diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index f74a428756..5ceee9a62a 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -2714,6 +2714,11 @@
       "source_path": "autopilot/autopilot-faq.yml",
       "redirect_url": "/autopilot/faq",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "memdocs/intune/protect/endpoint-security-firewall-rule-tool.md",
+      "redirect_url": "/mem/intune/protect/endpoint-security-firewall-policy",
+      "redirect_document_id": false
     }
   ]
 }
\ No newline at end of file
diff --git a/memdocs/intune/configuration/platform-sso-macos.md b/memdocs/intune/configuration/platform-sso-macos.md
index 14d89e6285..9fd9842f56 100644
--- a/memdocs/intune/configuration/platform-sso-macos.md
+++ b/memdocs/intune/configuration/platform-sso-macos.md
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 08/21/2024
+ms.date: 08/22/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -38,7 +38,7 @@ This feature applies to:
 
 - macOS
 
-The [Microsoft Enterprise SSO plug-in](/entra/identity-platform/apple-sso-plugin) in Microsoft Entra ID includes two SSO features - **Platform SSO** and the **SSO app extension**. This article focuses on configuring [Platform SSO with Entra ID](/entra/identity/devices/macos-psso) for macOS devices which is in preview.
+The [Microsoft Enterprise SSO plug-in](/entra/identity-platform/apple-sso-plugin) in Microsoft Entra ID includes two SSO features - **Platform SSO** and the **SSO app extension**. This article focuses on configuring [Platform SSO with Microsoft Entra ID](/entra/identity/devices/macos-psso) for macOS devices (public preview).
 
 Some benefits of Platform SSO include:
 
@@ -59,12 +59,25 @@ This article shows you how to configure Platform SSO for macOS devices in Intune
 ## Prerequisites
 
 - Devices must be running macOS 13.0 and newer.
-- Microsoft Intune [Company Portal app](../apps/apps-company-portal-macos.md) version **5.2404.0** and newer is required. This version includes Platform SSO.
-- Supported web browsers include:
+
+- Microsoft Intune [Company Portal app](../apps/apps-company-portal-macos.md) version **5.2404.0** and newer is required on the devices. This version includes Platform SSO.
+
+- The following web browsers support Platform SSO:
+
   - Microsoft Edge
-  - Google Chrome with the [Microsoft Single Sign On extension](https://chromewebstore.google.com/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji). You can deploy this extension using [Chrome Enterprise policy - ExtensionInstallForcelist](https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist) (opens Google's web site) in the settings catalog.
+  - Google Chrome with the [Microsoft Single Sign On extension](https://chromewebstore.google.com/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji)
+  
+    Using an [Intune preference file (.plist) policy](preference-file-settings-macos.md), you can force this extension to install. In your `.plist` file, you need some of the information at [Chrome Enterprise policy - ExtensionInstallForcelist](https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist) (opens Google's web site).
+
+    > [!WARNING]
+    > There are sample `.plist` files at [ManagedPreferencesApplications examples on GitHub](https://github.com/ProfileCreator/ProfileManifests/tree/master/Manifests/ManagedPreferencesApplications). This GitHub repository is not owned, not maintained, and not created by Microsoft. Use the information at your own risk.
+
   - Safari
-- To create the Intune policy, at a minimum, sign in with an account that has the following Intune permissions:
+
+  You can use Intune to add web browser apps, including [package (`.pkg`)](../apps/lob-apps-macos.md) and [disk image (`.dmg`)](../apps/lob-apps-macos-dmg.md) files, and deploy the app to your macOS devices. To get started, go to [Add apps to Microsoft Intune](../apps/apps-add.md).
+
+- Platform SSO uses the Intune settings catalog to configure the required settings. To create the settings catalog policy, at a minimum, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) with an account that has the following Intune permissions:
+
   - Device Configuration **Read**, **Create**, **Update**, and **Assign** permissions
 
   There are some built-in roles that have these permissions, including the **Policy and Profile Manager** Intune RBAC role. For more information on RBAC roles in Intune, go to [Role-based access control (RBAC) with Microsoft Intune](../fundamentals/role-based-access-control.md).
@@ -149,9 +162,12 @@ For more information, go to [Microsoft Entra certificate-based authentication on
 
 ## Step 2 - Create the Platform SSO policy in Intune
 
-To configure the Platform SSO policy, use the following steps to create an [Intune settings catalog](settings-catalog.md) policy. These settings are required by the Microsoft Enterprise SSO plug-in. For more information, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin). 
+To configure the Platform SSO policy, use the following steps to create an [Intune settings catalog](settings-catalog.md) policy. The Microsoft Enterprise SSO plug-in requires the settings listed.
+
+- To learn more about the plug-in, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin).
+- For details about the payload settings for the Extensible Single Sign-on extension, go to [Extensible Single Sign-on MDM payload settings for Apple devices](https://support.apple.com/guide/deployment/depfd9cdf845/web) (opens Apple's web site).
 
