Edits from final proofread

lenewsad · lenewsad · commit c6f4648da6bc · 2022-08-10T12:16:52.000-04:00
diff --git a/memdocs/intune/enrollment/create-device-limit-restrictions.md b/memdocs/intune/enrollment/create-device-limit-restrictions.md
@@ -43,7 +43,7 @@ ms.collection:
 
 [!INCLUDE [azure_portal](../includes/azure_portal.md)]  
 
-Use device limit enrollment restrictions to restrict the number of devices allowed to enroll in Microsoft Intune. Device limit restrictions work on devices that meet the following criteria:  
+Create a device limit enrollment restriction policy to limit the number of devices a user can enroll in Microsoft Intune. Device limit restrictions work on devices that meet the following criteria:  
 
   * Microsoft Intune-managed  
   * Established contact with Intune within last 90 days  
@@ -54,25 +54,26 @@ Use device limit enrollment restrictions to restrict the number of devices allow
 
 You can create a new device limit-enrollment restriction policy in the Microsoft Endpoint Manager admin center or use the default policy that's already available. You can have up to 25 device limit restriction policies. 
 
-This article describes how to create and configure a device limit-enrollment restriction policy in the admin center. 
+This article describes how to create and configure a device limit-enrollment restriction policy in the admin center.  
 
 ## Default policy 
-Microsoft Intune provides one default policy for device limit restrictions. You can edit and customize it as needed. Intune applies the default policy to all user and userless enrollments until you assign a higher-priority policy.  
+Microsoft Intune provides one default policy for device limit restrictions that you can edit and customize as needed. Intune applies the default policy to all user and userless enrollments until you assign a higher-priority policy.  
 
 ## Create a device limit restriction  
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Enrollment restrictions** > **Create restriction** > **Device limit restriction**.
-2. On the **Basics** page, give the restriction a **Name** and optional **Description**.
-3. Choose **Next** to go to the **Device limit** page.
-4. For **Device limit**, select the maximum number of devices that a user can enroll.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Go to **Devices** > **Enrollment restrictions** > **Create restriction** > **Device limit restriction**.  
+3. On the **Basics** page, give the restriction a **Name** and optional **Description**.
+4. Choose **Next** to go to the **Device limit** page.
+5. For **Device limit**, select the maximum number of devices that a user can enroll.
     ![Screen cap for choosing device limit](./media/enrollment-restrictions-set/choose-device-limit.png)
-5. Choose **Next** to go to the **Scope tags** page.
-6. On the **Scope tags** page, optionally add the scope tags you want to apply to this restriction. For more information about scope tags, see [Use role-based access control and scope tags for distributed IT](../fundamentals/scope-tags.md). 
-7. Choose **Next** to go to the **Assignments** page.
-8. Choose **Select groups to include** and then use the search box to find groups that you want to include in this restriction. The restriction applies only to groups to which it's assigned. If you don't assign a restriction to at least one group, it won't have any effect. Then choose **Select**. 
+6. Choose **Next** to go to the **Scope tags** page.
+7. On the **Scope tags** page, optionally add the scope tags you want to apply to this restriction. For more information about scope tags, see [Use role-based access control and scope tags for distributed IT](../fundamentals/scope-tags.md). 
+8. Choose **Next** to go to the **Assignments** page.
+9. Choose **Select groups to include** and then use the search box to find groups that you want to include in this restriction. The restriction applies only to groups to which it's assigned. If you don't assign a restriction to at least one group, it won't have any effect. Then choose **Select**. 
     ![Screen cap for selecting groups](./media/enrollment-restrictions-set/select-groups-device-limit.png)
-9. Select **Next** to go to the **Review + create** page.
-10. Select **Create** to create the restriction. The new restriction appears in your list of restrictions and is given a higher priority than the default policy. For information about changing the priority level, see [Change restriction priority](create-device-limit-restrictions.md#change-restriction-priority)(in this article).  
+10. Select **Next** to go to the **Review + create** page.
+11. Select **Create** to create the restriction. The new restriction appears in your list of restrictions and is given a higher priority than the default policy. For information about changing the priority level, see [Change restriction priority](create-device-limit-restrictions.md#change-restriction-priority)(in this article).  
 
