diff --git a/autopilot/self-deploying.md b/autopilot/self-deploying.md
index 669dc63fb1f..45b05cbf77f 100644
--- a/autopilot/self-deploying.md
+++ b/autopilot/self-deploying.md
@@ -61,7 +61,7 @@ Optionally, a [device-only subscription](https://techcommunity.microsoft.com/t5/
> [!NOTE]
>
-> Intune doesn't automatically configure a primary user when using self-deploying mode in Autopilot to provision a Windows device. Some Intune capabilities rely on a primary user being set on a device. These features include user self-service BitLocker recovery key retrieval and using the Company Portal to install software. Using self-provisioning mode for Autopilot doesn't preclude a licensed user from logging into the device and using features entitled to that user such as conditional access. For more information, see [Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md).
+> Intune doesn't automatically configure a primary user when using self-deploying mode in Autopilot to provision a Windows device. Some Intune capabilities rely on a primary user being set on a device. These features include user self-service BitLocker recovery key retrieval and using the Company Portal to install software. Using self-provisioning mode for Autopilot doesn't preclude a licensed user from logging into the device and using features entitled to that user such as Conditional Access. For more information, see [Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md).
>
> If desired, a primary user can be manually set after device provisioning via the Intune admin center. For more information, see [Change a devices primary user](/mem/intune/remote-actions/find-primary-user#change-a-devices-primary-user).
diff --git a/memdocs/analytics/work-from-anywhere.md b/memdocs/analytics/work-from-anywhere.md
index 333976f1a32..a95e01fac55 100644
--- a/memdocs/analytics/work-from-anywhere.md
+++ b/memdocs/analytics/work-from-anywhere.md
@@ -60,7 +60,7 @@ Benefits of each cloud management type:
| Manage your clients anywhere | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
| View and take action on all Windows PCs from Microsoft Intune admin center| |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
| Modernize your directory approach with Microsoft Entra ID | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
-|Enhance Zero Trust with conditional access| | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
+|Enhance Zero Trust with Conditional Access| | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
| Make device provisioning easier by enabling Windows Autopilot | | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
| Gain more remote access with Intune | | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
| Split PC management workloads between cloud and on-premises | | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| |
diff --git a/memdocs/configmgr/apps/plan-design/plan-for-software-center.md b/memdocs/configmgr/apps/plan-design/plan-for-software-center.md
index 75a6ef38505..50141b4c8e6 100644
--- a/memdocs/configmgr/apps/plan-design/plan-for-software-center.md
+++ b/memdocs/configmgr/apps/plan-design/plan-for-software-center.md
@@ -31,7 +31,7 @@ Use client settings to configure the appearance and behaviors of Software Center
- Configure which default tabs are visible, and add up to five custom tabs to Software Center.
- In Configuration Manager 2103 and earlier, when single sign on with multifactor authentication is used, you may not be able to sign into custom tabs that load a website that's subject to conditional access policies.
+ In Configuration Manager 2103 and earlier, when single sign on with multifactor authentication is used, you may not be able to sign into custom tabs that load a website that's subject to Conditional Access policies.
- You can configure co-managed devices to use the Company Portal for both Intune and Configuration Manager apps. For more information, see [Use the Company Portal app on co-managed devices](../../comanage/company-portal.md).
diff --git a/memdocs/configmgr/cloud-attach/toc.yml b/memdocs/configmgr/cloud-attach/toc.yml
index 0154d1c8454..fef559d1aca 100644
--- a/memdocs/configmgr/cloud-attach/toc.yml
+++ b/memdocs/configmgr/cloud-attach/toc.yml
@@ -137,7 +137,7 @@ items:
href: ../comanage/workloads.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json
- name: Switch workloads to Intune
href: ../comanage/how-to-switch-workloads.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json
- - name: Conditional access
+ - name: Conditional Access
href: ../comanage/quickstart-conditional-access.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json
- name: Remote actions from Intune
href: ../comanage/quickstart-remote-actions.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json
diff --git a/memdocs/configmgr/comanage/coexistence.md b/memdocs/configmgr/comanage/coexistence.md
index 3fde5474db4..97c3b985918 100644
--- a/memdocs/configmgr/comanage/coexistence.md
+++ b/memdocs/configmgr/comanage/coexistence.md
@@ -33,7 +33,7 @@ When the Configuration Manager client detects that a third-party MDM service is
- Application management, including legacy packages
- Software update scanning and installation
- Endpoint protection, the Windows Defender suite of antimalware protection features
-- Compliance policy for conditional access
+- Compliance policy for Conditional Access
- Device configuration
- Office Click-to-Run management
diff --git a/memdocs/configmgr/comanage/faq.yml b/memdocs/configmgr/comanage/faq.yml
index d93173d7c48..baa4bfaaea1 100644
--- a/memdocs/configmgr/comanage/faq.yml
+++ b/memdocs/configmgr/comanage/faq.yml
@@ -104,7 +104,7 @@ sections:
- question: |
I've enabled co-management, which workload should I switch first?
