FeedbackFromSPandJG

Author: MicrosoftGuyJFlo

articles/active-directory/conditional-access/howto-conditional-access-policy-compliant-device.md

@@ -22,9 +22,11 @@ Organizations who have deployed Microsoft Intune can use the information returne
 * Requiring a PIN to unlock
 * Requiring device encryption
 * Requiring a minimum or maximum operating system version
-* Requiring a device is not jailbroken or rooted
+* Requiring a device isn't jailbroken or rooted
 
-This policy compliance information is forwarded to Azure AD where Conditional Access can make decisions to grant or block access to resources. More information about device compliance policies can be found in the article, [Set rules on devices to allow access to resources in your organization using Intune](/intune/protect/device-compliance-get-started)
+Policy compliance information is sent to Azure AD where Conditional Access decides to grant or block access to resources. More information about device compliance policies can be found in the article, [Set rules on devices to allow access to resources in your organization using Intune](/intune/protect/device-compliance-get-started)
+
+Requiring a hybrid Azure AD joined device is dependent on your devices already being hybrid Azure AD joined. For more information, see the article [Configure hybrid Azure AD join](../devices/howto-hybrid-azure-ad-join.md).
 
 ## Template deployment
 
@@ -59,7 +61,7 @@ After confirming your settings using [report-only mode](howto-conditional-access
 
 ### Known behavior
 
-On Windows 7, iOS, Android, macOS, and some third-party web browsers Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
+On Windows 7, iOS, Android, macOS, and some third-party web browsers, Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
 
 ## Next steps
 

articles/active-directory/devices/howto-hybrid-azure-ad-join.md

@@ -135,3 +135,4 @@ If you experience issues with completing hybrid Azure AD join for domain-joined
 
 - [Downlevel device enablement](howto-hybrid-join-downlevel.md)
 - [Hybrid Azure AD join verification](howto-hybrid-join-verify.md)
+- [Use Conditional Access to require compliant or hybrid Azure AD joined device](../conditional-access/howto-conditional-access-policy-compliant-device.md)

articles/active-directory/devices/howto-hybrid-join-downlevel.md

@@ -46,3 +46,4 @@ The installer creates a scheduled task on the system that runs in the user conte
 ## Next steps
 
 - [Hybrid Azure AD join verification](howto-hybrid-join-verify.md)
+- [Use Conditional Access to require compliant or hybrid Azure AD joined device](../conditional-access/howto-conditional-access-policy-compliant-device.md)

articles/active-directory/devices/hybrid-azuread-join-control.md

@@ -97,7 +97,6 @@ After you verify that everything works as expected, you can automatically regist
 ## Next steps
 
 - [Plan your hybrid Azure Active Directory join implementation](hybrid-azuread-join-plan.md)
-
 - [Configure hybrid Azure AD join](howto-hybrid-azure-ad-join.md)
-
 - [Configure hybrid Azure Active Directory join manually](hybrid-azuread-join-manual.md)
+- [Use Conditional Access to require compliant or hybrid Azure AD joined device](../conditional-access/howto-conditional-access-policy-compliant-device.md)

articles/active-directory/devices/hybrid-azuread-join-manual.md

@@ -485,3 +485,4 @@ If you experience issues completing hybrid Azure AD join for domain-joined Windo
 - [Hybrid Azure AD join verification](howto-hybrid-join-verify.md)
 - [Downlevel device enablement](howto-hybrid-join-downlevel.md)
 - [Plan your hybrid Azure Active Directory join implementation](hybrid-azuread-join-plan.md)
+- [Use Conditional Access to require compliant or hybrid Azure AD joined device](../conditional-access/howto-conditional-access-policy-compliant-device.md)

articles/active-directory/devices/hybrid-azuread-join-plan.md

@@ -125,7 +125,8 @@ To register devices as hybrid Azure AD join to respective tenants, organizations
 
 Organizations may want to do a targeted rollout of hybrid Azure AD join before enabling it for their entire organization. Review the article [Hybrid Azure AD join targeted deployment](hybrid-azuread-join-control.md) to understand how to accomplish it.
 
-When all of the pre-requisites are in place, Windows devices will automatically register as devices in your Azure AD tenant. The state of these device identities in Azure AD is referred as hybrid Azure AD join. More information about the concepts covered in this article can be found in the article [Introduction to device identity management in Azure Active Directory](overview.md).
+> [!WARNING]
+> Organizations should include a sample of users from varying roles and profiles in their pilot group. A targeted rollout will help identify any issues your plan may not have addressed before you enable for the entire organization.
 
 ## Select your scenario based on your identity infrastructure
 

articles/active-directory/devices/plan-device-deployment.md

@@ -76,6 +76,9 @@ We recommend that the initial configuration of your integration method is in a t
 
 You may want to do a [targeted deployment of hybrid Azure AD join](hybrid-azuread-join-control.md) before enabling it across the entire organization.
 
+> [!WARNING]
+> Organizations should include a sample of users from varying roles and profiles in their pilot group. A targeted rollout will help identify any issues your plan may not have addressed before you enable for the entire organization.
+
 ## Choose your integration methods
 
 Your organization can use multiple device integration methods in a single Azure AD tenant. The goal is to choose the method(s) suitable to get your devices securely managed in Azure AD. There are many parameters that drive this decision including ownership, device types, primary audience, and your organization’s infrastructure.