MicrosoftDocs
diff --git a/‎windows-365/enterprise/health-checks.md‎
Lines changed: 1 addition & 1 deletion b/‎windows-365/enterprise/health-checks.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎windows-365/enterprise/identity-authentication.md‎
Lines changed: 4 additions & 4 deletions b/‎windows-365/enterprise/identity-authentication.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎windows-365/enterprise/in-development.md‎
Lines changed: 2 additions & 2 deletions b/‎windows-365/enterprise/in-development.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎windows-365/enterprise/known-issues-enterprise.md‎
Lines changed: 7 additions & 3 deletions b/‎windows-365/enterprise/known-issues-enterprise.md‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎windows-365/enterprise/lifecycle.md‎
Lines changed: 1 addition & 1 deletion b/‎windows-365/enterprise/lifecycle.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎windows-365/enterprise/planning-guide.md‎
Lines changed: 6 additions & 6 deletions b/‎windows-365/enterprise/planning-guide.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎windows-365/enterprise/privacy-personal-data.md‎
Lines changed: 6 additions & 6 deletions b/‎windows-365/enterprise/privacy-personal-data.md‎
Lines changed: 6 additions & 6 deletions
@@ -48,7 +48,7 @@ Statuses include:
 
 ## Status error details
 
-Every failed ANC or success with warning error state includes the technical details behind the failure. Select the **View details** link for each failed check to view more information on the failure. After you’ve fixed the underlying issue, **Retry** the health check to re-run the tests.
+Every failed ANC or success with warning error state includes the technical details behind the failure. Select the **View details** link for each failed check to view more information on the failure. After you’ve fixed the underlying issue, **Retry** the health check to rerun the tests.
 
 ## Supported checks
 
 
@@ -32,10 +32,10 @@ ms.collection: M365-identity-device-management
 
 A Cloud PC user's identity defines which access management services manage that user and Cloud PC. This identity defines:
 
-- What types of Cloud PCs the user has access to.
-- What types of non-Cloud PC resources the user has access to.
+- The types of Cloud PCs the user has access to.
+- The types of non-Cloud PC resources the user has access to.
 
-A device can also have an identity which is determined by its join type to Azure Active Directory (Azure AD). For a device, the join type defines:
+A device can also have an identity that is determined by its join type to Azure Active Directory (Azure AD). For a device, the join type defines:
 
 - If the device requires line of sight to a domain controller.
 - How the device is managed.
@@ -68,7 +68,7 @@ Below is a table showing key capabilities or requirements based on the selected
 |Azure virtual network with line of sight to the domain controller|Required|Optional|
 |User identity type supported for login|Hybrid users only|Hybrid users or cloud-only users|
 |Policy management|Group Policy Objects (GPO) or Intune MDM|Intune MDM only|
-|Windows Hello for Business login supported|Yes, and the connecting device must have line of sight to the domain controller through the direct network or a VPN|Yes|
+|Windows Hello for Business sign-in supported|Yes, and the connecting device must have line of sight to the domain controller through the direct network or a VPN|Yes|
 
 ## Authentication
 
 
@@ -90,8 +90,8 @@ End users will be able to manually run connectivity checks on their Cloud PCs fr
 
 The device history report will have new information to help you evaluate Cloud PC performance:
 
-- Top 5 processes impacting CPU spike times
-- Top 5 processes impacting RAM spike times
+- Top five processes impacting CPU spike times
+- Top five processes impacting RAM spike times
 
 <!-- ***********************************************-->
 <!-- ## Provisioning -->
 
@@ -40,7 +40,7 @@ A [resize](resize-cloud-pc.md) of a Cloud PC eliminates all existing [restore](r
 
 ## Windows doesn’t scan for software updates until the first time a user signs in<!--38212344-->
 
-While a Windows PC (physical or Cloud PC) sits idle before the first user signs in, Windows Update doesn’t scan for or install monthly quality patches. This means that the PC might miss important security updates. Without the latest security updates, the device is exposed to security vulnerabilities.
+While a Windows PC (physical or Cloud PC) sits idle before the first user signs in, Windows Update doesn’t scan for or install monthly quality patches. Without such scans, the PC might miss important security updates. Without the latest security updates, the device is exposed to security vulnerabilities.
 
