Acrolinx and broken link clean up

Author: lenewsad

memdocs/intune/enrollment/android-move-device-admin-work-profile.md

@@ -45,7 +45,7 @@ When users see that they're out of compliance for this reason, they can tap **Re
 - [Set Android Enterprise personally-owned work profile enrollment](android-work-profile-enroll.md) for the group of users who are moving to personally-owned work profile.
 - Consider increasing your user device limits. When unenrolling devices from device administrator management, device records might not be immediately removed. To provide cushion during this period, you might need to increase device limit capacity. This increase is so that the users can enroll into personally-owned work profile management.
   - [Configure Azure Active Directory device settings](/azure/active-directory/devices/device-management-azure-portal#configure-device-settings) for Maximum number of devices per user.
-  - Adjust the [Intune device limit restrictions](enrollment-restrictions-set.md#create-a-device-limit-restriction) by setting the Device limit. 
+  - Adjust the [Intune device limit restrictions](create-device-limit-restrictions.md) by setting the device limit. 
 
 ## Create device compliance policy
 

memdocs/intune/enrollment/create-device-limit-restrictions.md

@@ -72,18 +72,18 @@ Microsoft Intune provides one default policy for device limit restrictions. You
 8. Choose **Select groups to include** and then use the search box to find groups that you want to include in this restriction. The restriction applies only to groups to which it's assigned. If you don't assign a restriction to at least one group, it won't have any effect. Then choose **Select**. 
     ![Screen cap for selecting groups](./media/enrollment-restrictions-set/select-groups-device-limit.png)
 9. Select **Next** to go to the **Review + create** page.
-10. Select **Create** to create the restriction. The new restriction appears in your list of restrictions and is given a higher priority than the default policy. For information about changing the priority level, see [Change restriction priority](enrollment-restrictions-set.md#change-restriction-priority)(in this article).  
+10. Select **Create** to create the restriction. The new restriction appears in your list of restrictions and is given a higher priority than the default policy. For information about changing the priority level, see [Change restriction priority](create-device-limit-restrictions.md#change-restriction-priority)(in this article).  
 
 ## Edit enrollment restrictions    
 
-Edits are applied to new enrollments and do not affect devices that are already enrolled.  
+Edits are applied to new enrollments and don't affect devices that are already enrolled.  
 
 1. Go to **Enrollment device limit restrictions** to bring up the list of your policies. 
 2. Select the name of the policy you want to change.
 3. Select **Properties**.  
 4. Select **Edit**. 
 5. Make your changes and select **Review + save**. 
-6. Review your chages and select **Save**.  
+6. Review your changes and select **Save**.  
 
 ## Change restriction priority  
 

memdocs/intune/enrollment/create-device-platform-restrictions.md

@@ -43,11 +43,9 @@ ms.collection:
 
 [!INCLUDE [azure_portal](../includes/azure_portal.md)]  
 
-Use the device platform enrollment restrictions in Microsoft Intune to block personally owned devices from enrolling, and to block devices by device platform and OS version.  
+Use the device platform enrollment restrictions in Microsoft Intune to block personally owned devices from enrolling, and to block devices by device platform and OS version. An enrollment restriction policy is required to apply enrollment restrictions. You can create a new Intune device platform restriction policy in the Microsoft Endpoint Manager admin center or use the default policy that's already available. 
 
-You can create a new Intune device platform restriction policy in the Microsoft Endpoint Manager admin center or use the default policy that's already available. You have one default policy for platform restrictions, and you can edit and customize it as needed. 
-
-You can have up to 25 device platform restriction policies. Intune applies the default policy to all user and userless enrollments until you assign a higher-priority policy.  
+You can have up to 25 device platform restriction policies. 
 
 This article describes the device platform restrictions supported in Microsoft Intune and how to configure them from the Microsoft Endpoint Manager admin center.  
 
@@ -57,81 +55,6 @@ Microsoft Intune provides one default policy for device platform restrictions. Y
 ## Available restrictions  
 This section describes the restrictions you can configure in a device platform-enrollment restriction policy. 
 
