diff --git a/autopilot/device-preparation/known-issues.md b/autopilot/device-preparation/known-issues.md
index 21fe518cd4d..8ea00ede73d 100644
--- a/autopilot/device-preparation/known-issues.md
+++ b/autopilot/device-preparation/known-issues.md
@@ -8,7 +8,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 11/15/2024
+ms.date: 12/18/2024
 ms.collection:
   - M365-modern-desktop
   - highpri
@@ -40,7 +40,15 @@ This article describes known issues that can often be resolved with:
 
 ## Known issues
 
-## Deployments fail when Managed installer policy is enabled for the tenant
+## Apps and scripts tabs don't display properly when editing the Windows Autopilot device preparation profile
+
+Date added: *December 18, 2024*
+
+During the editing flow of the Windows Autopilot device preparation policy, there's a known issue when displaying the **Applications** and **Scripts** tabs where the tabs might display incorrect information. For example, under the **Scripts** tab, a list of applications might be shown instead of a list of scripts. The issue is impacting only the view in Microsoft Intune and not the configuration being applied to the device. The issue is being investigated.
+
+As a workaround, select the table header **Allowed Applications** or **Allowed Scripts** to reload the table's contents.
+
+## Win32 and WinGet applications are skipped when Managed installer policy is enabled for the tenant
 
 Date added: *October 10, 2024*<br>
 Date updated: *November 15, 2024*
diff --git a/memdocs/configmgr/compliance/TOC.yml b/memdocs/configmgr/compliance/TOC.yml
index 8abbcd105eb..5c3a3741e61 100644
--- a/memdocs/configmgr/compliance/TOC.yml
+++ b/memdocs/configmgr/compliance/TOC.yml
@@ -3,6 +3,8 @@ items:
   href: index.yml
 - name: Understand and explore
   items:
+  - name: Understand compliance
+    href: understand/fundamentals-of-compliance.md
   - name: Ensure device compliance
     href: understand/ensure-device-compliance.md
 - name: Get started
diff --git a/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md b/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md
new file mode 100644
index 00000000000..b88d4cf1121
--- /dev/null
+++ b/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md
@@ -0,0 +1,55 @@
+---
+title: Understand compliance in Configuration Manager
+author: dougeby
+ms.author: dougeby
+manager: dougeby
+audience: ITPro
+ms.topic: conceptual
+ms.service: configuration-manager
+ms.collection: 
+ - tier1
+ - essentials-compliance
+description: Learn about compliance certifications, dependencies, and features in Configuration Manager supporting data protection and regulatory requirements.
+ms.date: 12/3/2024
+---
+
+# Understand compliance in Configuration Manager
+
+Configuration Manager supports compliance features to help organizations meet national, regional, and industry-specific regulations. Configuration Manager aligns with Microsoft's commitment to data protection, privacy, and compliance, by offering tools to help secure and manage data effectively.
+
+## Shared responsibility model
+
+Microsoft ensures that Configuration Manager complies with various industry standards and regulatory frameworks. However, customers are responsible for implementing their data protection and compliance strategies to align with their specific organizational requirements.
+
+## Compliance dependencies
+
+Configuration Manager leverages other Microsoft services for compliance, including:
+
+- [Microsoft Entra ID](/entra/fundamentals/whatis): Identity and access management.
+- [Microsoft Intune](/mem/intune): Enforces device compliance and conditional access policies.
+
+## Microsoft Intune capabilities for compliance
+
+Microsoft Intune helps enforce compliance policies and protect organizational data specifically for Intune:
+
+- **Conditional Access**: Ensures only compliant devices and apps managed by Intune can access sensitive data. See [Conditional Access](/mem/intune/protect/conditional-access).
+- **Device Compliance Enforcement**: Enforces device compliance policies to meet organizational security requirements. See [Device Compliance Policies](/mem/intune/protect/device-compliance-get-started).
+
+For more information about Intune compliance capabilities, visit the [Microsoft Intune documentation](/mem/intune).
+> [!NOTE]
+> For more information about how to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune, see [What is co-management?](/mem/configmgr/comanage/overview).
+
+## Data encryption
+
+Use Configuration Manager to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients, which are joined to Active Directory. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring. For more information, see [Plan for BitLocker management](/mem/configmgr/protect/plan-design/bitlocker-management).
+
+## Compliance features
+
+Configuration Manager includes several compliance features that help organizations manage device compliance. For more information, see [Ensure device compliance with Configuration Manager](/mem/configmgr/compliance/understand/ensure-device-compliance).
+
+## Related articles
+
+- [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement)
+- [Microsoft Trust Center](https://www.microsoft.com/trust-center)
+- [Additional privacy information](/mem/configmgr/core/plan-design/security/additional-privacy)
+- [Fundamentals of security](/mem/configmgr/core/understand/fundamentals-of-security)
diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md
index b333c28011f..7dc36ab984a 100644
--- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md
+++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md
@@ -2,12 +2,12 @@
 title: Console support
 titleSuffix: Configuration Manager
 description: Learn about which OS versions you can install the Configuration Manager console.
-ms.date: 12/01/2023
+ms.date: 12/19/2024
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: reference
-author: Banreet
-ms.author: banreetkaur
+author: Baladelli  
+ms.author: Baladell
 manager: apoorvseth
 ms.localizationpriority: medium
 ms.collection: tier3
@@ -20,6 +20,8 @@ ms.reviewer: mstewart,aaroncz
 
 Configuration Manager supports the installation of the console on the following Windows OS versions:
 
+- **Windows Server 2025**: Standard, Datacenter (_starting in version 2409_)<!-- 10200029 -->
+
 - **Windows Server 2022**: Standard, Datacenter (_starting in version 2107_)<!-- 10200029 -->
 
 - **Windows Server 2019**: Standard, Datacenter
diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md
index b70a466efa5..2de4131414e 100644
--- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md
+++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md
@@ -2,7 +2,7 @@
 title: Supported clients and devices
 titleSuffix: Configuration Manager
 description: Learn which OS versions Configuration Manager supports for clients and devices.
-ms.date: 05/01/2024
+ms.date: 12/19/2024
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: conceptual
@@ -18,7 +18,7 @@ ms.reviewer: mstewart,aaroncz
 
 *Applies to: Configuration Manager (current branch)*
 
-Configuration Manager supports installing client software on Windows and macOS computers.
+Configuration Manager supports installing client software on Windows computers.
 
 ## General requirements and limitations
 
@@ -66,6 +66,8 @@ For more information, see the following articles:
 
 ### Supported server OS versions
 
+- **Windows Server 2025**: IoT, Standard, Datacenter (_starting in Configuration Manager version 2409_)<!-- 10200029 -->
+          
 - **Windows Server 2022**: IoT, Standard, Datacenter (_starting in Configuration Manager version 2107_)<!-- 10200029 -->
     - *Windows Server IoT 2022 for Storage* is not supported
 
@@ -90,6 +92,8 @@ The following versions specifically refer to the Server Core installation of the
 
 Windows Server semi-annual channel versions are Server Core installations, such as Windows Server, version 1809. As a Configuration Manager client, they're supported the same as the associated Windows 11 or Windows 10 semi-annual channel version. For more information, see [Support for Windows 11](support-for-windows-11.md) or [Support for Windows 10](support-for-windows-10.md).
 
