review updates

MandiOhlinger · MandiOhlinger · commit 327702ff6177 · 2022-10-04T17:23:09.000-04:00
diff --git a/memdocs/endpoint-manager-overview.md b/memdocs/endpoint-manager-overview.md
@@ -33,25 +33,17 @@ ms.collection:
 
 # Microsoft Intune is a family of products and services
 
-Microsoft Intune is a family of products and services. It combines services you may know and already be using, including Microsoft Intune, Configuration Manager, co-management, Endpoint Analytics, and Windows Autopilot. These services are part of the Microsoft 365 stack to help secure access, protect data, and respond to & manage risk.
+Microsoft Intune is a family of products and services. It combines services you may know and may already be using, including Microsoft Intune, Configuration Manager, co-management, Endpoint Analytics, and Windows Autopilot. These services are part of the Microsoft 365 stack to help secure access, protect data, and respond to & manage risk.
 
 Previously, this family of products and services was known as Microsoft Endpoint Manager.
 
 The Microsoft Intune family helps deliver the modern workplace and modern management to keep your data secure, in the cloud and on-premises. Intune includes the services and tools you use to manage and monitor mobile devices, desktop computers, virtual machines, embedded devices, and servers.
 
-You can also think of Intune in three parts: cloud, on-premises, and cloud + on-premises:
-
-- **Cloud**: All data is stored in Azure. And, no more data centers. This approach gives you the mobility benefits of the cloud, and the security benefits of Azure.
-
-- **On-premises**: If you have an on-premises infrastructure that includes Configuration Manager and Windows Server, or aren't ready to use the cloud, then keep your existing systems.
-
-- **Cloud + on-premises**: Many environments are mixed, and use a cloud-attach approach. Meaning, they use a combination of cloud and on-premises. For new devices, use the benefits of Intune to access and protect data. If you use Configuration Manager, connect to the cloud for more functionality and analytics. If you want to move some workloads to the cloud, then co-management is a good option.
-
 This article provides an overview of the Microsoft Intune family of products and services.
 
 ## Microsoft Intune
 
-Intune is a cloud-based mobile device management (MDM) and mobile application management (MAM) service provider for your devices, apps, and data. It lets you control features and settings on Android, Android Enterprise, AOSP, iOS/iPadOS, macOS, and Windows client devices. With Intune, users can be productive from anywhere and on any device. It also gives admins the tools to manage users, manage devices, and manage apps securely.
+Intune is a cloud-native mobile device management (MDM) and mobile application management (MAM) service provider for your devices, apps, and data. It lets you control features and settings on Android, AOSP, iOS/iPadOS, macOS, and Windows client devices. With Intune, users can be productive from anywhere and on any device. It also gives admins the tools to manage users, manage devices, and manage apps securely.
 
 It integrates with other services, including Azure Active Directory (AD), on-premises Configuration Manager, mobile threat defense (MTD) apps & services, Win32 & custom LOB apps, and more.
 
@@ -78,14 +70,14 @@ For more information, go to:
 
 ## Endpoint Analytics
 
-Endpoint Analytics is a cloud-based service that provides metrics and recommendations on the health and performance of your Windows client devices.
+Endpoint Analytics is a cloud-native service that provides metrics and recommendations on the health and performance of your Windows client devices.
 
 You can get data on:
 
 - Startup performance
 - How frequently devices restart
-- Get a list of apps that affect end-user productivity
-- Get recommendations on how to improve performance
+- A list of apps that affect end-user productivity
+- Recommendations on how to improve performance
 
 This information and more is shown in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
@@ -99,7 +91,7 @@ For more information, go to:
 
 ## Windows Autopilot
 
-Windows Autopilot is a cloud-based service that sets up and pre-configures new devices, getting them ready for use. It can also reset and repurpose existing devices. It's designed to simplify the lifecycle of Windows devices from initial deployment through end of life, benefitting IT and end users.
+Windows Autopilot is a cloud-native service that sets up and pre-configures new devices, getting them ready for use. It can also reset and repurpose existing devices. It's designed to simplify the lifecycle of Windows devices from initial deployment through end of life, benefitting IT and end users.
 
 Use Windows Autopilot to pre-configure devices, automatically join devices to Azure AD, automatically enroll the devices in Intune, customize the out of box experience (OOBE), and more. You can also integrate Windows Autopilot with Configuration Manager and co-management for more device configurations.
 
@@ -112,41 +104,36 @@ For more information, go to:
 
 ## Azure Active Directory (AD)
 
-Azure AD is a cloud-based service that's used by Intune to manage the identities of users, devices, and groups. The Intune policies you create are assigned to these users, devices, and groups. When devices are enrolled in Intune, your users sign in to their devices with their Azure AD accounts (`user@contoso.com`).
+Azure AD is a cloud-native service that's used by Intune to manage the identities of users, devices, and groups. The Intune policies you create are assigned to these users, devices, and groups. When devices are enrolled in Intune, your users sign in to their devices with their Azure AD accounts (`user@contoso.com`).
 