  **Troubleshooting steps**: Make sure that a user signs in to new Cloud PCs as soon as possible.
 
@@ -65,7 +65,7 @@ Windows 365 provisioning failures may occur because both:
 1. Did the Azure network connection (ANC) fail with the following error: `"An internal error occurred. The virtual machine deployment timed out."`?
 2. If yes, review the related GPO. Is PowerShell Execution set to AllSigned?
 3. If it is, either remove the GPO or reset the PowerShell Execution to Unrestricted.
-4. Retry the ANC health check. If this succeeds, retry provisioning.
+4. Retry the ANC health check. If the check succeeds, retry provisioning.
 
 ## Default and custom Enrollment Status Page profiles for Windows 365 Cloud PCs
 
@@ -83,7 +83,11 @@ The following device compliance settings may report as **Not Compliant** when be
 - **Require BitLocker**
 - **Require Secure Boot to be enabled on the device.** Cloud PC support for [Secure boot](/windows-hardware/design/device-experiences/oem-secure-boot) functionality is now available to all customers.
 
-**Troubleshooting steps**:
+**Troubleshooting steps to enable secure boot on the Cloud PC**:
+
+1. [Reprovision](reprovision-cloud-pc.md) the specific Cloud PC.
+
+**Troubleshooting steps to remove not compliant settings**:
 
 1. [Create a filter for all Cloud PCs](create-filter.md#create-a-filter-for-all-cloud-pcs).
 2. For any existing device compliance policies that both evaluate to a Cloud PC and contain either of the **Not Compliant** settings, use this new filter to exclude Cloud PCs from the policy assignment.
 
@@ -78,7 +78,7 @@ You can also use [Proactive Remediation](/mem/analytics/proactive-remediations)
 
 ## Deprovision
 
-There are a couple ways to securely remove a user’s access to their Cloud PC. If you remove the user’s license or targeted provisioning policy, their Cloud PC is moved into a seven-day grace period. This grace period allows for errors and reinstatement without impact to the user. To block access immediately, disable the user account in on-premises Active Directory and revoke the user’s refresh tokens in Microsoft Azure Active Directory.
+There are a couple ways to securely remove a user’s access to their Cloud PC. If you remove the user’s license or targeted provisioning policy, their Cloud PC is moved into a seven-day grace period. This grace period allows for errors and reinstatement without affecting the user. To block access immediately, disable the user account in on-premises Active Directory and revoke the user’s refresh tokens in Microsoft Azure Active Directory.
 
 After the grace period expires, Windows 365 deprovisions the Cloud PC and its storage completely. The Cloud PCs are encrypted using [server-side encryption in Azure Disk Storage](/azure/virtual-machines/disk-encryption) (platform-managed keys) so that devices are deprovisioned securely.
 
 
@@ -55,15 +55,15 @@ Determine where your end users are physically located. Windows 365 can provide C
 
 ### Objective: Management of Cloud PCs
 
-You’ll manage your Cloud PC devices by using the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Your Cloud PCs are automatically enrolled during provisioning. Evaluate who'll manage the Cloud PCs and what [permissions](role-based-access.md) should be given to different management groups.
+You’ll manage your Cloud PC devices by using the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Your Cloud PCs are automatically enrolled during provisioning. Evaluate who will manage the Cloud PCs and what [permissions](role-based-access.md) should be given to different management groups.
 
 **Task**: Map out which management groups will perform the configuration of the Cloud PC service, management of the Cloud PC device, and software distribution to the devices. Determine which Microsoft Endpoint Manager and Windows 365 permissions will be assigned to different groups to manage the devices.
 
 ## Inventory your environment
 
-All users [connect to a Cloud PC](../end-user-access-cloud-pc.md) through a Remote Desktop Client or a supported browser. This lets users access their Cloud PC from a wide range of devices.
+All users [connect to a Cloud PC](../end-user-access-cloud-pc.md) through a Remote Desktop Client or a supported browser. This connection lets users access their Cloud PC from a wide range of devices.
 
-**Task**: For each use case determine how your end users will connect to their Cloud PC. Determine which platforms they'll use to connect. Will they use a browser or a Remote Desktop Client to connect?
+**Task**: For each use case, determine how your end users will connect to their Cloud PC. Determine which platforms they'll use to connect. Will they use a browser or a Remote Desktop Client to connect?
 
 For information on connectivity requirements and supported configurations, see [Requirements](requirements.md).
 
@@ -85,7 +85,7 @@ Review all networking policies and requirements. Many organizations will have po
 
 The next step is to determine how and when your users will receive their Cloud PCs.
 