+- **Windows Server 2025** (x64) <sup>[Note 1](#bkmk_note1)</sup> (_starting in version 2409_)<!-- 10200029 -->
+
 - **Windows Server 2022** (x64) <sup>[Note 1](#bkmk_note1)</sup> (_starting in version 2107_)<!-- 10200029 -->
 
 - **Windows Server 2019** (x64) <sup>[Note 1](#bkmk_note1)</sup>
diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md
index f402f899d16..e0c262dd03b 100644
--- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md
+++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md
@@ -2,12 +2,12 @@
 title: Supported site system servers
 titleSuffix: Configuration Manager
 description: Learn which Windows versions you can use to host a Configuration Manager site or site system role.
-ms.date: 12/01/2023
+ms.date: 12/19/2024
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: conceptual
-author: Banreet
-ms.author: banreetkaur
+author: Baladelli
+ms.author: baladell
 manager: apoorvseth
 ms.localizationpriority: medium
 ms.collection: tier3
@@ -20,6 +20,32 @@ ms.reviewer: mstewart,aaroncz
 
 This article details the Windows versions that you can use to host a Configuration Manager site or site system role.
 
+## Windows Server 2025
+
+_Applies to Datacenter: Azure Edition, Standard and Datacenter editions_
+
+Site servers:
+
+- Central administration site
+- Primary site
+- Secondary site
+
+Site system servers:
+
+- Certificate registration point
+- Cloud management gateway connection point
+- Data warehouse service point
+- Distribution point <sup>[Note 1](#bkmk_note1)</sup>
+- Endpoint Protection point
+- Fallback status point
+- Management point
+- Reporting services point
+- Service connection point
+- Site database server <sup>[Note 2](#bkmk_note2)</sup>
+- SMS Provider
+- Software update point
+- State migration point
+
 ## Windows Server 2022
 
 _Applies to Datacenter: Azure Edition, Standard and Datacenter editions_
@@ -145,6 +171,7 @@ This support has the following limitation:
 
 The server core installation of the following server OS versions is supported for use as a **distribution point**:
 
+- Windows Server 2025
 - Windows Server 2022
 - Windows Server 2019
 - Windows Server, version 1809
diff --git a/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md b/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md
index f6954a91102..a1c6c5c520b 100644
--- a/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md
+++ b/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md
@@ -97,7 +97,7 @@ As of December 16 , 2024, version 2409 is globally available for all customers t
 
 ### All sites run a supported version of Configuration Manager
 
-Each site server in the hierarchy must run the same version of Configuration Manager before you can start the installation. To update to version 2409, use version 2309 or later.
+Each site server in the hierarchy must run the same version of Configuration Manager before you can start the installation. To update to version 2409, use version 2303 or later.
 
 ### Review the status of your product licensing
 
diff --git a/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md b/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md
index 7fe4cd60d91..23b5a7f973d 100644
--- a/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md
+++ b/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md
@@ -2,7 +2,7 @@
 title: Upgrade on-premises infrastructure
 titleSuffix: Configuration Manager
 description: Learn how to upgrade infrastructure, such as SQL Server and the OS of site systems.
-ms.date: 04/04/2024
+ms.date: 12/19/2024
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: conceptual
@@ -32,6 +32,8 @@ Configuration Manager supports the in-place upgrade of the server OS that hosts
 
 - In-place upgrade from:
 
+  - Windows Server 2022 to Windows Server 2025
+
   - Windows Server 2019 to Windows Server 2022<!-- 10200029 -->
 
   - Windows Server 2016 to Windows Server 2022
@@ -50,10 +52,12 @@ To upgrade a server, use the upgrade procedures provided by the OS you're upgrad
 
 - [Upgrade and conversion options for Windows Server 2016](/windows-server/get-started/supported-upgrade-paths)
 
-### Upgrade to Windows Server 2016, 2019, or 2022
+### Upgrade to Windows Server 2016, 2019, 2022 or 2025
 
 Use the steps in this section for any of the following upgrade scenarios:
 
+- Upgrade either Windows Server 2019 or Windows Server 2022 to Windows Server 2025
+
 - Upgrade either Windows Server 2016 or Windows Server 2019 to Windows Server 2022
 
 - Upgrade either Windows Server 2012 R2 or Windows Server 2016 to Windows Server 2019
diff --git a/memdocs/configmgr/core/understand/fundamentals-of-security.md b/memdocs/configmgr/core/understand/fundamentals-of-security.md
index 17e78bb96a2..aff3337f7eb 100644
--- a/memdocs/configmgr/core/understand/fundamentals-of-security.md
+++ b/memdocs/configmgr/core/understand/fundamentals-of-security.md
@@ -10,7 +10,9 @@ author: banreet
 ms.author: banreetkaur
 manager: apoorvseth
 ms.localizationpriority: medium
-ms.collection: tier3
+ms.collection: 
+- essentials-security
+- tier3
 ms.reviewer: mstewart,aaroncz 
 ---
 
diff --git a/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md b/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md
index efa9d535a43..eba9339f946 100644
--- a/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md
+++ b/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md
@@ -2,7 +2,7 @@
 title: Windows in-place upgrade
 titleSuffix: Configuration Manager
 description: Learn how to use Configuration Manager to upgrade Windows to a later version.
-ms.date: 06/14/2024
+ms.date: 12/19/2024
 ms.service: configuration-manager
 ms.subservice: osd
 ms.topic: conceptual
@@ -44,6 +44,7 @@ Only create OS upgrade packages to upgrade to the following OS versions:
 - Windows Server 2016
 - Windows Server 2019
 - Windows Server 2022<!-- 10200029 -->
+- - Windows Server 2025
 
 ### Original version
 
@@ -67,6 +68,7 @@ For more information, see [Windows client upgrade paths](/windows/deployment/upg
 - An earlier version of Windows Server 2016
 - An earlier version of Windows Server 2019
 - An earlier version of Windows Server 2022
+- An earlier version of Windows Server 2025
 
 For more information about Windows Server supported upgrade paths, see [Windows Server 2016 supported upgrade paths](/windows-server/get-started/supported-upgrade-paths#upgrading-previous-retail-versions-of-windows-server-to-windows-server-2016) and [Windows Server Upgrade Center](/windows-server/upgrade/upgrade-overview).
 
diff --git a/memdocs/intune/apps/app-configuration-managed-home-screen-app.md b/memdocs/intune/apps/app-configuration-managed-home-screen-app.md
index 2020c4cd077..db49c80a223 100644
--- a/memdocs/intune/apps/app-configuration-managed-home-screen-app.md
+++ b/memdocs/intune/apps/app-configuration-managed-home-screen-app.md
@@ -37,7 +37,9 @@ The Managed Home Screen is the application used for corporate-owned Android Ente
 
 ## When to configure the Microsoft Managed Home Screen app
 
-First, ensure that your devices are supported. Intune supports the enrollment of Android Enterprise dedicated devices and fully managed devices running OS version 8.0 and above that reliably connect to Google Mobile Services. Similarly, Managed Home Screen supports Android devices running OS version 8.0 and above. 
+ [!INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)]
+
+First, ensure that your devices are supported. Intune supports the enrollment of Android Enterprise dedicated devices and fully managed devices running OS version 8.0 and above. Similarly, Managed Home Screen supports Android devices running OS version 8.0 and above. 
 
 Typically, if settings are available to you through device configuration profiles (**Devices** > **Manage devices** > **Configuration**), configure the settings there. Doing so will save you time, minimize errors, and will give you a better Intune-support experience. However, some of the Managed Home Screen settings are currently only available via the **App configuration policies** pane in the Intune admin center. Use this document to learn how to configure the different settings either using the configuration designer or a JSON script. Additionally, use this document to learn what Managed Home Screen settings are available using device configuration profiles. You may also see [Device settings](../configuration/device-restrictions-android-for-work.md#device-experience) for a full list of settings available in **Devices** > **Manage devices** > **Configuration** that impact the Managed Home Screen. 
 
diff --git a/memdocs/intune/apps/company-portal-app.md b/memdocs/intune/apps/company-portal-app.md
index 85c0d5c8b38..a48a34c6099 100644
--- a/memdocs/intune/apps/company-portal-app.md
+++ b/memdocs/intune/apps/company-portal-app.md
@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 06/07/2024
+ms.date: 12/20/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -43,7 +43,7 @@ The Company Portal apps, Company Portal website, and Intune app on Android are w
 
 ## Customizing the user experience
 
-By customizing the end-user experience, you will help to provide a familiar and helpful experience for your end users. To do this, sign in as an [Intune administrator](../fundamentals/users-add.md#types-of-administrators). Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Tenant Administration** > **Customization** where you can either edit the default policy or create up to 10 user group targeted policies. Note that targeting policies to device groups is not supported. These settings will apply to the Company Portal apps, Company Portal website, and Intune app on Android.
+By customizing the end-user experience, you will help to provide a familiar and helpful experience for your end users. To do this, sign in as an [Intune administrator](../fundamentals/users-add.md#types-of-administrators). Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Tenant Administration** > **Customization** where you can either edit the default policy or create up to 25 user group targeted policies. Note that targeting policies to device groups is not supported. These settings will apply to the Company Portal apps, Company Portal website, and Intune app on Android.
 
 ## Branding
 
diff --git a/memdocs/intune/apps/manage-without-gms.md b/memdocs/intune/apps/manage-without-gms.md
index bfea7580abe..4b92cde69ef 100644
--- a/memdocs/intune/apps/manage-without-gms.md
+++ b/memdocs/intune/apps/manage-without-gms.md
@@ -37,10 +37,8 @@ Microsoft Intune uses Google Mobile Services (GMS) to communicate with the Micro
 > [!NOTE]
 > These GMS related limitations also apply to Device Administrator management and Android (AOSP) Management.
 
-> [!NOTE]
-> Microsoft Intune is ending support for [Android device administrator management](../enrollment/android-enroll-device-administrator.md) on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable.
-> For devices running Android 15 or earlier that don't have access GMS (excluding Microsoft Teams certified Android devices), Intune will continue allowing device administrator enrollment and will maintain limited support, since Android Enterprise management is unavailable to these devices. However, device administrator use on these devices is still not recommended, since Google's device administrator deprecation means there could be future functionality impact outside Intune's ability to mitigate.
-> For more information, and to learn about alternatives to device administrator, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443).  
+[!INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)]
+
 ## Install the Intune Company Portal app without access to the Google Play Store
 
 ### For users outside of People's Republic of China
diff --git a/memdocs/intune/configuration/administrative-templates-windows.md b/memdocs/intune/configuration/administrative-templates-windows.md
index aae70458f92..4e1d690e371 100644
--- a/memdocs/intune/configuration/administrative-templates-windows.md
+++ b/memdocs/intune/configuration/administrative-templates-windows.md
@@ -34,6 +34,9 @@ ms.collection:
 
 > [!IMPORTANT]
 > Starting with the December 2412 release, you can't create new Administrative Templates policies from the **Templates** > **Administrative Templates** profile type in the Intune admin center. To create ADMX template profiles, use the **[settings catalog](settings-catalog.md)**. For more information on this change, see [Windows device configuration policies migrating to unified settings platform in Intune](https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-windows-device-configuration-policies-migrating-to/ba-p/4189665).
+> 
+> There will be no changes to the following UI experiences:
+> - ‘Imported Administrative templates (Preview)’ template which is used for Custom ADMX templates. 
 
 **Administrative Templates** in Microsoft Intune include thousands of settings that control features in Microsoft Edge version 77 and later, Internet Explorer, Google Chrome, Microsoft Office programs, remote desktop, OneDrive, passwords, PINs, and more. These settings enable administrators to create group policies using the cloud.
 
diff --git a/memdocs/intune/fundamentals/china-endpoints.md b/memdocs/intune/fundamentals/china-endpoints.md
index 159daec34e6..a3fedfc450b 100644
--- a/memdocs/intune/fundamentals/china-endpoints.md
+++ b/memdocs/intune/fundamentals/china-endpoints.md
@@ -8,7 +8,7 @@ keywords:
 author: Smritib17
 ms.author: smbhardwaj
 manager: dougeby
-ms.date: 03/24/2023
+ms.date: 12/19/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -49,10 +49,10 @@ The following tables list the ports and services that the Intune client accesses
 
 |**Endpoint**|**IP address**|
 |---------------------|-----------|
-|*.manage.microsoftonline.cn | 40.73.38.143<br>139.217.97.81<br>52.130.80.24<br>40.73.41.162<br>40.73.58.153<br>139.217.95.85 |
-
+|*.manage.microsoftonline.cn | 40.73.38.143<br>139.217.97.81<br>52.130.80.24<br>40.73.41.162<br>40.73.58.153<br>139.217.95.85 <br> 143.64.196.128/25 <br> 40.162.2.128/25 <br> 139.219.250.128/25 <br> 163.228.221.128/25 <br>|
 
 ## Intune customer designated endpoints in China
+
 - Azure portal: https:\//portal.azure.cn/
 - Microsoft 365: https:\//portal.partner.microsoftonline.cn/
 - Intune Company Portal: https:\//portal.manage.microsoftonline.cn/
@@ -69,6 +69,7 @@ If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also n
 ## Partner service endpoints
 
 Intune operated by 21Vianet depends on the following partner service endpoints:
+
 - Azure AD Sync service: https:\//syncservice.partner.microsoftonline.cn/DirectoryService.svc
 - Evo STS: https:\//login.chinacloudapi.cn/
 - Azure AD Graph: https:\//graph.chinacloudapi.us
@@ -80,5 +81,6 @@ Intune operated by 21Vianet depends on the following partner service endpoints:
 [!INCLUDE [Intune notices](../includes/apple-device-network-information.md)]
 