-For details about the payload settings for the Extensible Single Sign-on extension, go to [Extensible Single Sign-on MDM payload settings for Apple devices](https://support.apple.com/guide/deployment/depfd9cdf845/web) (opens Apple's web site).
+**Create the policy**:
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy**.
@@ -190,7 +206,7 @@ For details about the payload settings for the Extensible Single Sign-on extensi
     > [!TIP]
     > There are more Platform SSO settings you can configure in the policy:
     >
-    > - [Settings for non-Microsoft apps and Microsoft Enterprise SSO Extension](#settings-for-non-microsoft-apps-and-microsoft-enterprise-sso-extension) (in this article)
+    > - [Non-Microsoft apps and Microsoft Enterprise SSO Extension settings](#non-microsoft-apps-and-microsoft-enterprise-sso-extension-settings) (in this article)
     > - [End user experience settings](#end-user-experience-settings) (in this article)
 
 8. Configure the following required settings:
@@ -198,16 +214,16 @@ For details about the payload settings for the Extensible Single Sign-on extensi
     | Name | Configuration value | Description |
     |---|---|---|
     | **Authentication Method (Deprecated)** </br>(macOS 13 only) | **Password** or **UserSecureEnclave** | Select the Platform SSO authentication method that you chose in [Step 1 - Decide the authentication method](#step-1---decide-the-authentication-method) (in this article). <br/><br/>This setting applies to macOS 13 only. For macOS 14.0 and later, use the **Platform SSO** > **Authentication Method** setting.|
-    | **Extension Identifier** | `com.microsoft.CompanyPortalMac.ssoextension` | This ID is the SSO app extension that the profile needs for SSO to work. <br/><br/> The **Extension Identifier** and **Team Identifier** values work together. |
-    | **Platform SSO** > **Authentication Method** </br>(macOS 14+) | **Password**, **UserSecureEnclave** or **SmartCard** | Select the Platform SSO authentication method that you chose in [Step 1 - Decide the authentication method](#step-1---decide-the-authentication-method) (in this article). <br/><br/>This setting applies to macOS 14 and later. For macOS 13, use the **Authentication Method (Deprecated)** setting. |
+    | **Extension Identifier** | `com.microsoft.CompanyPortalMac.ssoextension` | Copy and paste this value in the setting. <br/><br/>This ID is the SSO app extension that the profile needs for SSO to work. <br/><br/> The **Extension Identifier** and **Team Identifier** values work together. |
+    | **Platform SSO** > **Authentication Method** </br>(macOS 14+) | **Password**, **UserSecureEnclave**, or **SmartCard** | Select the Platform SSO authentication method that you chose in [Step 1 - Decide the authentication method](#step-1---decide-the-authentication-method) (in this article). <br/><br/>This setting applies to macOS 14 and later. For macOS 13, use the **Authentication Method (Deprecated)** setting. |
     | **Platform SSO** > **Use Shared Device Keys** </br>(macOS 14+) | **Enabled** | When enabled, Platform SSO uses the same signing and encryption keys for all users on the same device. </br></br>Users upgrading from macOS 13.x to 14.x are prompted to register again. |
-    | **Registration token** | `{{DEVICEREGISTRATION}}` | You must include the curly braces. For more information on this registration token, go to [Configure Microsoft Entra device registration](/entra/identity-platform/apple-sso-plugin#configure-microsoft-entra-device-registration). <br/><br/>This setting requires that you also configure the `AuthenticationMethod` setting.<br/><br/>- If you use only macOS 13 devices, then configure the **Authentication Method (Deprecated)** setting.<br/>- If you use only macOS 14+ devices, then configure the **Platform SSO** > **Authentication Method** setting.<br/>- If you have a mix of macOS 13 and macOS 14+ devices, then configure both authentication settings in the same profile. |
+    | **Registration token** | `{{DEVICEREGISTRATION}}` | Copy and paste this value in the setting. You must include the curly braces. <br/><br/>To learn more about this registration token, go to [Configure Microsoft Entra device registration](/entra/identity-platform/apple-sso-plugin#configure-microsoft-entra-device-registration). <br/><br/>This setting requires that you also configure the `AuthenticationMethod` setting.<br/><br/>- If you use only macOS 13 devices, then configure the **Authentication Method (Deprecated)** setting.<br/>- If you use only macOS 14+ devices, then configure the **Platform SSO** > **Authentication Method** setting.<br/>- If you have a mix of macOS 13 and macOS 14+ devices, then configure both authentication settings in the same profile. |
     | **Screen Locked Behavior** | **Do Not Handle** | When set to **Do Not Handle**, the request continues without SSO. |
-    | **Token To User Mapping** > **Account Name** | `preferred_username` | This token specifies that the Entra [`preferred_username`](/entra/identity-platform/id-token-claims-reference#payload-claims) attribute value is used for the macOS account's Account Name value. |
-    | **Token To User Mapping** > **Full Name** | `name` | This token specifies that the Entra [`name`](/entra/identity-platform/id-token-claims-reference#payload-claims) claim is used for the macOS account's Full Name value. |
-    | **Team Identifier** | `UBF8T346G9` | This identifier is the team identifier of the Enterprise SSO plug-in app extension. |
+    | **Token To User Mapping** > **Account Name** | `preferred_username` | Copy and paste this value in the setting. <br/><br/>This token specifies that the Entra [`preferred_username`](/entra/identity-platform/id-token-claims-reference#payload-claims) attribute value is used for the macOS account's Account Name value. |
+    | **Token To User Mapping** > **Full Name** | `name` | Copy and paste this value in the setting. <br/><br/>This token specifies that the Entra [`name`](/entra/identity-platform/id-token-claims-reference#payload-claims) claim is used for the macOS account's Full Name value. |
+    | **Team Identifier** | `UBF8T346G9` | Copy and paste this value in the setting. <br/><br/>This identifier is the team identifier of the Enterprise SSO plug-in app extension. |
     | **Type** | Redirect | |
-    | **URLs** | Enter all the following URLs: <br/><br/>`https://login.microsoftonline.com` <br/> `https://login.microsoft.com` <br/> `https://sts.windows.net` <br/><br/> If your environment needs to allow sovereign cloud domains, then also add the following URLs: <br/><br/> `https://login.partner.microsoftonline.cn` <br/> `https://login.chinacloudapi.cn` <br/> `https://login.microsoftonline.us` <br/> `https://login-us.microsoftonline.com` | These URL prefixes are the identity providers that do SSO app extensions. The URLs are required for **redirect** payloads and are ignored for **credential** payloads. <br/><br/>For more information on these URLs, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin). |
+    | **URLs** | Copy and paste all the following URLs: <br/><br/>`https://login.microsoftonline.com` <br/> `https://login.microsoft.com` <br/> `https://sts.windows.net` <br/><br/> If your environment needs to allow sovereign cloud domains, like Azure Government or Azure China 21Vianet, then also add the following URLs: <br/><br/> `https://login.partner.microsoftonline.cn` <br/> `https://login.chinacloudapi.cn` <br/> `https://login.microsoftonline.us` <br/> `https://login-us.microsoftonline.com` | These URL prefixes are the identity providers that do SSO app extensions. The URLs are required for **redirect** payloads and are ignored for **credential** payloads. <br/><br/>For more information on these URLs, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin). |
 
