Merge pull request #8078 from MicrosoftDocs/main

Publish 07/21/2022 3:30 PM PT

Author: Angela Fleischmann

windows-365/enterprise/create-filter.md

@@ -75,9 +75,9 @@ In these steps, you’ll use the Enrollment Profile Name and Device Model device
 
 ## Create a filter for all Cloud PCs with a specific configuration
 
-For the example below, we use 2 vCPU and 4GB RAM as the configuration. Anywhere you see "2vCPU/4GB" replace it with the desired configuration. You can also target a specific Cloud PC size by adding the OS storage as part of the configuration. You can follow the below steps and create a filter for any of the configurations that make up Cloud PC sizes.
+For the example below, we use 2 vCPU and 4 GB RAM as the configuration. Anywhere you see "2vCPU/4GB" replace it with the desired configuration. You can also target a specific Cloud PC size by adding the OS storage as part of the configuration. You can follow the below steps and create a filter for any of the configurations that make up Cloud PC sizes.
 
-In these steps, you will use the Model device property to create the filter.
+In these steps, you'll use the Model device property to create the filter.
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Tenant Administration** > **Filters**.
 2. Select **Create**, then enter the following:
@@ -93,9 +93,9 @@ In these steps, you will use the Model device property to create the filter.
 6. On the **Scope tags** page, select any desired scope tags to apply, then select **Next**.
 7. On the **Review + create** page, select **Create**.
 
-Once you have created the filter, you can use the filter in the assignment page in [supported policies](/mem/intune/fundamentals/filters-supported-workloads).
+Once you've created the filter, you can use the filter in the assignment page in [supported policies](/mem/intune/fundamentals/filters-supported-workloads).
 
-For additional information on using filters in Intune, see the following how-to guides:
+For more information on using filters in Intune, see the following how-to guides:
 
 - [Create a filter (Intune how-to guide)](/mem/intune/fundamentals/filters)
 - [Supported filter properties](/mem/intune/fundamentals/filters-device-properties)

windows-365/enterprise/delete-azure-network-connection.md

@@ -30,7 +30,7 @@ ms.collection: M365-identity-device-management
 
 # Delete Azure network connection
 
-Only an unassigned Azure network connection (ANC) can be deleted. If an ANC is in use by a provisioning policy, then you must do one of the following:
+Only an unassigned Azure network connection (ANC) can be deleted. If an ANC is in use by a provisioning policy, then you must take one of the following steps:
 
 - Remove the ANC from all provisioning policies.
 - Delete the ANC.

windows-365/enterprise/deploy-security-baselines.md

@@ -30,13 +30,13 @@ ms.collection: M365-identity-device-management
 
 # Deploy security baselines
 
-Windows 365 Security Baselines are a set of policy templates built on security best practices and experience from real world implementations. You can use security baselines to get security recommendations that can help lower risks. The Windows 365 baselines enable security configurations for Windows 10, Edge, and Microsoft Defender for Endpoint. They include versioning features and help customers choose when to update user policies to the latest release.
+Windows 365 Security Baselines are a set of policy templates built on security best practices and experience from real world implementations. You can use security baselines to get security recommendations that can help lower risks. The Windows 365 baselines enable security configurations for Windows 10, Microsoft Edge, and Microsoft Defender for Endpoint. They include versioning features and help customers choose when to update user policies to the latest release.
 
 Windows 365-branded security baselines are a group of tested and validated recommended settings available in Microsoft Endpoint Manager that apply to the following areas:
 
 - Windows 10 settings: 1809
 - MDATP settings: version 4
-- Edge settings: April 2020 (Edge version 80 and later)
+- Microsoft Edge settings: April 2020 (Microsoft Edge version 80 and later)
 
 You can optionally apply Windows 365 security baselines to the Azure AD groups containing Cloud PC devices in your tenant.  
 

windows-365/enterprise/device-images.md

@@ -44,7 +44,7 @@ Both marketplace and custom images must meet the following requirements:
 - Generalized VM image.
 - Single Session VM images (multi-session isn’t supported).
 - No recovery partition. For information about how to remove a recovery partition, see the [Windows Server command: delete partition](/windows-server/administration/windows-commands/delete-partition).
-- Default 64 GB OS disk size. The OS disk size will be automatically adjusted to the size specified in SKU description of the Windows 365 license.
+- Default 64-GB OS disk size. The OS disk size will be automatically adjusted to the size specified in SKU description of the Windows 365 license.
 