 ## Next steps
+
 [Learn more about Intune operated by 21Vianet in China](china.md)
 
diff --git a/memdocs/intune/fundamentals/in-development.md b/memdocs/intune/fundamentals/in-development.md
index e8bbe9676c1..50bd8187bc5 100644
--- a/memdocs/intune/fundamentals/in-development.md
+++ b/memdocs/intune/fundamentals/in-development.md
@@ -89,22 +89,6 @@ Applies to:
 
 ## Device configuration
 
-### More Wi-Fi configurations will be available for personally-owned work profile devices<!-- 28331156 -->
-
-Intune Wi-Fi configuration profiles for personally-owned work profile devices will soon support configuration of pre-shared keys and proxy settings.
-
-You will find these settings in the admin console in **Devices** > **Manage devices** > **Configuration** > **Create** > **New Policy**. Set **Platform** to Android Enterprise and **Profile Type** to Templates and then in the **Personally-Owned Work Profile** section, select Wi-Fi and select the **Create** button.
-
-In the **Configuration settings** tab, when Basic Wi-Fi type is selected, you will see several new options:
-
-1. Security type, with options for Open (no authentication), WEP-Pre-shared key, and WPA-Pre-shared key.
-2. Proxy settings, with the option to select Automatic and then specify the proxy server URL.
-
-It was possible to configure these in the past with Custom Configuration policies, but going forward, we recommend setting these in the Wi-Fi Configuration profile, because [Intune is ending support for Custom policies in April 2024.](https://aka.ms/Intune/Android-customprofiles).
-
-For more information, see [Wi-Fi settings for personally-owned work profile devices.](../configuration/wi-fi-settings-android-enterprise.md#personally-owned-work-profile).
-
-
 ### Low privileged account for Intune Connector for Active Directory for Hybrid join Autopilot flows<!-- 28662823 -->
 
 We're updating the Intune Connector for Active Directory to use a low privileged account to increase the security of your environment. The old connector will no longer be available for download but will continue to work until deprecation.
diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md
index 3c536ca9988..cf9c1aed93b 100644
--- a/memdocs/intune/fundamentals/intune-endpoints.md
+++ b/memdocs/intune/fundamentals/intune-endpoints.md
@@ -8,7 +8,7 @@ keywords:
 author: Smritib17
 ms.author: smbhardwaj
 manager: dougeby
-ms.date: 09/24/2024
+ms.date: 12/20/2024
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -19,7 +19,7 @@ ms.localizationpriority: high
 #ROBOTS:
 #audience:
 
-ms.reviewer: srink
+ms.reviewer: davidra
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
@@ -97,7 +97,7 @@ The data columns shown in the tables are:
 
 ID |Desc |Category |ER |Addresses |Ports
 -- |---------------------------------------------------------------- |---------------------|--- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------|
-163 | Intune client and host service| Allow<BR>Required | False | `*.manage.microsoft.com`<BR>`manage.microsoft.com`<BR>`EnterpriseEnrollment.manage.microsoft.com`<BR>`104.46.162.96/27, 13.67.13.176/28, 13.67.15.128/27, 13.69.231.128/28, 13.69.67.224/28, 13.70.78.128/28, 13.70.79.128/27, 13.71.199.64/28, 13.73.244.48/28, 13.74.111.192/27, 13.77.53.176/28, 13.86.221.176/28,13.89.174.240/28, 13.89.175.192/28, 20.189.229.0/25, 20.191.167.0/25, 20.37.153.0/24, 20.37.192.128/25, 20.38.81.0/24, 20.41.1.0/24, 20.42.1.0/24, 20.42.130.0/24, 20.42.224.128/25, 20.43.129.0/24, 20.44.19.224/27, 20.49.93.160/27, 40.119.8.128/25, 40.67.121.224/27, 40.70.151.32/28, 40.71.14.96/28, 40.74.25.0/24, 40.78.245.240/28, 40.78.247.128/27, 40.79.197.64/27, 40.79.197.96/28, 40.80.180.208/28, 40.80.180.224/27, 40.80.184.128/25, 40.82.248.224/28, 40.82.249.128/25, 52.150.137.0/25, 52.162.111.96/28, 52.168.116.128/27, 52.182.141.192/27, 52.236.189.96/27, 52.240.244.160/27, 20.204.193.12/30, 20.204.193.10/31, 20.192.174.216/29, 20.192.159.40/29` | **TCP:** 80, 443|
+163 | Intune client and host service| Allow<BR>Required | False | `*.manage.microsoft.com`<BR>`manage.microsoft.com`<BR>`EnterpriseEnrollment.manage.microsoft.com`<BR>`104.46.162.96/27, 13.67.13.176/28, 13.67.15.128/27, 13.69.231.128/28, 13.69.67.224/28, 13.70.78.128/28, 13.70.79.128/27, 13.74.111.192/27, 13.77.53.176/28, 13.86.221.176/28,13.89.174.240/28, 13.89.175.192/28, 20.189.229.0/25, 20.191.167.0/25, 20.37.153.0/24, 20.37.192.128/25, 20.38.81.0/24, 20.41.1.0/24, 20.42.1.0/24, 20.42.130.0/24, 20.42.224.128/25, 20.43.129.0/24, 20.44.19.224/27, 40.119.8.128/25, 40.67.121.224/27, 40.70.151.32/28, 40.71.14.96/28, 40.74.25.0/24, 40.78.245.240/28, 40.78.247.128/27, 40.79.197.64/27, 40.79.197.96/28, 40.80.180.208/28, 40.80.180.224/27, 40.80.184.128/25, 40.82.248.224/28, 40.82.249.128/25, 52.150.137.0/25, 52.162.111.96/28, 52.168.116.128/27, 52.182.141.192/27, 52.236.189.96/27, 52.240.244.160/27, 20.204.193.12/30, 20.204.193.10/31, 20.192.174.216/29, 20.192.159.40/29, 104.208.197.64/27, 172.160.217.160/27, 172.201.237.160/27, 172.202.86.192/27, 172.205.63.0/25, 172.212.214.0/25, 172.215.131.0/27, 20.168.189.128/27, 20.199.207.192/28, 20.204.194.128/31, 20.208.149.192/27, 20.208.157.128/27, 20.214.131.176/29, 20.43.129.0/24, 20.91.147.72/29, 4.145.74.224/27, 4.150.254.64/27, 4.154.145.224/27, 4.200.254.32/27, 4.207.244.0/27, 4.213.25.64/27, 4.213.86.128/25, 4.216.205.32/27, 4.237.143.128/25, 40.84.70.128/25, 48.218.252.128/25, 57.151.0.192/27, 57.153.235.0/25, 57.154.140.128/25, 57.154.195.0/25, 57.155.45.128/25, 68.218.134.96/27, 74.224.214.64/27, 74.242.35.0/25, 172.208.170.0/25, 74.241.231.0/25, 74.242.184.128/25` | **TCP:** 80, 443|
 172 | MDM Delivery Optimization | Default<BR>Required | False | `*.do.dsp.mp.microsoft.com`<BR> `*.dl.delivery.mp.microsoft.com`<BR> | **TCP:** 80, 443|
 170 | MEM - Win32Apps| Default<BR>Required | False | `swda01-mscdn.manage.microsoft.com`<br>`swda02-mscdn.manage.microsoft.com`<br>`swdb01-mscdn.manage.microsoft.com`<br>`swdb02-mscdn.manage.microsoft.com`<br>`swdc01-mscdn.manage.microsoft.com`<br>`swdc02-mscdn.manage.microsoft.com`<br>`swdd01-mscdn.manage.microsoft.com`<br>`swdd02-mscdn.manage.microsoft.com`<br>`swdin01-mscdn.manage.microsoft.com`<BR>`swdin02-mscdn.manage.microsoft.com` | **TCP:** 443|
 97 | Consumer Outlook.com, OneDrive, Device authentication and Microsoft account | Default<BR>Required | False | `account.live.com`<BR>`login.live.com`<BR> |**TCP:** 443  |
@@ -153,7 +153,7 @@ For Intune-managed Windows devices managed using Mobile Device Management (MDM),
 | --- | ---- | -------- | ----- | --------- | ----- |
 | 172 | MDM - Delivery Optimization Dependencies | Default<BR>Required | False | `*.do.dsp.mp.microsoft.com`<BR>`*.dl.delivery.mp.microsoft.com`<BR> | **TCP:** 80, 443 |
 