     > [!IMPORTANT]
     > If you have a mix of macOS 13 and macOS 14+ devices in your environment, then configure the **Platform SSO** > **Authentication Method** and the **Authentication Method (Deprecated)** authentication settings in the same profile.
@@ -237,12 +253,12 @@ The Company Portal app for macOS deploys and installs the Microsoft Enterprise S
 
 Using Intune, you can add the Company Portal app and deploy it as a required app to your macOS devices:
 
-- For the steps, go to [Add the Company Portal app for macOS](../apps/apps-company-portal-macos.md).
-- Optional. Configure the Company Portal app to include your organization information. For the steps, go to [How to configure the Intune Company Portal apps, Company Portal website, and Intune app](../apps/company-portal-app.md).
+- [Add the Company Portal app for macOS](../apps/apps-company-portal-macos.md) lists the steps.
+- Configure the Company Portal app to include your organization information (Optional). For the steps, go to [How to configure the Intune Company Portal apps, Company Portal website, and Intune app](../apps/company-portal-app.md).
 
 There aren't any specific steps to configure the app for Platform SSO. Just make sure the latest Company Portal app is added to Intune and deployed to your macOS devices.
 
-If you have an older version of the Company Portal app installed, then Platform SSO won't work.
+If you have an older version of the Company Portal app installed, then Platform SSO fails.
 
 ## Step 4 - Enroll the devices and apply the policies
 
@@ -265,7 +281,7 @@ When the device receives the policy, there's a **Registration required** notific
 
 :::image type="content" border="false" source="./media/platform-sso-macos/platform-sso-macos-registration-required.png" alt-text="Screenshot that shows the registration required prompt on end user devices when you configure Platform SSO in Microsoft Intune.":::
 
-- End users select this notification, sign in to the Microsoft Entra ID plug-in with their organization account, and complete multifactor authentication (MFA) if required.
+- End users select this notification, sign in to the Microsoft Entra ID plug-in with their organization account, and complete multifactor authentication (MFA), if required.
 
   > [!NOTE]
   > MFA is a feature of Microsoft Entra. Make sure MFA is enabled in your tenant. For more information, including any other app requirements, go to [Microsoft Entra multifactor authentication](/entra/identity/authentication/concept-mfa-howitworks).
@@ -291,7 +307,7 @@ After you confirm that your settings catalog policy is working, unassign any exi
 
 If you keep both policies, conflicts can occur.
 
-## Settings for non-Microsoft apps and Microsoft Enterprise SSO Extension
+## Non-Microsoft apps and Microsoft Enterprise SSO Extension settings
 
 If you previously used the Microsoft Enterprise SSO Extension, and/or want to enable SSO on non-Microsoft apps, then add the **Extension Data** setting to your existing Platform SSO settings catalog policy.
 
@@ -310,21 +326,21 @@ The following settings are commonly recommended for configuring SSO settings, in
 
 1. In your existing Platform SSO settings catalog policy, add **Extension Data**:
 
-    1. In the Intune admin center (**Devices** > **Manage devices** > **Configuration**), select your existing Platform SSO settings catalog policy.
-    2. In **Configuration settings**, select **Edit** > **Add settings**.
+    1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) (**Devices** > **Manage devices** > **Configuration**), select your existing Platform SSO settings catalog policy.
+    2. In **Properties** > **Configuration settings**, select **Edit** > **Add settings**.
     3. In the settings picker, expand **Authentication**, and select **Extensible Single Sign On (SSO)**:
 
         :::image type="content" source="./media/platform-sso-macos/settings-picker-authentication-extensible-sso.png" alt-text="Screenshot that shows the Settings Catalog settings picker, and selecting authentication and extensible SSO category in Microsoft Intune.":::
 
     4. In the list, select **Extension Data** and close the settings picker:
 
-        :::image type="content" source="./media/platform-sso-macos/settings-picker-authentication-extensible-sso-extension-data.png" alt-text="Screenshot that shows the Settings Catalog settings picker, and selecting authentication and extensible SSO category in Microsoft Intune, specifically Extension Data.":::
+        :::image type="content" source="./media/platform-sso-macos/settings-picker-authentication-extensible-sso-extension-data.png" alt-text="Screenshot that shows the Settings Catalog settings picker, and selecting authentication and Extension Data in Microsoft Intune.":::
 
-2. In **Extension Data**, **Add** the following keys and values: 
+2. In **Extension Data**, **Add** the following keys and values:
 
     | Key | Type  | Value | Description |
     | --- | --- | --- | --- |
-    | **AppPrefixAllowList**  | String | `com.microsoft.,com.apple.` | **AppPrefixAllowList** lets you create a list of app vendors with apps that can use SSO. You can add more app vendors to this list as needed. |
+    | **AppPrefixAllowList**  | String | `com.microsoft.,com.apple.` | Copy and paste this value in the setting. <br/><br/>**AppPrefixAllowList** lets you create a list of app vendors with apps that can use SSO. You can add more app vendors to this list as needed. |
     | **browser_sso_interaction_enabled** | Integer | `1` | Configures a recommended broker setting. |
     | **disable_explicit_app_prompt** | Integer | `1` | Configures a recommended broker setting. |
 
@@ -343,10 +359,22 @@ The following settings let you customize the end-user experience and give more g
 | Platform SSO settings | Possible values  | Usage |
 | --- | --- | --- |
 | **Account Display Name**  | Any string value. | Customize the organization name end users see in the Platform SSO notifications. |
-| **Enable Create User At Login** | **Enable** or **Disable**. | Allow any organizational user to sign in to the device using their Microsoft Entra credentials. When creating new local accounts, the provided username and password must be the same as the user's Entra ID UPN (e.g., `user@contoso.com`) and password.|
+| **Enable Create User At Login** | **Enable** or **Disable**. | Allow any organizational user to sign in to the device using their Microsoft Entra credentials. When you create new local accounts, the provided username and password must be the same as the user's Microsoft Entra ID UPN (`user@contoso.com`) and password.|
 | **New User Authorization Mode** | **Standard**, **Admin**, or **Groups** | One-time permissions the user has at sign-in when the account is created using Platform SSO. Currently, **Standard** and **Admin** values are supported. At least one **Admin** user is required on the device before **Standard** mode can be used.|
 | **User Authorization Mode** | **Standard**, **Admin**, or **Groups** | Persistent permissions the user has at sign-in each time the user authenticates using Platform SSO. Currently, **Standard** and **Admin** values are supported. At least one **Admin** user is required on the device before **Standard** mode can be used.|
 
+## Other MDMs
+
+You can configure Platform SSO with other mobile device management services (MDMs), if that MDM supports Platform SSO. When using another MDM service, use the following guidance:
+
+- The settings listed in this article are the Microsoft-recommended settings you should configure. You can copy/paste the setting values from this article in your MDM service policy.
+
+  The configuration steps in your MDM service can be different. We recommend you work with your MDM service vendor to correctly configure and deploy these Platform SSO settings.
+
+- Device registration with Platform SSO is more secure and uses hardware-bound device certificates. These changes can affect some MDM flows, like integration with [device compliance partners](../protect/device-compliance-partners.md).
+
+  You should talk to your MDM service vendor to understand if the MDM tested Platform SSO, certified that their software works properly with Platform SSO, and is ready to support customers using Platform SSO.
+
 ## Common errors
 
 When you configure Platform SSO, you might see the following errors:
diff --git a/memdocs/intune/configuration/preference-file-settings-macos.md b/memdocs/intune/configuration/preference-file-settings-macos.md
index 7ce27f7478..a94a569f89 100644
--- a/memdocs/intune/configuration/preference-file-settings-macos.md
+++ b/memdocs/intune/configuration/preference-file-settings-macos.md
@@ -8,7 +8,7 @@ keywords: preference file, property list file, plist, macOS, microsoft intune, e
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 01/16/2024
+ms.date: 08/22/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -37,7 +37,10 @@ This feature applies to:
 
 Property list files, also called preference files, include information about your macOS apps. You define app properties or settings that you want to preconfigure. When the file is ready, you can use Intune to deploy the file to your devices and configure the app settings in your file.
 