 A custom image must also meet the following extra requirements:
 
@@ -55,7 +55,7 @@ Storing a managed image on Azure incurs storage costs. However, customers can de
 
 ## Gallery images
 
-Windows 365 provides a built-in gallery of Windows Enterprise images accessible through the provisioning policy creation flow. They are replicated to all Azure regions to give you a quick provisioning experience. These images are updated monthly with the latest security updates so that end users have a secure and seamless experience.
+Windows 365 provides a built-in gallery of Windows Enterprise images accessible through the provisioning policy creation flow. They're replicated to all Azure regions to give you a quick provisioning experience. These images are updated monthly with the latest security updates so that end users have a secure and seamless experience.
 
 There are two sets of images available to choose from across the different versions of Windows Enterprise:
 
@@ -64,7 +64,7 @@ There are two sets of images available to choose from across the different versi
   - C++ Runtime (Teams).
   - WebRTC Redirector (Teams).
   - Microsoft Teams (Teams).
-  - Edge settings like sleeping tabs, startup boost, and first time optimizations based on Azure AD and synchronization.
+  - Microsoft Edge settings like sleeping tabs, startup boost, and first time optimizations based on Azure AD and synchronization.
   - Microsoft Outlook first-time configuration settings (auto log-on based on Azure AD profile, support for other profiles).
 - **Images with OS optimizations**: These are Windows Enterprise images optimized for improved performance on virtualized environments and on lower end hardware configurations. The following settings are pre-applied:
   - Services optimized for virtualization.
@@ -73,7 +73,7 @@ There are two sets of images available to choose from across the different versi
 
 ### Gallery image update cycle
 
-All supported Windows 365 gallery images are updated monthly after the security patch release schedule of Windows Servicing & Delivery. This happens around the middle of each month.
+All supported Windows 365 gallery images are updated monthly after the security patch release schedule of Windows Servicing & Delivery. This update happens around the middle of each month.
 
 Each updated image includes:
 

windows-365/enterprise/device-management-overview.md

@@ -47,28 +47,28 @@ The **All Cloud PCs** page displays a summary and list view detailing the state
 
 The list view lets you search, filter, and sort. It automatically refreshes every five minutes.
 
-If a user has multiple Windows 365 SKUs assigned to them, they’ll get multiple Cloud PCs. This results in multiple rows for a single user in the **All Cloud PCs** list view.
+If a user has multiple Windows 365 SKUs assigned to them, they’ll get multiple Cloud PCs. This situation results in multiple rows for a single user in the **All Cloud PCs** list view.
 
 ### Column details
 
 **Name**: The name of the Cloud PC, which is composed of the assigned provisioning policy and the assigned user’s name. For example, My first provisioning policy – Henry Ross.
 
 **Device name**: The Windows computer name, which is also used in Intune and Azure AD.
 
-**Image**: The image used during provisioning. This might not be the current Cloud PC version. For example, an administrator may have updated Windows using Windows Update for Business and this wouldn’t be reflected in this list view.  
+**Image**: The image used during provisioning. This image might not be the current Cloud PC version. For example, an administrator may have updated Windows using Windows Update for Business and this update wouldn’t be reflected in this list view.  
 
 **PC type**: The Windows 365 SKU assigned to the user. A user may have more than one license/SKU assigned to them. If so, they’ll have two Cloud PCs in this list view.  
 
