From a6a7f69d9436b7db7713667e22d675aca3a95e54 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 13 Jan 2025 20:12:52 -0500 Subject: [PATCH 01/15] Update APDP docs to clarify corporate identifiers for Windows --- autopilot/device-preparation/overview.md | 4 +++- .../user-driven/entra-join-allow-users-to-join.md | 4 ++-- .../user-driven/entra-join-assign-apps-scripts.md | 4 ++-- .../user-driven/entra-join-automatic-enrollment.md | 4 ++-- .../tutorial/user-driven/entra-join-autopilot-policy.md | 8 ++++---- .../tutorial/user-driven/entra-join-device-group.md | 4 ++-- .../tutorial/user-driven/entra-join-user-group.md | 4 ++-- .../tutorial/user-driven/entra-join-workflow.md | 4 ++-- 8 files changed, 19 insertions(+), 17 deletions(-) diff --git a/autopilot/device-preparation/overview.md b/autopilot/device-preparation/overview.md index 387220a75ff..e77d6e00de2 100644 --- a/autopilot/device-preparation/overview.md +++ b/autopilot/device-preparation/overview.md @@ -134,7 +134,9 @@ For more information, see [Enrollment time grouping in Microsoft Intune](/mem/in ### Corporate identifiers for Windows -Windows Autopilot device preparation supports the Intune corporate identifier enrollment feature. Corporate identifiers in Intune allows pre-uploading of Windows device identifiers (serial number, manufacturer, model) and ensures only trusted devices go through Windows Autopilot device preparation. Corporate identifiers for Windows is optional for Windows Autopilot device preparation. Corporate identifiers for Windows isn't required for a Windows Autopilot device preparation deployment to work. For more information, see: +Windows Autopilot device preparation supports the Intune corporate identifier enrollment feature. Corporate identifiers in Intune allows pre-uploading of Windows device identifiers (serial number, manufacturer, model) and ensures only trusted devices go through Windows Autopilot device preparation. + +Windows Autopilot device preparation only requires corporate identifiers for Windows if Intune enrollment restrictions are being used to block personal device enrollments. For more information, see: - [Identify devices as corporate-owned](/mem/intune/enrollment/corporate-identifiers-add). - [What are enrollment restrictions?](/mem/intune/enrollment/enrollment-restrictions-set). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md index 05b23e1c343..6dc54bd8cbf 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 4: [Create a user group](entra-join-user-group.md) - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md index 311d3de1724..cbb39fc1082 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: > - **Step 5: Assign applications and PowerShell scripts to device group** - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md index 25c5aaa1004..3706e673c3e 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -30,7 +30,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 4: [Create a user group](entra-join-user-group.md) - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md index 8f6d1e4393f..39db5f7e27e 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/28/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: > > - **Step 6: Create Windows Autopilot device preparation policy** -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). @@ -172,10 +172,10 @@ In the **Configuration settings** page: If multiple Windows Autopilot device preparation polices are deployed to a user, the policy with the highest priority as displayed in the **Home** > **Enroll devices | Windows enrollment** > **Device preparation policies** screen gets priority. The policy with the highest priority is higher in the list and has the smallest number under the **Priority** column. To change a policy's priority, move it in the list by dragging the policy within the list. -## Next step: Add Windows corporate identifier to device (optional) +## Next step: Add Windows corporate identifier to device > [!div class="nextstepaction"] -> [Step 7: Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +> [Step 7: Add Windows corporate identifier to device](entra-join-corporate-identifier.md) > [!NOTE] > diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md index 90e571ee07e..6cb3d4883c8 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 11/20/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 4: [Create a user group](entra-join-user-group.md) - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md index 8471217c2d7..c252a0062e4 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md index 5a895179283..5c3b275fe76 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 09/13/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -83,7 +83,7 @@ The following steps are needed to configure and then perform a Windows Autopilot > - Step 4: [Create a user group](entra-join-user-group.md) > - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) > - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -> - Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +> - Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) > [!NOTE] > From 43912ad16d4c6f1cba32d578e232ba07e46437d5 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 13 Jan 2025 20:19:35 -0500 Subject: [PATCH 02/15] Update APDP docs to clarify corporate identifiers for Windows 2 --- autopilot/device-preparation/overview.md | 2 +- .../tutorial/user-driven/entra-join-autopilot-policy.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/autopilot/device-preparation/overview.md b/autopilot/device-preparation/overview.md index e77d6e00de2..c2b9974a453 100644 --- a/autopilot/device-preparation/overview.md +++ b/autopilot/device-preparation/overview.md @@ -8,7 +8,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: overview ms.collection: - M365-modern-desktop diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md index 39db5f7e27e..6f555aecceb 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md @@ -179,4 +179,4 @@ If multiple Windows Autopilot device preparation polices are deployed to a user, > [!NOTE] > -> Adding a [corporate identifier](../../overview.md#corporate-identifiers-for-windows) to the device is an optional step. If corporate identifiers aren't being used, then the next step is to deploy the device. +> Windows Autopilot device preparation only requires [corporate identifiers for Windows](../../overview.md#corporate-identifiers-for-windows) if Intune enrollment restrictions are being used to block personal device enrollments. If Intune enrollment restrictions aren't being used to block personal device enrollments, then the next step is to deploy the device. From d6fd432377e1022925aafef373163d7ab4d67d05 Mon Sep 17 00:00:00 2001 From: Cristina Osorio <67737046+crosoriov@users.noreply.github.com> Date: Tue, 14 Jan 2025 09:19:07 +0100 Subject: [PATCH 03/15] Update whats-new.md Typo --- memdocs/intune/fundamentals/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 415637b30f0..54058c44572 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -101,7 +101,7 @@ For more information about customizing the Company Portal and Intune apps, see [ > > *Rollout of this feature is delayed and now expected to be available on or around January 18th, 2025.* -You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you mange as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario. +You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you manage as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario. With this support, tamper protection configurations from *Windows Security Experience* profiles for *Antivirus* policies now apply to all devices instead of only to those that are enrolled with Intune. From b6dc5a873489112a97f25c78b02f9e48bc54e5c9 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 14 Jan 2025 09:19:48 -0500 Subject: [PATCH 04/15] Update APDP docs to clarify corporate identifiers for Windows 3 --- autopilot/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autopilot/toc.yml b/autopilot/toc.yml index 9769e0f9cfd..2c652f8e16b 100644 --- a/autopilot/toc.yml +++ b/autopilot/toc.yml @@ -43,7 +43,7 @@ items: href: device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md - name: Step 6 - Create Windows Autopilot device preparation policy href: device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md - - name: Step 7 - Add Windows corporate identifier to device (optional) + - name: Step 7 - Add Windows corporate identifier to device href: device-preparation/tutorial/user-driven/entra-join-corporate-identifier.md - name: Windows Autopilot From f358a63351e628de3bef0467ad4e77b87e0a20b1 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Tue, 14 Jan 2025 11:04:59 -0500 Subject: [PATCH 05/15] Update whats-new.md Added GCC mention to 2408 item --- memdocs/intune/fundamentals/whats-new.