Merge pull request #17072 from MicrosoftDocs/main

Publish main to live 01/14/2024, 3:30 PM

autopilot/device-preparation/overview.md

@@ -8,7 +8,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 06/03/2024
+ms.date: 01/14/2025
 ms.topic: overview
 ms.collection:
   - M365-modern-desktop
@@ -134,7 +134,9 @@ For more information, see [Enrollment time grouping in Microsoft Intune](/mem/in
 
 ### Corporate identifiers for Windows
 
-Windows Autopilot device preparation supports the Intune corporate identifier enrollment feature. Corporate identifiers in Intune allows pre-uploading of Windows device identifiers (serial number, manufacturer, model) and ensures only trusted devices go through Windows Autopilot device preparation. Corporate identifiers for Windows is optional for Windows Autopilot device preparation. Corporate identifiers for Windows isn't required for a Windows Autopilot device preparation deployment to work. For more information, see:
+Windows Autopilot device preparation supports the Intune corporate identifier enrollment feature. Corporate identifiers in Intune allows pre-uploading of Windows device identifiers (serial number, manufacturer, model) and ensures only trusted devices go through Windows Autopilot device preparation.
+
+Windows Autopilot device preparation only requires corporate identifiers for Windows if Intune enrollment restrictions are being used to block personal device enrollments. For more information, see:
 
 - [Identify devices as corporate-owned](/mem/intune/enrollment/corporate-identifiers-add).
 - [What are enrollment restrictions?](/mem/intune/enrollment/enrollment-restrictions-set).

autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md

@@ -7,7 +7,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 06/03/2024
+ms.date: 01/14/2025
 ms.topic: tutorial
 ms.collection:
   - tier1
@@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps:
 - Step 4: [Create a user group](entra-join-user-group.md)
 - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md)
 - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md)
-- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow).
 

autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md

@@ -7,7 +7,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 06/03/2024
+ms.date: 01/14/2025
 ms.topic: tutorial
 ms.collection:
   - tier1
@@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps:
 > - **Step 5: Assign applications and PowerShell scripts to device group**
 
 - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md)
-- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow).
 

autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md

@@ -7,7 +7,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 06/03/2024
+ms.date: 01/14/2025
 ms.topic: tutorial
 ms.collection:
   - tier1
@@ -30,7 +30,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps:
 - Step 4: [Create a user group](entra-join-user-group.md)
 - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md)
 - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md)
-- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow).
 

autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md

@@ -7,7 +7,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 06/28/2024
+ms.date: 01/14/2025
 ms.topic: tutorial
 ms.collection:
   - tier1
@@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps:
 >
 > - **Step 6: Create Windows Autopilot device preparation policy**
 
-- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow).
 
@@ -172,11 +172,11 @@ In the **Configuration settings** page:
 
 If multiple Windows Autopilot device preparation polices are deployed to a user, the policy with the highest priority as displayed in the **Home** > **Enroll devices | Windows enrollment** > **Device preparation policies** screen gets priority. The policy with the highest priority is higher in the list and has the smallest number under the **Priority** column. To change a policy's priority, move it in the list by dragging the policy within the list.
 
-## Next step: Add Windows corporate identifier to device (optional)
+## Next step: Add Windows corporate identifier to device
 
 > [!div class="nextstepaction"]
-> [Step 7: Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+> [Step 7: Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 > [!NOTE]
 >
-> Adding a [corporate identifier](../../overview.md#corporate-identifiers-for-windows) to the device is an optional step. If corporate identifiers aren't being used, then the next step is to deploy the device.
+> Windows Autopilot device preparation only requires [corporate identifiers for Windows](../../overview.md#corporate-identifiers-for-windows) if Intune enrollment restrictions are being used to block personal device enrollments. If Intune enrollment restrictions aren't being used to block personal device enrollments, then the next step is to deploy the device.

autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md

@@ -7,7 +7,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 11/20/2024
+ms.date: 01/14/2025
 ms.topic: tutorial
 ms.collection:
   - tier1
@@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps:
 - Step 4: [Create a user group](entra-join-user-group.md)
 - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md)
 - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md)
-- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow).
 

autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md

@@ -7,7 +7,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 06/03/2024
+ms.date: 01/14/2025
 ms.topic: tutorial
 ms.collection:
   - tier1
@@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps:
 
 - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md)
 - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md)
-- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow).
 

autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md

@@ -7,7 +7,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 09/13/2024
+ms.date: 01/14/2025
 ms.topic: tutorial
 ms.collection:
   - tier1
@@ -83,7 +83,7 @@ The following steps are needed to configure and then perform a Windows Autopilot
 > - Step 4: [Create a user group](entra-join-user-group.md)
 > - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md)
 > - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md)
-> - Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md)
+> - Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md)
 