 **Status**: The current provisioning status of the Cloud PC. Possible states include:
 
-- **Provisioned**: The Cloud PC provisioning was successful and the assigned user can log on.
+- **Provisioned**: The Cloud PC provisioning was successful and the assigned user can sign in.
 - **Provisioning**: Provisioning is currently in progress.  
-- **Provisioned with warnings**: If a non-critical step in the provisioning process fails, user access isn’t blocked but a warning is flagged.  
+- **Provisioned with warnings**: If a non-critical step in the provisioning process fails, user access isn’t blocked, but a warning is flagged.  
 - **Not provisioned**: The user has been assigned a Windows 365 license but no provisioning policy has been targeted. To provision a Cloud PC, assign this user to a provisioning policy.
 
   When a user is licensed with a Windows 365 license, a new row is automatically created in the **All Cloud PCs** list. If the user also has a provisioning policy assigned to them, a Cloud PC is automatically provisioned.
 
-  If they don’t have a provisioning policy assigned to them, no Cloud PC is created. This is indicated by a **Not provisioned** status. This is not a bad state. It’s an informational state and we encourage you to assign a provisioning policy to make the most of your Windows 365 investment.  
+  If they don’t have a provisioning policy assigned to them, no Cloud PC is created. This situation is indicated by a **Not provisioned** status. This isn't a bad state. It’s an informational state and we encourage you to assign a provisioning policy to make the most of your Windows 365 investment.  
 
 - **Deprovisioning**: This short-lived status indicates that the 7-day grace period has ended and the Cloud PC is now being actively deprovisioned. Once the deprovisioning is complete, the Cloud PC can’t be restored and a new Cloud PC must be provisioned for the affected user(s).
 - **Failed**: The provisioning process failed for this Cloud PC. Select the link to get a detailed reason for the failure, troubleshoot, and retry provisioning.
@@ -81,7 +81,7 @@ If a user has multiple Windows 365 SKUs assigned to them, they’ll get multiple
   If the grace period was triggered in error, you have seven days to resolve the breaking change to get the Cloud PC switched back to **Provisioned**.
 
   You can manually end the grace period by using the [End grace period](end-grace-period.md) option.
-- **Pending**: If there are not enough available licenses in your tenant to process the provisioning request, new Cloud PCs are marked as **Pending**.
+- **Pending**: If there aren't enough available licenses in your tenant to process the provisioning request, new Cloud PCs are marked as **Pending**.
 
   Your Windows 365 tenant can only have as many active Cloud PCs as the license allocation allows. An active Cloud PC can either be in a **Provisioned** or **In grace period** state.
 

windows-365/enterprise/edit-provisioning-policy.md

@@ -41,7 +41,7 @@ If you change the network or image in a provisioning policy, no change will occu
 If you edit the name of the provisioning policy in the **General** information, the following will occur:
 
 - Any Cloud PC in the All Cloud PCs node will have the new policy name updated in the Provisioning policy column.
-- New Cloud PCs created from the provisioning policy will have the new name registered as the device’s enrollmentProfileName in Azure Active Directory and Microsoft Intune. The enrollmentProfileName property for existing Cloud PCs won't change. If you followed the steps to [create a dynamic device group containing all Cloud PCs](create-dynamic-device-group-all-cloudpcs.md) from a specific provisioning policy, edit the dynamic device group and add a new rule so that the group contains both the existing Cloud PCs and any new Cloud PCs from the provisioning policy:
+- New Cloud PCs created from the provisioning policy will have the new name registered as the device’s enrollmentProfileName in Azure Active Directory and Microsoft Intune. The enrollmentProfileName property for existing Cloud PCs won't change. If you followed the steps to [create a dynamic device group containing all Cloud PCs](create-dynamic-device-group-all-cloudpcs.md) from a specific provisioning policy, edit the dynamic device group, and add a new rule so that the group contains both the existing Cloud PCs and any new Cloud PCs from the provisioning policy:
 