-**Port requirements** - For client-service communication, it uses HTTP or HTTPS over port 80/443. Optionally, for peer-to-peer traffic, Delivery Optimization uses 7680 for TCP/IP and Teredo on port 3544 for NAT traversal. For more information, see [Delivery Optimization documentation](/windows/deployment/do/) 
+**Port requirements** - For client-service communication, it uses HTTP or HTTPS over port 80/443. Optionally, for peer-to-peer traffic, Delivery Optimization uses 7680 for TCP/IP and Teredo on port 3544 for NAT traversal. For more information, see [Delivery Optimization documentation](/windows/deployment/do/)
 
 **Proxy requirements** - To use Delivery Optimization, you must allow Byte Range requests. For more information, see [Proxy requirements for Delivery Optimization](/windows/deployment/do/waas-delivery-optimization-faq#what-are-the-requirements-if-i-use-a-proxy).
 
@@ -172,6 +172,7 @@ For Delivery Optimization metadata:
 | 178 | MEM - Apple Dependencies | Default<BR>Required | False | `itunes.apple.com`<BR>`*.itunes.apple.com`<BR>`*.mzstatic.com`<BR>`*.phobos.apple.com`<BR>`phobos.itunes-apple.com.akadns.net`<BR>`5-courier.push.apple.com`<BR>`phobos.apple.com`<BR>`ocsp.apple.com`<BR>`ax.itunes.apple.com`<BR>`ax.itunes.apple.com.edgesuite.net`<BR>`s.mzstatic.com`<BR>`a1165.phobos.apple.com`<BR> |**TCP:** 80, 443, 5223|
 
 For more information, see the following resources:
+
 - [Use Apple products on enterprise networks](https://support.apple.com/HT210060)
 - [TCP and UDP ports used by Apple software products](https://support.apple.com/HT202944)
 - [About macOS, iOS/iPadOS, and iTunes server host connections and iTunes background processes](https://support.apple.com/HT201999)
@@ -294,16 +295,28 @@ The following tables list the ports and services that the Intune client accesses
 
 If you're using Intune to deploy PowerShell scripts or Win32 apps, you also need to grant access to endpoints in which your tenant currently resides.
 
-To find your tenant location (or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under **Tenant location** as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere.
+To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under **Tenant location** as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere.
 
 > [!NOTE]
 > **Allow HTTP Partial response** is required for Scripts & Win32 Apps endpoints.
 
 |Azure Scale Unit (ASU) | Storage name | CDN | Port |
-| --- | --- |--- | --- |
-|AMSUA0601<br>AMSUA0602<br>AMSUA0101<br>AMSUA0102<br>AMSUA0201<br>AMSUA0202<br>AMSUA0401<br>AMSUA0402<br>AMSUA0501<br>AMSUA0502<br>AMSUA0601<br>AMSUA0701<br>AMSUA0702<br>AMSUA0801<br>AMSUA0901 | naprodimedatapri<br>naprodimedatasec<br>naprodimedatahotfix | naprodimedatapri.azureedge.net<br>naprodimedatasec.azureedge.net<br>naprodimedatahotfix.azureedge.net | **TCP:** 443 |
-| AMSUB0101<br>AMSUB0102<br>AMSUB0201<br>AMSUB0202<br>AMSUB0301<br>AMSUB0302<br>AMSUB0501<br>AMSUB0502<br>AMSUB0601<br>AMSUB0701 | euprodimedatapri<br>euprodimedatasec<br>euprodimedatahotfix | euprodimedatapri.azureedge.net<br>euprodimedatasec.azureedge.net<br>euprodimedatahotfix.azureedge.net | **TCP:** 443 |
-| AMSUC0101<br>AMSUC0201<br>AMSUC0301<br>AMSUC0501<br>AMSUC0601<br>AMSUD0101| approdimedatapri<br>approdimedatasec<br>approdimedatahotifx | approdimedatapri.azureedge.net<br>approdimedatasec.azureedge.net<br>approdimedatahotfix.azureedge.net |**TCP:** 443 |
+| --- | --- |------------- | --- |
+|AMSUA0601<br>AMSUA0602<br>AMSUA0101<br>AMSUA0102<br>AMSUA0201<br>AMSUA0202<br>AMSUA0401<br>AMSUA0402<br>AMSUA0501<br>AMSUA0502<br>AMSUA0601<br>AMSUA0701<br>AMSUA0702<br>AMSUA0801<br>AMSUA0901 | naprodimedatapri<br>naprodimedatasec<br>naprodimedatahotfix | naprodimedatapri.azureedge.net<br>naprodimedatasec.azureedge.net<br>naprodimedatahotfix.azureedge.net<br>imeswda-afd-primary.manage.microsoft.com<br>imeswda-afd-secondary.manage.microsoft.com<br>imeswda-afd-hotfix.manage.microsoft.com | **TCP:** 443 |
+| AMSUB0101<br>AMSUB0102<br>AMSUB0201<br>AMSUB0202<br>AMSUB0301<br>AMSUB0302<br>AMSUB0501<br>AMSUB0502<br>AMSUB0601<br>AMSUB0701 | euprodimedatapri<br>euprodimedatasec<br>euprodimedatahotfix | euprodimedatapri.azureedge.net<br>euprodimedatasec.azureedge.net<br>euprodimedatahotfix.azureedge.net<br>imeswdb-afd-primary.manage.microsoft.com<br>imeswdb-afd-secondary.manage.microsoft.com<br>imeswdb-afd-hotfix.manage.microsoft.com | **TCP:** 443 |
+| AMSUC0101<br>AMSUC0201<br>AMSUC0301<br>AMSUC0501<br>AMSUC0601<br>AMSUD0101| approdimedatapri<br>approdimedatasec<br>approdimedatahotifx | approdimedatapri.azureedge.net<br>approdimedatasec.azureedge.net<br>approdimedatahotfix.azureedge.net<br>imeswdc-afd-primary.manage.microsoft.com<br>imeswdc-afd-secondary.manage.microsoft.com<br>imeswdc-afd-hotfix.manage.microsoft.com |**TCP:** 443 |
+
+## Network requirements for macOS app and script deployments
+
+If you're using Intune to deploy apps or scripts on macOS, you also need to grant access to endpoints in which your tenant currently resides.
+
+To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under Tenant location as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere.
+
+|Azure Scale Unit (ASU) | CDN | Port |
+| --- |------------- | --- |
+|AMSUA0601<br>AMSUA0602<br>AMSUA0101<br>AMSUA0102<br>AMSUA0201<br>AMSUA0202<br>AMSUA0401<br>AMSUA0402<br>AMSUA0501<br>AMSUA0502<br>AMSUA0601<br>AMSUA0701<br>AMSUA0702<br>AMSUA0801<br>AMSUA0901 | macsidecar.manage.microsoft.com | **TCP:** 443 |
+| AMSUB0101<br>AMSUB0102<br>AMSUB0201<br>AMSUB0202<br>AMSUB0301<br>AMSUB0302<br>AMSUB0501<br>AMSUB0502<br>AMSUB0601<br>AMSUB0701 | macsidecareu.manage.microsoft.com | **TCP:** 443 |
+| AMSUC0101<br>AMSUC0201<br>AMSUC0301<br>AMSUC0501<br>AMSUC0601<br>AMSUD0101| macsidecarap.manage.microsoft.com |**TCP:** 443 |
 
 ## Microsoft Store
 
diff --git a/memdocs/intune/fundamentals/intune-us-government-endpoints.md b/memdocs/intune/fundamentals/intune-us-government-endpoints.md
index a98b4d7793d..0fb0cfc8fe6 100644
--- a/memdocs/intune/fundamentals/intune-us-government-endpoints.md
+++ b/memdocs/intune/fundamentals/intune-us-government-endpoints.md
@@ -8,7 +8,7 @@ keywords:
 author: Smritib17
 ms.author: smbhardwaj
 manager: dougeby
-ms.date: 10/04/2021  
+ms.date: 12/19/2024  
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -44,7 +44,7 @@ You can modify proxy server settings on individual client computers. You can als
 Managed devices require configurations that let **All Users** access services through firewalls.
 
 > [!NOTE]
-> The inspection of SSL traffic is not supported on 'manage.microsoft.us', or 'has.spserv.microsoft.com' endpoint.
+> The inspection of SSL traffic is not supported on '*.manage.microsoft.us', or 'has.spserv.microsoft.com' endpoint.
 
 For more information about Windows 10 auto-enrollment and device registration for US government customers, see [Set up automatic enrollment for Windows](../enrollment/windows-enroll.md).  
 
@@ -52,14 +52,16 @@ The following tables list the ports and services that the Intune client accesses
 
 | Endpoint | IP address |
 |---------------------|-----------|
-|*.manage.microsoft.us | 52.227.99.114 <br> 20.141.108.112 <br> 13.72.17.166 <br> 52.126.185.115 <br> 52.227.211.91 <br> 23.97.10.212 <br> 52.227.29.124 <br> 52.247.174.16 <br> 52.227.29.244 <br> 52.227.208.144 <br> 52.227.1.233 <br> 20.141.104.221 <br> 52.247.134.218 <br> 20.141.78.227 <br> 13.77.236.201  |
+|*.manage.microsoft.us | 52.227.99.114 <br> 20.141.108.112 <br> 13.72.17.166 <br> 52.126.185.115 <br> 52.227.211.91 <br> 23.97.10.212 <br> 52.227.29.124 <br> 52.247.174.16 <br> 52.227.29.244 <br> 52.227.208.144 <br> 52.227.1.233 <br> 20.141.104.221 <br> 52.247.134.218 <br> 20.141.78.227 <br> 13.77.236.201 <br> 62.10.86.128/25 <br> 62.10.87.128/25 <br> 20.159.110.0/25 <br> 20.159.111.0/25 <br>|
 | enterpriseregistration.microsoftonline.us | 13.72.188.239 <br> 13.72.55.179 |
 
-## US Government customer designated endpoints:
+## US Government customer designated endpoints
+
 - Azure portal: https:\//portal.azure.us/ 
 - Microsoft 365: https:\//portal.office365.us/ 
 - Intune Company Portal: https:\//portal.manage.microsoft.us/ 
 - Microsoft Intune admin center: https:\//intune.microsoft.us/
+
 ## Network requirements for PowerShell scripts and Win32 apps  
 
 If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also need to grant access to endpoints in which your tenant currently resides.
@@ -68,8 +70,8 @@ If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also n
 | --- | --- |--- |
 |FXPASU01 | sovereignprodimedatapri<br>sovereignprodimedatasec<br>sovereignprodimedatahotfix | sovereignprodimedatapri.azureedge.net<br>sovereignprodimedatasec.azureedge.net<br>sovereignprodimedatahotfix.azureedge.net |
 
+## Partner service endpoints that Intune depends on
 
-## Partner service endpoints that Intune depends on:
 - Azure AD Sync service: https:\//syncservice.gov.us.microsoftonline.com/DirectoryService.svc
 - Evo STS: https:\//login.microsoftonline.us
 - Directory Proxy: https:\//directoryproxy.microsoftazure.us/DirectoryProxy.svc
@@ -82,5 +84,6 @@ If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also n
 [!INCLUDE [Intune notices](../includes/apple-device-network-information.md)]
 
 ## Next steps
+
 [Network endpoints for Microsoft Intune](intune-endpoints.md)
 
diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md
index 7490981d7f9..537669d7aa2 100644
--- a/memdocs/intune/fundamentals/whats-new.md
+++ b/memdocs/intune/fundamentals/whats-new.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 12/09/2024
+ms.date: 12/31/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -75,6 +75,75 @@ You can use RSS to be notified when this page is updated. For more information,
 ### Tenant administration
 
 -->
+## Week of December 30, 2024  
+
+### Device enrollment  
+
+#### Intune ends support for Android device administrator on devices with access to Google Mobile Services<!-- 24563742 -->
+As of December 31, 2024, Microsoft Intune no longer supports Android device administrator management on devices with access to Google Mobile Services (GMS). This change comes after Google deprecated Android device administrator management and ceased support. Intune support and help documentation remains for devices without access to GMS running Android 15 or earlier, and Microsoft Teams devices migrating to Android Open Source Project (AOSP) management. For more information about how this change impacts your tenant, see [Intune ending support for Android device administrator on devices with GMS access in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443). 
+
+
+## Week of December 16, 2024 (Service release 2412)
+
+### App management
+
+#### Increased scale for Customization policies<!-- 25308499 -->
+
+You can now create up to 25 policies that customize the Company Portal and Intune app experience. The previous maximum number of Customization policies was 10. Navigate to the Intune admin center, and select **Tenant administration** > **Customization**.
+
+For more information about customizing the Company Portal and Intune apps, see [Customizing the user experience](../apps/company-portal-app.md#customizing-the-user-experience).
+
+### Device security
+
+#### Support for tamper protection in policies for Security settings management for Microsoft Defender for Endpoint<!-- 13204113 -->
+
+You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you mange as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario.
+ 
+With this support, tamper protection configurations from *Windows Security Experience* profiles for *Antivirus* policies now apply to all devices instead of only to those that are enrolled with Intune.
+
+### Device configuration
+
+#### Ending support for administrative templates when creating a new configuration profile<!-- 29989512 -->
+
+Customers cannot create new Administrative Templates configuration profile through **Devices > Configuration > Create > New policy > Windows 10 and later > Administrative Templates**. A (retired) tag is seen next to **Administrative Templates** and the **Create** button is now greyed out. Other templates will continue to be supported.
+
+However, customers can now use the Settings Catalog for creating new **Administrative Templates** configuration profile by navigating to **Devices > Configuration > Create > New policy > Windows 10 and later > Settings Catalog**.
+
+There are no changes in the following UI experiences: 
+
+- Editing an existing Administrative template.
+- Deleting an existing Administrative template.
+- Adding, modifying or deleting settings in an existing Administrative template.
+- **Imported Administrative templates (Preview)** template, which is used for Custom ADMX.
+
+For more information, see [Use ADMX templates on Windows 10/11 devices in Microsoft Intune](..\configuration\administrative-templates-windows.md).
+
+Applies to:
+
+- Windows
+
+### Device management
+
+#### More Wi-Fi configurations are now available for personally-owned work profile devices<!-- 28331156 -->
+
+Intune Wi-Fi configuration profiles for Android Enterprise personally-owned work profile devices now support configuration of pre-shared keys and proxy settings. 
+
+You can find these settings in the admin console in **Devices** > **Manage devices** > **Configuration** > **Create** > **New Policy**. Set **Platform** to Android Enterprise and then in the **Personally-Owned Work Profile** section, select Wi-Fi and select the **Create** button. 
+
+In the **Configuration settings** tab, when you select Basic Wi-Fi type, several new options are available:
+
+1. Security type, with options for Open (no authentication), WEP-Pre-shared key, and WPA-Pre-shared key.
+
+2. Proxy settings, with the option to select Automatic and then specify the proxy server URL.
+
+It was possible to configure these in the past with Custom Configuration policies, but going forward, we recommend setting these in the Wi-Fi Configuration profile, because [Intune is ending support for Custom policies in April 2024.](https://aka.ms/Intune/Android-customprofiles).
+
+For more information, see [Wi-Fi settings for personally-owned work profile devices.](../configuration/wi-fi-settings-android-enterprise.md#personally-owned-work-profile).
+
+Applies to:
+
+- Android Enterprise
+
 ## Week of December 9, 2024
 
 ### Tenant administration
diff --git a/memdocs/intune/includes/android-device-administrator-support.md b/memdocs/intune/includes/android-device-administrator-support.md
index 6338e8f11ff..5fd923c6c12 100644
--- a/memdocs/intune/includes/android-device-administrator-support.md
+++ b/memdocs/intune/includes/android-device-administrator-support.md
@@ -4,7 +4,7 @@ description: include file
 author: lenewsad
 ms.service: microsoft-intune
 ms.topic: include
-ms.date: 06/12/2024
+ms.date: 12/31/2024
 ms.author: lanewsad
 ms.custom: include file
 ms.collection:
@@ -13,4 +13,4 @@ ms.collection:
 ---
 
 > [!IMPORTANT]
-> Microsoft Intune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. If you currently use device administrator management, we recommend switching to another Android management option in Intune before support ends. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443).  
+> Android device administrator management is deprecated and no longer available for devices with access to Google Mobile Services (GMS). If you currently use device administrator management, we recommend switching to another Android management option. Support and help documentation remain available for some devices without GMS, running Android 15 and earlier. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443).   
diff --git a/memdocs/intune/protect/managed-software-updates-ios-macos.md b/memdocs/intune/protect/managed-software-updates-ios-macos.md
index b74d79f5da1..b555cb80e68 100644
--- a/memdocs/intune/protect/managed-software-updates-ios-macos.md
+++ b/memdocs/intune/protect/managed-software-updates-ios-macos.md
@@ -171,7 +171,26 @@ Managed software updates use the same reporting as device configuration policies
 > [!IMPORTANT]
 > A policy that reports Success only means that the configuration successfully installed on the device. Monitor the OS version of targeted devices to ensure that they update. After devices have updated to a later OS version than configured in the policy, the policy will report error as the device sees this as an attempt to downgrade. It's recommended to remove the older OS version policy from devices in this state.
 
-## Delay visibility of updates
+## Using the Software Update Settings declarative configuration
+
+When you configure managed software updates, you might want to manage aspects of the software update process leading up to the enforcement of an update. Using this configuration, you can:
+
+- Require that an admin or standard user can perform updates on the device
+
+- Control how users can manually interact with software update settings like automatic download and install or the behavior of Rapid Security Responses 
+
+- Hide updates from users for a specified time period
+
+- Suppress update notifications up to one hour before the enforcement deadline
+
+- Control whether users are allowed to update to the latest major update, latest minor update, or are offered both.
+
+Previously in MDM, these settings were spread across multiple payloads such as Restrictions, Managed Settings, and Software Update. As of August 2024, it's recommended to use the DDM-based Software Update Settings configuration to manage updates. To create a Software Update Settings policy, go to the Settings catalog > Declarative Device Management (DDM) > Software Update Settings. More information on these settings is available in the documentation section for the [Software Update Settings declarative configuration](/mem/intune/configuration/apple-settings-catalog-configurations).
+
+## Delay visibility of updates using MDM
+
+> [!NOTE]
+> As of August 2024, it's recommended to use the DDM-based Software Update Settings configuration to manage update settings such as deferrals. 
 
 When you configure managed software updates, you might want to hide updates from users for a specified time period. To hide the updates, use a settings catalog policy that configures an update restriction.
 
@@ -192,3 +211,4 @@ To create a restrictions policy, go to the **Settings catalog** > **Restrictions
 - [macOS software update policies in Intune](software-updates-macos.md)
 - [Software updates planning guide for supervised iOS/iPadOS devices in Intune](software-updates-guide-ios-ipados.md)
 - [Software updates planning guide for managed macOS devices in Intune](software-updates-guide-macos.md)
+
diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md
index 04271a2ace8..32a7139696b 100644
--- a/memdocs/intune/protect/mde-security-integration.md
+++ b/memdocs/intune/protect/mde-security-integration.md
@@ -272,7 +272,7 @@ To support use with Microsoft Defender security settings management, your polici
 | Antivirus              | Defender Update controls               | ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) |
 | Antivirus              | Microsoft Defender Antivirus           | ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) |
 | Antivirus              | Microsoft Defender Antivirus exclusions| ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) |
-| Antivirus              | Windows Security Experience            | *Note 1*                                                       | ![Supported](./media/mde-security-integration/green-check.png) |
+| Antivirus              | Windows Security Experience            | ![Supported](./media/mde-security-integration/green-check.png) ![Supported](./media/mde-security-integration/green-check.png) |
 | Attack Surface Reduction | Attack Surface Reduction Rules       | ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) |
 |Attack Surface Reduction|Device Control                          | *Note 1*                                                       | ![Supported](./media/mde-security-integration/green-check.png) |
 | Endpoint detection and response | Endpoint detection and response | ![Supported](./media/mde-security-integration/green-check.png)| ![Supported](./media/mde-security-integration/green-check.png)|
diff --git a/memdocs/intune/protect/microsoft-tunnel-upgrade.md b/memdocs/intune/protect/microsoft-tunnel-upgrade.md
index aeaebe8b653..2df7c56cd86 100644
--- a/memdocs/intune/protect/microsoft-tunnel-upgrade.md
+++ b/memdocs/intune/protect/microsoft-tunnel-upgrade.md
@@ -138,12 +138,12 @@ Image hash values:
 - **serverImageDigest**: sha256:3a5844f4e7156c966a2d0f5affd8b15ac3b441bd301a5a0b7c9b7db2ae6f5ed3
 
 Changes in this release:
+
 - Diagnostic tool improvements
 - Bug fixes for rootless container mode in mst-cli
 - Localization improvements in mstunnel-setup
 - Improvement on error handling
 
-
 ### October 2, 2024
 
 Image hash values:
@@ -153,7 +153,8 @@ Image hash values:
 - **serverImageDigest**: sha256:0efab5013351bcd81f186973e75ed5d9f91bbe6271e3be481721500f946fc9ec
 
 Changes in this release:
--Upgrade from .NET 6 to .NET 8
+
+- Upgrade from .NET 6 to .NET 8
 - Upgrade ocserv to version 1.3.0
 - Fix rootless container bug in installer
 
@@ -165,7 +166,7 @@ Image hash values:
 
 - **serverImageDigest**: sha256:6484d311d1bd6cbe55d71306595715bafa6a20a000be6fd6f9e530716cef6c16
 
-Changes in this release:
+Changes in this release:  
 - Add diagnostic tools for host troubleshooting
 - Upgrade Azure Linux image to 2.0.20240829
 
diff --git a/windows-365/enterprise/report-cloud-pcs-not-available.md b/windows-365/enterprise/report-cloud-pcs-not-available.md
index 021a70a8027..c9ad2fa3e63 100644
--- a/windows-365/enterprise/report-cloud-pcs-not-available.md
+++ b/windows-365/enterprise/report-cloud-pcs-not-available.md
@@ -7,8 +7,8 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 10/18/2024
-ms.topic: overview
+ms.date: 12/18/2024
+ms.topic: how-to
 ms.service: windows-365
 ms.subservice: windows-365-enterprise
 ms.localizationpriority: high
@@ -31,7 +31,7 @@ ms.collection:
 
 # Cloud PCs that aren't available report
 
-The **Cloud PCs that aren't available** helps Windows 365 administrators identify Cloud PCs that might be currently unavailable.
+The **Cloud PCs that aren't available** report helps Windows 365 administrators identify Cloud PCs that might be currently unavailable.
 
 This report displays recent conditions up to 5 to 15 minutes ago. Therefore, Cloud PCs in the report might have already recovered since the condition was recorded. Also, Cloud PCs that recently became unavailable might not be in the report.
 
@@ -41,6 +41,8 @@ To get to the **Cloud PCs that aren't available** report, sign in to [Microsoft
 
 ![Screenshot of getting to the Cloud PCs that aren't available report](./media/report-cloud-pcs-not-available/view-report-cloud-pcs-not-available.png)
 
+## Data table
+
 The device list shows the individual Cloud PCs with the following columns:
 
 - **Device name**
@@ -62,9 +64,22 @@ You can use the **Columns** and **Add filter** options to customize the report:
 
 You can use the **View details** link to see the recent history of the Cloud PC. You can then cross-reference multiple conditions and timelines to find potential root causes of Cloud PC unavailability.
 
-By using the various columns together, an experienced admin may draw clues to the state of the device and the underlying cause of any problems. For example, a user complains to your help desk that they can't access their Cloud PC. you check this report and see no data in the **Host health** or **System status** columns, the **Device status** is **Provisioned**, and the **Connection error** says **Client Disconnect**. Other Cloud PCs in the same region aren't in the list. This issue is probably specific to this user, possibly something to do with the physical client configuration, network configuration, or network infrastructure.
+By using the various columns together, an experienced admin may draw clues to the state of the device and the underlying cause of any problems. For example, a user complains to your help desk that they can't access their Cloud PC. You check this report and see no data in the **Host health** or **System status** columns, the **Device status** is **Provisioned**, and the **Connection error** says **Client Disconnect**. Other Cloud PCs in the same region aren't in the list. This issue is probably specific to this user, possibly something to do with the physical client configuration, network configuration, or network infrastructure.
+
+## Bulk device actions
+
+You can use **Bulk device actions** to perform device actions on multiple Cloud PCs at one time.
+
+1. Optional. Use **Add filters** to filter the table data to see the Cloud PCs that you want to manage.
+2. Select the Cloud PCs that you want to manage (maximum of 100,000 Cloud PCs).
+3. Select **Bulk device actions** > specific device action.
+4. Based on the specific action, complete the subsequent pages.
+
+The time it takes to complete the actions varies depending on the specific action.
 
 <!-- ########################## -->
 ## Next steps
 
 [Remoting connection report](report-remoting-connection.md)
+
+[Remotely manage Windows 365 devices](remotely-manage-cloud-pc.md). 
diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md
index e0c3a236458..074c5702959 100644
--- a/windows-365/enterprise/whats-new.md
+++ b/windows-365/enterprise/whats-new.md
@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 12/06/2024
+ms.date: 12/18/2024
 ms.topic: conceptual
 ms.service: windows-365
 ms.subservice: windows-365-enterprise
@@ -55,6 +55,16 @@ For more information about public preview items, see [Public preview in Windows
 ### Windows 365 app 
 -->
 
+<!-- ########################## -->
+## Week of December 17, 2024
+
+<!-- vvvvvvvvvvvvvvvvvvvvvv -->
+### Device management
+
+#### Restore, restart, and troubleshoot actions in the Cloud PCs that aren't available report<!--46873590-->
+
+You can now use the **Bulk device actions** command on the **Cloud PCs that aren't available** report to restore, restart, and troubleshoot actions directly from the report. For more information, see [Cloud PCs that aren't available report](report-cloud-pcs-not-available.md).
+
 <!-- ########################## -->
 ## Week of December 9, 2024