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 415637b30f0..c915154be27 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -1062,11 +1062,11 @@ As we prepare to support managed device attestation in Intune, we are starting a Existing OS and hardware eligible devices do not get the ACME certificate unless they re-enroll. There is no change to the end user's enrollment experience, and no changes to the Microsoft Intune admin center. This change only impacts enrollment certificates and has no impact on any device configuration policies. -ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, and Automated device enrollment (ADE) methods. Eligible OS versions include: +ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, and Automated device enrollment (ADE) methods. It's also supported in Government Community Cloud (GCC) High environments. Eligible OS versions include: - iOS 16.0 or later - iPadOS 16.1 or later -- macOS 13.1 or later +- macOS 13.1 or later ## Week of July 22, 2024 (Service release 2407) From 6ae97a9033e8b96a2b92535906b67c75814af3c0 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Tue, 14 Jan 2025 11:10:17 -0500 Subject: [PATCH 06/15] Update ACME support details in documentation Updated terminology --- memdocs/intune/fundamentals/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index c915154be27..e2effa7b19a 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -1062,7 +1062,7 @@ As we prepare to support managed device attestation in Intune, we are starting a Existing OS and hardware eligible devices do not get the ACME certificate unless they re-enroll. There is no change to the end user's enrollment experience, and no changes to the Microsoft Intune admin center. This change only impacts enrollment certificates and has no impact on any device configuration policies. -ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, and Automated device enrollment (ADE) methods. It's also supported in Government Community Cloud (GCC) High environments. Eligible OS versions include: +ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, and Automated device enrollment (ADE) methods. It's supported in Intune public tenants and GCC high tenants. Eligible OS versions include: - iOS 16.0 or later - iPadOS 16.1 or later From 2662bce36c750b59902132697114fe2e2baed530 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Tue, 14 Jan 2025 11:12:07 -0500 Subject: [PATCH 07/15] Update ios-device-enrollment.md Link to GCC high article --- memdocs/intune/enrollment/ios-device-enrollment.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/memdocs/intune/enrollment/ios-device-enrollment.md b/memdocs/intune/enrollment/ios-device-enrollment.md index ec69bf6aec4..cd4bd22eb8e 100644 --- a/memdocs/intune/enrollment/ios-device-enrollment.md +++ b/memdocs/intune/enrollment/ios-device-enrollment.md @@ -8,7 +8,7 @@ keywords: author: Lenewsad ms.author: lanewsad manager: dougeby -ms.date: 07/16/2024 +ms.date: 01/14/2025 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: enrollment @@ -85,11 +85,11 @@ For more information about how employees and students can access these actions i ## Certificates This enrollment type supports the Automated Certificate Management Environment (ACME) protocol. When new devices enroll, the management profile from Intune receives an ACME certificate. The ACME protocol provides better protection than the SCEP protocol against unauthorized certificate issuance through robust validation mechanisms and automated processes, which helps reduce errors in certificate management. -Devices that are already enrolled do not get an ACME certificate on unless they re-enroll into Microsoft Intune. ACME is supported on devices running: +Devices that are already enrolled do not get an ACME certificate unless they re-enroll into Microsoft Intune. ACME is supported in Intune public tenants and [GCC high tenants](../fundamentals/intune-govt-service-description.md) on devices running: - iOS 16.0 or later -- iPadOS 16.1 or later +- iPadOS 16.1 or later ## Known issues and limitations From fe082b23e00429ca2d4a02a0b28aa87d81330204 Mon Sep 17 00:00:00 2001 From: Frances Cohen <91682000+frcohen@users.noreply.github.com> Date: Tue, 14 Jan 2025 14:07:12 -0500 Subject: [PATCH 08/15] Update device-locate.md Update locate device doc to call out GCC is not supported --- memdocs/intune/remote-actions/device-locate.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/memdocs/intune/remote-actions/device-locate.md b/memdocs/intune/remote-actions/device-locate.md index 4d7d081bce2..d48693f2916 100644 --- a/memdocs/intune/remote-actions/device-locate.md +++ b/memdocs/intune/remote-actions/device-locate.md @@ -69,6 +69,9 @@ You need to enable Windows location services in Windows Out of Box Experience (O - Windows Holographic for Business - Windows Phone +> [!NOTE] +> The locate device capability (excluding the lost device sound alert) is not supported in GCC High environments. + ## Locate a lost or stolen device 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). From b7e570b6e2e6559042915edf65eac7c111f3a920 Mon Sep 17 00:00:00 2001 From: Frances Cohen <91682000+frcohen@users.noreply.github.com> Date: Tue, 14 Jan 2025 14:08:53 -0500 Subject: [PATCH 09/15] Fix typo in device locate documentation change wording --- memdocs/intune/remote-actions/device-locate.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/remote-actions/device-locate.md b/memdocs/intune/remote-actions/device-locate.md index d48693f2916..e325a91e655 100644 --- a/memdocs/intune/remote-actions/device-locate.md +++ b/memdocs/intune/remote-actions/device-locate.md @@ -70,7 +70,7 @@ You need to enable Windows location services in Windows Out of Box Experience (O - Windows Phone > [!NOTE] -> The locate device capability (excluding the lost device sound alert) is not supported in GCC High environments. +> The locate device capability (excluding the lost device sound alert) is not supported on GCC High environments. ## Locate a lost or stolen device From e3dd5b6cca4e63c9ab91439f7e17ac98c9572d1e Mon Sep 17 00:00:00 2001 From: Erik Reitan Date: Tue, 14 Jan 2025 11:34:53 -0800 Subject: [PATCH 10/15] erikre-docs-30846764 --- memdocs/intune/fundamentals/groups-add.md | 25 ++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/groups-add.md b/memdocs/intune/fundamentals/groups-add.md index af73b7aedde..aff95a6f320 100644 --- a/memdocs/intune/fundamentals/groups-add.md +++ b/memdocs/intune/fundamentals/groups-add.md @@ -8,7 +8,7 @@ keywords: author: Smritib17 ms.author: smbhardwaj manager: dougeby -ms.date: 11/27/2024 +ms.date: 01/14/2025 ms.topic: how-to #customer intent: As an IT admin, I want to add groups, so that users and devices are organized. ms.service: microsoft-intune @@ -98,6 +98,29 @@ Consider some of the other dynamic user and device groups you can create, such a - Human Resources - All Charlotte employees +## Edit a group + +As an Intune admin, you can edit groups, such as changing the group members, owner, and properties. + +Use the following steps to edit an existing group: + +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Select **Groups** > **All groups** > *select the name of a group to edit*. +3. Under the **Manage** menu group, select an area of the group to edit, such as **Properties**, **Members**, or **Owners**. + +When you add new members, you can choose from **Users**, **Groups**, **Devices**, and **Enterprise applications**. + +## Delete a group + +As an Intune admin, you can delete groups that are no longer needed. + +Use the following steps to delete an existing group: + +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Select **Groups** > **All groups** > *select the name of a group to delete* > **Delete**. + +To view a list of recently deleted groups, select **Groups** > **Deleted groups**. Note that after deleting a group, the deleted groups list may may take time to update. + ## Device groups You can create **device groups** when you need to run administrative tasks based on the device identity, not the user identity. They're useful for managing devices that don't have dedicated users, such as kiosk devices, devices shared by shift workers, or devices assigned to a specific location. From 6628ca2951fc5c9e6000f8fc26ffb80d7b50bf5c Mon Sep 17 00:00:00 2001 From: Frances Cohen <91682000+frcohen@users.noreply.github.com> Date: Tue, 14 Jan 2025 15:44:20 -0500 Subject: [PATCH 11/15] Update mdm-supported-devices.md Update AE bullet to specify OS version --- memdocs/intune/includes/mdm-supported-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/includes/mdm-supported-devices.md b/memdocs/intune/includes/mdm-supported-devices.md index ba1c560daf5..25600f2fe8e 100644 --- a/memdocs/intune/includes/mdm-supported-devices.md +++ b/memdocs/intune/includes/mdm-supported-devices.md @@ -33,7 +33,7 @@ ms.localizationpriority: high - For user-based management methods: Android 10.0 and later - For userless management methods: Android 8.0 and later (including Samsung KNOX Standard 3.0 and higher: [requirements](https://www.samsungknox.com/en/knox-platform/supported-devices/2.4+)) -- Android enterprise +- Android Enterprise: Android 8.0 and later - Android open source project device: [See here for the list of supported devices](../fundamentals/android-os-project-supported-devices.md) [!INCLUDE [android-supported-os](android-supported-os.md)] From a4855f838813cc7164bd21e1d095bd0a81ae8f7f Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Tue, 14 Jan 2025 17:54:55 -0500 Subject: [PATCH 12/15] Update ACME certificate support information --- memdocs/intune/enrollment/ios-device-enrollment.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/memdocs/intune/enrollment/ios-device-enrollment.md b/memdocs/intune/enrollment/ios-device-enrollment.md index cd4bd22eb8e..4cce566cb7c 100644 --- a/memdocs/intune/enrollment/ios-device-enrollment.md +++ b/memdocs/intune/enrollment/ios-device-enrollment.md @@ -85,11 +85,13 @@ For more information about how employees and students can access these actions i ## Certificates This enrollment type supports the Automated Certificate Management Environment (ACME) protocol. When new devices enroll, the management profile from Intune receives an ACME certificate. The ACME protocol provides better protection than the SCEP protocol against unauthorized certificate issuance through robust validation mechanisms and automated processes, which helps reduce errors in certificate management. -Devices that are already enrolled do not get an ACME certificate unless they re-enroll into Microsoft Intune. ACME is supported in Intune public tenants and [GCC high tenants](../fundamentals/intune-govt-service-description.md) on devices running: +Devices that are already enrolled do not get an ACME certificate unless they re-enroll into Microsoft Intune. Acme is supported on devices running: - iOS 16.0 or later -- iPadOS 16.1 or later +- iPadOS 16.1 or later + +This capability is also supported in [GCC high tenants](../fundamentals/intune-govt-service-description.md). ## Known issues and limitations From 16cc22fe4d98ae6c9f0214719275787af7410e1e Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Tue, 14 Jan 2025 17:57:39 -0500 Subject: [PATCH 13/15] Update ACME support details in documentation --- memdocs/intune/fundamentals/whats-new.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index e2effa7b19a..b9fb895e0ba 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -1062,12 +1062,14 @@ As we prepare to support managed device attestation in Intune, we are starting a Existing OS and hardware eligible devices do not get the ACME certificate unless they re-enroll. There is no change to the end user's enrollment experience, and no changes to the Microsoft Intune admin center. This change only impacts enrollment certificates and has no impact on any device configuration policies. -ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, and Automated device enrollment (ADE) methods. It's supported in Intune public tenants and GCC high tenants. Eligible OS versions include: +ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, and Automated device enrollment (ADE) methods. Eligible OS versions include: - iOS 16.0 or later - iPadOS 16.1 or later - macOS 13.1 or later +This capability is also supported in [GCC high tenants](../fundamentals/intune-govt-service-description.md). + ## Week of July 22, 2024 (Service release 2407) ### Microsoft Intune Suite From 2a48dc5fd612ad9ccdddb33bb7d1defdd5b27207 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Tue, 14 Jan 2025 17:59:06 -0500 Subject: [PATCH 14/15] Capitalize "High" in GCC High tenants capitalized "high" line 94 --- memdocs/intune/enrollment/ios-device-enrollment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/enrollment/ios-device-enrollment.md b/memdocs/intune/enrollment/ios-device-enrollment.md index 4cce566cb7c..b4a5872ed0b 100644 --- a/memdocs/intune/enrollment/ios-device-enrollment.md +++ b/memdocs/intune/enrollment/ios-device-enrollment.md @@ -91,7 +91,7 @@ Devices that are already enrolled do not get an ACME certificate unless they re- - iPadOS 16.1 or later -This capability is also supported in [GCC high tenants](../fundamentals/intune-govt-service-description.md). +This capability is also supported in [GCC High tenants](../fundamentals/intune-govt-service-description.md). ## Known issues and limitations From f5ec3af0bc7718566297dec97083b342ae766e0f Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Tue, 14 Jan 2025 18:00:05 -0500 Subject: [PATCH 15/15] Fix capitalization in "GCC High tenants" --- memdocs/intune/fundamentals/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index b9fb895e0ba..d3518ac44b1 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -1068,7 +1068,7 @@ ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, an - iPadOS 16.1 or later - macOS 13.1 or later -This capability is also supported in [GCC high tenants](../fundamentals/intune-govt-service-description.md). +This capability is also supported in [GCC High tenants](../fundamentals/intune-govt-service-description.md). ## Week of July 22, 2024 (Service release 2407)