   - **Property** = enrollmentProfileName
   - **Operator** = Equals

windows-365/enterprise/encryption.md

@@ -39,18 +39,19 @@ To help you protect your organization's data, Windows 365 Enterprise and Busines
 This storage layer encryption provides the following benefits:
 
 - When persisting data to the cloud, data at rest on your Microsoft-hosted Cloud PC's disk is automatically encrypted.
-- Windows 365 Cloud PC disks are encrypted transparently using 256-bit Advanced Encryption Standard (AES) encryption, a modern block cipher, and is FIPS 140-2 compliant. The encryption at this layer doesn't impact Cloud PC performance.
+- Windows 365 Cloud PC disks are encrypted transparently using 256-bit Advanced Encryption Standard (AES) encryption, a modern block cipher, and is FIPS 140-2 compliant. The encryption at this layer doesn't affect Cloud PC performance.
 - The encryption is applied to every Cloud PC in every region at no extra cost.
 
 The following Windows 365 Enterprise and Business objects are automatically encrypted-at-rest with platform-managed keys:
-  - Disks
-  - Snapshots
-  - Images
+
+- Disks
+- Snapshots
+- Images
 
 Windows 365 as a service treats all data stored on Windows 365 disks as customer content. For more information, see [Privacy and personal data in Windows 365](./privacy-personal-data.md).
 
 >[!NOTE]
->BitLocker is not supported as an encryption option for Windows 365 Cloud PCs. For additional information, see [using Windows 10 virtual machines in Intune](https://go.microsoft.com/fwlink/?linkid=2188944).
+>BitLocker is not supported as an encryption option for Windows 365 Cloud PCs. For more information, see [using Windows 10 virtual machines in Intune](https://go.microsoft.com/fwlink/?linkid=2188944).
 
 ## Encryption of data in transit
 

windows-365/enterprise/get-cloud-pc-audit-logs-using-powershell.md

@@ -80,7 +80,7 @@ To get only the top N events, use the following parameters: ```Get-MgDeviceManag
 
 #### Get a single event by event ID
 
-You can use the following command to get a single audit event, where you will need to provide the {event ID}: ```Get-MgDeviceManagementVirtualEndpointAuditEvent -CloudPcAuditEventId {event ID}```
+You can use the following command to get a single audit event, where you'll need to provide the {event ID}: ```Get-MgDeviceManagementVirtualEndpointAuditEvent -CloudPcAuditEventId {event ID}```
 
 <!-- ########################## -->
 ## Next steps

windows-365/enterprise/in-development.md

@@ -68,11 +68,7 @@ Admins will be able to set a toggle that automatically enrolls new Cloud PCs in
 The resize action will support Cloud PCs that are Azure Active Directory joined.
 
 <!-- ***********************************************-->
-## Device provisioning
-
-### Provision Cloud PCs with Secure Boot<!--38012584-->
-
-You'll be able to create Cloud PCs that use [Secure boot](/windows-hardware/design/device-experiences/oem-secure-boot) functionality. North American regions will receive this feature within the next few months.
+<!--## Device provisioning-->
 
 <!--***********************************************-->
 <!--

windows-365/enterprise/known-issues-enterprise.md

@@ -81,7 +81,7 @@ The following device compliance settings report as **Not applicable** when being
 The following device compliance settings may report as **Not Compliant** when being evaluated for a Cloud PC:
 
 - **Require BitLocker**
-- **Require Secure Boot to be enabled on the device.** Cloud PC support for [Secure boot](/windows-hardware/design/device-experiences/oem-secure-boot) functionality is now rolling out in Asia Pacific (APAC) regions. This feature will roll out to all customers over the next few months.
+- **Require Secure Boot to be enabled on the device.** Cloud PC support for [Secure boot](/windows-hardware/design/device-experiences/oem-secure-boot) functionality is now available to all customers.
 
 **Troubleshooting steps**: