Merge pull request #8536 from MicrosoftDocs/main

v-stsavell · web-flow · commit feeee5dcf2c7 · 2022-09-26T12:43:14.000-05:00
Publish main to live on 9/26 @ 10:30 am
diff --git a/memdocs/intune/fundamentals/multi-admin-approval.md b/memdocs/intune/fundamentals/multi-admin-approval.md
@@ -29,6 +29,9 @@ ms.collection:
 
 # Use Access policies to require multiple administrative approvals
 
+> [!NOTE]  
+> This feature is delayed and is not yet available. We'll remove this note when this feature begins to roll out to tenants.
+
 *This feature is in Public Preview*
 
 To help protect against a compromised administrative account, use Intune *access policies* to require that a second administrative account is used to approve a change before the change is applied. This capability is known as multiple administrative approval (MAA).
diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md
@@ -141,7 +141,7 @@ Applies to:
 #### Device Firmware Configuration Interface (DFCI) now supports Acer devices<!-- 15240661 -->
 For Windows 10/11 devices, you can create a DFCI profile to manage UEFI (BIOS) settings (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **Device Firmware Configuration Interface** for profile type).
 
-New Acer devices running Windows 10/11 will be enabled for DFCI starting Fall 2022. So, admins can create DFCI profiles to manage the BIOS and then deploy the profiles to these Acer devices.
+New Acer devices running Windows 10/11 will be enabled for DFCI in later 2022. So, admins can create DFCI profiles to manage the BIOS and then deploy the profiles to these Acer devices.
 
 Contact your device vendor or device manufacturer to ensure you get eligible devices.
 
@@ -236,7 +236,10 @@ For more information about protected apps, see [Microsoft Intune protected apps]
 
 ### Tenant administration
 
-#### Access policies for Multiple Administrator Approval in public preview<!--9348867 -->
+#### Access policies for Multiple Administrator Approval in public preview<!--9348867 -->  
+> [!NOTE]  
+> This feature is delayed and is not yet available. We'll remove this note when this feature begins to roll out to tenants.
+
 In public preview, you can use Intune *access policies* to require that a second Administrator Approval account be used to approve a change before the change is applied.  This capability is known as multiple Administrator Approval (MAA).
 
 You create an access policy to protect a type of resource, like App deployments. Each access policy also includes a group of users who are *approvers* for the changes protected by the policy. When a resource like an app deployment configuration is protected by an access policy, any changes that are made to the deployment, including creating, deleting or modifying an existing deployment won't apply until a member of the approvers group for that access policy reviews and approves that change.
diff --git a/memdocs/intune/protect/microsoft-tunnel-conditional-access.md b/memdocs/intune/protect/microsoft-tunnel-conditional-access.md
@@ -39,14 +39,14 @@ Before you can configure Conditional Access policies for the tunnel, you must en
 
 2. Download the PowerShell script named **mst-ca-provisioning.ps1** from aka.ms/mst-ca-provisioning.
 
-3. Using credentials that have the Azure Role permissions [equivalent to **Application Administrator**](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#application-administrator-permissions), run the script from any location in your environment, to provision your tenant.
+3. Using credentials that have the Azure Role permissions [equivalent to **Global Administrator**](/azure/active-directory/roles/permissions-reference#global-administrator), run the script from any location in your environment, to provision your tenant.
 
-   The script modifies your tenant by creating a service principle with the following details:
+   The script modifies your tenant by creating a service principal with the following details:
 
    - App ID: 3678c9e9-9681-447a-974d-d19f668fcd88
    - Name: Microsoft Tunnel Gateway
 
-   The addition of this service principle is required so you can select the tunnel cloud app while configuring Conditional Access policies. It's also possible to use Graph to add the service principle information to your tenant.
+   The addition of this service principal is required so you can select the tunnel cloud app while configuring Conditional Access policies. It's also possible to use Graph to add the service principal information to your tenant.
 
 4. After the script completes, you can use your normal process to create Conditional Access policies.
 