-- **Define rollout phases**. Create multiple rollout phases based on your environment. Start with pilot and/or testing groups. Early phases should include end users who are ok with change, willing to give feedback, and know that they're the first users. Use this feedback to improve the rollout experience. Later phases should include VIPs and executives. This allows you to improve the deployment as you advance through the phases. Before ending a phase, determine if the phase is successful based on the goals. Modify the configuration, documentation, or notifications based on the feedback.
+- **Define rollout phases**. Create multiple rollout phases based on your environment. Start with pilot and/or testing groups. Early phases should include end users who are ok with change, willing to give feedback, and know that they're the first users. Use this feedback to improve the rollout experience. Later phases should include VIPs and executives. This rollout allows you to improve the deployment as you advance through the phases. Before ending a phase, determine if the phase is successful based on the goals. Modify the configuration, documentation, or notifications based on the feedback.
 - **Define your goals and success metrics**.  Make sure goals are SMART (Specific, Measurable, Attainable, Realistic, and Timely). Plan to measure against your goals at each phase so your rollout project stays on track. Possible success metrics include: end user survey results are 80%+ satisfied, usage on provisioned devices is 85% or more.
 - **Communicate goals**. Include the goals in all awareness and training activities so that end users understand why your organization chose Windows 365.
 
@@ -98,12 +98,12 @@ Change management relies on clear and helpful communication about upcoming chang
 **Task**: Your rollout communication plan should include important information, how to notify users, and when to communicate. Have a plan that includes when, what, and how to communicate.
 
 - Determine what information to communicate. Communicate multiple times to different phases of end users.
-  - **Kickoff Phase**: Broad communication that introduces Windows 365. In this communication make sure to answer these key questions.
+  - **Kickoff Phase**: Broad communication that introduces Windows 365. In this communication, make sure to answer these key questions.
     - What is Cloud PC?
     - Why is the organization using Cloud PC? Include benefits to end users and the organization.
     - Provide a high level plan of deployment.
   - **Pilot phase**: Include additional information to the pilot phase end users. Make sure they understand that they're in a pilot phase and should submit feedback.
-  - **Onboarding phase**: Communication targeting specific end users and groups that are scheduled to begin using Cloud PC. This should inform end users that their Cloud PC is ready to go. Include instructions on how to connect to Cloud PC from any platform the end user might use. In case end users have issues, you should also provide a help desk contact.
+  - **Onboarding phase**: Communication targeting specific end users and groups that are scheduled to begin using Cloud PC. This communication should inform end users that their Cloud PC is ready to go. Include instructions on how to connect to Cloud PC from any platform the end user might use. In case end users have issues, you should also provide a help desk contact.
 - Choose how to communicate Cloud PC to your targeted groups and users. Examples include:
   - Company wide meetings, Microsoft Teams, company newsletters, and email.
   - For onboarding communication, consider sending information in an email to end users.
 
@@ -30,7 +30,7 @@ ms.collection: M365-identity-device-management
 
 # Privacy, customer data, and customer content in Windows 365
 
-Windows 365 is a cloud-based service that lets you provision and manage Cloud PC for your users. You manage the Cloud PCs with the rest of your devices by using Microsoft Endpoint Manager (Windows 365 Enterprise) or a self-serviced experience (Windows 365 Business). This documentation provides details on data platform and privacy compliance for Windows 365. Unless otherwise specified, the term WIndows 365 in this document refers to both Windows 365 Enterprise and the Windows 365 Business. Where the details below differ, each product is called out individually.
+Windows 365 is a cloud-based service that lets you provision and manage Cloud PC for your users. You manage the Cloud PCs with the rest of your devices by using Microsoft Endpoint Manager (Windows 365 Enterprise) or a self-serviced experience (Windows 365 Business). This documentation provides details on data platform and privacy compliance for Windows 365. Unless otherwise specified, the term Windows 365 in this document refers to both Windows 365 Enterprise and the Windows 365 Business. Where the details below differ, each product is called out individually.
 
 ## Windows 365 data sources and purpose
 
@@ -41,13 +41,13 @@ Windows 365 provides its service to customers by gathering and using data from t
 - [Endpoint Analytics](/mem/analytics/overview) – part of Microsoft Endpoint manager, specifically for analytical insights about device and app usage.
 - [Microsoft 365 apps for enterprise](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans?rtc=1) – for management of Microsoft 365 Apps.
 