 ## Edit enrollment restrictions    
 
diff --git a/memdocs/intune/enrollment/create-device-platform-restrictions.md b/memdocs/intune/enrollment/create-device-platform-restrictions.md
@@ -43,17 +43,24 @@ ms.collection:
 
 [!INCLUDE [azure_portal](../includes/azure_portal.md)]  
 
-Use the device platform enrollment restrictions in Microsoft Intune to block personally owned devices from enrolling, and to block devices by device platform and OS version. An enrollment restriction policy is required to apply enrollment restrictions. You can create a new Intune device platform restriction policy in the Microsoft Endpoint Manager admin center or use the default policy that's already available. 
+Create a device platform enrollment restriction policy to restrict devices from enrolling in Intune. Available restrictions include:  
 
-You can have up to 25 device platform restriction policies. 
+* Device platform
+* OS version
+* Manufacturer
+* Ownership (personally-owned)
 
-This article describes the device platform restrictions supported in Microsoft Intune and how to configure them from the Microsoft Endpoint Manager admin center.  
+ You can create a new device platform restriction policy in the Microsoft Endpoint Manager admin center or use the default policy that's already available. You can have up to 25 device platform restriction policies. 
+
+This article describes the device platform restrictions supported in Microsoft Intune and how to configure them in the admin center.  
 
 ## Default policy 
-Microsoft Intune provides one default policy for device platform restrictions. You can edit and customize it as needed. Intune applies the default policy to all user and userless enrollments until you assign a higher-priority policy.  
+Microsoft Intune provides one default policy for device platform restrictions that you can edit and customize as needed. Intune applies the default policy to all user and userless enrollments until you assign a higher-priority policy.  
 
-## Available restrictions  
-This section describes the restrictions you can configure in a device platform-enrollment restriction policy. 
+## Best practice - Android platform restrictions          
+Since Intune supports two Android platforms, it's important to understand how OS version restrictions work when used together with device platform restrictions:   
+  * If you allow both platforms for the same group, and then refine it for specific and non-overlapping versions, devices are sent through the Android enrollment flow that's picked for their version.   
+  * If you allow both platforms, but block the same versions, devices running blocked versions can't enroll. Users on these devices are sent through the Android device administrator enrollment flow before they're blocked and prompted to sign out. 
 
 ## Create a device platform restriction   
 
diff --git a/memdocs/intune/enrollment/enrollment-restrictions-set.md b/memdocs/intune/enrollment/enrollment-restrictions-set.md
@@ -3,7 +3,7 @@
 
 title: Overview of enrollment restrictions  
 titleSuffix: Microsoft Intune 
-description: Learn about
+description: Learn about the enrollment restrictions available in Microsoft Intune. 
 keywords:
 author: Lenewsad
 ms.author: lanewsad
@@ -45,66 +45,64 @@ ms.collection:
 
 Device enrollment restrictions let you restrict enrollment based on device attributes. When restrictions are applied, users on restricted devices or who exceed the device limit are blocked from enrolling in Microsoft Intune. There are two types of device enrollment restrictions you can configure in Microsoft Intune:   
 
-* *Device platform enrollment restrictions* define which platforms, versions, and management types can enroll. In Intune, you can restrict device platforms, OS versions, manufacturer, and personally owned devices.  
-* *Device limit enrollment restrictions* define how many devices each user can enroll. 
+* *Device platform restrictions* define which platforms, versions, and management types can enroll. In Intune, you can restrict device platforms, OS versions, manufacturer, and personally owned devices.  
+* *Device limit restrictions* define how many devices each user can enroll. 
 
 Each restriction type comes with one default policy that you can edit and customize as needed. Intune applies the default to all user and userless enrollments until you assign a higher-priority policy.  
 
-This article provides an overview of the available enrollment restrictions. When you're ready to create an enrollment restriction policy, see [Next steps](enrollment-restrictions-set.md)(in this article).   
+This article provides an overview of the available enrollment restrictions. When you're ready to create an enrollment restriction policy, see [Next steps](enrollment-restrictions-set.md) (in this article).   
 
 ## Available restrictions  
 You can configure the following restrictions in the admin center: 
 
+* Device limit 
 * Device platform  
 * OS version  
 * Device manufacturer
-* Device ownership  
-* Device limit   
+* Device ownership (personally-owned devices)    
 
-### Platform 
-This restriction blocks devices running on specific device platforms. You can apply this restriction to devices running: 
+### Device limit 
+Put a limit on the number of devices a person can enroll. You can set the device limit from 1 to 15.  
+
+This configuration is in the admin center under **Enrollment device limit restrictions**. 
+
+### Device platform 
+Block devices running on a specific device platform. You can apply this restriction to devices running: 
 
    * Android device administrator
    * Android Enterprise work profile
    * iOS/iPadOS
    * macOS
-   * Windows 
+   * Windows 10/11  
 
 In groups where both Android platforms are allowed, devices that support work profile will enroll with a work profile. Devices that don't support work profile will enroll on the Android device administrator platform. Neither work profile nor device administrator enrollment will work until you complete all prerequisites for Android enrollment.   
 
