Reduced best practices section

lenewsad · lenewsad · commit 1efd5c4de41f · 2022-07-13T12:57:14.000-04:00
diff --git a/memdocs/intune/enrollment/device-group-mapping.md b/memdocs/intune/enrollment/device-group-mapping.md
@@ -33,15 +33,15 @@ ms.collection: M365-identity-device-management
 
 [!INCLUDE [azure_portal](../includes/azure_portal.md)]
 
-Device categories allow you to easily manage and group devices in Microsoft Intune. Assign a category, such as *sales* or *accounting*, to a device and Intune will automatically add the device to the corresponding Intune device group or Active Directory security group.   
-
-To enable categories in your tenant, you must create a category in the Microsoft Endpoint Manager admin center and set up a dynamic group for it in Azure AD. 
+Device categories allow you to easily manage and group devices in Microsoft Intune. Create a category, such as *sales* or *accounting*, and Intune automaticallys add all devices that fall within that category to the corresponding device group in Intune.    
 
+To enable categories in your tenant, you must create a category in the Microsoft Endpoint Manager admin center and set up dynamic Azure Active Directory (Azure AD) security groups.  
+ 
 This article describes how to configure and edit device categories.   
 
 ## Configure device categories
 
-You must be a Global Administrator or Intune Administrator to perform these steps.
+You must be a Global Administrator or Intune Administrator to perform these steps.  
 
 ### Step 1: Create device category in Intune  
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
@@ -55,16 +55,21 @@ You must be a Global Administrator or Intune Administrator to perform these step
 
 You'll use the device category name when you create Azure Active Directory (Azure AD) security groups in the next step.  
 
-### Step 2: Create Azure Active Directory security groups 
+### Step 2: Create Azure AD security groups 
+
+To enable automatic grouping, you must create a dynamic group using attribute-based rules in Azure AD. For instructions, see [Using attributes to create advanced rules](/azure/active-directory/users-groups-roles/groups-dynamic-membership#using-attributes-to-create-rules-for-device-objects) in the Azure AD documentation. Create an advanced rule for your group using the **deviceCategory** attribute and the category name you created in [Step 1](device-group-mapping.md#step-1-create-device category-in-Intune) of this article. 
 
-To enable automatic grouping, you must create a dynamic group using the attribute-based rules in Azure AD. For instructions, see [Using attributes to create advanced rules](/azure/active-directory/users-groups-roles/groups-dynamic-membership#using-attributes-to-create-rules-for-device-objects) in the Azure AD documentation. Create an advanced rule for your group using the **deviceCategory** attribute and the category name you created in step 1. For example, to create a rule that automatically groups devices belonging in the HR category, use the following rule syntax: `device.deviceCategory -eq "HR"`    
+For example, to create a rule that automatically groups devices belonging in the HR category, use the following rule syntax: `device.deviceCategory -eq "HR"`    
 
 ### View categories of all devices 
  Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and go to **Devices** > **All devices** for a list of all devices. The **Device category** column shows the category assigned to each device. 
  
  If the **Device category** column isn't visible in the table, select **Columns**  and then choose **Category** > **Apply**.  
 
-### Change the category of a device
+When you delete a category, devices assigned to it appear as **Unassigned**.  
+
+### Change the category of a device  
+If you edit a category, be sure to update any Azure AD security groups that reference the category in their rules.  
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices** > **All devices**.
@@ -75,8 +80,4 @@ To enable automatic grouping, you must create a dynamic group using the attribut
 ## Best practices  
 Device categories are supported on devices running Android, iOS/iPadOS, or Windows. People with Windows devices must use the Company Portal website to select their category. Regardless of platform, any device user can sign in to portal.manage.microsoft.com at anytime and go to **My devices** to select a category. 
 
-If a device is already enrolled before you configure categories, the user will receive a notification about the device on the Company Portal website informing them to select a category the next time they access the Company Portal app on iOS/iPadOS or Android.  
-
-You can edit a device category in the Azure portal, but you must manually update any Azure AD security groups that reference this category.  
-
-If you delete a category, devices assigned to it display the category name **Unassigned**.  
+If an iOS/iPadOS or Android device is already enrolled before you configure categories, the user will receive a notification about the device on the Company Portal website. The notification informs them that they need to select a category the next time they're in the Company Portal app.    