-### Device platform 
-This restriction blocks devices running on specific platforms from enrolling. You can restrict devices running the following platforms: 
-
-   * Android device administrator
-   * Android Enterprise work profile
-   * iOS/iPadOS
-   * macOS
-   * Windows 
-
-In groups where both Android platforms are allowed, devices that support work profile will enroll with a work profile. Devices that don't support work profile will enroll on the Android device administrator platform. Neither work profile nor device administrator enrollment will work until you complete all prerequisites for Android enrollment.   
-
-Since Intune supports two Android platforms, it's important to understand how platform restrictions work when used with version restrictions:   
-  * If you allow both platforms for the same group, and then refine it for specific and non-overlapping versions, devices are sent through the Android enrollment flow that's picked for their version.   
-  * If you allow both platforms, but block the same versions, devices running blocked versions cannot enroll. Users on these devices are sent through the Android device administrator enrollment flow before they are blocked and prompted to sign out. 
-
-### OS version 
-This restriction enforces your maximum and minimum OS version requirements. Devices running earlier or later OS versions are not allowed to enroll. This type of restriction works with the following operating systems: 
-
-   * Android device administrator\*
-   * Android Enterprise work profile\*  
-   * iOS/iPadOS\*
-   * Windows  
-
-\* Version restrictions are supported on these platforms for devices enrolled via Intune Company Portal only.    
-
-### Personally-owned devices  
-This restriction helps prevent device users from accidentally enrolling their personal devices, and applies to devices running:  
-
-* Android
-* iOS/iPad OS
-* macOS
-* Windows  
-
-#### Blocking personal Android devices  
-By default, until you manually make changes in the admin center, your Android Enterprise work profile device settings and Android device administrator device settings are the same. 
-
-If you block Android Enterprise work profile enrollment on personal devices, only corporate-owned devices can enroll with [personally-owned work profiles](../apps/android-deployment-scenarios-app-protection-work-profiles.md#android-enterprise-personally-owned-work-profiles).  
-
-
-#### Blocking personal iOS/iPadOS devices  
-By default, Intune classifies iOS/iPadOS devices as personally-owned. To be classified as corporate-owned, an iOS/iPadOS device must fulfill one of the following conditions:
-- [Registered with a serial number or IMEI](corporate-identifiers-add.md).
-- Enrolled by using Automated Device Enrollment (formerly Device Enrollment Program).
-
-> [!NOTE]
-> An iOS User Enrollment profile overrides an enrollment restriction policy. For more information, see [Set up iOS/iPadOS and iPadOS User Enrollment (preview)](ios-user-enrollment.md).  
-
-#### Blocking personal Macs  
-By default, Intune classifies macOS devices as personally-owned. To be classified as corporate-owned, a Mac must fulfill one of the following conditions:
-- [Registered with a serial number](corporate-identifiers-add.md).
-- Enrolled by using Automated Device Enrollment (formerly Device Enrollment Program).
-
-#### Blocking personal Windows devices  
-If you block personally owned Windows devices from enrollment, Intune checks to make sure that each new Windows enrollment request has been authorized for corporate enrollment. Unauthorized enrollments are blocked.  
-
-The following enrollment methods are authorized for corporate enrollment:  
-- The enrolling user is using a [device enrollment manager account]( device-enrollment-manager-enroll.md).
-- The device enrolls through [Windows Autopilot](../../autopilot/enrollment-autopilot.md).
-- The device is registered with Windows Autopilot but isn't an MDM enrollment only option from Windows Settings.
-- The device enrolls through a [bulk provisioning package](windows-bulk-enroll.md).
-- The device enrolls through GPO, or [automatic enrollment from Configuration Manager for co-management](/configmgr/comanage/quickstart-paths#bkmk_path1).
-
-> [!NOTE]
-> Since a co-managed device enrolls in the Microsoft Intune service based on its Azure AD device token, and not a user token, only the default Intune enrollment restriction will apply to it. 
- 
-Intune marks devices going through the following types of enrollments as corporate-owned. But Intune blocks devices enrolling  since they don't offer the Intune administrator per-device control, they are blocked:  
-- [Automatic MDM enrollment](windows-enroll.md#enable-windows-automatic-enrollment) with [Azure Active Directory join during Windows setup](/azure/active-directory/device-management-azuread-joined-devices-frx)\*.
-- [Automatic MDM enrollment](windows-enroll.md#enable-windows-automatic-enrollment) with [Azure Active Directory join from Windows Settings](/azure/active-directory/user-help/user-help-register-device-on-network)\*.
- 
-Intune also blocks personal devices using these enrollment methods:  
-- [Automatic MDM enrollment](windows-enroll.md#enable-windows-automatic-enrollment) with [Add Work Account from Windows Settings](/azure/active-directory/user-help/user-help-join-device-on-network)\*.
-- [MDM enrollment only]( /windows/client-management/mdm/mdm-enrollment-of-windows-devices#connecting-personally-owned-devices-bring-your-own-device) option from Windows Settings.
-
-\* These won't be blocked if registered with Autopilot.  
-
 ## Create a device platform restriction   
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).  
@@ -167,7 +90,7 @@ Intune also blocks personal devices using these enrollment methods:
 
 10. Select **Next**. 
 11. On the **Assignments** page, select **Add groups** and then use the search box to find and select groups. To assign the restriction to all device users, select **Add all users**. If you don't assign a restriction to at least one group, the restriction won't take effect.  
-12. Optionally, after you assign groups, select **Edit filter** to restrict the policy assignment further with filters. Filters are available for macOS, iOS, and Windows policies. For more information, see [Apply assignment filters](enrollment-restrictions-set.md#apply-assignment-filters) (in this article).  
+12. Optionally, after you assign groups, select **Edit filter** to restrict the policy assignment further with filters. Filters are available for macOS, iOS, and Windows policies. For more information, see [Apply assignment filters](create-device-platform-restrictions.md#apply-assignment-filters) (in this article).  
 13. Select **Next**. 
 14. Review your policy, and then select **Create** to create it. 
 