-To protect and maintain enrolled devices, Windows 365 processes and copies data from online services and data pipelines configured by the customer to Windows 365. After data is integrated from these services into Windows 365, the [Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all) and [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) applicable to Windows 365 also applies to the data. Windows 365 ensures appropriate data confidentiality, security, and resilience. Windows 365 employs additional internal privacy and security measures to ensure proper handling of personal data.
+To protect and maintain enrolled devices, Windows 365 processes and copies data from online services and data pipelines configured by the customer to Windows 365. After data is integrated from these services into Windows 365, the [Product Terms](https://www.microsoft.com/licensing/terms/product/ForOnlineServices/all) and [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) applicable to Windows 365 also applies to the data. Windows 365 ensures appropriate data confidentiality, security, and resilience. Windows 365 employs extra internal privacy and security measures to ensure proper handling of personal data.
 
 ## Windows 365 data storage
 
-Depending on a tenant's region and preference, Windows 365 stores its customer content in Azure regions in North America, Europe, or Asia Pacific. Customer content, data and storage associated with the Cloud PC lives in the Azure region that the Cloud PC is provisioned in. For Windows 365 Enterprise, the region is defined in the [on-prem network connection's (ONPC)](azure-network-connections.md) **Virtual network** setting.  Windows 365 Business stores customer data in the Azure region of the Cloud PC itself.
+Depending on a tenant's region and preference, Windows 365 stores its customer content in Azure regions in North America, Europe, or Asia Pacific. Customer content, data and storage associated with the Cloud PC lives in the Azure region that the Cloud PC is provisioned in. For Windows 365 Enterprise, the region is defined in the [on-premises network connection's (ONPC)](azure-network-connections.md) **Virtual network** setting.  Windows 365 Business stores customer data in the Azure region of the Cloud PC itself.
 
-Windows 365  stores service-generated metadata in Azure data centers in North America, Europe, or Asia Pacific, as defined by the tenant's country. This is mapped based on Microsoft Online tenant's country to the nearest region.
+Windows 365 stores service-generated metadata in Azure data centers in North America, Europe, or Asia Pacific, as defined by the tenant's country. This storage is mapped based on Microsoft Online tenant's country to the nearest region.
 
 For more information on where your data is located, see:
 
@@ -78,15 +78,15 @@ For more information about individual data retention and storage policies of all
 
 Each internal customer data subscription in Windows 365 Enterprise contains Azure Virtual Desktop (AVD) metadata, Cloud PCs, and Storage from multiple tenants. Each VM is connected to a single virtual network interface card (NIC). During provisioning of the Cloud PC, that NIC is attached to a single virtual network in a customer's Azure subscription. The virtual network is defined by the tenant administrator. Every Cloud PC is assigned to a single user by using the AVD connection brokering layer. The access control list (ACL) for the AVD layer is authenticated by Azure AD at the tenant and user level. Network access to and from a Cloud PC in Windows 365 is at the control and discretion of each tenant administrator. So, Cloud PCs in tenant A can't be accessed by users in tenant B, unless the tenant A administrator chooses to provide connectivity outside Windows 365 and AVD at the network layer in their own subscription.
 
-For Windows 365 Business, one or more dedicated virtual networks are created in a tenant. The service automatically creates additional networks as needed and doesn't guarantee that all Windows 365 Business Cloud PCs in the same tenant will have network connectivity to each other.
+For Windows 365 Business, one or more dedicated virtual networks are created in a tenant. The service automatically creates more networks as needed and doesn't guarantee that all Windows 365 Business Cloud PCs in the same tenant will have network connectivity to each other.
 
 All the isolation described above happens on a per user, per Cloud PC basis, since Windows 365 doesn't support multi-user scenarios.
 
 For a full description of Windows 365 architecture, see [Windows 365 architecture](architecture.md). For more information on isolation in Microsoft 365, see [Isolation and Access Control in Microsoft 365](/microsoft-365/enterprise/microsoft-365-isolation-in-microsoft-365). For more on Access Management in Microsoft 365, refer to [Identity and Access Management - Microsoft Service Assurance](/compliance/assurance/assurance-identity-and-access-management).
 
 ## Compliance and legal
 
-Audit reports for Windows 365 will be available for download at the [Microsoft Service Trust Portal](https://aka.ms/stp) when they are completed. The Microsoft Service Trust Portal serves as a central repository for Microsoft Enterprise Online Services.
+Audit reports for Windows 365 will be available for download at the [Microsoft Service Trust Portal](https://aka.ms/stp) when they're completed. The Microsoft Service Trust Portal serves as a central repository for Microsoft Enterprise Online Services.
 
 **Microsoft’s privacy notice to end users of products provided by organizational customers** - The [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) notifies end users that when they sign in to Microsoft products with a work account, a) their organization can control and administer their account (including controlling privacy-related settings) and access and process their data, and b) Microsoft may collect and process the data to provide the service to the organization and end users.