aendrawos
diff --git a/‎memdocs/intune/enrollment/android-aosp-corporate-owned-user-associated-enroll.md
Lines changed: 24 additions & 27 deletions b/‎memdocs/intune/enrollment/android-aosp-corporate-owned-user-associated-enroll.md
Lines changed: 24 additions & 27 deletions
diff --git a/‎memdocs/intune/enrollment/android-aosp-corporate-owned-userless-enroll.md
Lines changed: 42 additions & 27 deletions b/‎memdocs/intune/enrollment/android-aosp-corporate-owned-userless-enroll.md
Lines changed: 42 additions & 27 deletions
@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 10/21/2022
+ms.date: 01/22/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -57,12 +57,16 @@ You must also:
 ## Create an enrollment profile   
 Create an enrollment profile to enable enrollment on devices. 
 
-1.	Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** > **Android** > **Android enrollment** > **Corporate-owned, user-associated devices**. 
-2.	Select **Create** and fill out the required fields.
-    - **Name**: Type a name to use when assigning the profile to the dynamic device group.
-    - **Description**: Add a profile description (optional).
-    - **Token expiration date**: The date when the token expires. Intune enforces a maximum of 90 days.  
-    - **SSID**: Identifies the network that the device will connect to. 
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Go to **Devices** > **Enrollment**.  
+3. Select the **Android** tab.  
+4. Under **Android Open Source Project (AOSP) (Preview)**, choose **Corporate-owned, user-associated devices (Preview)**.  
+5. Select **Create profile**.  
+6. Enter the basics for your profile:
+    - **Name**: Give the profile a name. Note the name down for later, because you'll need it when you set up the dynamic device group.  
+    - **Description**: Enter a description for the profile. This setting is optional, but recommended.  
+    - **Token expiration date**: Select the date the token expires, up to 90 days in the future.    
+    - **SSID**: Identifies the network that the device will connect to.  
 
         > [!NOTE]
         > Wi-Fi details are required because the RealWear device doesn't have a button or option that lets it automatically connect to other devices.  
@@ -74,23 +78,14 @@ Create an enrollment profile to enable enrollment on devices.
 
         - **Pre-shared key**: The pre-shared key that's used to authenticate with the network.  
 
-3. Select **Next** and optionally, select scope tags. 
-4. Select **Next**. Review the details of your profile and then select **Create** to save the profile.  
+7. Select **Next** and optionally, select scope tags. 
+8. Select **Next**. Review the details of your profile and then select **Create** to save the profile.  
 
 ### Access enrollment token  
 After you create a profile, Intune generates a token that's needed for enrollment. The token appears as a QR code. During device setup, when prompted to, scan the QR code to enroll the device in Intune.
 
-To view the token as a QR code:
-
-1. Go to **Corporate-owned, user-associated devices**.
-2. From the list, select your enrollment profile.
-2. Select **Token**.
-
-You can also export the enrollment profile JSON file. To create a JSON file:
-
-1. Go to **Corporate-owned, user-associated devices**.
-2. From the list, select your enrollment profile.
-3. Select **Token > Export**.
+To view the token as a QR code, select your enrollment profile from the enrollment profile list. Then select **Token**.   
+You can also export the enrollment profile JSON file. To create a JSON file, select Export**.  
 
 > [!IMPORTANT]
 >- The QR code will contain any credentials provided in the profile in plain text to allow the device to successfully authenticate with the network. This is required as the user will not be able to join a network from the device.  
@@ -99,8 +94,9 @@ You can also export the enrollment profile JSON file. To create a JSON file:
 ### Replace a token  
 You can generate a new token to replace one that's nearing its expiration date. The replacement token doesn't affect devices that are already enrolled.  
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).  
-2. Select **Devices** > **Android** > **Android enrollment** > **Corporate-owned, user-associated devices**.  
+1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
+2. Select the **Android** tab.  
+3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, user-associated devices (Preview)**.   
 3. Choose the profile that you want to work with.
 4. Select **Token** > **Replace token**.
 5. Enter the new token expiration date. Tokens must be replaced at least every 90 days. 
@@ -114,10 +110,11 @@ Revoke a token to immediately expire it and make it unusable. For example, it's
 
  Revoking a token has no effect on devices that are already enrolled.
 
-1.	Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).  
-2. Select **Devices** > **Android** > **Android enrollment** > **Corporate-owned, user-associated devices**.
-2.	Choose the profile that you want to work with.
-3.	Select **Token** > **Revoke token** > **Yes**.   
+1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
+2. Select the **Android** tab.  
+3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, user-associated devices (Preview)**.
+4.	Choose the profile that you want to work with.  
+5.	Select **Token** > **Revoke token** > **Yes**.   
 
 ## Create a device group  
 You can create *assigned device groups* or *dynamic device groups* in Intune. For more information about groups, see [Add groups to organize users and devices](../fundamentals/groups-add.md).
@@ -151,7 +148,7 @@ After you set up and assign the Android (AOSP) enrollment profiles, you can enro
 2. When the device prompts you to, scan the token's QR code. 
 
 > [!TIP]
-> To access the token in Intune, select **Devices** > **Android** > **Android enrollment** > **Corporate-owned, user-associated devices**. Select your enrollment profile, and then select **Token**.  
+> To access the token in Intune, go to **Devices** > **Enrollment**. Then select the **Android* tab > **Corporate-owned, user-associated devices**. Select your enrollment profile, and then choose **Token**.  
 
 3. Step through the on-screen prompts to finish enrolling and registering the device. The following apps are automatically installed during this time and used for enrollment: 
 
 
@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 09/23/2023
+ms.date: 01/23/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -39,9 +39,15 @@ Set up enrollment in Microsoft Intune for corporate-owned, userless devices buil
 * Intended to be shared by more than one user. 
 * Used to accomplish a specific set of tasks at work. 
 
-Devices enrolled into Intune with this management mode are automatically set up with Microsoft Authenticator and Company Portal. These devices are enrolled into Intune without a user account, aren't associated with a specific user, and are configured with [Microsoft Entra shared device mode](/azure/active-directory/develop/msal-shared-devices) during enrollment.
+This article describes how to set up Android (AOSP) device management and enroll RealWear devices for use at work. 
+
+## You should know    
+Devices enrolled into Intune with this management mode are automatically set up with Microsoft Authenticator and Company Portal. These devices are enrolled into Intune without a user account and aren't associated with a specific user. 
+
+Devices are configured in [Microsoft Entra shared device mode](/azure/active-directory/develop/msal-shared-devices) during enrollment. Devices enable single sign-on (SSO) between users across [participating apps](/azure/active-directory/develop/msal-android-shared-devices#microsoft-applications-that-support-shared-device-mode). By installing Company Portal, users can also leverage SSO when signing out of [apps that are integrated with the Intune SDK](../apps/apps-supported-intune-apps.md), even apps that don't yet participate with shared device mode. 
+
+
 
-With Shared device mode enabled, these devices allow for single sign-in and sign-out between users across [participating apps](/azure/active-directory/develop/msal-android-shared-devices#microsoft-applications-that-support-shared-device-mode). Through Company Portal installation, users also get single sign-out from [apps that have integrated with Intune's SDK](../apps/apps-supported-intune-apps.md), even for apps that don't yet participate with Shared device mode. 
 
 ## Prerequisites
 
@@ -58,16 +64,20 @@ You must also:
 
 
 ## Create an enrollment profile  
-Create an enrollment profile to enable enrollment on devices.
+Create an enrollment profile to enable enrollment on devices. 
 
 > [!TIP]
 > Intune also generates a token in plain text form, but that one can't be used to enroll devices.   
 
-1.	Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** > **Android** > **Android enrollment** > **Corporate-owned, userless devices**.  
-2.	Select **Create** and fill out the required fields.
-    - **Name**: Type a name to use when assigning the profile to the dynamic device group.  
-    - **Description**: Add a profile description (optional).  
-    - **Token expiration date**: The date when the token expires. Intune enforces a maximum of 90 days.  
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Go to **Devices** > **Enrollment**.  
+3. Select the **Android** tab.  
+4. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, userless devices (Preview)**.  
+5. Select **Create profile**.  
+6.	Enter the basics for your profile:  
+    - **Name**: Give the profile a name. Note the name down for later, because you'll need it when you set up the dynamic device group.   
+    - **Description**: Enter a description for the profile. This setting is optional, but recommended.    
+    - **Token expiration date**: Select the date the token expires, up to 90 days in the future.  
     - **SSID**: Identifies the network that the device will connect to.  
 
         > [!NOTE]
@@ -80,26 +90,28 @@ Create an enrollment profile to enable enrollment on devices.
 
         - **Pre-shared key**: The pre-shared key that's used to authenticate with the network.  
 
-3. Select **Next** and optionally, select scope tags. 
-4. Select **Next**. Review the details of your profile and then select **Create** to save the profile.  
+7. Select **Next**.
+8. Optionally, select scope tags.  
+9. Select **Next**. 
+10. Review the details of your profile and then select **Create** to save the profile.  
 
 ### Access enrollment token  
 After you create a profile, Intune generates a token that's needed for enrollment. To access the token:
 
-1. Go to **Corporate-owned, userless devices**.
+1. Go to **Corporate-owned, userless devices (Preview)**.
 2. From the list, select your enrollment profile. 
-2. Select **Tokens**. 
+3. Select **Tokens**. 
 
 Another way to find the token is:
-1. Go to **Corporate-owned, userless devices**.
+1. Go to **Corporate-owned, userless devices (Preview)**.
 2. Locate your profile in the list, and then select the **More** (**...**) menu that's next to it.
 3. Select **View enrollment token**.  
 
 The token appears as a QR code. During device setup, when prompted to, scan the QR code to enroll the device in Intune.
 
 You can also export the enrollment profile JSON file. To create a JSON file:
 
-1. Go to **Corporate-owned, userless devices**.
+1. Go to **Corporate-owned, userless devices (Preview)**.
 2. From the list, select your enrollment profile.
 3. Select **Token > Export**.   
 
@@ -110,12 +122,13 @@ You can also export the enrollment profile JSON file. To create a JSON file:
 ### Replace token  
 Generate a new token to replace one that's nearing its expiration date. Replacing a token does not affect devices that are already enrolled.  
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).  
-2. Select **Devices** > **Android** > **Android enrollment** > **Corporate-owned, userless devices**.  
-3. Choose the profile that you want to work with.
-4. Select **Token** > **Replace token**.
-5. Enter the new token expiration date. Tokens must be replaced at least every 90 days. 
-6. Select **OK**.    
+1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
+2. Select the **Android** tab.  
+3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, userless devices (Preview)**. 
+4. Choose the profile that you want to work with.
+5. Select **Token** > **Replace token**.
+6. Enter the new token expiration date. Tokens must be replaced at least every 90 days. 
+7. Select **OK**.    
 
 ### Revoke token  
 Revoke a token to immediately expire it and make it unusable. For example, it's appropriate to revoke a token when:
@@ -125,10 +138,11 @@ Revoke a token to immediately expire it and make it unusable. For example, it's
 
  Revoking a token does not affect devices that are already enrolled.
 
-1.	Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).  
-2. Select **Devices** > **Android** > **Android enrollment** > **Corporate-owned, userless devices**.
-2.	Choose the profile that you want to work with.
-3.	Select **Token** > **Revoke token** > **Yes**.   
+1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
+2. Select the **Android** tab.  
+3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, userless devices (Preview)**.  
+4.	Choose the profile that you want to work with.
+5.	Select **Token** > **Revoke token** > **Yes**.   
 
 ## Create a device group  
 You can create *assigned device groups* or *dynamic device groups* in Intune. For more information about both groups, see [Add groups to organize users and devices](../fundamentals/groups-add.md).
@@ -137,7 +151,7 @@ Dynamic device groups are configured to automatically add and remove devices bas
 
 Complete the following steps to create a dynamic Microsoft Entra device group for devices enrolled with an Android (AOSP) corporate-owned, userless enrollment profile.  
 
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and choose **Groups** > **All groups** > **New group**.
+1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Groups** > **All groups** > **New group**.  
 2. In the **Group** blade, fill out the required fields as follows:
     - **Group type**: Security
     - **Group name**: Type an intuitive name (like Factory 1 devices)
@@ -169,7 +183,8 @@ After you set up and assign the Android (AOSP) enrollment profiles, you can enro
     *  Microsoft Intune app  
     *  Intune Company Portal app  
 
-To use JSON to enroll devices, refer to instructions provided by the device manufacturer.
+To use JSON to enroll devices, refer to instructions provided by the device manufacturer.  
+
 ## After enrollment 
 
 ### App updates