Merge pull request #15912 from MicrosoftDocs/main

publish main to live 10:30 AM 8/15/24
MicrosoftDocs · Aug 15, 2024 · d76528e · d76528e
2 parents 10d8f86 + c3f4381
commit d76528e
Show file tree

Hide file tree

Showing 15 changed files with 122 additions and 105 deletions.
diff --git a/memdocs/intune/configuration/quickstart-email-profile.md b/memdocs/intune/configuration/quickstart-email-profile.md
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 11/09/2023
+ms.date: 08/14/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -62,7 +62,7 @@ For more information on the different roles in Intune, go to [Role-based access
 3. Enter the following properties:
 
    - **Platform**: Select **iOS/iPadOS**.
-   - **Profile type**: Select **Temmplates** > **Email**.
+   - **Profile type**: Select **Templates** > **Email**.
 
 4. Select **Create**.
 
@@ -87,7 +87,7 @@ For more information on the different roles in Intune, go to [Role-based access
 
 9. In **Scope tags** (optional), select **Next**. In this example, we don't use scope tags.
 
-10. In **Assignments**, use the drop-down for **Assign to** and select **All users and all devices**.  Then, select **Next**.
+10. In **Assignments**, use the drop-down for **Assign to** and select **All users and all devices**. Then, select **Next**.
 
 11. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned.
 

diff --git a/memdocs/intune/fundamentals/deployment-plan-configuration-profile.md b/memdocs/intune/fundamentals/deployment-plan-configuration-profile.md
diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md
@@ -98,7 +98,7 @@ The data columns shown in the tables are:
 ID |Desc |Category |ER |Addresses |Ports
 -- |---------------------------------------------------------------- |---------------------|--- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------|
 163 | Endpoint Manager client and host service| Allow<BR>Required | False | `*.manage.microsoft.com`<BR>`manage.microsoft.com`<BR>`EnterpriseEnrollment.manage.microsoft.com`<BR>`104.46.162.96/27, 13.67.13.176/28, 13.67.15.128/27, 13.69.231.128/28, 13.69.67.224/28, 13.70.78.128/28, 13.70.79.128/27, 13.71.199.64/28, 13.73.244.48/28, 13.74.111.192/27, 13.77.53.176/28, 13.86.221.176/28,13.89.174.240/28, 13.89.175.192/28, 20.189.229.0/25, 20.191.167.0/25, 20.37.153.0/24, 20.37.192.128/25, 20.38.81.0/24, 20.41.1.0/24, 20.42.1.0/24, 20.42.130.0/24, 20.42.224.128/25, 20.43.129.0/24, 20.44.19.224/27, 20.49.93.160/27, 40.119.8.128/25, 40.67.121.224/27, 40.70.151.32/28, 40.71.14.96/28, 40.74.25.0/24, 40.78.245.240/28, 40.78.247.128/27, 40.79.197.64/27, 40.79.197.96/28, 40.80.180.208/28, 40.80.180.224/27, 40.80.184.128/25, 40.82.248.224/28, 40.82.249.128/25, 52.150.137.0/25, 52.162.111.96/28, 52.168.116.128/27, 52.182.141.192/27, 52.236.189.96/27, 52.240.244.160/27, 20.204.193.12/30, 20.204.193.10/31, 20.192.174.216/29, 20.192.159.40/29` | **TCP:** 80, 443|
-172 | MDM Delivery Optimization | Default<BR>Required | False | `*.do.dsp.mp.microsoft.com`<BR> `*.dl.delivery.mp.microsoft.com`<BR> `*.emdl.ws.microsoft.com`<BR> `kv801.prod.do.dsp.mp.microsoft.com`<BR> `geo.prod.do.dsp.mp.microsoft.com`<BR> `emdl.ws.microsoft.com`<BR> `2.dl.delivery.mp.microsoft.com`<BR> `bg.v4.emdl.ws.microsoft.com`<BR> | **TCP:** 80, 443|
+172 | MDM Delivery Optimization | Default<BR>Required | False | `*.do.dsp.mp.microsoft.com`<BR> `*.dl.delivery.mp.microsoft.com`<BR> | **TCP:** 80, 443|
 170 | MEM - Win32Apps| Default<BR>Required | False | `swda01-mscdn.manage.microsoft.com`<br>`swda02-mscdn.manage.microsoft.com`<br>`swdb01-mscdn.manage.microsoft.com`<br>`swdb02-mscdn.manage.microsoft.com`<br>`swdc01-mscdn.manage.microsoft.com`<br>`swdc02-mscdn.manage.microsoft.com`<br>`swdd01-mscdn.manage.microsoft.com`<br>`swdd02-mscdn.manage.microsoft.com`<br>`swdin01-mscdn.manage.microsoft.com`<BR>`swdin02-mscdn.manage.microsoft.com` | **TCP:** 443|
 97 | Consumer Outlook.com, OneDrive, Device authentication and Microsoft account | Default<BR>Required | False | `account.live.com`<BR>`login.live.com`<BR> |**TCP:** 443  |
 190 | Endpoint discovery | Default<BR>Required | False | `go.microsoft.com` | **TCP:** 80, 443|
@@ -110,7 +110,7 @@ ID |Desc |Category |ER |Addresses |Ports
 