-Property list files are typically used for web browsers, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac), and custom apps.
+Property list files are typically used for web browsers, like Google Chrome, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac), and custom apps.
+
+> [!WARNING]
+> There are sample `.plist` files at [ManagedPreferencesApplications examples on GitHub](https://github.com/ProfileCreator/ProfileManifests/tree/master/Manifests/ManagedPreferencesApplications). This GitHub repository is not owned, not maintained, and not created by Microsoft. Use the information at your own risk.
 
 > [!TIP]
 > For Microsoft Edge version 77 and newer, you can use the settings catalog. You don't have to use a preference file. For more information, go to [Settings catalog](settings-catalog.md).
@@ -55,16 +58,16 @@ These settings are added to a device configuration profile in Intune, and then a
 
 ## What you need to know
 
-- These settings aren't validated. Test your changes before assigning the profile to your devices.
-- If you're not sure how to enter an app key, change the setting within the app. Then, review the app's preference file using [Xcode](https://developer.apple.com/xcode/) to see how the setting is configured.
+- Test your changes before assigning the profile to your devices. Intune doesn't validate the settings in the property list file.
+- Review the app's preference file using [Xcode](https://developer.apple.com/xcode/) to see how the setting is configured. If you're not sure how to enter an app key, change the setting within the app. Then, review the app's preference file using [Xcode](https://developer.apple.com/xcode/).
 
   Apple recommends removing nonmanageable settings using Xcode before importing the file.
 
 - Only some apps work with managed preferences, and might not allow you to manage all settings.
 - Be sure you upload property list files that target device channel settings, not user channel settings. Property list files target the entire device.
-- If you're configuring the Microsoft Edge version 77 and newer app, then use the [Settings catalog](settings-catalog.md). For a list of the settings you can configure, go to [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies) (opens another Microsoft website).
+- Use the [Settings catalog](settings-catalog.md) to configure Microsoft Edge version 77 and newer. For a list of the settings you can configure, go to [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies) (opens another Microsoft website).
 
-  Be sure macOS is listed as a supported platform. If some settings aren't available in the settings catalog, then it's recommended to continue using the preference file.
+  Be sure macOS is listed as a supported platform. If some settings aren't available in the settings catalog, then use the preference file.
 
 ## Create the profile
 
diff --git a/memdocs/intune/protect/advanced-threat-protection-manage-android.md b/memdocs/intune/protect/advanced-threat-protection-manage-android.md
index a42e045d19..16b89cd4a5 100644
--- a/memdocs/intune/protect/advanced-threat-protection-manage-android.md
+++ b/memdocs/intune/protect/advanced-threat-protection-manage-android.md
@@ -1,13 +1,13 @@
 ---
 # required metadata
 
-title: Configure Defender for Endpoint Web protection on Android devices in Intune - Azure 
-description: Use Intune policy to manage  Microsoft Defender for Endpoint web protection settings on Android devices managed by Microsoft Intune.
+title: Configure Defender for Endpoint Web protection on Android devices in Microsoft Intune
+description: Use Intune policy to manage Microsoft Defender for Endpoint web protection settings on Android devices managed by Microsoft Intune.
 keywords:
 author: brenduns 
 ms.author: brenduns
 manager: dougeby
-ms.date: 10/09/2023
+ms.date: 08/22/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -32,13 +32,13 @@ ms.collection:
 
 When you integrate [Microsoft Defender for Endpoint](../protect/advanced-threat-protection-configure.md) with Microsoft Intune, you can use device configuration profiles to modify some Defender for Endpoint settings on Android devices.
 
-By default, Microsoft Defender for Endpoint for Android includes and enables the [Web protection](/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) feature that can help to secure devices against web threats and protect users from phishing attacks.
+By default, Microsoft Defender for Endpoint for Android includes and enables the Microsoft Defender for Endpoint [Web protection](/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) feature that can help to secure devices against web threats and protect users from phishing attacks.
 
-While this protection is enabled by default, there are valid reasons to disable it on some Android devices. For example, you might decide to use only the Defender for Endpoint app scan feature or to prevent web protection from using your VPN while it scans for harmful URLs.
+While enabled by default, there are valid reasons to disable it on some Android devices. For example, you might decide to use only the Defender for Endpoint app scan feature or to prevent web protection from using your VPN while it scans for harmful URLs.
 
 With Intune device configuration policy, you can turn off all or part of the web protection feature. The method you use and the capabilities you can disable depend on how the Android device is enrolled with Intune:
 
-- **Android device administrator**. Use a configuration profile to set custom OMA-URI settings on the device that disable the entire web protection feature or that disable only the use of VPNs. For general information about custom settings for Android devices, see [Custom settings](../configuration/custom-settings-android.md).
+- **Android device administrator**. Use a configuration profile to set custom OMA-URI settings on the device that disable the entire web protection feature or that disable only the use of VPNs. For general information about custom settings for Android devices, see [Use custom settings for Android devices in Microsoft Intune](../configuration/custom-settings-android.md).
 
