From d0c7f39c4f2ea3a92ba4b15e21a601302bedc3c3 Mon Sep 17 00:00:00 2001 From: brenduns Date: Tue, 3 Dec 2024 08:39:48 -0800 Subject: [PATCH 01/48] 13204113 MDE attach support for tamper protection settings --- memdocs/intune/protect/mde-security-integration.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md index ad102136f1b..6c7ec50eb81 100644 --- a/memdocs/intune/protect/mde-security-integration.md +++ b/memdocs/intune/protect/mde-security-integration.md @@ -7,7 +7,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 10/30/2024 +ms.date: 12/13/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: protect @@ -271,7 +271,7 @@ To support use with Microsoft Defender security settings management, your polici | Antivirus | Defender Update controls | ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) | | Antivirus | Microsoft Defender Antivirus | ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) | | Antivirus | Microsoft Defender Antivirus exclusions| ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) | -| Antivirus | Windows Security Experience | *Note 1* | ![Supported](./media/mde-security-integration/green-check.png) | +| Antivirus | Windows Security Experience | ![Supported](./media/mde-security-integration/green-check.png) ![Supported](./media/mde-security-integration/green-check.png) | | Attack Surface Reduction | Attack Surface Reduction Rules | ![Supported](./media/mde-security-integration/green-check.png) | ![Supported](./media/mde-security-integration/green-check.png) | |Attack Surface Reduction|Device Control | *Note 1* | ![Supported](./media/mde-security-integration/green-check.png) | | Endpoint detection and response | Endpoint detection and response | ![Supported](./media/mde-security-integration/green-check.png)| ![Supported](./media/mde-security-integration/green-check.png)| From 13d599f7a0ff4f58fb25ca6aec37a274abd0781e Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:28:02 -0800 Subject: [PATCH 02/48] compliance article for CM --- .../understand/fundamentals-of-compliance.md | 54 +++++++++++++++++++ .../understand/fundamentals-of-security.md | 4 +- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 memdocs/configmgr/core/understand/fundamentals-of-compliance.md diff --git a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md new file mode 100644 index 00000000000..6754feca813 --- /dev/null +++ b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md @@ -0,0 +1,54 @@ +--- +title: Compliance in Configuration Manager +author: dougeby +ms.author: dougeby +manager: dougeby +audience: ITPro +ms.topic: conceptual +ms.service: configuration-manager +ms.collection: + - tier1 + - essentials-compliance +description: Learn about compliance certifications, dependencies, and features in Configuration Manager supporting data protection and regulatory requirements. +ms.date: 12/3/2024 +--- + +# Compliance in Configuration Manager + +Configuration Manager supports compliance features to help organizations meet national, regional, and industry-specific regulations. Configuration Manager aligns with Microsoft's commitment to data protection, privacy, and compliance, by offering tools to help secure and manage data effectively. + +## Shared responsibility model + +Microsoft ensures that Configuration Manager complies with various industry standards and regulatory frameworks. However, customers are responsible for implementing their data protection and compliance strategies to align with their specific organizational requirements. + +## Compliance dependencies + +Configuration Manager leverages other Microsoft services for compliance, including: + +- [Microsoft Entra ID](/entra/fundamentals/whatis): Identity and access management. +- [Microsoft Intune](/mem/intune): Enforces device compliance and conditional access policies. + +## Microsoft Intune capabilities for compliance + +Microsoft Intune helps enforce compliance policies and protect organizational data specifically for Intune: + +- **Conditional Access**: Ensures only compliant devices and apps managed by Intune can access sensitive data. See [Conditional Access](/mem/intune/protect/conditional-access). +- **Device Compliance Enforcement**: Enforces device compliance policies to meet organizational security requirements. See [Device Compliance Policies](/mem/intune/protect/device-compliance-get-started). + +For more information about Intune compliance capabilities, visit the [Microsoft Intune documentation](/mem/intune). +For more information about how to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune, see [What is co-management?](/mem/configmgr/comanage/overview). + +## Data encryption + +Use Configuration Manager to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients, which are joined to Active Directory. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring. For more information, see [Plan for BitLocker management](../protect/plan-design/bitlocker-management.md). + +## Compliance features + +Configuration Manager includes several compliance features that help organizations manage device compliance. For more information, see [Ensure device compliance with Configuration Manager](../compliance/understand/ensure-device-compliance.md). + +## Related articles + +- [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) +- [Microsoft Trust Center](https://www.microsoft.com/trust-center) +- [Additional privacy information](../security/additional-privacy.md) +- [Fundamentals of security](fundamentals-of-security.md) diff --git a/memdocs/configmgr/core/understand/fundamentals-of-security.md b/memdocs/configmgr/core/understand/fundamentals-of-security.md index 17e78bb96a2..aff3337f7eb 100644 --- a/memdocs/configmgr/core/understand/fundamentals-of-security.md +++ b/memdocs/configmgr/core/understand/fundamentals-of-security.md @@ -10,7 +10,9 @@ author: banreet ms.author: banreetkaur manager: apoorvseth ms.localizationpriority: medium -ms.collection: tier3 +ms.collection: +- essentials-security +- tier3 ms.reviewer: mstewart,aaroncz --- From dce674e5dd5089517dbd5707d6974289879bba2a Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:36:37 -0800 Subject: [PATCH 03/48] compliance article for CM2 --- .../configmgr/core/understand/fundamentals-of-compliance.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md index 6754feca813..a7ef437aea5 100644 --- a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md +++ b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md @@ -40,15 +40,15 @@ For more information about how to concurrently manage Windows 10 or later device ## Data encryption -Use Configuration Manager to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients, which are joined to Active Directory. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring. For more information, see [Plan for BitLocker management](../protect/plan-design/bitlocker-management.md). +Use Configuration Manager to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients, which are joined to Active Directory. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring. For more information, see [Plan for BitLocker management](/mem/configmgr/protect/plan-design/bitlocker-management). ## Compliance features -Configuration Manager includes several compliance features that help organizations manage device compliance. For more information, see [Ensure device compliance with Configuration Manager](../compliance/understand/ensure-device-compliance.md). +Configuration Manager includes several compliance features that help organizations manage device compliance. For more information, see [Ensure device compliance with Configuration Manager](/mem/configmgr/compliance/understand/ensure-device-compliance). ## Related articles - [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) - [Microsoft Trust Center](https://www.microsoft.com/trust-center) -- [Additional privacy information](../security/additional-privacy.md) +- [Additional privacy information](/mem/configmgr/security/additional-privacy.md) - [Fundamentals of security](fundamentals-of-security.md) From ec48425b3fe596698faf5e113b9b34d87abca7bb Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:39:01 -0800 Subject: [PATCH 04/48] compliance article for CM3 --- .../configmgr/core/understand/fundamentals-of-compliance.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md index a7ef437aea5..5ee2fccd868 100644 --- a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md +++ b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md @@ -36,7 +36,8 @@ Microsoft Intune helps enforce compliance policies and protect organizational da - **Device Compliance Enforcement**: Enforces device compliance policies to meet organizational security requirements. See [Device Compliance Policies](/mem/intune/protect/device-compliance-get-started). For more information about Intune compliance capabilities, visit the [Microsoft Intune documentation](/mem/intune). -For more information about how to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune, see [What is co-management?](/mem/configmgr/comanage/overview). +> [!NOTE] +> For more information about how to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune, see [What is co-management?](/mem/configmgr/comanage/overview). ## Data encryption From 148c6deb19f7fc75bcda28a0a68b6c8f1c64ac01 Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:43:02 -0800 Subject: [PATCH 05/48] compliance article for CM4 --- memdocs/configmgr/core/understand/fundamentals-of-compliance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md index 5ee2fccd868..19e29358358 100644 --- a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md +++ b/memdocs/configmgr/core/understand/fundamentals-of-compliance.md @@ -51,5 +51,5 @@ Configuration Manager includes several compliance features that help organizatio - [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) - [Microsoft Trust Center](https://www.microsoft.com/trust-center) -- [Additional privacy information](/mem/configmgr/security/additional-privacy.md) +- [Additional privacy information](/mem/configmgr/security/additional-privacy) - [Fundamentals of security](fundamentals-of-security.md) From 24eb1b145a093b4d9ccb3fd7515e164b682279e4 Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:47:20 -0800 Subject: [PATCH 06/48] compliance article for CM5 --- memdocs/configmgr/compliance/TOC.yml | 2 ++ .../understand/fundamentals-of-compliance.md | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) rename memdocs/configmgr/{core => compliance}/understand/fundamentals-of-compliance.md (94%) diff --git a/memdocs/configmgr/compliance/TOC.yml b/memdocs/configmgr/compliance/TOC.yml index 8abbcd105eb..33ed3f4729d 100644 --- a/memdocs/configmgr/compliance/TOC.yml +++ b/memdocs/configmgr/compliance/TOC.yml @@ -3,6 +3,8 @@ items: href: index.yml - name: Understand and explore items: + - name: Understand compliance in Configuration Manager + href: understand/fundamentals-of-compliance.md - name: Ensure device compliance href: understand/ensure-device-compliance.md - name: Get started diff --git a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md b/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md similarity index 94% rename from memdocs/configmgr/core/understand/fundamentals-of-compliance.md rename to memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md index 19e29358358..f37730e4df1 100644 --- a/memdocs/configmgr/core/understand/fundamentals-of-compliance.md +++ b/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md @@ -1,5 +1,5 @@ --- -title: Compliance in Configuration Manager +title: Understand compliance in Configuration Manager author: dougeby ms.author: dougeby manager: dougeby @@ -13,7 +13,7 @@ description: Learn about compliance certifications, dependencies, and features i ms.date: 12/3/2024 --- -# Compliance in Configuration Manager +# Understand compliance in Configuration Manager Configuration Manager supports compliance features to help organizations meet national, regional, and industry-specific regulations. Configuration Manager aligns with Microsoft's commitment to data protection, privacy, and compliance, by offering tools to help secure and manage data effectively. @@ -52,4 +52,4 @@ Configuration Manager includes several compliance features that help organizatio - [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) - [Microsoft Trust Center](https://www.microsoft.com/trust-center) - [Additional privacy information](/mem/configmgr/security/additional-privacy) -- [Fundamentals of security](fundamentals-of-security.md) +- [Fundamentals of security](/mem/core/understand/fundamentals-of-security) From 11001dbd4f3f39f7374215152e3b87b23f0250f0 Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:52:51 -0800 Subject: [PATCH 07/48] compliance article for CM6 --- .../compliance/understand/fundamentals-of-compliance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md b/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md index f37730e4df1..b88d4cf1121 100644 --- a/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md +++ b/memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md @@ -51,5 +51,5 @@ Configuration Manager includes several compliance features that help organizatio - [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) - [Microsoft Trust Center](https://www.microsoft.com/trust-center) -- [Additional privacy information](/mem/configmgr/security/additional-privacy) -- [Fundamentals of security](/mem/core/understand/fundamentals-of-security) +- [Additional privacy information](/mem/configmgr/core/plan-design/security/additional-privacy) +- [Fundamentals of security](/mem/configmgr/core/understand/fundamentals-of-security) From 7d188f6b23ab4907a8f26e47b4e9991fbc286435 Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:55:44 -0800 Subject: [PATCH 08/48] compliance article for CM7 --- memdocs/configmgr/compliance/TOC.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/configmgr/compliance/TOC.yml b/memdocs/configmgr/compliance/TOC.yml index 33ed3f4729d..5c3a3741e61 100644 --- a/memdocs/configmgr/compliance/TOC.yml +++ b/memdocs/configmgr/compliance/TOC.yml @@ -3,7 +3,7 @@ items: href: index.yml - name: Understand and explore items: - - name: Understand compliance in Configuration Manager + - name: Understand compliance href: understand/fundamentals-of-compliance.md - name: Ensure device compliance href: understand/ensure-device-compliance.md From e4cbd24a6fe8d25f3b11e4b593fb5bc5f754d5d6 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Mon, 9 Dec 2024 14:18:25 -0500 Subject: [PATCH 09/48] Updated note for deprecation --- .../intune/includes/android-device-administrator-support.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/intune/includes/android-device-administrator-support.md b/memdocs/intune/includes/android-device-administrator-support.md index 6338e8f11ff..3f3fa72c642 100644 --- a/memdocs/intune/includes/android-device-administrator-support.md +++ b/memdocs/intune/includes/android-device-administrator-support.md @@ -4,7 +4,7 @@ description: include file author: lenewsad ms.service: microsoft-intune ms.topic: include -ms.date: 06/12/2024 +ms.date: 12/09/2024 ms.author: lanewsad ms.custom: include file ms.collection: @@ -13,4 +13,4 @@ ms.collection: --- > [!IMPORTANT] -> Microsoft Intune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. If you currently use device administrator management, we recommend switching to another Android management option in Intune before support ends. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443). +> Android device administrator management is deprecated and no longer available for devices with access to Google Mobile Services (GMS). If you currently use device administrator management, we recommend switching to another Android management option. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443). Support and help documentation remain available for devices without GMS, running Android 15 and earlier. From 634cc0fb8bfeba33f5b246c353a901cf6742e7e8 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Wed, 11 Dec 2024 12:55:06 -0500 Subject: [PATCH 10/48] Update android-device-administrator-support.md PM feedback --- .../intune/includes/android-device-administrator-support.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/intune/includes/android-device-administrator-support.md b/memdocs/intune/includes/android-device-administrator-support.md index 3f3fa72c642..5fd923c6c12 100644 --- a/memdocs/intune/includes/android-device-administrator-support.md +++ b/memdocs/intune/includes/android-device-administrator-support.md @@ -4,7 +4,7 @@ description: include file author: lenewsad ms.service: microsoft-intune ms.topic: include -ms.date: 12/09/2024 +ms.date: 12/31/2024 ms.author: lanewsad ms.custom: include file ms.collection: @@ -13,4 +13,4 @@ ms.collection: --- > [!IMPORTANT] -> Android device administrator management is deprecated and no longer available for devices with access to Google Mobile Services (GMS). If you currently use device administrator management, we recommend switching to another Android management option. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443). Support and help documentation remain available for devices without GMS, running Android 15 and earlier. +> Android device administrator management is deprecated and no longer available for devices with access to Google Mobile Services (GMS). If you currently use device administrator management, we recommend switching to another Android management option. Support and help documentation remain available for some devices without GMS, running Android 15 and earlier. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443). From 6a58a42f1003001d39d0bc0793c0c06b45eacad4 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Thu, 12 Dec 2024 13:40:47 -0500 Subject: [PATCH 11/48] Dec 31 blurb DA deprecation For 24563742 --- memdocs/intune/fundamentals/whats-new.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 7490981d7f9..3cb36760a4e 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -7,7 +7,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 12/09/2024 +ms.date: 12/31/2024 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: fundamentals @@ -75,6 +75,13 @@ You can use RSS to be notified when this page is updated. For more information, ### Tenant administration --> +## Week of December 30, 2024 + +### Device enrollment + +#### Intune ends support for Android device administrator on devices with access to Google Mobile Services +As of December 31, 2024, Microsoft Intune no longer supports Android device administrator management on devices with access to Google Mobile Services (GMS). This change comes after Google deprecated Android device administrator management and ceased support. Intune support and help documentation remains for devices without access to GMS running Android 15 or earlier, as well as Microsoft Teams devices migrating to Android Open Source Project (AOSP) management. For more information about how this change impacts your tenant, see [Intune ending support for Android device administrator on devices with GMS access in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443). + ## Week of December 9, 2024 ### Tenant administration From bc61a7585780ae823df7ff87e63f3079c7cf5d55 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Thu, 12 Dec 2024 13:44:25 -0500 Subject: [PATCH 12/48] Update whats-new.md Acrolinx --- memdocs/intune/fundamentals/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 3cb36760a4e..8b524d4af38 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -80,7 +80,7 @@ You can use RSS to be notified when this page is updated. For more information, ### Device enrollment #### Intune ends support for Android device administrator on devices with access to Google Mobile Services -As of December 31, 2024, Microsoft Intune no longer supports Android device administrator management on devices with access to Google Mobile Services (GMS). This change comes after Google deprecated Android device administrator management and ceased support. Intune support and help documentation remains for devices without access to GMS running Android 15 or earlier, as well as Microsoft Teams devices migrating to Android Open Source Project (AOSP) management. For more information about how this change impacts your tenant, see [Intune ending support for Android device administrator on devices with GMS access in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443). +As of December 31, 2024, Microsoft Intune no longer supports Android device administrator management on devices with access to Google Mobile Services (GMS). This change comes after Google deprecated Android device administrator management and ceased support. Intune support and help documentation remains for devices without access to GMS running Android 15 or earlier, and Microsoft Teams devices migrating to Android Open Source Project (AOSP) management. For more information about how this change impacts your tenant, see [Intune ending support for Android device administrator on devices with GMS access in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443). ## Week of December 9, 2024 From c90c8ac1623435f88e7137325ddc40938e9724e4 Mon Sep 17 00:00:00 2001 From: Jacob Scott <49541449+mrjacobascott@users.noreply.github.com> Date: Thu, 12 Dec 2024 14:19:16 -0600 Subject: [PATCH 13/48] Update intune-us-government-endpoints.md Adding *. to important note to align with the similar change made to the commercial endpoints doc https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints?tabs=north-america --- memdocs/intune/fundamentals/intune-us-government-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/intune-us-government-endpoints.md b/memdocs/intune/fundamentals/intune-us-government-endpoints.md index a98b4d7793d..8f88a56b12f 100644 --- a/memdocs/intune/fundamentals/intune-us-government-endpoints.md +++ b/memdocs/intune/fundamentals/intune-us-government-endpoints.md @@ -44,7 +44,7 @@ You can modify proxy server settings on individual client computers. You can als Managed devices require configurations that let **All Users** access services through firewalls. > [!NOTE] -> The inspection of SSL traffic is not supported on 'manage.microsoft.us', or 'has.spserv.microsoft.com' endpoint. +> The inspection of SSL traffic is not supported on '*.manage.microsoft.us', or 'has.spserv.microsoft.com' endpoint. For more information about Windows 10 auto-enrollment and device registration for US government customers, see [Set up automatic enrollment for Windows](../enrollment/windows-enroll.md). From 19936e8362cffd3012cfe75da5bd0366b245acc6 Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 12 Dec 2024 13:25:58 -0800 Subject: [PATCH 14/48] holder --- memdocs/intune/fundamentals/whats-new.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 7490981d7f9..105959e0182 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -7,7 +7,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 12/09/2024 +ms.date: 12/12/2024 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: fundamentals @@ -75,6 +75,9 @@ You can use RSS to be notified when this page is updated. For more information, ### Tenant administration --> + + + ## Week of December 9, 2024 ### Tenant administration From e08458a59b1d64095926fdcf3a40f8f8c5cf2e55 Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 12 Dec 2024 13:30:10 -0800 Subject: [PATCH 15/48] fixing link --- memdocs/intune/fundamentals/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index f5165cbe641..87df1af39c9 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -82,7 +82,7 @@ You can use RSS to be notified when this page is updated. For more information, ### Support for tamper protection in policies for Security settings management for Microsoft Defender for Endpoint -You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you mange as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration#which-solution-should-i-use) scenario. +You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you mange as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario. With this support, tamper protection configurations from *Windows Security Experience* profiles for *Antivirus* policies now apply to all devices instead of only to those that are enrolled with Intune. From 1965ce73052aa780db8298f4404f91848832ef2f Mon Sep 17 00:00:00 2001 From: Erik Reitan Date: Thu, 12 Dec 2024 14:11:53 -0800 Subject: [PATCH 16/48] erikre-docs-30467181 --- .../apps/app-configuration-managed-home-screen-app.md | 4 +++- memdocs/intune/apps/manage-without-gms.md | 6 ++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/memdocs/intune/apps/app-configuration-managed-home-screen-app.md b/memdocs/intune/apps/app-configuration-managed-home-screen-app.md index 2020c4cd077..db49c80a223 100644 --- a/memdocs/intune/apps/app-configuration-managed-home-screen-app.md +++ b/memdocs/intune/apps/app-configuration-managed-home-screen-app.md @@ -37,7 +37,9 @@ The Managed Home Screen is the application used for corporate-owned Android Ente ## When to configure the Microsoft Managed Home Screen app -First, ensure that your devices are supported. Intune supports the enrollment of Android Enterprise dedicated devices and fully managed devices running OS version 8.0 and above that reliably connect to Google Mobile Services. Similarly, Managed Home Screen supports Android devices running OS version 8.0 and above. + [!INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)] + +First, ensure that your devices are supported. Intune supports the enrollment of Android Enterprise dedicated devices and fully managed devices running OS version 8.0 and above. Similarly, Managed Home Screen supports Android devices running OS version 8.0 and above. Typically, if settings are available to you through device configuration profiles (**Devices** > **Manage devices** > **Configuration**), configure the settings there. Doing so will save you time, minimize errors, and will give you a better Intune-support experience. However, some of the Managed Home Screen settings are currently only available via the **App configuration policies** pane in the Intune admin center. Use this document to learn how to configure the different settings either using the configuration designer or a JSON script. Additionally, use this document to learn what Managed Home Screen settings are available using device configuration profiles. You may also see [Device settings](../configuration/device-restrictions-android-for-work.md#device-experience) for a full list of settings available in **Devices** > **Manage devices** > **Configuration** that impact the Managed Home Screen. diff --git a/memdocs/intune/apps/manage-without-gms.md b/memdocs/intune/apps/manage-without-gms.md index bfea7580abe..4b92cde69ef 100644 --- a/memdocs/intune/apps/manage-without-gms.md +++ b/memdocs/intune/apps/manage-without-gms.md @@ -37,10 +37,8 @@ Microsoft Intune uses Google Mobile Services (GMS) to communicate with the Micro > [!NOTE] > These GMS related limitations also apply to Device Administrator management and Android (AOSP) Management. -> [!NOTE] -> Microsoft Intune is ending support for [Android device administrator management](../enrollment/android-enroll-device-administrator.md) on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. -> For devices running Android 15 or earlier that don't have access GMS (excluding Microsoft Teams certified Android devices), Intune will continue allowing device administrator enrollment and will maintain limited support, since Android Enterprise management is unavailable to these devices. However, device administrator use on these devices is still not recommended, since Google's device administrator deprecation means there could be future functionality impact outside Intune's ability to mitigate. -> For more information, and to learn about alternatives to device administrator, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443). +[!INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)] + ## Install the Intune Company Portal app without access to the Google Play Store ### For users outside of People's Republic of China From f841a80d96588f4a70a5a4db1c89c68b1fe9c8ad Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 12 Dec 2024 15:01:51 -0800 Subject: [PATCH 17/48] What's new additins --- memdocs/intune/fundamentals/in-development.md | 16 ------- memdocs/intune/fundamentals/whats-new.md | 45 ++++++++++++++++++- 2 files changed, 44 insertions(+), 17 deletions(-) diff --git a/memdocs/intune/fundamentals/in-development.md b/memdocs/intune/fundamentals/in-development.md index e8bbe9676c1..50bd8187bc5 100644 --- a/memdocs/intune/fundamentals/in-development.md +++ b/memdocs/intune/fundamentals/in-development.md @@ -89,22 +89,6 @@ Applies to: ## Device configuration -### More Wi-Fi configurations will be available for personally-owned work profile devices - -Intune Wi-Fi configuration profiles for personally-owned work profile devices will soon support configuration of pre-shared keys and proxy settings. - -You will find these settings in the admin console in **Devices** > **Manage devices** > **Configuration** > **Create** > **New Policy**. Set **Platform** to Android Enterprise and **Profile Type** to Templates and then in the **Personally-Owned Work Profile** section, select Wi-Fi and select the **Create** button. - -In the **Configuration settings** tab, when Basic Wi-Fi type is selected, you will see several new options: - -1. Security type, with options for Open (no authentication), WEP-Pre-shared key, and WPA-Pre-shared key. -2. Proxy settings, with the option to select Automatic and then specify the proxy server URL. - -It was possible to configure these in the past with Custom Configuration policies, but going forward, we recommend setting these in the Wi-Fi Configuration profile, because [Intune is ending support for Custom policies in April 2024.](https://aka.ms/Intune/Android-customprofiles). - -For more information, see [Wi-Fi settings for personally-owned work profile devices.](../configuration/wi-fi-settings-android-enterprise.md#personally-owned-work-profile). - - ### Low privileged account for Intune Connector for Active Directory for Hybrid join Autopilot flows We're updating the Intune Connector for Active Directory to use a low privileged account to increase the security of your environment. The old connector will no longer be available for download but will continue to work until deprecation. diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 105959e0182..4e9d9bd8866 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -7,7 +7,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 12/12/2024 +ms.date: 12/18/2024 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: fundamentals @@ -76,7 +76,50 @@ You can use RSS to be notified when this page is updated. For more information, --> +## Week of December 16, 2024 (Service release 2412) +### Device configuration + +#### Ending support for administrative templates when creating a new configuration profile + +Customers cannot create new Administrative Templates configuration profile through **Devices > Configuration > Create > New policy > Windows 10 and later > Administrative Templates**. A (retired) tag is seen next to **Administrative Templates** and the **Create** button is now greyed out. Other templates will continue to be supported. + +However, customers can now use the Settings Catalog for creating new **Administrative Templates** configuration profile by navigating to **Devices > Configuration > Create > New policy > Windows 10 and later > Settings Catalog**. + +There are no changes in the following UI experiences: + +- Editing an existing Administrative template. +- Deleting an existing Administrative template. +- Adding, modifying or deleting settings in an existing Administrative template. +- **Imported Administrative templates (Preview)** template, which is used for Custom ADMX. + +For more information, see [Use ADMX templates on Windows 10/11 devices in Microsoft Intune](..\configuration\administrative-templates-windows.md). + +Applies to: + +- Windows + +### Device management + +#### More Wi-Fi configurations are now available for personally-owned work profile devices + +Intune Wi-Fi configuration profiles for Android Enterprise personally-owned work profile devices now support configuration of pre-shared keys and proxy settings. + +You can find these settings in the admin console in **Devices** > **Manage devices** > **Configuration** > **Create** > **New Policy**. Set **Platform** to Android Enterprise and then in the **Personally-Owned Work Profile** section, select Wi-Fi and select the **Create** button. + +In the **Configuration settings** tab, when you select Basic Wi-Fi type, several new options are available: + +1. Security type, with options for Open (no authentication), WEP-Pre-shared key, and WPA-Pre-shared key. + +2. Proxy settings, with the option to select Automatic and then specify the proxy server URL. + +It was possible to configure these in the past with Custom Configuration policies, but going forward, we recommend setting these in the Wi-Fi Configuration profile, because [Intune is ending support for Custom policies in April 2024.](https://aka.ms/Intune/Android-customprofiles). + +For more information, see [Wi-Fi settings for personally-owned work profile devices.](../configuration/wi-fi-settings-android-enterprise.md#personally-owned-work-profile). + +Applies to: + +- Android Enterprise ## Week of December 9, 2024 From be6f9aa813df67de920277b7fed32c8d1ae5b331 Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Fri, 13 Dec 2024 13:45:15 -0800 Subject: [PATCH 18/48] 46873590 bulk actions --- .../report-cloud-pcs-not-available.md | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/windows-365/enterprise/report-cloud-pcs-not-available.md b/windows-365/enterprise/report-cloud-pcs-not-available.md index 021a70a8027..73be748fe45 100644 --- a/windows-365/enterprise/report-cloud-pcs-not-available.md +++ b/windows-365/enterprise/report-cloud-pcs-not-available.md @@ -7,7 +7,7 @@ keywords: author: ErikjeMS ms.author: erikje manager: dougeby -ms.date: 10/18/2024 +ms.date: 12/18/2024 ms.topic: overview ms.service: windows-365 ms.subservice: windows-365-enterprise @@ -31,7 +31,7 @@ ms.collection: # Cloud PCs that aren't available report -The **Cloud PCs that aren't available** helps Windows 365 administrators identify Cloud PCs that might be currently unavailable. +The **Cloud PCs that aren't available** report helps Windows 365 administrators identify Cloud PCs that might be currently unavailable. This report displays recent conditions up to 5 to 15 minutes ago. Therefore, Cloud PCs in the report might have already recovered since the condition was recorded. Also, Cloud PCs that recently became unavailable might not be in the report. @@ -41,6 +41,8 @@ To get to the **Cloud PCs that aren't available** report, sign in to [Microsoft ![Screenshot of getting to the Cloud PCs that aren't available report](./media/report-cloud-pcs-not-available/view-report-cloud-pcs-not-available.png) +## Data table + The device list shows the individual Cloud PCs with the following columns: - **Device name** @@ -64,7 +66,20 @@ You can use the **View details** link to see the recent history of the Cloud PC. By using the various columns together, an experienced admin may draw clues to the state of the device and the underlying cause of any problems. For example, a user complains to your help desk that they can't access their Cloud PC. you check this report and see no data in the **Host health** or **System status** columns, the **Device status** is **Provisioned**, and the **Connection error** says **Client Disconnect**. Other Cloud PCs in the same region aren't in the list. This issue is probably specific to this user, possibly something to do with the physical client configuration, network configuration, or network infrastructure. +## Bulk device actions + +You can use **Bulk device actions** to perform device actions on multiple Cloud PCs at one time. + +1. Optional. Use **Add filters** to filter the table data to see the Cloud PCs that you want manage. +2. Select the Cloud PCs that you want to manage (maximum of 100,000 Cloud PCs). +3. Select **Bulk device actions** > specific device action. +4. Based on the specific action, complete the subsequent pages. + +The time it takes complete the actions varies depends on the specific action. + ## Next steps [Remoting connection report](report-remoting-connection.md) + +[Remotely manage Windows 365 devices](remotely-manage-cloud-pc.md). From bdf2c0c3c901d724af154e4d9de061acba94dc4e Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Fri, 13 Dec 2024 13:49:05 -0800 Subject: [PATCH 19/48] 46873590 bulk --- windows-365/enterprise/report-cloud-pcs-not-available.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows-365/enterprise/report-cloud-pcs-not-available.md b/windows-365/enterprise/report-cloud-pcs-not-available.md index 73be748fe45..a7a21fd82a0 100644 --- a/windows-365/enterprise/report-cloud-pcs-not-available.md +++ b/windows-365/enterprise/report-cloud-pcs-not-available.md @@ -8,10 +8,10 @@ author: ErikjeMS ms.author: erikje manager: dougeby ms.date: 12/18/2024 -ms.topic: overview +ms.topic: how-to ms.service: windows-365 ms.subservice: windows-365-enterprise -ms.localizationpriority: high +ms.localizationpriority: highs ms.assetid: # optional metadata @@ -82,4 +82,4 @@ The time it takes complete the actions varies depends on the specific action. [Remoting connection report](report-remoting-connection.md) -[Remotely manage Windows 365 devices](remotely-manage-cloud-pc.md). +[Remotely manage Windows 365 devices](remotely-manage-cloud-pc.md). From c70a25a07d310987af100a51f1f981279c2a97a0 Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Fri, 13 Dec 2024 14:02:07 -0800 Subject: [PATCH 20/48] acro --- windows-365/enterprise/report-cloud-pcs-not-available.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-365/enterprise/report-cloud-pcs-not-available.md b/windows-365/enterprise/report-cloud-pcs-not-available.md index a7a21fd82a0..2cdb7a009e8 100644 --- a/windows-365/enterprise/report-cloud-pcs-not-available.md +++ b/windows-365/enterprise/report-cloud-pcs-not-available.md @@ -64,7 +64,7 @@ You can use the **Columns** and **Add filter** options to customize the report: You can use the **View details** link to see the recent history of the Cloud PC. You can then cross-reference multiple conditions and timelines to find potential root causes of Cloud PC unavailability. -By using the various columns together, an experienced admin may draw clues to the state of the device and the underlying cause of any problems. For example, a user complains to your help desk that they can't access their Cloud PC. you check this report and see no data in the **Host health** or **System status** columns, the **Device status** is **Provisioned**, and the **Connection error** says **Client Disconnect**. Other Cloud PCs in the same region aren't in the list. This issue is probably specific to this user, possibly something to do with the physical client configuration, network configuration, or network infrastructure. +By using the various columns together, an experienced admin may draw clues to the state of the device and the underlying cause of any problems. For example, a user complains to your help desk that they can't access their Cloud PC. You check this report and see no data in the **Host health** or **System status** columns, the **Device status** is **Provisioned**, and the **Connection error** says **Client Disconnect**. Other Cloud PCs in the same region aren't in the list. This issue is probably specific to this user, possibly something to do with the physical client configuration, network configuration, or network infrastructure. ## Bulk device actions @@ -75,7 +75,7 @@ You can use **Bulk device actions** to perform device actions on multiple Cloud 3. Select **Bulk device actions** > specific device action. 4. Based on the specific action, complete the subsequent pages. -The time it takes complete the actions varies depends on the specific action. +The time it takes complete the actions varies depending on the specific action. ## Next steps From 9a4ad8eff3a3341f800241d052cbb499e37ec17d Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Fri, 13 Dec 2024 14:04:39 -0800 Subject: [PATCH 21/48] fix --- windows-365/enterprise/report-cloud-pcs-not-available.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-365/enterprise/report-cloud-pcs-not-available.md b/windows-365/enterprise/report-cloud-pcs-not-available.md index 2cdb7a009e8..ac5e03d3ad9 100644 --- a/windows-365/enterprise/report-cloud-pcs-not-available.md +++ b/windows-365/enterprise/report-cloud-pcs-not-available.md @@ -11,7 +11,7 @@ ms.date: 12/18/2024 ms.topic: how-to ms.service: windows-365 ms.subservice: windows-365-enterprise -ms.localizationpriority: highs +ms.localizationpriority: high ms.assetid: # optional metadata From 25cf39db46c09e4ef3069d9659c0f5372bc993fe Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Fri, 13 Dec 2024 14:12:41 -0800 Subject: [PATCH 22/48] add wn --- windows-365/enterprise/whats-new.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md index e0c3a236458..ce3b72911f7 100644 --- a/windows-365/enterprise/whats-new.md +++ b/windows-365/enterprise/whats-new.md @@ -7,7 +7,7 @@ keywords: author: ErikjeMS ms.author: erikje manager: dougeby -ms.date: 12/06/2024 +ms.date: 12/18/2024 ms.topic: conceptual ms.service: windows-365 ms.subservice: windows-365-enterprise @@ -61,6 +61,16 @@ For more information about public preview items, see [Public preview in Windows ### Device management +#### Restore, restart, and troubleshoot actions in the Cloud PCs that aren't available report + +You can now use the **Bulk device actions** command on the **Cloud PCs that aren't available** report to restore, restart, and troubleshoot actions directly from the report. For more information, seee [Cloud PCs that aren't available report](report-cloud-pcs-not-available.md). + + +## Week of December 9, 2024 + + +### Device management + #### Move selected Cloud PCs to a new region You can now move selected Cloud PCs to a new region. This is instead of moving all Cloud PCs in a provisioning policy. From a293ca66dc0394f0b4c401b4533adfada0ef0e2f Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Fri, 13 Dec 2024 14:23:34 -0800 Subject: [PATCH 23/48] fix date --- windows-365/enterprise/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md index ce3b72911f7..f478a438d47 100644 --- a/windows-365/enterprise/whats-new.md +++ b/windows-365/enterprise/whats-new.md @@ -56,7 +56,7 @@ For more information about public preview items, see [Public preview in Windows --> -## Week of December 9, 2024 +## Week of December 17, 2024 ### Device management From 4e66db37ead93ce25dbd385cc3d7386967a8e3a4 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Sat, 14 Dec 2024 05:40:20 +0530 Subject: [PATCH 24/48] Fix typos --- windows-365/enterprise/report-cloud-pcs-not-available.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows-365/enterprise/report-cloud-pcs-not-available.md b/windows-365/enterprise/report-cloud-pcs-not-available.md index ac5e03d3ad9..c9ad2fa3e63 100644 --- a/windows-365/enterprise/report-cloud-pcs-not-available.md +++ b/windows-365/enterprise/report-cloud-pcs-not-available.md @@ -70,12 +70,12 @@ By using the various columns together, an experienced admin may draw clues to th You can use **Bulk device actions** to perform device actions on multiple Cloud PCs at one time. -1. Optional. Use **Add filters** to filter the table data to see the Cloud PCs that you want manage. +1. Optional. Use **Add filters** to filter the table data to see the Cloud PCs that you want to manage. 2. Select the Cloud PCs that you want to manage (maximum of 100,000 Cloud PCs). 3. Select **Bulk device actions** > specific device action. 4. Based on the specific action, complete the subsequent pages. -The time it takes complete the actions varies depending on the specific action. +The time it takes to complete the actions varies depending on the specific action. ## Next steps From a9bf4d0c9b1e20cf4020e21fc2e17b4e202257ea Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Sat, 14 Dec 2024 05:47:28 +0530 Subject: [PATCH 25/48] Fix typo in "Cloud PCs that aren't available" section --- windows-365/enterprise/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md index f478a438d47..074c5702959 100644 --- a/windows-365/enterprise/whats-new.md +++ b/windows-365/enterprise/whats-new.md @@ -63,7 +63,7 @@ For more information about public preview items, see [Public preview in Windows #### Restore, restart, and troubleshoot actions in the Cloud PCs that aren't available report -You can now use the **Bulk device actions** command on the **Cloud PCs that aren't available** report to restore, restart, and troubleshoot actions directly from the report. For more information, seee [Cloud PCs that aren't available report](report-cloud-pcs-not-available.md). +You can now use the **Bulk device actions** command on the **Cloud PCs that aren't available** report to restore, restart, and troubleshoot actions directly from the report. For more information, see [Cloud PCs that aren't available report](report-cloud-pcs-not-available.md). ## Week of December 9, 2024 From 06d7c4d5cdfa1a1261d681511b40dd136dd5e319 Mon Sep 17 00:00:00 2001 From: Benjamin Flamm <57767769+beflamm@users.noreply.github.com> Date: Sun, 15 Dec 2024 21:40:49 -0500 Subject: [PATCH 26/48] Learn Editor: Update managed-software-updates-ios-macos.md --- .../managed-software-updates-ios-macos.md | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/memdocs/intune/protect/managed-software-updates-ios-macos.md b/memdocs/intune/protect/managed-software-updates-ios-macos.md index b74d79f5da1..b555cb80e68 100644 --- a/memdocs/intune/protect/managed-software-updates-ios-macos.md +++ b/memdocs/intune/protect/managed-software-updates-ios-macos.md @@ -171,7 +171,26 @@ Managed software updates use the same reporting as device configuration policies > [!IMPORTANT] > A policy that reports Success only means that the configuration successfully installed on the device. Monitor the OS version of targeted devices to ensure that they update. After devices have updated to a later OS version than configured in the policy, the policy will report error as the device sees this as an attempt to downgrade. It's recommended to remove the older OS version policy from devices in this state. -## Delay visibility of updates +## Using the Software Update Settings declarative configuration + +When you configure managed software updates, you might want to manage aspects of the software update process leading up to the enforcement of an update. Using this configuration, you can: + +- Require that an admin or standard user can perform updates on the device + +- Control how users can manually interact with software update settings like automatic download and install or the behavior of Rapid Security Responses + +- Hide updates from users for a specified time period + +- Suppress update notifications up to one hour before the enforcement deadline + +- Control whether users are allowed to update to the latest major update, latest minor update, or are offered both. + +Previously in MDM, these settings were spread across multiple payloads such as Restrictions, Managed Settings, and Software Update. As of August 2024, it's recommended to use the DDM-based Software Update Settings configuration to manage updates. To create a Software Update Settings policy, go to the Settings catalog > Declarative Device Management (DDM) > Software Update Settings. More information on these settings is available in the documentation section for the [Software Update Settings declarative configuration](/mem/intune/configuration/apple-settings-catalog-configurations). + +## Delay visibility of updates using MDM + +> [!NOTE] +> As of August 2024, it's recommended to use the DDM-based Software Update Settings configuration to manage update settings such as deferrals. When you configure managed software updates, you might want to hide updates from users for a specified time period. To hide the updates, use a settings catalog policy that configures an update restriction. @@ -192,3 +211,4 @@ To create a restrictions policy, go to the **Settings catalog** > **Restrictions - [macOS software update policies in Intune](software-updates-macos.md) - [Software updates planning guide for supervised iOS/iPadOS devices in Intune](software-updates-guide-ios-ipados.md) - [Software updates planning guide for managed macOS devices in Intune](software-updates-guide-macos.md) + From cf8d27418cc7e8515d1857a40f57fedd4d3961ce Mon Sep 17 00:00:00 2001 From: Benjamin Flamm <57767769+beflamm@users.noreply.github.com> Date: Sun, 15 Dec 2024 21:40:57 -0500 Subject: [PATCH 27/48] Learn Editor: Update managed-software-updates-ios-macos.md From 06f9e6229e8e1f2ca020387d5d6a4e736e06c686 Mon Sep 17 00:00:00 2001 From: Maggie Dakeva Date: Tue, 17 Dec 2024 15:28:59 -0500 Subject: [PATCH 28/48] Learn Editor: Update known-issues.md --- autopilot/device-preparation/known-issues.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/autopilot/device-preparation/known-issues.md b/autopilot/device-preparation/known-issues.md index 21fe518cd4d..01d74e34448 100644 --- a/autopilot/device-preparation/known-issues.md +++ b/autopilot/device-preparation/known-issues.md @@ -40,7 +40,15 @@ This article describes known issues that can often be resolved with: ## Known issues -## Deployments fail when Managed installer policy is enabled for the tenant +## Apps and scripts tabs do not display properly when editing the Device preparation profile + +Date added: *December 18, 2024* + +There's a known issue in displaying the **Applications** and **Scripts** tabs in the editing flow of the Windows Autopilot device preparation policy due to which the tabs might display incorrect information (e.g. show list of applications instead of scripts under the **Scripts** tab). The issue is impacting only the view in Intune and not the configuration being applied to the device. It is being investigated. + +As a workaround, select the table header (**Allowed Applications** or **Allowed Scripts**) to reload the table's contents. + +## Win32 and WinGet applications are skipped when Managed installer policy is enabled for the tenant Date added: *October 10, 2024*
Date updated: *November 15, 2024* From a46ccd6b015430a143abf9fbed8470c5b5078e8b Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 17 Dec 2024 16:07:53 -0500 Subject: [PATCH 29/48] Grammar and date updates Grammar and style updates along with updating the doc date. --- autopilot/device-preparation/known-issues.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/autopilot/device-preparation/known-issues.md b/autopilot/device-preparation/known-issues.md index 01d74e34448..a67769d59fa 100644 --- a/autopilot/device-preparation/known-issues.md +++ b/autopilot/device-preparation/known-issues.md @@ -8,7 +8,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 11/15/2024 +ms.date: 12/18/2024 ms.collection: - M365-modern-desktop - highpri @@ -40,13 +40,13 @@ This article describes known issues that can often be resolved with: ## Known issues -## Apps and scripts tabs do not display properly when editing the Device preparation profile +## Apps and scripts tabs don't display properly when editing the Device preparation profile Date added: *December 18, 2024* -There's a known issue in displaying the **Applications** and **Scripts** tabs in the editing flow of the Windows Autopilot device preparation policy due to which the tabs might display incorrect information (e.g. show list of applications instead of scripts under the **Scripts** tab). The issue is impacting only the view in Intune and not the configuration being applied to the device. It is being investigated. +During the editing flow of the Windows Autopilot device preparation policy, there's a known issue when displaying the **Applications** and **Scripts** tabs where the tabs might display incorrect information. For example, under the **Scripts** tab, a list of applications might be shown instead of a list of scripts. The issue is impacting only the view in Microsoft Intune and not the configuration being applied to the device. The issue is being investigated. -As a workaround, select the table header (**Allowed Applications** or **Allowed Scripts**) to reload the table's contents. +As a workaround, select the table header **Allowed Applications** or **Allowed Scripts** to reload the table's contents. ## Win32 and WinGet applications are skipped when Managed installer policy is enabled for the tenant From 16c40af4628f6bb081520204847625dbe39476c3 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Tue, 17 Dec 2024 16:13:58 -0500 Subject: [PATCH 30/48] Update title Update title --- autopilot/device-preparation/known-issues.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autopilot/device-preparation/known-issues.md b/autopilot/device-preparation/known-issues.md index a67769d59fa..8ea00ede73d 100644 --- a/autopilot/device-preparation/known-issues.md +++ b/autopilot/device-preparation/known-issues.md @@ -40,7 +40,7 @@ This article describes known issues that can often be resolved with: ## Known issues -## Apps and scripts tabs don't display properly when editing the Device preparation profile +## Apps and scripts tabs don't display properly when editing the Windows Autopilot device preparation profile Date added: *December 18, 2024* From 874f565103c43839add83f2de99599534017e0f4 Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Wed, 18 Dec 2024 16:06:53 -0800 Subject: [PATCH 31/48] Updated endpoints --- memdocs/intune/fundamentals/intune-endpoints.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md index 3c536ca9988..d3e75fad938 100644 --- a/memdocs/intune/fundamentals/intune-endpoints.md +++ b/memdocs/intune/fundamentals/intune-endpoints.md @@ -8,7 +8,7 @@ keywords: author: Smritib17 ms.author: smbhardwaj manager: dougeby -ms.date: 09/24/2024 +ms.date: 12/18/2024 ms.topic: reference ms.service: microsoft-intune ms.subservice: fundamentals @@ -19,7 +19,7 @@ ms.localizationpriority: high #ROBOTS: #audience: -ms.reviewer: srink +ms.reviewer: davidra ms.suite: ems search.appverid: MET150 #ms.tgt_pltfrm: @@ -97,7 +97,7 @@ The data columns shown in the tables are: ID |Desc |Category |ER |Addresses |Ports -- |---------------------------------------------------------------- |---------------------|--- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------| -163 | Intune client and host service| Allow
Required | False | `*.manage.microsoft.com`
`manage.microsoft.com`
`EnterpriseEnrollment.manage.microsoft.com`
`104.46.162.96/27, 13.67.13.176/28, 13.67.15.128/27, 13.69.231.128/28, 13.69.67.224/28, 13.70.78.128/28, 13.70.79.128/27, 13.71.199.64/28, 13.73.244.48/28, 13.74.111.192/27, 13.77.53.176/28, 13.86.221.176/28,13.89.174.240/28, 13.89.175.192/28, 20.189.229.0/25, 20.191.167.0/25, 20.37.153.0/24, 20.37.192.128/25, 20.38.81.0/24, 20.41.1.0/24, 20.42.1.0/24, 20.42.130.0/24, 20.42.224.128/25, 20.43.129.0/24, 20.44.19.224/27, 20.49.93.160/27, 40.119.8.128/25, 40.67.121.224/27, 40.70.151.32/28, 40.71.14.96/28, 40.74.25.0/24, 40.78.245.240/28, 40.78.247.128/27, 40.79.197.64/27, 40.79.197.96/28, 40.80.180.208/28, 40.80.180.224/27, 40.80.184.128/25, 40.82.248.224/28, 40.82.249.128/25, 52.150.137.0/25, 52.162.111.96/28, 52.168.116.128/27, 52.182.141.192/27, 52.236.189.96/27, 52.240.244.160/27, 20.204.193.12/30, 20.204.193.10/31, 20.192.174.216/29, 20.192.159.40/29` | **TCP:** 80, 443| +163 | Intune client and host service| Allow
Required | False | `*.manage.microsoft.com`
`manage.microsoft.com`
`EnterpriseEnrollment.manage.microsoft.com`
`104.46.162.96/27, 13.67.13.176/28, 13.67.15.128/27, 13.69.231.128/28, 13.69.67.224/28, 13.70.78.128/28, 13.70.79.128/27, 13.74.111.192/27, 13.77.53.176/28, 13.86.221.176/28,13.89.174.240/28, 13.89.175.192/28, 20.189.229.0/25, 20.191.167.0/25, 20.37.153.0/24, 20.37.192.128/25, 20.38.81.0/24, 20.41.1.0/24, 20.42.1.0/24, 20.42.130.0/24, 20.42.224.128/25, 20.43.129.0/24, 20.44.19.224/27, 40.119.8.128/25, 40.67.121.224/27, 40.70.151.32/28, 40.71.14.96/28, 40.74.25.0/24, 40.78.245.240/28, 40.78.247.128/27, 40.79.197.64/27, 40.79.197.96/28, 40.80.180.208/28, 40.80.180.224/27, 40.80.184.128/25, 40.82.248.224/28, 40.82.249.128/25, 52.150.137.0/25, 52.162.111.96/28, 52.168.116.128/27, 52.182.141.192/27, 52.236.189.96/27, 52.240.244.160/27, 20.204.193.12/30, 20.204.193.10/31, 20.192.174.216/29, 20.192.159.40/29, 104.208.197.64/27, 172.160.217.160/27, 172.201.237.160/27, 172.202.86.192/27, 172.205.63.0/25, 172.212.214.0/25, 172.215.131.0/27, 20.168.189.128/27, 20.199.207.192/28, 20.204.194.128/31, 20.208.149.192/27, 20.208.157.128/27, 20.214.131.176/29, 20.43.129.0/24, 20.91.147.72/29, 4.145.74.224/27, 4.150.254.64/27, 4.154.145.224/27, 4.200.254.32/27, 4.207.244.0/27, 4.213.25.64/27, 4.213.86.128/25, 4.216.205.32/27, 4.237.143.128/25, 40.84.70.128/25, 48.218.252.128/25, 57.151.0.192/27, 57.153.235.0/25, 57.154.140.128/25, 57.154.195.0/25, 57.155.45.128/25, 68.218.134.96/27, 74.224.214.64/27, 74.242.35.0/25, 172.208.170.0/25, 74.241.231.0/25, 74.242.184.128/25` | **TCP:** 80, 443| 172 | MDM Delivery Optimization | Default
Required | False | `*.do.dsp.mp.microsoft.com`
`*.dl.delivery.mp.microsoft.com`
| **TCP:** 80, 443| 170 | MEM - Win32Apps| Default
Required | False | `swda01-mscdn.manage.microsoft.com`
`swda02-mscdn.manage.microsoft.com`
`swdb01-mscdn.manage.microsoft.com`
`swdb02-mscdn.manage.microsoft.com`
`swdc01-mscdn.manage.microsoft.com`
`swdc02-mscdn.manage.microsoft.com`
`swdd01-mscdn.manage.microsoft.com`
`swdd02-mscdn.manage.microsoft.com`
`swdin01-mscdn.manage.microsoft.com`
`swdin02-mscdn.manage.microsoft.com` | **TCP:** 443| 97 | Consumer Outlook.com, OneDrive, Device authentication and Microsoft account | Default
Required | False | `account.live.com`
`login.live.com`
|**TCP:** 443 | From ed632a8ba9ac01ef36437a191de24629ed6003d2 Mon Sep 17 00:00:00 2001 From: BalaDelli <82196006+BalaDelli@users.noreply.github.com> Date: Thu, 19 Dec 2024 19:05:40 +0530 Subject: [PATCH 32/48] Update supported-operating-systems-for-site-system-servers.md --- ...erating-systems-for-site-system-servers.md | 33 +++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md index f402f899d16..e0c262dd03b 100644 --- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md +++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-site-system-servers.md @@ -2,12 +2,12 @@ title: Supported site system servers titleSuffix: Configuration Manager description: Learn which Windows versions you can use to host a Configuration Manager site or site system role. -ms.date: 12/01/2023 +ms.date: 12/19/2024 ms.subservice: core-infra ms.service: configuration-manager ms.topic: conceptual -author: Banreet -ms.author: banreetkaur +author: Baladelli +ms.author: baladell manager: apoorvseth ms.localizationpriority: medium ms.collection: tier3 @@ -20,6 +20,32 @@ ms.reviewer: mstewart,aaroncz This article details the Windows versions that you can use to host a Configuration Manager site or site system role. +## Windows Server 2025 + +_Applies to Datacenter: Azure Edition, Standard and Datacenter editions_ + +Site servers: + +- Central administration site +- Primary site +- Secondary site + +Site system servers: + +- Certificate registration point +- Cloud management gateway connection point +- Data warehouse service point +- Distribution point [Note 1](#bkmk_note1) +- Endpoint Protection point +- Fallback status point +- Management point +- Reporting services point +- Service connection point +- Site database server [Note 2](#bkmk_note2) +- SMS Provider +- Software update point +- State migration point + ## Windows Server 2022 _Applies to Datacenter: Azure Edition, Standard and Datacenter editions_ @@ -145,6 +171,7 @@ This support has the following limitation: The server core installation of the following server OS versions is supported for use as a **distribution point**: +- Windows Server 2025 - Windows Server 2022 - Windows Server 2019 - Windows Server, version 1809 From 502e21d40d4c8b7a607a84e10f59b76713300ad3 Mon Sep 17 00:00:00 2001 From: BalaDelli <82196006+BalaDelli@users.noreply.github.com> Date: Thu, 19 Dec 2024 19:08:01 +0530 Subject: [PATCH 33/48] Update supported-operating-systems-for-clients-and-devices.md --- ...supported-operating-systems-for-clients-and-devices.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md index b70a466efa5..2de4131414e 100644 --- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md +++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md @@ -2,7 +2,7 @@ title: Supported clients and devices titleSuffix: Configuration Manager description: Learn which OS versions Configuration Manager supports for clients and devices. -ms.date: 05/01/2024 +ms.date: 12/19/2024 ms.subservice: core-infra ms.service: configuration-manager ms.topic: conceptual @@ -18,7 +18,7 @@ ms.reviewer: mstewart,aaroncz *Applies to: Configuration Manager (current branch)* -Configuration Manager supports installing client software on Windows and macOS computers. +Configuration Manager supports installing client software on Windows computers. ## General requirements and limitations @@ -66,6 +66,8 @@ For more information, see the following articles: ### Supported server OS versions +- **Windows Server 2025**: IoT, Standard, Datacenter (_starting in Configuration Manager version 2409_) + - **Windows Server 2022**: IoT, Standard, Datacenter (_starting in Configuration Manager version 2107_) - *Windows Server IoT 2022 for Storage* is not supported @@ -90,6 +92,8 @@ The following versions specifically refer to the Server Core installation of the Windows Server semi-annual channel versions are Server Core installations, such as Windows Server, version 1809. As a Configuration Manager client, they're supported the same as the associated Windows 11 or Windows 10 semi-annual channel version. For more information, see [Support for Windows 11](support-for-windows-11.md) or [Support for Windows 10](support-for-windows-10.md). +- **Windows Server 2025** (x64) [Note 1](#bkmk_note1) (_starting in version 2409_) + - **Windows Server 2022** (x64) [Note 1](#bkmk_note1) (_starting in version 2107_) - **Windows Server 2019** (x64) [Note 1](#bkmk_note1) From 63233322d23c6500f3544755b566893e60120eeb Mon Sep 17 00:00:00 2001 From: BalaDelli <82196006+BalaDelli@users.noreply.github.com> Date: Thu, 19 Dec 2024 19:10:23 +0530 Subject: [PATCH 34/48] Update supported-operating-systems-consoles.md --- .../configs/supported-operating-systems-consoles.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md index b333c28011f..7dc36ab984a 100644 --- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md +++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-consoles.md @@ -2,12 +2,12 @@ title: Console support titleSuffix: Configuration Manager description: Learn about which OS versions you can install the Configuration Manager console. -ms.date: 12/01/2023 +ms.date: 12/19/2024 ms.subservice: core-infra ms.service: configuration-manager ms.topic: reference -author: Banreet -ms.author: banreetkaur +author: Baladelli +ms.author: Baladell manager: apoorvseth ms.localizationpriority: medium ms.collection: tier3 @@ -20,6 +20,8 @@ ms.reviewer: mstewart,aaroncz Configuration Manager supports the installation of the console on the following Windows OS versions: +- **Windows Server 2025**: Standard, Datacenter (_starting in version 2409_) + - **Windows Server 2022**: Standard, Datacenter (_starting in version 2107_) - **Windows Server 2019**: Standard, Datacenter From 58b117310d494ff3c57d7ffb63b9468167f88aa5 Mon Sep 17 00:00:00 2001 From: BalaDelli <82196006+BalaDelli@users.noreply.github.com> Date: Thu, 19 Dec 2024 19:14:29 +0530 Subject: [PATCH 35/48] Update upgrade-on-premises-infrastructure.md --- .../servers/manage/upgrade-on-premises-infrastructure.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md b/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md index 7fe4cd60d91..23b5a7f973d 100644 --- a/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md +++ b/memdocs/configmgr/core/servers/manage/upgrade-on-premises-infrastructure.md @@ -2,7 +2,7 @@ title: Upgrade on-premises infrastructure titleSuffix: Configuration Manager description: Learn how to upgrade infrastructure, such as SQL Server and the OS of site systems. -ms.date: 04/04/2024 +ms.date: 12/19/2024 ms.subservice: core-infra ms.service: configuration-manager ms.topic: conceptual @@ -32,6 +32,8 @@ Configuration Manager supports the in-place upgrade of the server OS that hosts - In-place upgrade from: + - Windows Server 2022 to Windows Server 2025 + - Windows Server 2019 to Windows Server 2022 - Windows Server 2016 to Windows Server 2022 @@ -50,10 +52,12 @@ To upgrade a server, use the upgrade procedures provided by the OS you're upgrad - [Upgrade and conversion options for Windows Server 2016](/windows-server/get-started/supported-upgrade-paths) -### Upgrade to Windows Server 2016, 2019, or 2022 +### Upgrade to Windows Server 2016, 2019, 2022 or 2025 Use the steps in this section for any of the following upgrade scenarios: +- Upgrade either Windows Server 2019 or Windows Server 2022 to Windows Server 2025 + - Upgrade either Windows Server 2016 or Windows Server 2019 to Windows Server 2022 - Upgrade either Windows Server 2012 R2 or Windows Server 2016 to Windows Server 2019 From ec802bba258791c24bd9085ff562b768275115b4 Mon Sep 17 00:00:00 2001 From: BalaDelli <82196006+BalaDelli@users.noreply.github.com> Date: Thu, 19 Dec 2024 19:19:10 +0530 Subject: [PATCH 36/48] Update upgrade-windows-to-the-latest-version.md --- .../osd/deploy-use/upgrade-windows-to-the-latest-version.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md b/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md index efa9d535a43..eba9339f946 100644 --- a/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md +++ b/memdocs/configmgr/osd/deploy-use/upgrade-windows-to-the-latest-version.md @@ -2,7 +2,7 @@ title: Windows in-place upgrade titleSuffix: Configuration Manager description: Learn how to use Configuration Manager to upgrade Windows to a later version. -ms.date: 06/14/2024 +ms.date: 12/19/2024 ms.service: configuration-manager ms.subservice: osd ms.topic: conceptual @@ -44,6 +44,7 @@ Only create OS upgrade packages to upgrade to the following OS versions: - Windows Server 2016 - Windows Server 2019 - Windows Server 2022 +- - Windows Server 2025 ### Original version @@ -67,6 +68,7 @@ For more information, see [Windows client upgrade paths](/windows/deployment/upg - An earlier version of Windows Server 2016 - An earlier version of Windows Server 2019 - An earlier version of Windows Server 2022 +- An earlier version of Windows Server 2025 For more information about Windows Server supported upgrade paths, see [Windows Server 2016 supported upgrade paths](/windows-server/get-started/supported-upgrade-paths#upgrading-previous-retail-versions-of-windows-server-to-windows-server-2016) and [Windows Server Upgrade Center](/windows-server/upgrade/upgrade-overview). From f919ca45c83777b7e8ec50e49071b564f3dcc3e0 Mon Sep 17 00:00:00 2001 From: Saurabh Koshta Date: Thu, 19 Dec 2024 10:45:31 -0600 Subject: [PATCH 37/48] Update administrative-templates-windows.md As per: https://portal.microsofticm.com/imp/v5/incidents/details/576826266/summary --- .../intune/configuration/administrative-templates-windows.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/memdocs/intune/configuration/administrative-templates-windows.md b/memdocs/intune/configuration/administrative-templates-windows.md index aae70458f92..4e1d690e371 100644 --- a/memdocs/intune/configuration/administrative-templates-windows.md +++ b/memdocs/intune/configuration/administrative-templates-windows.md @@ -34,6 +34,9 @@ ms.collection: > [!IMPORTANT] > Starting with the December 2412 release, you can't create new Administrative Templates policies from the **Templates** > **Administrative Templates** profile type in the Intune admin center. To create ADMX template profiles, use the **[settings catalog](settings-catalog.md)**. For more information on this change, see [Windows device configuration policies migrating to unified settings platform in Intune](https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-windows-device-configuration-policies-migrating-to/ba-p/4189665). +> +> There will be no changes to the following UI experiences: +> - ‘Imported Administrative templates (Preview)’ template which is used for Custom ADMX templates. **Administrative Templates** in Microsoft Intune include thousands of settings that control features in Microsoft Edge version 77 and later, Internet Explorer, Google Chrome, Microsoft Office programs, remote desktop, OneDrive, passwords, PINs, and more. These settings enable administrators to create group policies using the cloud. From 8dc6b59007f1aeae8712bfdf8e31fa9c3ef70b4e Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Thu, 19 Dec 2024 10:11:37 -0800 Subject: [PATCH 38/48] updated china and US govt endpoints --- memdocs/intune/fundamentals/china-endpoints.md | 8 +++++--- .../fundamentals/intune-us-government-endpoints.md | 11 +++++++---- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/memdocs/intune/fundamentals/china-endpoints.md b/memdocs/intune/fundamentals/china-endpoints.md index 159daec34e6..a3fedfc450b 100644 --- a/memdocs/intune/fundamentals/china-endpoints.md +++ b/memdocs/intune/fundamentals/china-endpoints.md @@ -8,7 +8,7 @@ keywords: author: Smritib17 ms.author: smbhardwaj manager: dougeby -ms.date: 03/24/2023 +ms.date: 12/19/2024 ms.topic: reference ms.service: microsoft-intune ms.subservice: fundamentals @@ -49,10 +49,10 @@ The following tables list the ports and services that the Intune client accesses |**Endpoint**|**IP address**| |---------------------|-----------| -|*.manage.microsoftonline.cn | 40.73.38.143
139.217.97.81
52.130.80.24
40.73.41.162
40.73.58.153
139.217.95.85 | - +|*.manage.microsoftonline.cn | 40.73.38.143
139.217.97.81
52.130.80.24
40.73.41.162
40.73.58.153
139.217.95.85
143.64.196.128/25
40.162.2.128/25
139.219.250.128/25
163.228.221.128/25
| ## Intune customer designated endpoints in China + - Azure portal: https:\//portal.azure.cn/ - Microsoft 365: https:\//portal.partner.microsoftonline.cn/ - Intune Company Portal: https:\//portal.manage.microsoftonline.cn/ @@ -69,6 +69,7 @@ If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also n ## Partner service endpoints Intune operated by 21Vianet depends on the following partner service endpoints: + - Azure AD Sync service: https:\//syncservice.partner.microsoftonline.cn/DirectoryService.svc - Evo STS: https:\//login.chinacloudapi.cn/ - Azure AD Graph: https:\//graph.chinacloudapi.us @@ -80,5 +81,6 @@ Intune operated by 21Vianet depends on the following partner service endpoints: [!INCLUDE [Intune notices](../includes/apple-device-network-information.md)] ## Next steps + [Learn more about Intune operated by 21Vianet in China](china.md) diff --git a/memdocs/intune/fundamentals/intune-us-government-endpoints.md b/memdocs/intune/fundamentals/intune-us-government-endpoints.md index a98b4d7793d..b1e9dc224fa 100644 --- a/memdocs/intune/fundamentals/intune-us-government-endpoints.md +++ b/memdocs/intune/fundamentals/intune-us-government-endpoints.md @@ -8,7 +8,7 @@ keywords: author: Smritib17 ms.author: smbhardwaj manager: dougeby -ms.date: 10/04/2021 +ms.date: 12/19/2024 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: fundamentals @@ -52,14 +52,16 @@ The following tables list the ports and services that the Intune client accesses | Endpoint | IP address | |---------------------|-----------| -|*.manage.microsoft.us | 52.227.99.114
20.141.108.112
13.72.17.166
52.126.185.115
52.227.211.91
23.97.10.212
52.227.29.124
52.247.174.16
52.227.29.244
52.227.208.144
52.227.1.233
20.141.104.221
52.247.134.218
20.141.78.227
13.77.236.201 | +|*.manage.microsoft.us | 52.227.99.114
20.141.108.112
13.72.17.166
52.126.185.115
52.227.211.91
23.97.10.212
52.227.29.124
52.247.174.16
52.227.29.244
52.227.208.144
52.227.1.233
20.141.104.221
52.247.134.218
20.141.78.227
13.77.236.201
62.10.86.128/25
62.10.87.128/25
20.159.110.0/25
20.159.111.0/25
| | enterpriseregistration.microsoftonline.us | 13.72.188.239
13.72.55.179 | -## US Government customer designated endpoints: +## US Government customer designated endpoints + - Azure portal: https:\//portal.azure.us/ - Microsoft 365: https:\//portal.office365.us/ - Intune Company Portal: https:\//portal.manage.microsoft.us/ - Microsoft Intune admin center: https:\//intune.microsoft.us/ + ## Network requirements for PowerShell scripts and Win32 apps If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also need to grant access to endpoints in which your tenant currently resides. @@ -68,8 +70,8 @@ If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also n | --- | --- |--- | |FXPASU01 | sovereignprodimedatapri
sovereignprodimedatasec
sovereignprodimedatahotfix | sovereignprodimedatapri.azureedge.net
sovereignprodimedatasec.azureedge.net
sovereignprodimedatahotfix.azureedge.net | +## Partner service endpoints that Intune depends on -## Partner service endpoints that Intune depends on: - Azure AD Sync service: https:\//syncservice.gov.us.microsoftonline.com/DirectoryService.svc - Evo STS: https:\//login.microsoftonline.us - Directory Proxy: https:\//directoryproxy.microsoftazure.us/DirectoryProxy.svc @@ -82,5 +84,6 @@ If you're using Intune to deploy PowerShell scripts or Win32 apps, you'll also n [!INCLUDE [Intune notices](../includes/apple-device-network-information.md)] ## Next steps + [Network endpoints for Microsoft Intune](intune-endpoints.md) From f09b6fb0d306dd725bacd325da640f64dbb847a1 Mon Sep 17 00:00:00 2001 From: Palika Singh <97435621+PalikaSingh@users.noreply.github.com> Date: Fri, 20 Dec 2024 12:54:47 +0530 Subject: [PATCH 39/48] Update checklist-for-installing-update-2409.md updated the info for all sites to 2303 from 2409 --- .../core/servers/manage/checklist-for-installing-update-2409.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md b/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md index f6954a91102..a1c6c5c520b 100644 --- a/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md +++ b/memdocs/configmgr/core/servers/manage/checklist-for-installing-update-2409.md @@ -97,7 +97,7 @@ As of December 16 , 2024, version 2409 is globally available for all customers t ### All sites run a supported version of Configuration Manager -Each site server in the hierarchy must run the same version of Configuration Manager before you can start the installation. To update to version 2409, use version 2309 or later. +Each site server in the hierarchy must run the same version of Configuration Manager before you can start the installation. To update to version 2409, use version 2303 or later. ### Review the status of your product licensing From 2cc9b5efe7fcb33e564f43549e27ce0a7f960263 Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Fri, 20 Dec 2024 09:36:02 -0800 Subject: [PATCH 40/48] Updated --- memdocs/intune/apps/company-portal-app.md | 4 ++-- memdocs/intune/fundamentals/whats-new.md | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/memdocs/intune/apps/company-portal-app.md b/memdocs/intune/apps/company-portal-app.md index 85c0d5c8b38..a48a34c6099 100644 --- a/memdocs/intune/apps/company-portal-app.md +++ b/memdocs/intune/apps/company-portal-app.md @@ -8,7 +8,7 @@ keywords: author: Erikre ms.author: erikre manager: dougeby -ms.date: 06/07/2024 +ms.date: 12/20/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: apps @@ -43,7 +43,7 @@ The Company Portal apps, Company Portal website, and Intune app on Android are w ## Customizing the user experience -By customizing the end-user experience, you will help to provide a familiar and helpful experience for your end users. To do this, sign in as an [Intune administrator](../fundamentals/users-add.md#types-of-administrators). Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Tenant Administration** > **Customization** where you can either edit the default policy or create up to 10 user group targeted policies. Note that targeting policies to device groups is not supported. These settings will apply to the Company Portal apps, Company Portal website, and Intune app on Android. +By customizing the end-user experience, you will help to provide a familiar and helpful experience for your end users. To do this, sign in as an [Intune administrator](../fundamentals/users-add.md#types-of-administrators). Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Tenant Administration** > **Customization** where you can either edit the default policy or create up to 25 user group targeted policies. Note that targeting policies to device groups is not supported. These settings will apply to the Company Portal apps, Company Portal website, and Intune app on Android. ## Branding diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index eabd98b796b..f3130de7777 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -78,6 +78,14 @@ You can use RSS to be notified when this page is updated. For more information, ## Week of December 16, 2024 (Service release 2412) +### App management + +#### Increased scale for Customization policies + +You can now create up to 25 policies that customize the Company Portal and Intune app experience. The previous maximum number of Customization policies was 10. Navigate to the Intune admin center, and select **Tenant administration** > **Customization**. + +For more information about customizing the Company Portal and Intune apps, see [Customizing the user experience](../apps/company-portal-app#customizing-the-user-experience). + ### Device security #### Support for tamper protection in policies for Security settings management for Microsoft Defender for Endpoint From 33c73a3c7e390fa151d5f49f19d196a3a9d96259 Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Fri, 20 Dec 2024 09:39:47 -0800 Subject: [PATCH 41/48] Fixing link --- memdocs/intune/fundamentals/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index f3130de7777..749b9c8e999 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -84,7 +84,7 @@ You can use RSS to be notified when this page is updated. For more information, You can now create up to 25 policies that customize the Company Portal and Intune app experience. The previous maximum number of Customization policies was 10. Navigate to the Intune admin center, and select **Tenant administration** > **Customization**. -For more information about customizing the Company Portal and Intune apps, see [Customizing the user experience](../apps/company-portal-app#customizing-the-user-experience). +For more information about customizing the Company Portal and Intune apps, see [Customizing the user experience](../apps/company-portal-app#customizing-the-user-experience.md). ### Device security From 835ac00dcdb3405ff1abc0882cab27a43de7d2dc Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Fri, 20 Dec 2024 09:44:18 -0800 Subject: [PATCH 42/48] Fixing link --- memdocs/intune/fundamentals/whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 749b9c8e999..2abbe774027 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -84,7 +84,7 @@ You can use RSS to be notified when this page is updated. For more information, You can now create up to 25 policies that customize the Company Portal and Intune app experience. The previous maximum number of Customization policies was 10. Navigate to the Intune admin center, and select **Tenant administration** > **Customization**. -For more information about customizing the Company Portal and Intune apps, see [Customizing the user experience](../apps/company-portal-app#customizing-the-user-experience.md). +For more information about customizing the Company Portal and Intune apps, see [Customizing the user experience](../apps/company-portal-app.md#customizing-the-user-experience). ### Device security From a22617ad46159c1b69d41f478f8c72ae870b871f Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:40:50 -0800 Subject: [PATCH 43/48] updated endpoints --- memdocs/intune/fundamentals/intune-endpoints.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md index d3e75fad938..be1a485d990 100644 --- a/memdocs/intune/fundamentals/intune-endpoints.md +++ b/memdocs/intune/fundamentals/intune-endpoints.md @@ -8,7 +8,7 @@ keywords: author: Smritib17 ms.author: smbhardwaj manager: dougeby -ms.date: 12/18/2024 +ms.date: 12/20/2024 ms.topic: reference ms.service: microsoft-intune ms.subservice: fundamentals @@ -153,7 +153,7 @@ For Intune-managed Windows devices managed using Mobile Device Management (MDM), | --- | ---- | -------- | ----- | --------- | ----- | | 172 | MDM - Delivery Optimization Dependencies | Default
Required | False | `*.do.dsp.mp.microsoft.com`
`*.dl.delivery.mp.microsoft.com`
| **TCP:** 80, 443 | -**Port requirements** - For client-service communication, it uses HTTP or HTTPS over port 80/443. Optionally, for peer-to-peer traffic, Delivery Optimization uses 7680 for TCP/IP and Teredo on port 3544 for NAT traversal. For more information, see [Delivery Optimization documentation](/windows/deployment/do/) +**Port requirements** - For client-service communication, it uses HTTP or HTTPS over port 80/443. Optionally, for peer-to-peer traffic, Delivery Optimization uses 7680 for TCP/IP and Teredo on port 3544 for NAT traversal. For more information, see [Delivery Optimization documentation](/windows/deployment/do/) **Proxy requirements** - To use Delivery Optimization, you must allow Byte Range requests. For more information, see [Proxy requirements for Delivery Optimization](/windows/deployment/do/waas-delivery-optimization-faq#what-are-the-requirements-if-i-use-a-proxy). @@ -172,6 +172,7 @@ For Delivery Optimization metadata: | 178 | MEM - Apple Dependencies | Default
Required | False | `itunes.apple.com`
`*.itunes.apple.com`
`*.mzstatic.com`
`*.phobos.apple.com`
`phobos.itunes-apple.com.akadns.net`
`5-courier.push.apple.com`
`phobos.apple.com`
`ocsp.apple.com`
`ax.itunes.apple.com`
`ax.itunes.apple.com.edgesuite.net`
`s.mzstatic.com`
`a1165.phobos.apple.com`
|**TCP:** 80, 443, 5223| For more information, see the following resources: + - [Use Apple products on enterprise networks](https://support.apple.com/HT210060) - [TCP and UDP ports used by Apple software products](https://support.apple.com/HT202944) - [About macOS, iOS/iPadOS, and iTunes server host connections and iTunes background processes](https://support.apple.com/HT201999) @@ -294,16 +295,17 @@ The following tables list the ports and services that the Intune client accesses If you're using Intune to deploy PowerShell scripts or Win32 apps, you also need to grant access to endpoints in which your tenant currently resides. -To find your tenant location (or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under **Tenant location** as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere. +To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under **Tenant location** as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere. > [!NOTE] > **Allow HTTP Partial response** is required for Scripts & Win32 Apps endpoints. |Azure Scale Unit (ASU) | Storage name | CDN | Port | | --- | --- |--- | --- | -|AMSUA0601
AMSUA0602
AMSUA0101
AMSUA0102
AMSUA0201
AMSUA0202
AMSUA0401
AMSUA0402
AMSUA0501
AMSUA0502
AMSUA0601
AMSUA0701
AMSUA0702
AMSUA0801
AMSUA0901 | naprodimedatapri
naprodimedatasec
naprodimedatahotfix | naprodimedatapri.azureedge.net
naprodimedatasec.azureedge.net
naprodimedatahotfix.azureedge.net | **TCP:** 443 | -| AMSUB0101
AMSUB0102
AMSUB0201
AMSUB0202
AMSUB0301
AMSUB0302
AMSUB0501
AMSUB0502
AMSUB0601
AMSUB0701 | euprodimedatapri
euprodimedatasec
euprodimedatahotfix | euprodimedatapri.azureedge.net
euprodimedatasec.azureedge.net
euprodimedatahotfix.azureedge.net | **TCP:** 443 | -| AMSUC0101
AMSUC0201
AMSUC0301
AMSUC0501
AMSUC0601
AMSUD0101| approdimedatapri
approdimedatasec
approdimedatahotifx | approdimedatapri.azureedge.net
approdimedatasec.azureedge.net
approdimedatahotfix.azureedge.net |**TCP:** 443 | +|AMSUA0601
AMSUA0602
AMSUA0101
AMSUA0102
AMSUA0201
AMSUA0202
AMSUA0401
AMSUA0402
AMSUA0501
AMSUA0502
AMSUA0601
AMSUA0701
AMSUA0702
AMSUA0801
AMSUA0901 | naprodimedatapri
naprodimedatasec
naprodimedatahotfix | naprodimedatapri.azureedge.net
naprodimedatasec.azureedge.net
naprodimedatahotfix.azureedge.net
imeswda-afd-primary.manage.microsoft.com
imeswda-afd-secondary.manage.microsoft.com +
imeswda-afd-hotfix.manage.microsoft.com | **TCP:** 443 | +| AMSUB0101
AMSUB0102
AMSUB0201
AMSUB0202
AMSUB0301
AMSUB0302
AMSUB0501
AMSUB0502
AMSUB0601
AMSUB0701 | euprodimedatapri
euprodimedatasec
euprodimedatahotfix | euprodimedatapri.azureedge.net
euprodimedatasec.azureedge.net
euprodimedatahotfix.azureedge.net
imeswdb-afd-primary.manage.microsoft.com
imeswdb-afd-secondary.manage.microsoft.com
imeswdb-afd-hotfix.manage.microsoft.com | **TCP:** 443 | +| AMSUC0101
AMSUC0201
AMSUC0301
AMSUC0501
AMSUC0601
AMSUD0101| approdimedatapri
approdimedatasec
approdimedatahotifx | approdimedatapri.azureedge.net
approdimedatasec.azureedge.net
approdimedatahotfix.azureedge.net
imeswdc-afd-primary.manage.microsoft.com
imeswdc-afd-secondary.manage.microsoft.com
imeswdc-afd-hotfix.manage.microsoft.com |**TCP:** 443 | ## Microsoft Store From a4a18dc1631f162f782e8699d51b6b18a334db13 Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:44:45 -0800 Subject: [PATCH 44/48] updated alignment --- memdocs/intune/fundamentals/intune-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md index be1a485d990..6a51151b728 100644 --- a/memdocs/intune/fundamentals/intune-endpoints.md +++ b/memdocs/intune/fundamentals/intune-endpoints.md @@ -301,7 +301,7 @@ To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsof > **Allow HTTP Partial response** is required for Scripts & Win32 Apps endpoints. |Azure Scale Unit (ASU) | Storage name | CDN | Port | -| --- | --- |--- | --- | +| --- | --- |--------- | --- | |AMSUA0601
AMSUA0602
AMSUA0101
AMSUA0102
AMSUA0201
AMSUA0202
AMSUA0401
AMSUA0402
AMSUA0501
AMSUA0502
AMSUA0601
AMSUA0701
AMSUA0702
AMSUA0801
AMSUA0901 | naprodimedatapri
naprodimedatasec
naprodimedatahotfix | naprodimedatapri.azureedge.net
naprodimedatasec.azureedge.net
naprodimedatahotfix.azureedge.net
imeswda-afd-primary.manage.microsoft.com
imeswda-afd-secondary.manage.microsoft.com
imeswda-afd-hotfix.manage.microsoft.com | **TCP:** 443 | | AMSUB0101
AMSUB0102
AMSUB0201
AMSUB0202
AMSUB0301
AMSUB0302
AMSUB0501
AMSUB0502
AMSUB0601
AMSUB0701 | euprodimedatapri
euprodimedatasec
euprodimedatahotfix | euprodimedatapri.azureedge.net
euprodimedatasec.azureedge.net
euprodimedatahotfix.azureedge.net
imeswdb-afd-primary.manage.microsoft.com
imeswdb-afd-secondary.manage.microsoft.com
imeswdb-afd-hotfix.manage.microsoft.com | **TCP:** 443 | From d5b5f6b8acc0db7f967b79051fac02acd6c55421 Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:50:29 -0800 Subject: [PATCH 45/48] updated alignment --- memdocs/intune/fundamentals/intune-endpoints.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md index 6a51151b728..d1cfcf6985d 100644 --- a/memdocs/intune/fundamentals/intune-endpoints.md +++ b/memdocs/intune/fundamentals/intune-endpoints.md @@ -301,9 +301,8 @@ To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsof > **Allow HTTP Partial response** is required for Scripts & Win32 Apps endpoints. |Azure Scale Unit (ASU) | Storage name | CDN | Port | -| --- | --- |--------- | --- | -|AMSUA0601
AMSUA0602
AMSUA0101
AMSUA0102
AMSUA0201
AMSUA0202
AMSUA0401
AMSUA0402
AMSUA0501
AMSUA0502
AMSUA0601
AMSUA0701
AMSUA0702
AMSUA0801
AMSUA0901 | naprodimedatapri
naprodimedatasec
naprodimedatahotfix | naprodimedatapri.azureedge.net
naprodimedatasec.azureedge.net
naprodimedatahotfix.azureedge.net
imeswda-afd-primary.manage.microsoft.com
imeswda-afd-secondary.manage.microsoft.com -
imeswda-afd-hotfix.manage.microsoft.com | **TCP:** 443 | +| --- | --- |------------- | --- | +|AMSUA0601
AMSUA0602
AMSUA0101
AMSUA0102
AMSUA0201
AMSUA0202
AMSUA0401
AMSUA0402
AMSUA0501
AMSUA0502
AMSUA0601
AMSUA0701
AMSUA0702
AMSUA0801
AMSUA0901 | naprodimedatapri
naprodimedatasec
naprodimedatahotfix | naprodimedatapri.azureedge.net
naprodimedatasec.azureedge.net
naprodimedatahotfix.azureedge.net
imeswda-afd-primary.manage.microsoft.com
imeswda-afd-secondary.manage.microsoft.com
imeswda-afd-hotfix.manage.microsoft.com | **TCP:** 443 | | AMSUB0101
AMSUB0102
AMSUB0201
AMSUB0202
AMSUB0301
AMSUB0302
AMSUB0501
AMSUB0502
AMSUB0601
AMSUB0701 | euprodimedatapri
euprodimedatasec
euprodimedatahotfix | euprodimedatapri.azureedge.net
euprodimedatasec.azureedge.net
euprodimedatahotfix.azureedge.net
imeswdb-afd-primary.manage.microsoft.com
imeswdb-afd-secondary.manage.microsoft.com
imeswdb-afd-hotfix.manage.microsoft.com | **TCP:** 443 | | AMSUC0101
AMSUC0201
AMSUC0301
AMSUC0501
AMSUC0601
AMSUD0101| approdimedatapri
approdimedatasec
approdimedatahotifx | approdimedatapri.azureedge.net
approdimedatasec.azureedge.net
approdimedatahotfix.azureedge.net
imeswdc-afd-primary.manage.microsoft.com
imeswdc-afd-secondary.manage.microsoft.com
imeswdc-afd-hotfix.manage.microsoft.com |**TCP:** 443 | From 219defc790059a56f4ce52e9d3e51f79f9957f8e Mon Sep 17 00:00:00 2001 From: Smriti Bhardwaj <95657523+Smritib17@users.noreply.github.com> Date: Fri, 20 Dec 2024 22:39:08 -0800 Subject: [PATCH 46/48] updated endpoints --- memdocs/intune/fundamentals/intune-endpoints.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md index d1cfcf6985d..cf9c1aed93b 100644 --- a/memdocs/intune/fundamentals/intune-endpoints.md +++ b/memdocs/intune/fundamentals/intune-endpoints.md @@ -306,6 +306,18 @@ To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsof | AMSUB0101
AMSUB0102
AMSUB0201
AMSUB0202
AMSUB0301
AMSUB0302
AMSUB0501
AMSUB0502
AMSUB0601
AMSUB0701 | euprodimedatapri
euprodimedatasec
euprodimedatahotfix | euprodimedatapri.azureedge.net
euprodimedatasec.azureedge.net
euprodimedatahotfix.azureedge.net
imeswdb-afd-primary.manage.microsoft.com
imeswdb-afd-secondary.manage.microsoft.com
imeswdb-afd-hotfix.manage.microsoft.com | **TCP:** 443 | | AMSUC0101
AMSUC0201
AMSUC0301
AMSUC0501
AMSUC0601
AMSUD0101| approdimedatapri
approdimedatasec
approdimedatahotifx | approdimedatapri.azureedge.net
approdimedatasec.azureedge.net
approdimedatahotfix.azureedge.net
imeswdc-afd-primary.manage.microsoft.com
imeswdc-afd-secondary.manage.microsoft.com
imeswdc-afd-hotfix.manage.microsoft.com |**TCP:** 443 | +## Network requirements for macOS app and script deployments + +If you're using Intune to deploy apps or scripts on macOS, you also need to grant access to endpoints in which your tenant currently resides. + +To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under Tenant location as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere. + +|Azure Scale Unit (ASU) | CDN | Port | +| --- |------------- | --- | +|AMSUA0601
AMSUA0602
AMSUA0101
AMSUA0102
AMSUA0201
AMSUA0202
AMSUA0401
AMSUA0402
AMSUA0501
AMSUA0502
AMSUA0601
AMSUA0701
AMSUA0702
AMSUA0801
AMSUA0901 | macsidecar.manage.microsoft.com | **TCP:** 443 | +| AMSUB0101
AMSUB0102
AMSUB0201
AMSUB0202
AMSUB0301
AMSUB0302
AMSUB0501
AMSUB0502
AMSUB0601
AMSUB0701 | macsidecareu.manage.microsoft.com | **TCP:** 443 | +| AMSUC0101
AMSUC0201
AMSUC0301
AMSUC0501
AMSUC0601
AMSUD0101| macsidecarap.manage.microsoft.com |**TCP:** 443 | + ## Microsoft Store Managed Windows devices using the Microsoft Store – either to acquire, install, or update apps – need access to these endpoints. From 2d285eb689608dfa68528caa3190d90ec2eccafd Mon Sep 17 00:00:00 2001 From: Brent Dunsire Date: Thu, 2 Jan 2025 08:04:12 -0800 Subject: [PATCH 47/48] Learn Editor: Update microsoft-tunnel-upgrade.md --- memdocs/intune/protect/microsoft-tunnel-upgrade.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/memdocs/intune/protect/microsoft-tunnel-upgrade.md b/memdocs/intune/protect/microsoft-tunnel-upgrade.md index 5a4851493af..d5ea848f2e7 100644 --- a/memdocs/intune/protect/microsoft-tunnel-upgrade.md +++ b/memdocs/intune/protect/microsoft-tunnel-upgrade.md @@ -138,9 +138,10 @@ Image hash values: - **serverImageDigest**: sha256:9886240ee473583753daf10929921f7c7c54bbf6f68095395aa2089688090fb3 Changes in this release: --Diagnostic tool improvements --Bug fixes for rootless container mode in mst-cli --Localization improvements in mstunnel-setup + +- Diagnostic tool improvements +- Bug fixes for rootless container mode in mst-cli +- Localization improvemSents in mstunnel-setup ### October 2, 2024 @@ -152,7 +153,8 @@ Image hash values: - **serverImageDigest**: sha256:0efab5013351bcd81f186973e75ed5d9f91bbe6271e3be481721500f946fc9ec Changes in this release: --Upgrade from .NET 6 to .NET 8 + +- Upgrade from .NET 6 to .NET 8 - Upgrade ocserv to version 1.3.0 - Fix rootless container bug in installer @@ -164,7 +166,7 @@ Image hash values: - **serverImageDigest**: sha256:6484d311d1bd6cbe55d71306595715bafa6a20a000be6fd6f9e530716cef6c16 -Changes in this release: +Changes in this release: - Add diagnostic tools for host troubleshooting - Upgrade Azure Linux image to 2.0.20240829 From 347c053ef299662a425bf6987249995c226450a3 Mon Sep 17 00:00:00 2001 From: Brent Dunsire Date: Thu, 2 Jan 2025 08:04:34 -0800 Subject: [PATCH 48/48] Learn Editor: Update microsoft-tunnel-upgrade.md