Merge pull request #7029 from MicrosoftDocs/main

Angela Fleischmann · web-flow · commit 9321555dad6a · 2022-03-14T16:52:15.000-06:00
Publish 03/14/2022 3:30 PM PT
diff --git a/memdocs/intune/apps/app-protection-policy-settings-ios.md b/memdocs/intune/apps/app-protection-policy-settings-ios.md
@@ -83,7 +83,7 @@ There are three categories of policy settings: *Data relocation*, *Access requir
 
 There are some exempt apps and platform services that Intune app protection policy may allow data transfer to and from in certain scenarios. This list is subject to change and reflects the services and apps considered useful for secure productivity.
 
-Third party unmanaged apps can be added to the exemptions list which can allow data transfer exceptions. For additional details and examples, see [How to create exceptions to the Intune App Protection Policy (APP) data transfer policy](../apps/app-protection-policies-exception.md). The exempt unmanaged app must be invoked based on iOS URL protocol. For example, when data transfer exemption is added for an unmanaged app, it would still prevent users from cut, copy, and paste operations, if restricted by policy. This type of exemption would also prevent users from using **Open-in** action within a managed app to copy data to exempt app since it is not based on iOS URL protocol. For more information about **Open-in**, see [Use app protection with iOS apps](../apps/data-transfer-between-apps-manage-ios.md#use-open-in-management-to-protect-ios-apps-and-data).
+Third party unmanaged apps can be added to the exemptions list which can allow data transfer exceptions. For additional details and examples, see [How to create exceptions to the Intune App Protection Policy (APP) data transfer policy](../apps/app-protection-policies-exception.md). The exempt unmanaged app must be invoked based on iOS URL protocol. For example, when data transfer exemption is added for an unmanaged app, it would still prevent users from cut, copy, and paste operations, if restricted by policy. This type of exemption would also still prevent users from using **Open-in** action within a managed app to share or save data to exempt app since it is not based on iOS URL protocol. For more information about **Open-in**, see [Use app protection with iOS apps](../apps/data-transfer-between-apps-manage-ios.md#use-open-in-management-to-protect-ios-apps-and-data).
 
 | App/service name(s) | Description |
 | ---- | --- |
diff --git a/memdocs/intune/protect/microsoft-tunnel-migrate-app.md b/memdocs/intune/protect/microsoft-tunnel-migrate-app.md
@@ -258,7 +258,7 @@ If you’re using only the Tunnel functionality from the Defender for Endpoint a
 5. If you’re using per-app VPN:
    1. Wait at least 10 minutes after creating the new VPN profile. After 10 minutes you can then change the app deployment assignments from the *Microsoft Tunnel (standalone client) (preview)* VPN profile to the new VPN profile for *Microsoft Tunnel (preview)*.
 
-   2. After the new VPN profile deploys to a device, that device must restart before the new VPN profile is used. To restart a device, see [remotely restart devices with Intune](/intune/remote-actions/device-restart.md). 
+   2. After the new VPN profile deploys to a device, that device must restart before the new VPN profile is used. To restart a device, see [remotely restart devices with Intune](/intune/remote-actions/device-restart). 
 
 ## Next Steps
 
diff --git a/windows-365/enterprise/get-cloud-pc-audit-logs-using-powershell.md b/windows-365/enterprise/get-cloud-pc-audit-logs-using-powershell.md
@@ -50,7 +50,7 @@ To get audit log events for up to seven days for your Windows 365 tenant, follow
 2. Verify the installation by running this command:```Get-InstalledModule Microsoft.Graph```
 3. To get all Cloud PC Graph endpoints, run this command: ```Get-Command -Module Microsoft.Graph* *virtualEndpoint*```
 
-### Sign in as test user
+### Sign in 
 
 1. Run either of these two commands:
     - ```Connect-MgGraph -Scopes "CloudPC.ReadWrite.All"```
@@ -62,9 +62,15 @@ To get audit log events for up to seven days for your Windows 365 tenant, follow
 
 You can view audit data in multiple ways.
 
-#### List audit events
+#### Get entire list of audit events, including the audit actor
 
-To see a list of audit events, use the following command:
+To get the entire list of audit events including the actor (person who performed the action), use the following command:
+
+```Get-MgDeviceManagementVirtualEndpointAuditEvent | Select-Object -Property Actor,ActivityDateTime,ActivityType,ActivityResult -ExpandProperty Actor | Format-Table UserId, UserPrincipalName, ActivityType, ActivityDateTime, ActivityResult```
+
+#### Get a list of audit events
+
+To get a list of audit events without the audit actor, use the following command:
 
 ```Get-MgDeviceManagementVirtualEndpointAuditEvent```
 
@@ -74,14 +80,7 @@ To get only the top N events, use the following parameters: ```Get-MgDeviceManag
 
 #### Get a single event by event ID
 
-You can use the following command to a single event: ```Get-MgDeviceManagementVirtualEndpointAuditEvent -CloudPcAuditEventId {event ID}```
-
-#### Get audit actor
-
-You can also find out who performed an audit event by running the following commands:
-
-```$res=Get-MgDeviceManagementVirtualEndpointAuditEvent -CloudPcAuditEventId {event ID}```dotnetcli
-```$res.Actor```
+You can use the following command to get a single audit event, where you will need to provide the {event ID}: ```Get-MgDeviceManagementVirtualEndpointAuditEvent -CloudPcAuditEventId {event ID}```
 
 <!-- ########################## -->
 ## Next steps