@@ -180,15 +103,15 @@ You can use assignment filters to include and exclude additional devices from ce
 For example, you can use a filter to allow personal Windows devices to enroll while blocking devices that run a specific operating system SKU. To achieve this outcome, apply a preconfigured filter to your enrollment restriction assignments. The filter needs to have the `operatingSystemSKU` property in its rules. Example steps:  
 
   1. Create a platform enrollment restriction policy for Windows.  
-  2. In the platform settings, select the option that allows personally-owned devices to enroll. 
+  2. In the platform settings, select the option that allows personal devices to enroll. 
   3. In the assignments settings, select the groups you want to assign.
   4. Select **Edit filter** and then apply your preconfigured filter that contains the `operatingSystemSKU` property. The applied property blocks devices running Windows 10 Home edition. 
 
 For more information about creating filters, see [Create a filter](../fundamentals/filters.md). 
 
 ### Supported filter properties  
 
-Enrollment restrictions support fewer filter properties than other group-targeted policies. This is because devices are not yet enrolled, so Intune doesn't have the device info to support all properties. You'll see the limited selection of properties when you:  
+Enrollment restrictions support fewer filter properties than other group-targeted policies. This is because devices aren't yet enrolled, so Intune doesn't have the device info to support all properties. You'll see the limited selection of properties when you:  
 
 * Configure a device platform restriction policy for Apple and Windows devices. 
 * Configure an enrollment status page (ESP) policy for Windows. 
@@ -209,7 +132,7 @@ The following filter properties are always available to use with enrollment poli
 * Ownership 
 * Enrollment profile name 
 
-For more information about these properties, see [device properties](../fundamentals/filters-device-properties.md#device-properties). Filters cannot be used with Android enrollment restrictions.  
+For more information about these properties, see [device properties](../fundamentals/filters-device-properties.md#device-properties). Filters can't be used with Android enrollment restrictions.  
 
 ## Edit enrollment restrictions  
 
@@ -220,7 +143,7 @@ Edits are applied to new enrollments and do not affect devices that are already
 3. Select **Properties**.  
 4. Select **Edit**   
 5. Make your changes and select **Review + save**. 
-6. Review your chages and select **Save**.  
+6. Review your changes and select **Save**.  
 
 
 

memdocs/intune/enrollment/device-enrollment.md

@@ -186,4 +186,4 @@ The MDM certificate renews automatically as long as enrolled devices are communi
 
 ## Next steps  
 
-You can adjust the settings in Intune to restrict specific platforms from enrolling. For more information, see [Create a device platform restriction](enrollment-restrictions-set.md#create-a-device-platform-restriction).  
+You can adjust the settings in Intune to restrict specific platforms from enrolling. For more information, see [Create a device platform restriction](create-device-platform-restrictions.md).  

memdocs/intune/enrollment/device-limit-intune-azure.md

@@ -1,9 +1,9 @@
 ---
 # required metadata
 
-title: Understand between Intune and Azure device limit restrictions
-titleSuffix:
-description: Understand the differences between Intune's device limit restrictions and Azure AD's delimit restrictions. 
+title: Understand Intune and Azure AD device limit restrictions
+titleSuffix: Microsoft Intune
+description: Learn the differences between Intune device limit restrictions and Azure AD's delimit restrictions. 
 keywords:
 author: Lenewsad
 ms.author: lanewsad
@@ -31,7 +31,7 @@ ms.collection:
   - highpri
 ---
 
-# Understand Intune and Azure AD's device limit restrictions  
+# Understand Intune and Azure AD device limit restrictions  
 
 **Applies to**
 - Android
@@ -48,7 +48,7 @@ This article clarifies when these limits are applied based on your configuration
 
 ## Intune device limit restrictions
 
-Intune device limit restrictions set the maximum number of devices that a user can control (maximum setting is 15). To set this **Device limit**, go to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Enrollment restrictions**. For more information, see [Create a device limit restriction](enrollment-restrictions-set.md#create-a-device-limit-restriction)
+Intune device limit restrictions set the maximum number of devices that a user can control (maximum setting is 15). To set this **Device limit**, go to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Enrollment restrictions**. For more information, see [Create a device limit restriction](create-device-limit-restrictions.md). 
 
 ## Azure device limit restriction
 
@@ -128,5 +128,4 @@ For the device limit restriction in Azure, the **Maximum number of devices per u
 ## Next steps
 
 - [Create a device limit restriction in Azure.](/azure/active-directory/devices/device-management-azure-portal#configure-device-settings)
-- [Configure device settings in Azure.](enrollment-restrictions-set.md#create-a-device-limit-restriction)
 - [Learn more about registration and domain joined.](/azure/active-directory/devices/overview#getting-devices-in-azure-ad)