Update security-config-mgt-prerequisites.md

Updated that Windows Client devices' and 'Windows Server devices' should've unchecked to be able to use Pilot Mode using tagging. If these options are left enabled all devices are still onboarded into MEM via MDE.

Author: msbemba

memdocs/intune/protect/includes/security-config-mgt-prerequisites.md

@@ -116,7 +116,8 @@ To support Microsoft Defender for Endpoint security configuration management thr
 
 1. Sign in to [Microsoft 365 Defender portal](https://security.microsoft.com/) and go to **Settings** > **Endpoints** > **Configuration Management** > **Enforcement Scope** and enable the platforms for security settings management:
    :::image type="content" source="../media/mde-security-integration/enable-mde-settings-management-defender.png" alt-text="Enable Microsoft Defender for Endpoint settings management in the Microsoft 365 Defender portal.":::
-1. Configure Pilot Mode and Configuration Manager authority settings to fit your organization needs:
+1. Configure Pilot Mode and Configuration Manager authority settings to fit your organization needs: 
+2. Uncheck both **Windows Client devices** and **Windows Server devices** to be able to use Pilot Mode using tagging.
    :::image type="content" source="../media/mde-security-integration/pilot-CMAuthority-mde-settings-management-defender.png" alt-text="Configure Pilot mode for Endpoint settings management in the Microsoft 365 Defender portal.":::
    > [!TIP]
    > Use pilot mode and the proper device tags to test and validate your rollout on a small number of devices. Without using pilot mode, any device that falls into the scope configured will automatically be enrolled.