 - **Android Enterprise personally owned work profile**. Use an app configuration profile and the configuration designer to disable web protection. This method and enrollment type support disabling all web protection capabilities but don't support disabling only the use of VPNs. For general information about app configuration policies, see [Use the configuration designer](../apps/app-configuration-policies-use-android.md#use-the-configuration-designer).
 
@@ -80,13 +80,13 @@ To configure web protection on devices, use the following procedures to create a
    - **Disable only the use of VPN by web protection**:
      - **Name**: Enter a unique name for this OMA-URI setting so you can find it easily. For example, **Disable Microsoft Defender for Endpoint web protection VPN**.
      - **Description**: (Optional) Enter a description that provides an overview of the setting and any other important details.
-     - **OMA-URI**: Enter  `./Vendor/MSFT/DefenderATP/Vpn`
+     - **OMA-URI**: Enter `./Vendor/MSFT/DefenderATP/Vpn`
      - **Data type**: Select **Integer** in the drop-down list.
      - **Value**: To disable the VPN-based scan, set *Value* to **0**. To enable the VPN-based scan, enter **1**, which is the default.
 
    Select **Add** to save the OMA-URI settings configuration, and then select **Next** to continue.
 
-6. In **Assignments**, specify the groups that will receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
+6. In **Assignments**, specify the groups that receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
 
 7. In **Review + create**, when you're done, select **Create**. The new profile is displayed in the list when you select the policy type for the profile you created.
 
@@ -126,7 +126,7 @@ To configure web protection on devices, use the following procedures to create a
 
    Select **Next** to continue.
 
-8. In **Assignments**, specify the groups that will receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
+8. In **Assignments**, specify the groups that receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
 
 9. In **Review + create**, when you're done, select **Create**. The new profile is displayed in the list when you select the policy type for the profile you created.
 
@@ -149,14 +149,14 @@ To configure web protection on devices, use the following procedures to create a
 
    Select **Next** to continue.
 
-2. In **Assignments**, specify the groups that will receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
+2. In **Assignments**, specify the groups that receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md).
 
 3. In **Review + create**, when you're done, select **Create**. The new profile is displayed in the list when you select the policy type for the profile you
    created.
 
 ## Next steps
 
-- [Monitor compliance for risk levels](../protect/advanced-threat-protection-monitor.md)
+- [Monitor device compliance status for risk levels](../protect/advanced-threat-protection-monitor.md)
 - [Use security tasks with Defender for Endpoints Vulnerability Management to remediate problems on devices](../protect/atp-manage-vulnerabilities.md)
 
 - Learn more from the Microsoft Defender for Endpoint documentation:
diff --git a/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md b/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md
index 6ec9f1793c..01fc7edc2a 100644
--- a/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md
+++ b/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md
@@ -8,7 +8,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 11/17/2023
+ms.date: 08/22/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -49,12 +49,12 @@ You can configure Conditional Access policies based on Check Point Harmony Mobil
 
 - Microsoft Intune Plan 1 subscription
 
-- Check Point Harmony Mobile Threat Defense subscription
+- Check Point Harmony Mobile Threat Defense subscription  
   - See the [CheckPoint Harmony website](https://www.checkpoint.com/harmony).
 
 ## How do Intune and Check Point Harmony Mobile help protect your company resources?
 
-Check Point Harmony Mobile app for Android and iOS/iPadOS captures file system, network stack, device and application telemetry where available, then sends the telemetry data to the Check Point Harmony cloud service to assess the device's risk for mobile threats.
+Check Point Harmony Mobile app for Android and iOS/iPadOS captures file system, network stack, and device and application telemetry where available, then sends the telemetry data to the Check Point Harmony cloud service to assess the device's risk for mobile threats.
 
 The Intune device compliance policy includes a rule for Check Point Harmony Mobile Threat Defense, which is based on the Check Point Harmony risk assessment. When this rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the Harmony Mobile Protect app installed in their devices to resolve the issue and regain access to corporate resources.
 
