Merging changes synced from https://github.com/MicrosoftDocs/memdocs-pr (branch live)

Author: Learn Build Service GitHub App

memdocs/intune/developer/app-sdk-android-phase3.md

@@ -7,7 +7,7 @@ keywords: SDK
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer

memdocs/intune/developer/app-sdk-get-started.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/14/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer
@@ -51,7 +51,7 @@ You _**do not need**_ to register your app. For internal [line-of-business (LOB)
 
 You _**must**_ first register your app with Microsoft Intune and agree to the registration terms. IT administrators can then apply an app protection policy to the managed app, which will be listed as an [Partner productivity apps](../apps/apps-supported-intune-apps.md#partner-productivity-apps).
 
-Until registration has been finished and confirmed by the Microsoft Intune team, Intune administrators won't have the option to apply app protection policy to your app's deep link. Microsoft will also add your app to its [Microsoft Intune Partners page](https://www.microsoft.com/cloud-platform/microsoft-intune-apps). There, the app's icon will be displayed to show that it supports Intune app protection policies.
+Until registration has been finished and confirmed by the Microsoft Intune team, Intune administrators won't have the option to apply app protection policy to your app's deep link. Microsoft will also add your app to its Microsoft Intune Partners page. There, the app's icon will be displayed to show that it supports Intune app protection policies.
 
 ### The registration process
 To begin the registration process, and if you aren't already working with a Microsoft contact, fill out the [Microsoft Intune App Partner Questionnaire](https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR80SNPjnVA1KsGiZ89UxSdVUMEpZNUFEUzdENENOVEdRMjM5UEpWWjJFVi4u).
@@ -67,7 +67,7 @@ We'll use the email addresses listed in your questionnaire response to reach out
 
 2. After we receive all necessary information from you, we'll send you the Microsoft Intune App Partner Agreement to sign. This agreement describes the terms that your company must accept before it becomes a Microsoft Intune app partner.
 
-3. You'll be notified when your app is successfully registered with the Microsoft Intune service and when your app is featured on the [Microsoft Intune partners](https://www.microsoft.com/cloud-platform/microsoft-intune-apps) site.
+3. You'll be notified when your app is successfully registered with the Microsoft Intune service and when your app is featured on the Microsoft Intune partners site.
 
 4. Finally, your app's deep link will be added to the next monthly Intune Service update. For example, if the registration information is finished in July, the deep link will be supported in mid-August.
 

memdocs/intune/developer/app-sdk-ios-appendix.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer
@@ -61,16 +61,16 @@ To do this, the application should make use of the `registeredAccounts:` method.
 
 ### How often does the SDK retry enrollments?
 
-The SDK will automatically retry all previously failed enrollments on a 24-hour interval. The SDK does this to ensure that if a user's organization enabled MAM after the user signed in to the application, the user will successfully enroll and receive policies.
+The SDK automatically retries all previously failed enrollments on a 24-hour interval. The SDK does this to ensure that if a user's organization enabled MAM after the user signed in to the application, the user will successfully enroll and receive policies.
 
-The SDK will stop retrying when it detects that a user has successfully enrolled the application. This is because only one user can enroll an application at a particular time. If the user is unenrolled, the retries will begin again on the same 24-hour interval.
+The SDK stops retrying when it detects that a user has successfully enrolled the application. This is because only one user can enroll an application at a particular time. If the user is unenrolled, the retries begin again on the same 24-hour interval.
 
 ### Why does the user need to be deregistered?
 
-The SDK will take these actions in the background periodically:
+The SDK takes these actions in the background periodically:
 
-* If the application isn't yet enrolled, it will try to enroll all registered accounts every 24 hours.
-* If the application is enrolled, the SDK will check for MAM policy updates every 8 hours.
+* If the application isn't yet enrolled, it tries to enroll all registered accounts every 24 hours.
+* If the application is enrolled, the SDK checks for MAM policy updates every 8 hours.
 
 Deregistering a user notifies the SDK that the user will no longer use the application, and the SDK can stop any of the periodic events for that user account. It also triggers an app unenroll and selective wipe if necessary.
 
@@ -80,7 +80,7 @@ This method should be called before the user is signed out of the application.
 
 ### Are there any other ways that an application can be unenrolled?
 
-Yes, the IT admin can send a selective wipe command to the application. This will deregister and unenroll the user, and it will wipe the user's data. The SDK automatically handles this scenario and sends a notification via the unenroll delegate method.
+Yes, the IT admin can send a selective wipe command to the application. This will deregister and unenroll the user, and it wipes the user's data. The SDK automatically handles this scenario and sends a notification via the unenroll delegate method.
 
 ### Is there a sample app that demonstrates how to integrate the SDK?
 

memdocs/intune/developer/app-sdk-ios-phase1.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer

memdocs/intune/developer/app-sdk-ios-phase2.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer

memdocs/intune/developer/app-sdk-ios-phase3.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 10/14/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: developer

memdocs/intune/enrollment/device-limit-intune-azure.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 03/04/2024
+ms.date: 10/14/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -58,7 +58,8 @@ Intune device limit restrictions don't apply to devices enrolled via:
 - Co-management with Configuration Manager   
 - Automatic enrollment + group policy  
 - Automatic enrollment + device enrollment manager  
-- Automatic enrollment + bulk device enrollment    
+- Automatic enrollment + bulk device enrollment
+- Automatic enrollment initiated by user through desktop (for example, when they [connect a work or school account in the Windows Settings app](https://support.microsoft.com/windows/manage-user-accounts-in-windows-104dc19f-6430-4b49-6a2b-e4dbd1dcdf32))  
 - Windows Autopilot  
 
 Devices enrolled via these methods are enrolled automatically or by an Intune admin, not by an employee or student, and are considered shared devices. Instead, you can apply the Microsoft Entra limit, where supported.   

memdocs/intune/protect/blackberry-mobile-threat-defense-connector.md

@@ -8,7 +8,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 01/23/2024
+ms.date: 10/14/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -33,7 +33,7 @@ ms.collection:
 
 # Use BlackBerry Protect Mobile with Intune
 
-Control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by BlackBerry Protect Mobile (powered by Cylance AI), a mobile threat defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the BlackBerry Protect Mobile app.
+You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by BlackBerry Protect Mobile (powered by Cylance AI), a mobile threat defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the BlackBerry Protect Mobile app.
 