 ID |Desc |Category |ER |Addresses |Ports|
 -- |-- |-----|--- |--------------|--------------------------------|
-164 | Autopilot - Windows Update| Default<BR>Required | False | `*.windowsupdate.com`<BR>`*.dl.delivery.mp.microsoft.com`<BR>`*.prod.do.dsp.mp.microsoft.com`<BR>`emdl.ws.microsoft.com`<BR>`*.delivery.mp.microsoft.com`<BR>`*.update.microsoft.com`<BR>`tsfe.trafficshaping.dsp.mp.microsoft.com`<BR>`adl.windows.com`<BR> | **TCP:** 80, 443|
+164 | Autopilot - Windows Update| Default<BR>Required | False | `*.windowsupdate.com`<BR>`*.dl.delivery.mp.microsoft.com`<BR>`*.prod.do.dsp.mp.microsoft.com`<BR>`*.delivery.mp.microsoft.com`<BR>`*.update.microsoft.com`<BR>`tsfe.trafficshaping.dsp.mp.microsoft.com`<BR>`adl.windows.com`<BR> | **TCP:** 80, 443|
 165 | Autopilot - NTP Sync | Default<BR>Required | False | `time.windows.com` |**UDP:** 123|
 169 | Autopilot - WNS Dependencies| Default<BR>Required | False | `clientconfig.passport.net`<BR>`windowsphone.com`<BR>`*.s-microsoft.com`<BR>`c.s-microsoft.com` | **TCP:** 443 |
 173 | Autopilot - Third party deployment dependencies| Default<BR>Required | False | `ekop.intel.com`<BR>`ekcert.spserv.microsoft.com`<BR>`ftpm.amd.com`<BR> | **TCP:** 443|
@@ -152,9 +152,9 @@ For Intune-managed Windows devices managed using Mobile Device Management (MDM),
 
 | ID  | Desc | Category | ER    | Addresses | Ports |
 | --- | ---- | -------- | ----- | --------- | ----- |
-| 172 | MDM - Delivery Optimization Dependencies | Default<BR>Required | False | `*.do.dsp.mp.microsoft.com`<BR>`*.dl.delivery.mp.microsoft.com`<BR>`*.emdl.ws.microsoft.com`<BR>`kv801.prod.do.dsp.mp.microsoft.com`<BR>`geo.prod.do.dsp.mp.microsoft.com`<BR>`emdl.ws.microsoft.com`<BR>`2.dl.delivery.mp.microsoft.com`<BR>`bg.v4.emdl.ws.microsoft.com`<BR> | **TCP:** 80, 443 |
+| 172 | MDM - Delivery Optimization Dependencies | Default<BR>Required | False | `*.do.dsp.mp.microsoft.com`<BR>`*.dl.delivery.mp.microsoft.com`<BR> | **TCP:** 80, 443 |
 
-**Port requirements** - For peer-to-peer traffic, Delivery Optimization uses 7680 for TCP/IP or 3544 for NAT traversal (optionally Teredo).
+**Port requirements** - For peer-to-peer traffic, Delivery Optimization uses 7680 for TCP/IP. It uses Teredo on port 3544 for NAT traversal (use of Teredo is optional)
 For client-service communication, it uses HTTP or HTTPS over port 80/443.
 
 **Proxy requirements** - To use Delivery Optimization, you must allow Byte Range requests. For more information, see [Proxy requirements for Windows Update](/windows/deployment/update/windows-update-troubleshooting).
@@ -166,7 +166,6 @@ For client-service communication, it uses HTTP or HTTPS over port 80/443.
 For Delivery Optimization metadata:
 
 - \*.dl.delivery.mp.microsoft.com
-- \*.emdl.ws.microsoft.com
 
 #### Apple dependencies
 
@@ -221,9 +220,7 @@ You'll also need FQDNs that are covered as part of Microsoft 365 Requirements. F
 |*.update.microsoft.com| Windows Update and Delivery Optimization |
 |*.delivery.mp.microsoft.com| Windows Update and Delivery Optimization |
 |tsfe.trafficshaping.dsp.mp.microsoft.com| Windows Update and Delivery Optimization |
-|emdl.ws.microsoft.com| Delivery Optimization |
 |*.do.dsp.mp.microsoft.com| Delivery Optimization |
-|*.emdl.ws.microsoft.com| Delivery Optimization |
 |*.notify.windows.com| Push Notifications |
 |*.wns.windows.com| Push Notifications |
 |devicelistenerprod.microsoft.com| Windows Update for Business deployment service |

diff --git a/...ls/media/monitor-audit-logs/audit-logs-compliance-category-activity-options.png b/...ls/media/monitor-audit-logs/audit-logs-compliance-category-activity-options.png
diff --git a/memdocs/intune/fundamentals/media/monitor-audit-logs/audit-logs-date-range.png b/memdocs/intune/fundamentals/media/monitor-audit-logs/audit-logs-date-range.png
diff --git a/...ntune/fundamentals/media/monitor-audit-logs/audit-logs-export-data-settings.png b/...ntune/fundamentals/media/monitor-audit-logs/audit-logs-export-data-settings.png
diff --git a/memdocs/intune/fundamentals/monitor-audit-logs.md b/memdocs/intune/fundamentals/monitor-audit-logs.md
@@ -7,7 +7,7 @@ keywords:
 ms.author: mandia
 author: MandiOhlinger
 manager: dougeby
-ms.date: 10/24/2023
+ms.date: 08/14/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -31,7 +31,9 @@ ms.collection:
 
 # Use audit logs to track and monitor events in Microsoft Intune
 
-Audit logs include a record of activities that generate a change in Microsoft Intune. Create, update (edit), delete, assign, and remote actions all create audit events that administrators can review for most Intune workloads. By default, auditing is enabled for all customers. It can't be disabled.
+In Microsoft Intune, there are audit logs that include a record of activities that generate a change. For example, the create, update (edit), delete, assign, and remote actions all create audit events.
+
+Administrators can review the audit logs to track and monitor events for most Intune workloads. Auditing is enabled for all customers. It can't be disabled.
 
 ## Who can access the data?
 
@@ -40,46 +42,55 @@ Users with the following permissions can review audit logs:
 - [Intune Administrator Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference#intune-administrator)
 - Administrators assigned to an Intune role with **Audit data** - **Read** permissions. For a list of built-in Intune roles that have this permission, go to [Built-in role permissions for Microsoft Intune](role-based-access-control-reference.md).
 
-## Audit logs for Intune workloads
+## View the audit logs
 
-You can review audit logs in the monitoring group for each Intune workload:
+You can review audit logs in the monitoring group for each Intune workload, like compliance or Conditional Access.
 
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Tenant administration** > **Audit logs**.
-3. To filter the results, select **Filter** and refine the results using the following options.
-    - **Category**: such as **Compliance**, **Device**, and **Role**.
-    - **Activity**: the options listed here are restricted by the option chosen under **Category**.
-    - **Date range**: you can choose logs for the previous month, week, or day.
-4. Select **Apply**.
-5. Select an item in the list to see the activity details.
+3. A list of the logs is shown. Select a log from the list to see the activity details.
+4. If there are many logs, you can:
+
+    1. Select **Date** and enter a start and end date. This date range can show logs for the previous month, week, or day.
+
+        :::image type="content" source="./media/monitor-audit-logs/audit-logs-date-range.png" alt-text="Filter audit logs by date in Microsoft Intune and Intune admin center.":::
+
+    1. Select **Add filters** > **Category**. Select a category from the list, like **Compliance**, **Device**, or **Role**. Then, select **Apply**.
+    1. Select **Add filters** > **Activity**. The available options depend on the **Category** you select. Then, select **Apply**.
+
+        For example, if you select the **Compliance** category, your **Activity** filter options look similar to the following image:
 
-For related information about audit logs, see [Additional information](../fundamentals/monitor-audit-logs.md#additional-information).
+        :::image type="content" source="./media/monitor-audit-logs/audit-logs-compliance-category-activity-options.png" alt-text="Filter audit logs by compliance category and select an activity in Microsoft Intune and Intune admin center.":::
+
+For related information about audit logs, go to:
+
+- [Data storage and processing in Intune](../protect/privacy-data-store-process.md)
+- [Use audit logs throughout Intune](../fundamentals/review-logs-using-azure-monitor.md#use-audit-logs-throughout-intune)
+- [Audit, export, or delete personal data in Intune](../protect/privacy-data-audit-export-delete.md)
 
 ## Route logs to Azure Monitor
 
-Audit logs and operational logs can also be routed to Azure Monitor. In **Tenant administration** > **Audit logs**, select **Export**:
+Audit logs and operational logs can also be routed to [Azure Monitor](/azure/azure-monitor/overview). In the Intune admin center, select **Tenant administration** > **Audit logs** > **Export**:
 
 :::image type="content" source="./media/monitor-audit-logs/audit-logs-export-data-settings.png" alt-text="Export log data to Azure monitor by selecting Export data settings in Microsoft Intune and Intune admin center.":::
 
-> [!NOTE]
->
-> - For more information about this feature, and to review the prerequisites to use it, see [send log data to storage, event hubs, or log analytics](review-logs-using-azure-monitor.md).
-> - **Initiated by (actor)** includes information on who ran the task, and where it was run.
->
->   For example, if you run the activity in Intune in the Azure portal, then **Application** always lists **Microsoft Intune portal extension**, and the **Application ID** always uses the same GUID.
-> - The **Target(s)** section lists multiple targets and the properties that were changed.  
+When you export, a `.csv` file is created and saved locally, possibly in `C:\Users\UserName\AppData\Local\Temp\MicrosoftEdgeDownloads\GUID`.
+
+When looking at the `.csv` file:
+
+- **Initiated by (actor)** includes information on who ran the task, and where it was run.
+
+  For example, if you run the activity in Intune in the Azure portal, then **Application** always lists **Microsoft Intune portal extension**, and the **Application ID** always uses the same GUID.
+
+- The **Target(s)** section lists multiple targets and the properties that were changed.  
+
+For more information about this feature, including the prerequisites, go to [send log data to storage, event hubs, or log analytics](review-logs-using-azure-monitor.md).
 
 ## Use Graph API to retrieve audit events
 
-For details on using the graph API to get up to one year of audit events, see [List auditEvents](/graph/api/intune-auditing-auditevent-list).
+You can also use Graph API to get one year of audit events. For more information, go to [List auditEvents](/graph/api/intune-auditing-auditevent-list).
 
-## Next steps
+## Related articles
 
 - [Send log data to storage, event hubs, or log analytics](review-logs-using-azure-monitor.md)
 - [Review client app protection logs](../apps/app-protection-policy-settings-log.md)
-
-## Additional information
-
-- [Data storage and processing in Intune](../protect/privacy-data-store-process.md)
-- [Use audit logs throughout Intune](../fundamentals/review-logs-using-azure-monitor.md#use-audit-logs-throughout-intune)
-- [Audit, export, or delete personal data in Intune](../protect/privacy-data-audit-export-delete.md)