-This configuration is in the admin center under **Enrollment device platform restrictions**.  
+This restriction is in the admin center under **Enrollment device platform restrictions**.  
 
 ### OS version 
-This restriction enforces your maximum and minimum OS version requirements. Devices running earlier or later OS versions aren't allowed to enroll. This type of restriction works with the following operating systems: 
+This restriction enforces your maximum and minimum OS version requirements. This type of restriction works with the following operating systems: 
 
    * Android device administrator\*
    * Android Enterprise work profile\*  
    * iOS/iPadOS\*
    * Windows  
 
-\* Version restrictions are supported on these platforms for devices enrolled via Intune Company Portal only.    
-
-This configuration is in the admin center under **Enrollment device platform restrictions**.  
+\* Version restrictions are supported on these operating systems for devices enrolled via Intune Company Portal only.    
 
-## Combining restrictions      
-Since Intune supports two Android platforms, it's important to understand how version restrictions work when used together with device platform restrictions:   
-  * If you allow both platforms for the same group, and then refine it for specific and non-overlapping versions, devices are sent through the Android enrollment flow that's picked for their version.   
-  * If you allow both platforms, but block the same versions, devices running blocked versions can't enroll. Users on these devices are sent through the Android device administrator enrollment flow before they're blocked and prompted to sign out. 
+This restriction is in the admin center under **Enrollment device platform restrictions**.  
 
 ### Device manufacturer  
-This restriction blocks devices made by specific manufacturers, and is applicable to Android devices only.  
-
-This configuration is in the admin center under **Enrollment device platform restrictions**.    
+This restriction blocks devices made by specific manufacturers, and is applicable to Android devices only. It is in the admin center under **Enrollment device platform restrictions**.    
 
 ### Personally-owned devices  
 This restriction helps prevent device users from accidentally enrolling their personal devices, and applies to devices running:  
 
 * Android
 * iOS/iPad OS
 * macOS
-* Windows  
+* Windows 10/11 
 
-This configuration is in the admin center under **Enrollment device platform restrictions**. 
+This restriction is in the admin center under **Enrollment device platform restrictions**.  
 
 #### Blocking personal Android devices  
 By default, until you manually make changes in the admin center, your Android Enterprise work profile device settings and Android device administrator device settings are the same. 
@@ -148,11 +146,6 @@ Intune also blocks personal devices using these enrollment methods:
 
 \* These won't be blocked if registered with Autopilot.  
 
-### Device limit 
-This restriction lets you put a limit on the number of devices a person can enroll. In Intune, you can set the device limit from 1 to 15.  
-
-This configuration is in the admin center under **Enrollment device limit restrictions**. 
-
 ## Limitations  
 
 * Enrollment restrictions are applied to users. For enrollment scenarios that aren't user-driven, such as Windows Autopilot self-deploying mode, bulk enrollment (WCD), or Azure Virtual desktop, Intune enforces the default policy.  
diff --git a/memdocs/intune/enrollment/view-enrollment-reports.md b/memdocs/intune/enrollment/view-enrollment-reports.md
@@ -43,12 +43,13 @@ ms.collection:
 
 [!INCLUDE [azure_portal](../includes/azure_portal.md)]  
 
-Use the following reports to monitor and troubleshoot issues with enrollment restrictions and enrollment status page assignments:  
+Your can use the following reports in the Microsoft Endpoint Manager admin center to monitor and troubleshoot issues with enrollment restrictions and enrollment status page assignments:  
+
 - Enrollment failures report  
 - Troubleshooting + support page  
 - Device enrollment page  
 
-This section describes the purpose of each resource and where to find them in the admin center.  
+This article describes each report and how to access them in the admin center.  
 
 ## Enrollment failures report  
 Use the enrollment failures report to view enrollment failures for all users or for select users. This report shows each failed enrollment attempt along with the date it occurred, reason for failure, OS, OS version, username, and enrollment method.  