diff --git a/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md b/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md
deleted file mode 100644
index d98be6d111..0000000000
--- a/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-# required metadata
-
-title: Endpoint security firewall rule migration tool for Microsoft Intune
-description: Learn about the endpoint security firewall rule migration tool for Microsoft Intune.
-keywords:
-author: brenduns
-ms.author: brenduns
-manager: dougeby
-ms.date: 06/07/2024
-ms.topic: overview
-ms.service: microsoft-intune
-ms.subservice: protect
-ms.localizationpriority: high
-# optional metadata
-
-ROBOTS: NOINDEX
-#audience:
-
-ms.suite: ems
-search.appverid: MET150
-#ms.tgt_pltfrm:
-ms.custom: intune-azure
-ms.collection:
-- tier3
-- M365-identity-device-management
-- ContentEnagagementFY24 
-- sub-secure-endpoints
-
-ms.reviewer: 
----
-
-# Endpoint security firewall rule migration tool overview
-
-> [!IMPORTANT]
->
-> In June 2024, a change to MSGraph affected the operation of the Intune endpoint security Firewall Rule migration tool. With this change, the tool is unable to successfully create new firewall rule profiles and is therefore no longer supported or offered for download. Compounding the issue, the tool was capable of creating profiles for only the *Windows 10 and later* platform, a platform that has deprecated and [replaced by a new platform for firewall rule profiles](../protect/endpoint-security-firewall-policy.md) that supports the current Intune settings format.
->
->The challenges affecting the tool are not issues that can be resolved in the short term.
->
-> We are evaluating options to offer a new tool for firewall rule migration. However, it is not yet known if or when a new tool could be available. Should we be able to provide a new tool, we will announce its availability in the [What’s New in Microsoft Intune](../fundamentals/whats-new.md) article at that time.
diff --git a/memdocs/intune/protect/mtd-device-compliance-policy-create.md b/memdocs/intune/protect/mtd-device-compliance-policy-create.md
index 862aa70957..b01e390470 100644
--- a/memdocs/intune/protect/mtd-device-compliance-policy-create.md
+++ b/memdocs/intune/protect/mtd-device-compliance-policy-create.md
@@ -8,7 +8,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 11/01/2023
+ms.date: 08/22/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -52,13 +52,13 @@ With integration complete and the partner policy in place, you can then create I
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-2. Select **Endpoint security** > **Device Compliance** > **Create policy**.
+2. Select **Endpoint security** > **Device compliance** > **Create policy**.
 
 3. Select the **Platform**:
    - For most platforms, the *Profile type* is automatically set. If not automatically set, select the appropriate Profile type.
    - To continue, select **Create**.
 
-4. On **Basics**, specify  a device compliance policy **Name**, and **Description** (optional). Select **Next** to continue.
+4. On **Basics**, specify a device compliance policy **Name**, and **Description** (optional). Select **Next** to continue.
 
 5. On **Compliance settings**, expand and configure **Device Health**. Choose a threat-level from the drop-down list for **Require the device to be at or under the Device Threat Level**.
 
@@ -74,7 +74,7 @@ With integration complete and the partner policy in place, you can then create I
 
 6. On the **Actions for noncompliance** tab, specify a sequence of actions to apply automatically to devices that don't meet this compliance policy.
 
-   You can add multiple actions and configure schedules and other details for some actions. For example, you might change the schedule of the default action *Mark device noncompliant* to occur after one day. You can then add an action to send an email to the user when the device isn't compliant to warn them of that status. You can also add  actions that lock or retire devices that remain noncompliant.
+   You can add multiple actions and configure schedules and other details for some actions. For example, you might change the schedule of the default action *Mark device noncompliant* to occur after one day. You can then add an action to send an email to the user when the device isn't compliant to warn them of that status. You can also add actions that lock or retire devices that remain noncompliant.
 
    For information about the actions you can configure, see [Add actions for noncompliant devices](actions-for-noncompliance.md), including how to create notification emails to send to your users.
 
@@ -88,7 +88,7 @@ With integration complete and the partner policy in place, you can then create I
 
 ## Monitoring risk score sent by Mobile Threat Defense partner
 
-Your Mobile Threat Defense partner can send a risk score for each device for which the MTD app is installed. You can view this under **Reports** > **Device compliance** > **Reports** > **Device Compliance**. Make sure **Device threat level** is selected when opening the **Columns** tab, this may require you to hit **Generate** first. 
+Your Mobile Threat Defense partner can send a risk score for each device for which the MTD app is installed. You can view this under **Reports** > **Device compliance** > **Reports** > **Device Compliance**. Make sure **Device threat level** is selected when opening the **Columns** tab, this may require you to hit **Generate** first.
 
 > [!IMPORTANT]
 >
diff --git a/memdocs/intune/protect/security-baselines-monitor.md b/memdocs/intune/protect/security-baselines-monitor.md
index 9358b2cdcc..9884caaf3b 100644
--- a/memdocs/intune/protect/security-baselines-monitor.md
+++ b/memdocs/intune/protect/security-baselines-monitor.md
@@ -1,18 +1,18 @@
 ---
 # required metadata
 
-title: Check for the success or failure of security baselines in Microsoft Intune
-description: Monitor the device and per-setting results of security baselines you deploy with Microsoft Intune, and identify when multiple baselines that apply to the same device result in conflicts.
+title: Monitor security baselines deployed by Microsoft Intune
+description: Monitor device and per-setting results of security baselines you deploy with Microsoft Intune, and identify conflicts for devices.
 keywords:
 author: brenduns 
 ms.author: brenduns
 manager: dougeby
-ms.date: 10/09/2023
+ms.date: 08/22/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
 ms.localizationpriority: high
-ms.assetid: 
+ms.assetid:
 
 # optional metadata
 
@@ -55,7 +55,7 @@ For more information about the feature, see [Security baselines in Intune](secur
 >
 > The following information applies to profile versions released in May 2023 or later. To view information for profile versions released prior to May 2023, see [Monitor profiles for baseline versions released before May 2023](#monitor-profiles-for-baseline-versions-released-before-may-2023), later in this article.
 