 > [!NOTE]
 >

autopilot/toc.yml

@@ -43,7 +43,7 @@ items:
               href: device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md
             - name: Step 6 - Create Windows Autopilot device preparation policy
               href: device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md
-            - name: Step 7 - Add Windows corporate identifier to device (optional)
+            - name: Step 7 - Add Windows corporate identifier to device
               href: device-preparation/tutorial/user-driven/entra-join-corporate-identifier.md
 
 - name: Windows Autopilot

memdocs/intune/enrollment/ios-device-enrollment.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 07/16/2024
+ms.date: 01/14/2025
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -85,12 +85,14 @@ For more information about how employees and students can access these actions i
 ## Certificates  
 This enrollment type supports the Automated Certificate Management Environment (ACME) protocol. When new devices enroll, the management profile from Intune receives an ACME certificate. The ACME protocol provides better protection than the SCEP protocol against unauthorized certificate issuance through robust validation mechanisms and automated processes, which helps reduce errors in certificate management.
 
-Devices that are already enrolled do not get an ACME certificate on unless they re-enroll into Microsoft Intune. ACME is supported on devices running: 
+Devices that are already enrolled do not get an ACME certificate unless they re-enroll into Microsoft Intune. Acme is supported on devices running: 
 
 - iOS 16.0 or later  
 
 - iPadOS 16.1 or later  
 
+This capability is also supported in [GCC High tenants](../fundamentals/intune-govt-service-description.md). 
+
 ## Known issues and limitations 
 
 Intune enrollment with Apple device enrollment has the following known issues and limitations. 

memdocs/intune/fundamentals/groups-add.md

@@ -8,7 +8,7 @@ keywords:
 author: Smritib17
 ms.author: smbhardwaj
 manager: dougeby
-ms.date: 11/27/2024
+ms.date: 01/14/2025
 ms.topic: how-to
 #customer intent: As an IT admin, I want to add groups, so that users and devices are organized.
 ms.service: microsoft-intune
@@ -98,6 +98,29 @@ Consider some of the other dynamic user and device groups you can create, such a
 - Human Resources
 - All Charlotte employees
 
+## Edit a group
+
+As an Intune admin, you can edit groups, such as changing the group members, owner, and properties.
+
+Use the following steps to edit an existing group:
+
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Groups** > **All groups** > *select the name of a group to edit*.
+3. Under the **Manage** menu group, select an area of the group to edit, such as **Properties**, **Members**, or **Owners**.
+
+When you add new members, you can choose from **Users**, **Groups**, **Devices**, and **Enterprise applications**.
+
+## Delete a group
+
+As an Intune admin, you can delete groups that are no longer needed.
+
+Use the following steps to delete an existing group:
+
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Groups** > **All groups** > *select the name of a group to delete* > **Delete**.
+
+To view a list of recently deleted groups, select **Groups** > **Deleted groups**. Note that after deleting a group, the deleted groups list may may take time to update.
+
 ## Device groups
 
 You can create **device groups** when you need to run administrative tasks based on the device identity, not the user identity. They're useful for managing devices that don't have dedicated users, such as kiosk devices, devices shared by shift workers, or devices assigned to a specific location.

memdocs/intune/fundamentals/whats-new.md

@@ -101,7 +101,7 @@ For more information about customizing the Company Portal and Intune apps, see [
 >
 > *Rollout of this feature is delayed and now expected to be available on or around January 18th, 2025.*
 
-You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you mange as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario.
+You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you manage as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario.
 
 With this support, tamper protection configurations from *Windows Security Experience* profiles for *Antivirus* policies now apply to all devices instead of only to those that are enrolled with Intune.
 
@@ -1066,7 +1066,9 @@ ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, an
 
 - iOS 16.0 or later
 - iPadOS 16.1 or later
-- macOS 13.1 or later
+- macOS 13.1 or later  
+
+This capability is also supported in [GCC High tenants](../fundamentals/intune-govt-service-description.md).      
 
 ## Week of July 22, 2024 (Service release 2407)
 

memdocs/intune/includes/mdm-supported-devices.md

@@ -33,7 +33,7 @@ ms.localizationpriority: high
 
 - For user-based management methods: Android 10.0 and later
 - For userless management methods: Android 8.0 and later (including Samsung KNOX Standard 3.0 and higher: [requirements](https://www.samsungknox.com/en/knox-platform/supported-devices/2.4+))
-- Android enterprise
+- Android Enterprise: Android 8.0 and later
 - Android open source project device: [See here for the list of supported devices](../fundamentals/android-os-project-supported-devices.md)
 [!INCLUDE [android-supported-os](android-supported-os.md)]
 

memdocs/intune/remote-actions/device-locate.md

@@ -69,6 +69,9 @@ You need to enable Windows location services in Windows Out of Box Experience (O
 - Windows Holographic for Business
 - Windows Phone
 
+> [!NOTE]
+> The locate device capability (excluding the lost device sound alert) is not supported on GCC High environments.
+
 ## Locate a lost or stolen device
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).