 **Azure AD Premium**, which may be an extra cost, has [more features](https://azure.microsoft.com/pricing/details/active-directory/) to help protect devices, apps, and data, including dynamic groups, automatic enrollment in Intune, and conditional access.
 
 For more information, go to:
 
 - [Add users](./intune/fundamentals/users-add.md)
 - [Set up auto-enrollment](./intune/enrollment/windows-enroll.md)
-- [Conditional access](./intune/protect/conditional-access.md)
+- [Learn about conditional access and Intune](./intune/protect/conditional-access.md)
 
 ## Endpoint Manager admin center
 
 The [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) is a one-stop web site. Use the admin center to add users & groups, create & manage policies, and monitor your policies using report data. If you use Configuration Manager tenant-attach or co-management, you can see your on-premises devices and run some actions on these devices.
 
 The admin center also plugs-in other key device management services, including:
 
-- Azure AD Privileged Identity Management
-- Microsoft Tunnel
-- Mobile threat defense partners
-- Remote administration with TeamViewer
-- Windows 365 Cloud PCs
-- Windows Autopatch
+- [**Azure AD Privileged Identity Management** to monitor access to important resources](/azure/active-directory/privileged-identity-management/pim-configure)
+- [**Microsoft Tunnel** VPN gateway solution that runs on Linux](./intune/protect/microsoft-tunnel-overview.md)
+- [**Mobile threat defense** partners](./intune/protect/mobile-threat-defense.md)
+- [**TeamViewer** for remote administration](./intune/remote-actions/teamviewer-support.md)
+- [**Windows 365** for your Windows virtual machines needs](/windows-365/overview)
+- [**Windows Autopatch** to automate updates](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)
 
 For more information, go to:
 
 - [Tutorial: Walkthrough Intune in Microsoft Endpoint Manager](./intune/fundamentals/tutorial-walkthrough-endpoint-manager.md)
-- [What is Azure AD Privileged Identity Management?](/azure/active-directory/privileged-identity-management/pim-configure)
-- [Microsoft Tunnel for Microsoft Intune](./intune/protect/microsoft-tunnel-overview.md)
-- [Mobile Threat Defense integration with Intune](./intune/protect/mobile-threat-defense.md)
-- [Use TeamViewer to remotely administer Intune devices](./intune/remote-actions/teamviewer-support.md)
-- [What is Windows 365?](/windows-365/overview)
-- [What is Windows Autopatch?](/windows/deployment/windows-autopatch/overview/windows-autopatch-overview)
 
 ## Next steps
 
-- [Learn more about cloud-native endpoints](cloud-native-endpoints-overview.md)
+- [Learn more about cloud-native endpoints](./solutions/cloud-native-endpoints/cloud-native-endpoints-overview.md)
 - [Microsoft 365 Feature comparison and licensing](https://www.microsoft.com/licensing/product-licensing/microsoft-365-enterprise)
 - [Microsoft Intune licensing](./intune/fundamentals/licenses.md)
+- [Get started with Microsoft Intune](./intune/fundamentals/get-started-with-intune.md)
diff --git a/memdocs/intune/fundamentals/get-started-with-intune.md b/memdocs/intune/fundamentals/get-started-with-intune.md
@@ -55,8 +55,8 @@ Microsoft Endpoint Configuration Manager helps protect on-premises Windows Serve
 
 There are two steps to cloud attach your on-premises devices:
 
-1. [Tenant attach](../../configmgr/tenant-attach): Register your Intune tenant with your Configuration Manager deployment. Your Configuration Manager devices are shown in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). On these devices, you can run different actions, including installing apps and run Windows PowerShell scripts using the web-based admin center.
-2. [Co-management](../../configmgr/comanage): Manage Windows client devices with Configuration Manager and Microsoft Intune. Some workloads are managed by Configuration Manager, and some workloads are managed by Intune. For example, you can use Configuration Manager to manage Windows updates, and use Intune to manage conditional access policies.
+1. [Tenant attach](../../configmgr/tenant-attach.md): Register your Intune tenant with your Configuration Manager deployment. Your Configuration Manager devices are shown in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). On these devices, you can run different actions, including installing apps and run Windows PowerShell scripts using the web-based admin center.
+2. [Co-management](../../configmgr/comanage.md): Manage Windows client devices with Configuration Manager and Microsoft Intune. Some workloads are managed by Configuration Manager, and some workloads are managed by Intune. For example, you can use Configuration Manager to manage Windows updates, and use Intune to manage conditional access policies.
 
 If you currently use Configuration Manager, you get immediate value through tenant attach, and you get more value through co-management.
 
@@ -141,7 +141,7 @@ MDM solutions like Intune can set rules that devices should meet, and can report
 
 For example, you can choose an acceptable (or unacceptable) threat level, block jailbroken or rooted devices, require a password length, and more. If these devices don't meet your rules, meaning they aren't compliant, then you can use conditional access to block access to your resources.
 