-When you select a security baseline profile that you’ve deployed, you can gain insights into the security state of devices that received that baseline. To view these insights, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Security baselines** and select a security baseline type like the *Microsoft 365 Apps for Enterprise Security Baseline*. Then, from the *Profiles* pane, select the profile instance for which you want to view details to open the profiles dashboard view.
+When you select a security baseline profile that you've deployed, you can gain insights into the security state of devices that received that baseline. To view these insights, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Security baselines** and select a security baseline type like the *Microsoft 365 Apps for Enterprise Security Baseline*. Then, from the *Profiles* pane, select the profile instance for which you want to view details to open the profiles dashboard view.
 
 :::image type="content" source="./media/security-baselines-monitor/view-baseline-policy-details.png" alt-text="View the dashboard for a security baseline profile.":::
 
@@ -84,7 +84,7 @@ You can filter this report view for specific *Assignment status* values, and the
 
 If you select the name of a device from the *Device name* column, Intune displays the *Profile Settings* view where you can view that devices status results for each setting in the security baseline. Next, from the Profile Settings page, you can select a setting to view more details, which is useful when a device reports a result for any setting other than *Succeeded*.
 
-In the following image, we have drilled in on EAGLE003, the only device to show success for the baseline, and then selected the setting *Add-on Management*:
+In the following image, we drill in on EAGLE003, the only device to show success for the baseline, and then selected the setting *Add-on Management*:
 
 :::image type="content" source="./media/security-baselines-monitor/drill-in-for-setting-details-pane.png" alt-text="View a devices' reported status for each setting in the baseline.":::
 
@@ -92,7 +92,7 @@ On the settings Setting Details pane, we can see each profile that is assigned t
 
 For this device, there's only one source profile that manages the Add-on-management setting. If there were other profiles that configured this setting, those profiles would also be listed as a Source Profile.
 
-Should this setting have been in conflict, this view can help you identify the other profiles so you can then reconcile a consistent configuration, or later baseline profile assignments to remove the conflict.
+Should this setting be in conflict, this view can help you identify the other profiles so you can then reconcile a consistent configuration, or later baseline profile assignments to remove the conflict.
 
 ### Device assignment status report
 
diff --git a/memdocs/intune/toc.yml b/memdocs/intune/toc.yml
index d7fd5d1563..258112b2c9 100644
--- a/memdocs/intune/toc.yml
+++ b/memdocs/intune/toc.yml
@@ -667,8 +667,6 @@ items:
                 href: ./protect/mde-security-integration.md
               - name: Manage endpoint security policies in Microsoft Defender
                 href: /defender-endpoint/manage-security-policies?toc=/mem/intune/toc.json&bc=/mem/breadcrumb/toc.json
-          - name: Firewall rule migration
-            href: ./protect/endpoint-security-firewall-rule-tool.md  
           - name: Tenant attach
             href: ./protect/tenant-attach-intune.md
           - name: Encrypt disks
diff --git a/windows-365/business/add-user-assign-licenses.md b/windows-365/business/add-user-assign-licenses.md
index 8074ae9729..4cb6db510c 100644
--- a/windows-365/business/add-user-assign-licenses.md
+++ b/windows-365/business/add-user-assign-licenses.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: 
+ms.reviewer: nandis
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/customer-permissions.md b/windows-365/enterprise/customer-permissions.md
index 3a30db1860..31b69db633 100644
--- a/windows-365/enterprise/customer-permissions.md
+++ b/windows-365/enterprise/customer-permissions.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: elaineyou
+ms.reviewer: ericor
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/device-images-convert-generation-2.md b/windows-365/enterprise/device-images-convert-generation-2.md
index 7ea11d75f6..7e821a7b14 100644
--- a/windows-365/enterprise/device-images-convert-generation-2.md
+++ b/windows-365/enterprise/device-images-convert-generation-2.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: chbrinkh
+ms.reviewer: evas
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/end-of-support.md b/windows-365/enterprise/end-of-support.md
index 924c23346b..f98c9578e0 100644
--- a/windows-365/enterprise/end-of-support.md
+++ b/windows-365/enterprise/end-of-support.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: naramkri
+ms.reviewer: evas
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/provide-localized-windows-experience.md b/windows-365/enterprise/provide-localized-windows-experience.md
index abc1bd0784..fd4eb48077 100644
--- a/windows-365/enterprise/provide-localized-windows-experience.md
+++ b/windows-365/enterprise/provide-localized-windows-experience.md
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: chrimo
+ms.reviewer: satulim
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
diff --git a/windows-365/enterprise/troubleshoot-azure-network-connection.md b/windows-365/enterprise/troubleshoot-azure-network-connection.md
index 77dd5e2aa8..8f491982c9 100644
--- a/windows-365/enterprise/troubleshoot-azure-network-connection.md
+++ b/windows-365/enterprise/troubleshoot-azure-network-connection.md
@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 06/15/2023
+ms.date: 08/22/2024
 ms.topic: troubleshooting
 ms.service: windows-365
 ms.subservice: windows-365-enterprise
@@ -19,7 +19,7 @@ ms.assetid:
 #ROBOTS:
 #audience:
 
-ms.reviewer: mattsha
+ms.reviewer: ericor
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm: