minor edits to note placement

Smritib17 · Smritib17 · commit 24fa6de20da8 · 2022-04-27T12:32:51.000-07:00
diff --git a/memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md b/memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md
@@ -45,15 +45,15 @@ You can manage **Windows 10** and **Windows 11 Enterprise multi-session** VMs cr
 
 ## Overview
 
-Microsoft Intune only supports managing Windows 10 or Windows 11 Enterprise multi-session with device configurations. This means only [policies defined in the OS scope](/windows/client-management/mdm/policy-configuration-service-provider) and apps configured to install in the system context can be applied to Azure Virtual Desktop multi-session VMs. Additionally, all multi-session configurations must be targeted to devices or device groups. User scope policies are not supported at this time.
+Microsoft Intune only supports managing Windows 10 or Windows 11 Enterprise multi-session with device configurations. This means only [policies defined in the OS scope](/windows/client-management/mdm/policy-configuration-service-provider) and apps configured to install in the system context can be applied to Azure Virtual Desktop multi-session VMs. Additionally, all multi-session configurations must be targeted to devices or device groups. User scope policies aren't supported at this time.
 
 ## Prerequisites
 
-This feature supports Windows 10 or Windows 11 Enterprise multi-session VMs which are:
+This feature supports Windows 10 or Windows 11 Enterprise multi-session VMs, which are:
 
 - Running Windows 10 multi-session, version 1903 or later, or running Windows 11 multi-session.
 - Set up as remote desktops in pooled host pools that have been deployed through Azure Resource Manager.
-- Running a Azure Virtual Desktop agent version of 1.0.2944.1400 or later.
+- Running an Azure Virtual Desktop agent version of 1.0.2944.1400 or later.
 - [Hybrid Azure AD-joined](/azure/active-directory/devices/hybrid-azuread-join-plan) and enrolled in Microsoft Intune using one of the following methods:
   - Configured with [Active Directory group policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy), set to use Device credentials, and set to automatically enroll devices that are Hybrid Azure AD-joined.
   - [Configuration Manager co-management](/configmgr/comanage/overview).
@@ -64,13 +64,13 @@ This feature supports Windows 10 or Windows 11 Enterprise multi-session VMs whic
 
 See [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview#requirements) for more information about Azure Virtual Desktop licensing requirements.
 
-Windows 10 or Windows 11 Enterprise multi-session VMs are treated as a separate OS edition and some Windows 10 or Windows 11 Enterprise configurations won’t be supported for this edition. Using Microsoft Intune does not depend on or interfere with Azure Virtual Desktop management of the same VM.
+Windows 10 or Windows 11 Enterprise multi-session VMs are treated as a separate OS edition and some Windows 10 or Windows 11 Enterprise configurations won’t be supported for this edition. Using Microsoft Intune doesn't depend on or interfere with Azure Virtual Desktop management of the same VM.
 
 ## Create the device configuration profile
 
 To configure configuration policies for Windows 10 or Windows 11 Enterprise multi-session VMs, you'll need to use the [Settings catalog](../configuration/settings-catalog.md) in the Microsoft Endpoint Manager admin center.
 
-The existing device configuration profile templates aren't supported for Windows 10 or Windows 11 Enterprise multi-session VMs, with the exception of the following templates:
+The existing device configuration profile templates aren't supported for Windows 10 or Windows 11 Enterprise multi-session VMs, except for the following templates:
 
 - [Trusted certificate](../protect/certificates-trusted-root.md#create-trusted-certificate-profiles) - Device (machine) only
 - [SCEP certificate](../protect/certificates-profile-scep.md#create-a-scep-certificate-profile) - Device (machine) only
@@ -104,8 +104,8 @@ Microsoft Intune won't deliver unsupported templates to multi-session devices, a
 
 Windows 10 or Windows 11 Administrative Templates are supported for Windows 10 or Windows 11 Enterprise multi-session via the Settings catalog with some limitations:
 
-- ADMX-backed policies are supported. Some policies are not yet available in the Settings catalog.
-- ADMX-ingested policies are supported, including Office and Microsoft Edge settings available in Office administrative template files and Microsoft Edge administrative template files. For a complete list of ADMX-ingested policy categories, see [Win32 and Desktop Bridge app policy configuration](/windows/client-management/mdm/win32-and-centennial-app-policy-configuration#overview). Some ADMX ingested settings will not be applicable to Windows 10 or Windows 11 Enterprise multi-session.
+- ADMX-backed policies are supported. Some policies aren't yet available in the Settings catalog.
+- ADMX-ingested policies are supported, including Office and Microsoft Edge settings available in Office administrative template files and Microsoft Edge administrative template files. For a complete list of ADMX-ingested policy categories, see [Win32 and Desktop Bridge app policy configuration](/windows/client-management/mdm/win32-and-centennial-app-policy-configuration#overview). Some ADMX ingested settings won't be applicable to Windows 10 or Windows 11 Enterprise multi-session.
 
 ## Compliance and Conditional access
 
@@ -139,6 +139,9 @@ All other policies report as **Not applicable**.
 > [!NOTE]
 > [Conditional Access for Exchange on-premises](../protect/conditional-access-exchange-create.md) isn't supported for Windows 10 or Windows 11 Enterprise multi-session VMs.
 
+> [!NOTE]
+> Configuration and compliance policies for Secure Boot and features leveraging vTPM (Virtual Trusted Platform Module) are not supported at this time for Azure Virtual Desktop VMs.
+
 ## Endpoint security
 
 You can configure profiles under Endpoint security for multi-session VMs by selecting Platform Windows 10, Windows 11, and Windows Server. 
@@ -149,10 +152,10 @@ For more information, see [Manage device security with endpoint security policie
 
 All Windows 10 or Windows 11 apps can be deployed to Windows 10 or Windows 11 Enterprise multi-session with the following restrictions:
 
-- All apps must be configured to install in the system/device context and be targeted to devices. Web apps are always applied in the user context by default so they will not apply to multi-session VMs.
-- All apps must be configured with **Required** or **Uninstall** app assignment intent. The **Available apps** deployment intent is not supported on multi-session VMs.  
-- If a Win32 app configured to install in the system context has dependencies or supersedence relationship on any apps configured to install in the user context, the app will not be installed. To apply to a Windows 10 or Windows 11 Enterprise multi-session VM, create a separate instance of the system context app or make sure all app dependencies are configured to install in the system context.
-- Azure Virtual Desktop RemoteApp and MSIX app attach are not currently supported in Microsoft Intune.
+- All apps must be configured to install in the system/device context and be targeted to devices. Web apps are always applied in the user context by default so they won't apply to multi-session VMs.
+- All apps must be configured with **Required** or **Uninstall** app assignment intent. The **Available apps** deployment intent isn't supported on multi-session VMs.  
+- If a Win32 app configured to install in the system context has dependencies or supersedence relationship on any apps configured to install in the user context, the app won't be installed. To apply to a Windows 10 or Windows 11 Enterprise multi-session VM, create a separate instance of the system context app or make sure all app dependencies are configured to install in the system context.
+- Azure Virtual Desktop RemoteApp and MSIX app attach aren't currently supported in Microsoft Intune.
 
 ## Script deployment
 
@@ -175,7 +178,7 @@ The following settings are available in the catalog, with the links opening the
 
 ## Remote actions
 
-The following Windows 10 or Windows 11 desktop device remote actions are not supported and will be grayed out in the UI and disabled in Graph for Windows 10 or Windows 11 Enterprise multi-session VMs:
+The following Windows 10 or Windows 11 desktop device remote actions aren't supported and will be grayed out in the UI and disabled in Graph for Windows 10 or Windows 11 Enterprise multi-session VMs:
 
 - Autopilot reset
 - BitLocker key rotation
@@ -186,24 +189,20 @@ The following Windows 10 or Windows 11 desktop device remote actions are not sup
 
 ## Retirement
 
-Deleting VMs from Azure will leave orphaned device records in the Microsoft Endpoint Manager admin center. They will be automatically cleaned up according to the cleanup rules configured for the tenant.
+Deleting VMs from Azure will leave orphaned device records in the Microsoft Endpoint Manager admin center. They'll be automatically cleaned up according to the cleanup rules configured for the tenant.
 
 ## Security baselines
 
-Security baselines are not available for Windows 10 or Windows 11 Enterprise multi-session at this time. We recommend that you review the [Available security baselines](../protect/security-baselines.md) and configure the recommended policies and values in the [Settings catalog](../configuration/settings-catalog.md).
+Security baselines aren't available for Windows 10 or Windows 11 Enterprise multi-session at this time. We recommend that you review the [Available security baselines](../protect/security-baselines.md) and configure the recommended policies and values in the [Settings catalog](../configuration/settings-catalog.md).
 
-## Additional configurations which are not supported on Windows 10 or Windows 11 Enterprise multi-session VMs
+## Additional configurations that aren't supported on Windows 10 or Windows 11 Enterprise multi-session VMs
 
 Out of Box Experience (OOBE) enrollment isn't supported for Window 10 or Windows 11 Enterprise multi-session. This restriction means that:
 
 - Windows Autopilot and Commercial OOBE aren't supported.
 - Enrollment status page isn’t supported.
 
-Windows 10 or Windows 11 Enterprise multi-session managed by Microsoft Intune is not currently supported for China.
-
-## Additional Limitations
-
-Configuration and compliance policies for Secure Boot and features leveraging vTPM (Virtual Trusted Platform Module) are not supported at this time for Azure Virtual Desktop VMs.
+Windows 10 or Windows 11 Enterprise multi-session managed by Microsoft Intune isn't currently supported for China Sovereign Cloud.
 ## Troubleshooting
 
 The following sections provide troubleshooting guidance for common issues.
@@ -212,19 +211,19 @@ The following sections provide troubleshooting guidance for common issues.
 
 |Issue|Detail|
 |---------------|---------------------------------|
-|Enrollment of hybrid Azure AD joined virtual machine fails|<ul><li>Auto-enrollment is configured to use user credentials. Windows 10 or Windows 11 Enterprise multi-session virtual machines must be enrolled using device credentials.<li>The Azure Virtual Desktop agent you’re using must be version 2944.1400 or later.<li>You have more than one MDM provider, which is not supported.<li>Windows 10 or Windows 11 Enterprise multi-session VM is configured outside of a host pool. Microsoft Intune only supports VMs provisioned as part of a host pool.<li>The Azure Virtual Desktop host pool was not created through the Azure Resource Manager template.|
-|Enrollment of Azure AD joined virtual machine fails|<ul><li>The Azure Virtual Desktop agent you’re using is not updated. The agent must be version 2944.1400 or above.<li>Azure Virtual Desktop host pool was not created through the Azure Resource Manager template.|
+|Enrollment of hybrid Azure AD joined virtual machine fails|<ul><li>Auto-enrollment is configured to use user credentials. Windows 10 or Windows 11 Enterprise multi-session virtual machines must be enrolled using device credentials.<li>The Azure Virtual Desktop agent you’re using must be version 2944.1400 or later.<li>You've more than one MDM provider, which isn't supported.<li>Windows 10 or Windows 11 Enterprise multi-session VM is configured outside of a host pool. Microsoft Intune only supports VMs provisioned as part of a host pool.<li>The Azure Virtual Desktop host pool wasn't created through the Azure Resource Manager template.|
+|Enrollment of Azure AD joined virtual machine fails|<ul><li>The Azure Virtual Desktop agent you’re using isn't updated. The agent must be version 2944.1400 or above.<li>Azure Virtual Desktop host pool wasn't created through the Azure Resource Manager template.|
 
 ### Configuration issues
 
 |Issue|Detail|
 |--------|------------------------------|
-|Settings catalog policy fails|Confirm the VM is enrolled using device credentials. Enrollment with user credentials is not currently supported for Windows 10 or Windows 11 Enterprise multi-session.|
-|Configuration policy did not apply|Templates (with the exception of Certificates) are not supported on Windows 10 or Windows 11 Enterprise multi-session. All policies must be created via the settings catalog.|
-Configuration policy reports as Not applicable|Some policies are not applicable to Azure Virtual Desktop VMs.|
-|Microsoft Edge/Microsoft Office ADMX policy does not show up when I apply the filter for Windows 10 or Windows 11 Enterprise multi-session edition|Applicability for these settings is not based on the Windows version or edition but on whether those apps have been installed on the device. To add these settings to your policy, you may have to remove any filters applied in the settings picker.|
-|App configured to install in system context did not apply|Confirm the app does not have a dependency or supersedence relationship on any apps configured to install in user context. User context apps are not currently supported on Windows 10 or Windows 11 Enterprise multi-session.|
-|Update rings for Windows 10 and later policy did not apply|Windows Update for Business policies are not currently supported.|
+|Settings catalog policy fails|Confirm the VM is enrolled using device credentials. Enrollment with user credentials isn't currently supported for Windows 10 or Windows 11 Enterprise multi-session.|
+|Configuration policy didn't apply|Templates (except for Certificates) aren't supported on Windows 10 or Windows 11 Enterprise multi-session. All policies must be created via the settings catalog.|
+Configuration policy reports as Not applicable|Some policies aren't applicable to Azure Virtual Desktop VMs.|
+|Microsoft Edge/Microsoft Office ADMX policy doesn't show up when I apply the filter for Windows 10 or Windows 11 Enterprise multi-session edition|Applicability for these settings isn't based on the Windows version or edition but on whether those apps have been installed on the device. To add these settings to your policy, you may have to remove any filters applied in the settings picker.|
+|App configured to install in system context didn't apply|Confirm the app doesn't have a dependency or supersedence relationship on any apps configured to install in user context. User context apps aren't currently supported on Windows 10 or Windows 11 Enterprise multi-session.|
+|Update rings for Windows 10 and later policy didn't apply|Windows Update for Business policies aren't currently supported.|
 
 ## Next steps
 
diff --git a/memdocs/intune/fundamentals/azure-virtual-desktop.md b/memdocs/intune/fundamentals/azure-virtual-desktop.md
@@ -65,6 +65,9 @@ Also, the following profiles aren't currently supported:
 
 Make sure that the [RemoteDesktopServices/AllowUsersToConnectRemotely policy](/windows/client-management/mdm/policy-csp-remotedesktopservices#remotedesktopservices-allowuserstoconnectremotely) isn't disabled.
 
