entra Conditional Access policies to enforce compliance policies, you can gate access to corporate resources for both managed devices and devices that aren't managed yet. Endpoint security policies are one of several methods in Intune to configure settings on devices. When managing settings, it's important to understand what other methods are in use in your environment that can configure your devices and avoid conflicts.
+- **Integrate Intune with your Microsoft Defender for Endpoint**: By integrating with Microsoft Defender for Endpoint, you gain access to security tasks. Security tasks closely tie Microsoft Defender for Endpoint and Intune together. They help your security team identify devices that are at risk and hand off detailed remediation steps to Intune admins who can then act.
+- **Integrate Configuration Manager with Microsoft Defender for Endpoint**: Using tenant attach in a co-managed endpoint management scenario, you can integrate Configuration Manager with Microsoft Defender for Endpoint. You gain access to security tasks that help enterprises detect, investigate, and respond to advanced attacks on their networks.
diff --git a/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/8-summary.md b/learn-pr/endpoint-manager/policy-security-management-using-microsoft-endpoint-manager/includes/8-summary.md
@@ -1,10 +1,10 @@
 In this module, you've learned how Microsoft Intune uses Conditional Access to make sure that only trusted users can access organizational resources on trusted devices using trusted apps. Here are some of the things you covered:
 
-- Adding assigned groups and dynamic groups to manually or automatically assign groups in Microsoft Intune
-- The difference between user groups and device groups
-- How trusted users can access organizational resources on trusted devices using trusted apps
-- The common ways to use Conditional Access
-- Configuring device security and managing security tasks for devices
+- Adding assigned groups and dynamic groups to manually or automatically assign groups in Microsoft Intune.
+- The difference between user groups and device groups.
+- How trusted users can access organizational resources on trusted devices using trusted apps.
+- The common ways to use Conditional Access.
+- Configuring device security and managing security tasks for devices.
 
 ## Next steps
 
@@ -14,14 +14,14 @@ To learn more about Microsoft Intune, continue to the next learning module in th
 To evaluate Microsoft Intune and the Microsoft technologies available with Microsoft's Enterprise Mobility + Security (EMS), continue with the free trial:
 - [Get a free trial, evaluate Enterprise Mobility + Security (EMS)](https://go.microsoft.com/fwlink/?linkid=845167)
 
-To get expert guidance to help plan, deploy, and migrate your organization to Microsoft Intune, continue by learning more about FastTrack: 
+To get expert guidance to help plan, deploy, and migrate your organization to Microsoft Intune, continue by learning more about FastTrack:
 - [Explore endpoint management support from FastTrack](https://go.microsoft.com/fwlink/?linkid=2143850)
 
 ## Learn more
 
 For additional information about Microsoft Intune, see the following resources:
 
-- [Microsoft Intune documentation](/mem/?azure-portal=true)
-- [Conditional access with Intune](/mem/intune/protect/conditional-access)
+- [Microsoft Intune product and capabilities documentation](/mem/?azure-portal=true)
+- [Learn about Conditional Access and Intune](/mem/intune/protect/conditional-access)
 - [Conditional Access with co-management](/mem/configmgr/comanage/quickstart-conditional-access)
 - [Microsoft Entra Conditional Access documentation](/azure/active-directory/conditional-access/)
