From cbec093de162fd5fd06e5df184891e6014230b28 Mon Sep 17 00:00:00 2001
From: Recolic <git@me.recolic.net>
Date: Fri, 19 Jan 2024 18:32:56 -0800
Subject: [PATCH] .Doc: update instructions to make it easier to understand

---
 README.md | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 55ff9a0..9f14e11 100644
--- a/README.md
+++ b/README.md
@@ -1,31 +1,39 @@
 # Intune for Archlinux
 
-There are two levels of Intune Setup. 
+You have two options to access MSFT resources on Arch Linux.
 
-After installing level-1, you can access everything with certificate copied from a level-2 machine.   
-After installing level-2, you can actually enroll the machine and get a certificate. 
+1. Install level-1 & level-2, enroll your Arch machine.
+2. Install level-1 & level-2 in another Ubuntu VM, enroll your Ubuntu VM. Install level-1 on your Arch, and copy certificate from Ubuntu to Arch.
 
 ## Install Level-1
 
+> To **use** a certificate.
+
 1. Install `libsdbus-c++0 msalsdk-dbusclient microsoft-identity-broker` packages in this repo. Note that they depends on `jre11-openjdk`. 
 2. Install `microsoft-edge-stable-bin` from AUR. 
 3. `[Temporary Fix]` Downgrade `tpm2-tss` to `3.2.0-1`, and add it to `IgnorePkg` in `/etc/pacman.conf`.
 
 ## Install Level-2 and enroll
 
-> Installing level-2 components will make your machine managed. You must satisfy password requirements, and disk-encryption requirements. Ref: <https://aka.ms/LinuxPortal>
+> To **generate** a certificate.
 
-Use a Ubuntu **20.04** VM to perform level-2 enroll. ArchLinux level-2 enroll is theoretically supported, but I never tested it. 
+> Note: Enrollment makes your machine managed. You must satisfy password requirements, and disk-encryption requirements. Ref: <https://aka.ms/LinuxPortal>
 
-1. install intune-portal and its dependencies (pwquality)
-2. copy /etc/os-release from ubuntu 2004 to archlinux
-3. make sure you followed procedure of official doc
+### For Ubuntu
+
+Simply follow the official guide. <https://aka.ms/LinuxPortal>
 
-> Note: modifying `/etc/os-release` might cause problem for dkms. Run `[[ -f /usr/bin/dkms ]] && sed -i 's/sign_file=[^ ]*$/sign_file=Iamnotubuntudonotlookforsignfileplease /g' /usr/bin/dkms` if you are getting dkms error.
+### For Arch Linux
+
+[TODO: working in progress]
+<!--
+1. install intune-portal and its dependencies (pwquality)
+2. make sure you followed procedure of official doc
+-->
 
 ## Move certificates from Level-2 machine to Level-1 machine
 
-> The certificate will usually expire in 1 month. 
+> The certificate will usually expire, and get rotated in 1 month. 
 
 Copy the following files from enrolled Level-2 machine to unenrolled Level-1 machine: 
 
@@ -42,7 +50,7 @@ Copy the following files from enrolled Level-2 machine to unenrolled Level-1 mac
 
 Then, run `seahorse` to double-confirm your "login" keyring is unlocked and non-empty. It may ask you to enter the previous login password. 
 
-> You could change the password but DO NOT remove the password protection! There is a known bug <https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/103>
+> You may change the password but DO NOT remove the password protection! There is a known bug <https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/103>
 
 You are all set! 
 
-- 
GitLab