+> [!NOTE]
+> Configuration and compliance policies for Secure Boot and features leveraging vTPM (Virtual Trusted Platform Module) are not supported at this time for Azure Virtual Desktop VMs.
+
 ### Remote actions
 
 The following Windows 10 desktop device remote actions aren't supported/recommended for Azure Virtual Desktop VMs:
@@ -89,9 +92,6 @@ The following table provides a set of known issues along with more information a
 | Cannot auto-enroll if tenant has more than one MDM provider | This issue will be fixed in the future. |
 | Modern apps, such as Universal Windows Platform (UWP) apps, are not working correctly if [FSLogix](/fslogix/overview) is configured | Using FSLogix and Modern apps could cause compatibility issues. We recommend that you don’t configure Modern apps when FSLogix is configured.|
 
-## Additional Limitations
-
-Configuration and compliance policies for Secure Boot and features leveraging vTPM (Virtual Trusted Platform Module) are not supported at this time for Azure Virtual Desktop VMs.
 ## Next steps
 
 * [Learn more about Azure Virtual Desktops](/azure/virtual-desktop/).
diff --git a/memdocs/intune/fundamentals/windows-10-virtual-machines.md b/memdocs/intune/fundamentals/windows-10-virtual-machines.md
@@ -31,9 +31,10 @@ ms.collection: M365-identity-device-management
 
 # Using Windows 10 virtual machines with Intune
 
-Intune supports managing virtual machines running Windows 10 Enterprise with certain limitations. Intune management does not depend on, or interfere with Azure Virtual Desktop management of the same virtual machine.
+Intune supports managing virtual machines running Windows 10 Enterprise with certain limitations. Intune management doesn't depend on, or interfere with Azure Virtual Desktop management of the same virtual machine.
 
 ## Enrollment
+
 - We recommend that you don't use Intune to manage on-demand, session-host virtual machines, also known as non-persistent virtual desktop infrastructure (VDI). Each VM must be enrolled when it's created. Also, regularly deleting VMs will leave orphaned device records in Intune until they're [cleaned up](../remote-actions/devices-wipe.md#automatically-delete-devices-with-cleanup-rules). 
 - Windows Autopilot Self-deploying and pre-provisioning deployment types aren't supported because they require a physical Trusted Platform Module (TPM). 
 - Out of Box Experience (OOBE) enrollment isn't supported on VMs that can only be accessed by using RDP (such as VMs that are hosted on Azure). This restriction means:
@@ -42,20 +43,20 @@ Intune supports managing virtual machines running Windows 10 Enterprise with cer
 
 
 ## Configuration
-Intune does not support any configuration that utilizes a Trusted Platform Module or hardware management, including:
+
+Intune doesn't support any configuration that utilizes a Trusted Platform Module or hardware management, including:
 - [BitLocker settings](../configuration/device-profiles.md#endpoint-protection)
 - [Device Firmware Configuration Interface settings](../configuration/device-profiles.md#device-firmware-configuration-interface)
 
 ## Reporting
+
 Intune automatically detects virtual machines and reports them as "Virtual Machine" in **Devices** > **All devices** > choose a device > **Overview** > **Model** field. 
 
 Deallocated virtual machines may contribute to noncompliant device reports because they're unable to [check in with the Intune service](../configuration/device-profile-troubleshoot.md#how-long-does-it-take-for-devices-to-get-a-policy-profile-or-app-after-they-are-assigned).
 
 ## Retirement
-If you only have RDP access, don't use the [Wipe action](../remote-actions/devices-wipe.md#wipe). The Wipe action will delete the virtual machine's RDP settings and prevent you from ever connecting again.
 
-## Additional Limitations
-
-Configuration and compliance policies for Secure Boot and features leveraging vTPM (Virtual Trusted Platform Module) are not supported at this time for Azure Virtual Desktop VMs.
+If you only have RDP access, don't use the [Wipe action](../remote-actions/devices-wipe.md#wipe). The Wipe action will delete the virtual machine's RDP settings and prevent you from ever connecting again.
 ## Next steps
+
 [Learn about using Azure Virtual Desktop with Intune](azure-virtual-desktop.md)