 You can configure Conditional Access policies based on a BlackBerry Protect risk assessment, enabled through Intune device compliance policies for enrolled devices. You can set up your policies to allow or block noncompliant devices from accessing corporate resources based on detected threats. For unenrolled devices, you can use app protection policies to enforce a block or selective wipe based on detected threats.
 
@@ -55,7 +55,7 @@ For more information about how to integrate BlackBerry UES with Microsoft Intune
 
 ## How do Intune and the BlackBerry MTD connector help protect your company resources?
 
-The CylancePROTECT app for Android and iOS/iPadOS captures file system, network stack, device, and application telemetry where available, then sends the telemetry data to the Cylance AI Protection cloud service to assess the device's risk for mobile threats.
+For Android and iOS/iPadOS, the CylancePROTECT app captures file system, network stack, device, and application telemetry where available, then sends the data to the Cylance AI Protection cloud service to assess the device's risk for mobile threats.
 
 - **Support for enrolled devices** - Intune device compliance policy includes a rule for MTD, which can use risk assessment information from CylancePROTECT (BlackBerry). When the MTD rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources, such as Exchange Online and SharePoint Online. Users also receive guidance from the BlackBerry Protect app installed on their devices to resolve the issue and regain access to corporate resources. To support using BlackBerry Protect with enrolled devices:
   - [Add MTD apps to devices](../protect/mtd-apps-ios-app-configuration-policy-add-assign.md)

memdocs/intune/protect/encryption-monitor.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 01/18/2024
+ms.date: 10/14/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -55,7 +55,7 @@ The encryption report supports reporting on devices that run the following opera
 
 ### Report details
 
-The Encryption report pane displays a list of the devices you manage with high-level details about those devices. You can select a device from the list to drill-in and view additional details from the devices [Device encryption status](#device-encryption-status) pane.
+The Encryption report pane displays a list of the devices you manage with high-level details about those devices. You can select a device from the list to drill-in and view more details from the devices [Device encryption status](#device-encryption-status) pane.
 
 - **Device name** - The name of the device.
 - **OS** – The device platform, such as Windows or macOS.
@@ -76,7 +76,7 @@ The Encryption report pane displays a list of the devices you manage with high
 
     For more information on Windows prerequisites for encryption, see the [BitLocker configuration service provider (CSP)](/windows/client-management/mdm/bitlocker-csp) in the Windows documentation.
 
-  - **Not ready**: The device doesn't have full encryption capabilities, but may still support encryption.
+  - **Not ready**: The device doesn't have full encryption capabilities, but might still support encryption.
   - **Not applicable**: There isn't enough information to classify this device.
 
 - **Encryption status** – Whether the OS drive is encrypted. 
@@ -166,7 +166,7 @@ When you select a device from the Encryption report, Intune displays the **Devic
 
   - Recovery key backup failed.
 
-    *Consider: Check the Event log on device to see why the recovery key backup failed. You may need to run the **manage-bde** command to manually escrow recovery keys.*
+    *Consider: Check the devices Event log to see why the recovery key backup failed. You might need to run the **manage-bde** command to manually escrow recovery keys.*
 
   - A fixed drive is unprotected.
 
@@ -178,15 +178,15 @@ When you select a device from the Encryption report, Intune displays the **Devic
 
   - Windows Recovery Environment (WinRE) isn't configured.
 
-    *Consider: Need to run command line to configure the WinRE on separate partition; as that was not detected. For more information, see [REAgentC command-line options](/windows-hardware/manufacture/desktop/reagentc-command-line-options).*
+    *Consider: Need to run command line to configure the WinRE on separate partition; as that wasn't detected. For more information, see [REAgentC command-line options](/windows-hardware/manufacture/desktop/reagentc-command-line-options).*
 
   - A TPM isn't available for BitLocker, either because it isn't present, it's been made unavailable in the Registry, or the OS is on a removable drive.
 
-    *Consider: The BitLocker policy applied to this device requires a TPM, but on this device, the BitLocker CSP has detected that the TPM may be disabled at the BIOS level.*
+    *Consider: The BitLocker policy applied to this device requires a TPM, but on this device, the BitLocker CSP detects that the TPM might be disabled at the BIOS level.*
 
   - The TPM isn't ready for BitLocker.
 
-    *Consider: The BitLocker CSP sees that this device has an available TPM, but the TPM may need to be initialized. Consider running **intialize-tpm** on the machine to initialize the TPM.*
+    *Consider: The BitLocker CSP sees that this device has an available TPM, but the TPM might need to be initialized. Consider running **intialize-tpm** on the machine to initialize the TPM.*
 
   - The network isn't available, which is required for recovery key backup.
 
@@ -200,7 +200,7 @@ This report can be of use in identifying problems for groups of devices. For exa
 
 ## Manage recovery keys
 
-For details on managing recovery keys, see the following in the Intune documentation:
+For details on managing recovery keys, see the following Intune documentation:
 
 macOS FileVault: