MicrosoftDocs
diff --git a/‎memdocs/intune/protect/certificates-profile-scep.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/intune/protect/certificates-profile-scep.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎memdocs/intune/protect/includes/security-config-mgt-prerequisites.md‎
Lines changed: 2 additions & 7 deletions b/‎memdocs/intune/protect/includes/security-config-mgt-prerequisites.md‎
Lines changed: 2 additions & 7 deletions
diff --git a/‎memdocs/intune/protect/media/mde-security-integration/add-role-in-mde.png‎
-79.8 KB b/‎memdocs/intune/protect/media/mde-security-integration/add-role-in-mde.png‎
-79.8 KB
diff --git a/‎memdocs/intune/protect/media/mde-security-integration/add-role.png‎
-65.3 KB b/‎memdocs/intune/protect/media/mde-security-integration/add-role.png‎
-65.3 KB
diff --git a/‎windows-365/enterprise/health-checks.md‎
Lines changed: 1 addition & 1 deletion b/‎windows-365/enterprise/health-checks.md‎
Lines changed: 1 addition & 1 deletion
@@ -130,7 +130,7 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
        - **CN={{UserName}}**: The user name of the user, such as janedoe.
        - **CN={{UserPrincipalName}}**: The user principal name of the user, such as [email protected].
        - **CN={{AAD_Device_ID}}**: An ID assigned when you register a device in Azure Active Directory (AD). This ID is typically used to authenticate with Azure AD.
-       - **CN={{DeviceId}}**: An ID assigned when you enroll a device in Intune. *(not supported on Android Enterprise for Fully Managed, Dedicated, and Corporate-Owned Work Profile)*
+       - **CN={{DeviceId}}**: An ID assigned when you enroll a device in Intune.
        - **CN={{SERIALNUMBER}}**: The unique serial number (SN) typically used by the manufacturer to identify a device.
        - **CN={{IMEINumber}}**: The International Mobile Equipment Identity (IMEI) unique number used to identify a mobile phone.
        - **CN={{OnPrem_Distinguished_Name}}**: A sequence of relative distinguished names separated by comma, such as *CN=Jane Doe,OU=UserAccounts,DC=corp,DC=contoso,DC=com*.
@@ -156,7 +156,7 @@ Devices that run Android Enterprise might require a PIN before SCEP can provisio
        Format options for the Subject name format include the following variables:
 
        - **{{AAD_Device_ID}}** or **{{AzureADDeviceId}}** - Either variable can be used to identify a device by its Azure AD ID.
-       - **{{DeviceId}}** - The Intune device ID *(not supported on Android Enterprise for Fully Managed, Dedicated, and Corporate-Owned Work Profile)*
+       - **{{DeviceId}}** - The Intune device ID
        - **{{Device_Serial}}**
        - **{{Device_IMEI}}**
        - **{{SerialNumber}}**
 
@@ -4,7 +4,7 @@ description: include file
 author: brenduns
 ms.service: microsoft-intune
 ms.author: brenduns
-ms.date: 05/12/2022
+ms.date: 09/12/2022
 ms.topic: include
 ---
 ## Prerequisites
@@ -123,13 +123,8 @@ To support Microsoft Defender for Endpoint security configuration management thr
    > [!TIP]
    > Use pilot mode and the proper device tags to test and validate your rollout on a small number of devices. Without using pilot mode, any device that falls into the scope configured will automatically be enrolled.
 
-1. Make sure the relevant users have permissions to manage endpoint security settings in Microsoft Endpoint Manager or grant those permissions by configuring a role in the Microsoft 365 Defender portal. Go to **Settings** > **Roles** > **Add item**:
-   :::image type="content" source="../media/mde-security-integration/add-role-in-mde.png" alt-text="Create a new role in the Defender portal.":::
-   > [!TIP]
-   > You can modify existing roles and add the necessary permissions versus creating additional roles in Microsoft Defender for Endpoint
-1. When configuring the role, add users and be sure to select **Manage endpoint security settings in Microsoft Endpoint Manager**:
+1. Make sure the relevant users have permissions to manage endpoint security settings in Microsoft Endpoint Manager. If not already provided, request for your IT administrator to grant applicable users the Microsoft Endpoint Manager’s **Endpoint Security Manager** [built-in RBAC role](/mem/intune/fundamentals/role-based-access-control).
 
-      :::image type="content" source="../media/mde-security-integration/add-role.png" alt-text="Grant users permissions to manage settings.":::
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Endpoint security** > **Microsoft Defender for Endpoint**, and set **Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations** to **On**.
 
 
@@ -64,7 +64,7 @@ Every failed ANC or success with warning error state includes the technical deta
 - **First party app permissions exist on Azure virtual network**: Sufficient permissions exist on the Azure vNet.
 - **Environment and configuration is ready**: Underlying infrastructure is ready for provisioning to succeed.
 - **Intune enrollment restrictions allow Windows enrollment**: Verify that Intune enrollment restrictions are configured to allow Windows enrollment.
-- **Localization language package readiness**: Verify that the operating system and Microsoft 365 language packages can install. Also verify that the localization package download link is reachable.
+- **Localization language package readiness**: Verify that the operating system and Microsoft 365 language packages are reachable. Also verify that the localization package download link is reachable.
 
 <!-- ########################## -->
 ## Next steps