-If you prefer, you can enroll your devices before checking compliance. It's up to you. When users enroll their devices in Intune, then enrollment process can automatically deploy your compliance policies. When enrollment completes, admins can check the compliance status and get a list of devices that don't meet your rules. Microsoft recommends creating compliance and conditional access policies, and then deploying these policies during enrollment.
+If you prefer, you can enroll your devices before checking compliance. It's up to you. When users enroll their devices in Intune, then enrollment process can automatically deploy your compliance policies. When enrollment completes, admins can check the compliance status and get a list of devices that don't meet your rules. Microsoft recommends creating compliance and conditional access policies baseline, and then deploying these policies during enrollment.
 
 In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you create your policies and assign them to your groups. As a best practice, start small, and use a staged approach. For example, create an iOS/iPadOS policy that blocks jailbroken devices. Apply the policy to a pilot or test group. After initial testing, add more users to the pilot group. For more guidance, go to the [Microsoft Intune planning guide](intune-planning-guide.md).
 
@@ -162,7 +162,7 @@ The following articles are good resources:
 
 Every organization has a base set of apps that should be installed on devices. Your organization may require a specific email app, web browser, or VPN app. You can use Intune to deploy these apps to your users before they enroll their devices. When users enroll their devices, these apps can be automatically installed during the enrollment process.
 
-If you prefer, you can enroll your devices before installing apps. It's up to you. When users enroll their devices in Intune, the enrollment process can automatically deploy your app policies. When enrollment completes, the apps are ready to use. For key productivity apps, Microsoft recommends creating app policies and then deploying these policies during enrollment.
+If you prefer, you can enroll your devices before installing apps. It's up to you. When users enroll their devices in Intune, the enrollment process can automatically deploy your app policies. When enrollment completes, the apps are ready to use. For key productivity apps, Microsoft recommends creating a baseline of app policies and then deploying these policies during enrollment.
 
 Intune supports a wide range of apps, including store apps, line-of-business (LOB) apps, Win32 apps, and more. You can manage app deployment using the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Also, you can connect to your managed Google Play, the Apple App Store, and the Microsoft Store to deploy apps from these locations.
 
@@ -226,15 +226,17 @@ Different platforms have different enrollment requirements. The following articl
 
 It's common for users to access their organization email & calendar, attend work meetings, and use other organization apps on their personal devices. To help keep organization data secure on these devices, you can use app protection policies and multi-factor authentication (MFA). App protection policies help protect organization data on personal devices. MFA helps protect your organization's data from unauthorized access.
 
-Intune's app protection policies are part of a mobile application management (MAM) approach designed to protect organization app data on personal devices. These app protection policies can also be used on devices enrolled Intune, or enrolled and managed by a third party partner MDM solution. This scenario is more common for apps that need an extra layer of security, including apps that have sensitive data.
+Intune's app protection policies are part of a mobile application management (MAM) approach designed to protect organization app data on personal devices. 
 
-The [Microsoft Intune planning guide](intune-planning-guide.md) has some guidance on managing access on BYOD or personal devices.
+These app protection policies can also be used on devices enrolled Intune, or enrolled and managed by a third party partner MDM solution. This scenario is more common for apps that need an extra layer of security, including apps that have sensitive data.
 
-There's an official list of Microsoft apps and supported third party partner apps that support app protection policies. See the official list at [Microsoft Intune protected apps](../apps/apps-supported-intune-apps.md).
+The [Microsoft Intune planning guide](intune-planning-guide.md) has some guidance on managing access on personal devices.
+
+There's an official list of Microsoft apps and supported third party partner apps that support app protection policies. See the official list at [Microsoft Intune protected apps list](../apps/apps-supported-intune-apps.md).
 
 MFA is a feature of Azure AD that must be enabled in your Azure AD tenant. Then, you can configure MFA for your apps. For more information, go to:
 
-- [How it works: Azure AD multi-factor authentication](/azure/active-directory/authentication/concept-mfa-howitworks).
+- [How it works: Azure AD multi-factor authentication](/azure/active-directory/authentication/concept-mfa-howitworks)
 - [Tutorial: Secure user sign-in events with Azure AD multi-factor authentication](/azure/active-directory/authentication/tutorial-enable-azure-mfa)
 
 To get an overview of app protection policies and how they work, go to:
diff --git a/memdocs/intune/fundamentals/intune-service-servicing-information.md b/memdocs/intune/fundamentals/intune-service-servicing-information.md
@@ -9,8 +9,8 @@ ms.author: mandia
 manager: dougeby
 ms.date: 10/03/2022
 ms.topic: overview
-ms.service: mem
-ms.subservice: reference
+ms.service: microsoft-intune
+ms.subservice: fundamentals
 ms.localizationpriority: high
 ms.technology:
 ms.assetid: 