answer: |
- **Compliance** is the workload that most customers switch first. If you switch this workload to Intune, you can still require devices to evaluate settings from Configuration Manager. When you configure a compliance policy in Intune, enable it to require device [compliance from Configuration Manager](../../intune/protect/compliance-policy-create-windows.md#configuration-manager-compliance). Then you can use device compliance state to control [conditional access](../../intune/protect/conditional-access.md) to cloud-based resources. This configuration lets you start using the cloud services without changing the compliance checks you already have in Configuration Manager.
+ **Compliance** is the workload that most customers switch first. If you switch this workload to Intune, you can still require devices to evaluate settings from Configuration Manager. When you configure a compliance policy in Intune, enable it to require device [compliance from Configuration Manager](../../intune/protect/compliance-policy-create-windows.md#configuration-manager-compliance). Then you can use device compliance state to control [Conditional Access](../../intune/protect/conditional-access.md) to cloud-based resources. This configuration lets you start using the cloud services without changing the compliance checks you already have in Configuration Manager.
After compliance, the most common workloads are **Office Click-to-Run apps**, **Client apps**, and **Windows Update policies**.
@@ -140,7 +140,7 @@ sections:
- question: |
With co-management, can I use compliance policies in Intune and compliance settings in Configuration Manager to assess overall device compliance?
answer: |
- Yes. Once you have your environment co-managed, and switch the compliance workload to Intune, you can use your existing Configuration Manager compliance settings and integrate them with [conditional access](../../intune/protect/conditional-access.md). For more information, see the following articles:
+ Yes. Once you have your environment co-managed, and switch the compliance workload to Intune, you can use your existing Configuration Manager compliance settings and integrate them with [Conditional Access](../../intune/protect/conditional-access.md). For more information, see the following articles:
- [Include custom configuration baselines as part of compliance policy assessment](../compliance/deploy-use/create-configuration-baselines.md#bkmk_CAbaselines)
diff --git a/memdocs/configmgr/comanage/how-to-enable.md b/memdocs/configmgr/comanage/how-to-enable.md
index ba5b3ecf9b5..785c6a1fa21 100644
--- a/memdocs/configmgr/comanage/how-to-enable.md
+++ b/memdocs/configmgr/comanage/how-to-enable.md
@@ -38,7 +38,7 @@ Make sure the co-management prerequisites are set up before you start this proce
Now that you've enabled co-management, look at the following articles for immediate value you can gain in your environment:
-- [Conditional access](quickstart-conditional-access.md)
+- [Conditional Access](quickstart-conditional-access.md)
- [Remote actions from Intune](quickstart-remote-actions.md)
diff --git a/memdocs/configmgr/comanage/overview.md b/memdocs/configmgr/comanage/overview.md
index b96321668c3..71410d29bd0 100644
--- a/memdocs/configmgr/comanage/overview.md
+++ b/memdocs/configmgr/comanage/overview.md
@@ -18,7 +18,7 @@ ms.reviewer: mstewart,aaroncz
# What is co-management?
-Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It helps you unlock more cloud-powered capabilities like conditional access.
+Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It helps you unlock more cloud-powered capabilities like Conditional Access.
Co-management enables you to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune. It lets you cloud-attach your existing investment in Configuration Manager by adding new functionality. By using co-management, you have the flexibility to use the technology solution that works best for your organization.
@@ -45,7 +45,7 @@ For more information on the paths, see [Paths to co-management](quickstart-paths
When you enroll existing Configuration Manager clients in co-management, you gain the following immediate value:
-- Conditional access with device compliance
+- Conditional Access with device compliance
- Intune-based remote actions, for example: restart, remote control, or factory reset
diff --git a/memdocs/configmgr/comanage/quickstart-hybrid-aad.md b/memdocs/configmgr/comanage/quickstart-hybrid-aad.md
index 244766593df..47d49e7b391 100644
--- a/memdocs/configmgr/comanage/quickstart-hybrid-aad.md
+++ b/memdocs/configmgr/comanage/quickstart-hybrid-aad.md
@@ -16,9 +16,9 @@ ms.reviewer: mstewart,aaroncz
# Use Microsoft Entra ID for co-management
-In the cloud, identity is the new control plane. Microsoft Entra ID allows you to link your users, devices, and applications across both cloud and on-premises environments. Registering your devices to Microsoft Entra ID enables you to improve productivity for your users and security for your resources. Having devices in Microsoft Entra ID is the foundation for both co-management and device-based conditional access.
+In the cloud, identity is the new control plane. Microsoft Entra ID allows you to link your users, devices, and applications across both cloud and on-premises environments. Registering your devices to Microsoft Entra ID enables you to improve productivity for your users and security for your resources. Having devices in Microsoft Entra ID is the foundation for both co-management and device-based Conditional Access.
-For more information on device-based conditional access, see [How To: Require managed devices for cloud app access with conditional access](/azure/active-directory/conditional-access/require-managed-devices).
+For more information on device-based Conditional Access, see [How To: Require managed devices for cloud app access with Conditional Access](/azure/active-directory/conditional-access/require-managed-devices).
In the following video, senior program manager Sandeep Deo and product marketing manager Adam Harbour discuss and demo Microsoft Entra ID for co-management:
@@ -66,11 +66,11 @@ Windows Hello for Business brings strong password-less authentication to Windows
For more information, see [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification).
-### Device-based conditional access
+### Device-based Conditional Access
-Enable conditional access based on the device state to better protect your organization's data. Device-based conditional access requires a managed device. This device must be a compliant device or a Microsoft Entra hybrid joined device. For Microsoft Entra joined devices, you need Intune to mark the device as compliant. But for Microsoft Entra hybrid joined devices, the device state itself is used to evaluate conditional access. Co-management provides you the additional advantage of evaluating compliance through Intune for Microsoft Entra hybrid joined devices. This feature makes sure the device configuration is intact.
+Enable Conditional Access based on the device state to better protect your organization's data. Device-based Conditional Access requires a managed device. This device must be a compliant device or a Microsoft Entra hybrid joined device. For Microsoft Entra joined devices, you need Intune to mark the device as compliant. But for Microsoft Entra hybrid joined devices, the device state itself is used to evaluate Conditional Access. Co-management provides you the additional advantage of evaluating compliance through Intune for Microsoft Entra hybrid joined devices. This feature makes sure the device configuration is intact.
-For more information on device-based conditional access, see [How To: Require managed devices for cloud app access with conditional access](/azure/active-directory/conditional-access/require-managed-devices).
+For more information on device-based Conditional Access, see [How To: Require managed devices for cloud app access with Conditional Access](/azure/active-directory/conditional-access/require-managed-devices).
### Automatic device licensing
diff --git a/memdocs/configmgr/comanage/quickstarts.md b/memdocs/configmgr/comanage/quickstarts.md
index f42ccdda0a9..5f7573ae183 100644
--- a/memdocs/configmgr/comanage/quickstarts.md
+++ b/memdocs/configmgr/comanage/quickstarts.md
@@ -28,13 +28,13 @@ In the following video, Microsoft corporate vice president Brad Anderson introdu
| Immediate value | Getting started |
|-----------------|-----------------|
-| - [Conditional access](#bkmk_ca)
- [Remote actions from Intune](#bkmk_remote)
- [Client health](#bkmk_client-health)
- [Hybrid Microsoft Entra ID](#bkmk_hybrid-aad)
- [Windows Autopilot](#bkmk_autopilot) | - [Paths to co-management](#bkmk_paths)
- [Set up hybrid Microsoft Entra ID](#bkmk_setup-hybrid-aad)
- [Upgrade Windows](#bkmk_upgrade-win10)
- [Get help from FastTrack](#bkmk_fasttrack) |
+| - [Conditional Access](#bkmk_ca)
- [Remote actions from Intune](#bkmk_remote)
- [Client health](#bkmk_client-health)
- [Hybrid Microsoft Entra ID](#bkmk_hybrid-aad)
- [Windows Autopilot](#bkmk_autopilot) | - [Paths to co-management](#bkmk_paths)
- [Set up hybrid Microsoft Entra ID](#bkmk_setup-hybrid-aad)
- [Upgrade Windows](#bkmk_upgrade-win10)
- [Get help from FastTrack](#bkmk_fasttrack) |
## Immediate value
|Title |Description |Link |
|-|-|-|
-| **Conditional access with device compliance** | Control user access to corporate resources based on compliance rules from Intune. | [](quickstart-conditional-access.md) |
+| **Conditional Access with device compliance** | Control user access to corporate resources based on compliance rules from Intune. | [](quickstart-conditional-access.md) |
| **Remote actions from Intune** | Run remote actions from Intune for co-managed devices. For example, wipe and reset a device and maintain enrollment and account. | [](quickstart-remote-actions.md) |
| **Configuration Manager client health** | Maintain visibility of Configuration Manager client health from the Microsoft Intune admin center. | [](quickstart-client-health.md) |
| **Microsoft Entra ID** | With Microsoft Entra ID you can take advantage of improved productivity for your users and security for your resources, across both cloud and on-prem environments. | [](quickstart-hybrid-aad.md) |
diff --git a/memdocs/configmgr/comanage/toc.yml b/memdocs/configmgr/comanage/toc.yml
index cc370733ad6..d2d35509d2f 100644
--- a/memdocs/configmgr/comanage/toc.yml
+++ b/memdocs/configmgr/comanage/toc.yml
@@ -13,7 +13,7 @@ items:
href: quickstarts.md
- name: Immediate value
items:
- - name: Conditional access
+ - name: Conditional Access
href: quickstart-conditional-access.md
- name: Remote actions from Intune
href: quickstart-remote-actions.md
diff --git a/memdocs/configmgr/comanage/tutorial-co-manage-clients.md b/memdocs/configmgr/comanage/tutorial-co-manage-clients.md
index bfc44265277..3337d988cca 100644
--- a/memdocs/configmgr/comanage/tutorial-co-manage-clients.md
+++ b/memdocs/configmgr/comanage/tutorial-co-manage-clients.md
@@ -183,4 +183,4 @@ When you enable co-management, you'll assign a collection as a *Pilot group*. Th
- Review the status of co-managed devices with the [Co-management dashboard](how-to-monitor.md)
- Start getting [immediate value](quickstarts.md#immediate-value) from co-management
-- Use [conditional access](quickstart-conditional-access.md) and Intune compliance rules to manage user access to corporate resources
+- Use [Conditional Access](quickstart-conditional-access.md) and Intune compliance rules to manage user access to corporate resources
diff --git a/memdocs/configmgr/comanage/workloads.md b/memdocs/configmgr/comanage/workloads.md
index 006147e7215..7ea466bc388 100644
--- a/memdocs/configmgr/comanage/workloads.md
+++ b/memdocs/configmgr/comanage/workloads.md
@@ -38,7 +38,7 @@ Co-management supports the following workloads:
## Compliance policies
-Compliance policies define the rules and settings that a device must comply with to be considered compliant by conditional access policies. Also use compliance policies to monitor and remediate compliance issues with devices independently of conditional access. You can add evaluation of custom configuration baselines as a compliance policy assessment rule. For more information, see [Include custom configuration baselines as part of compliance policy assessment](../compliance/deploy-use/create-configuration-baselines.md#bkmk_CAbaselines).
+Compliance policies define the rules and settings that a device must comply with to be considered compliant by Conditional Access policies. Also use compliance policies to monitor and remediate compliance issues with devices independently of Conditional Access. You can add evaluation of custom configuration baselines as a compliance policy assessment rule. For more information, see [Include custom configuration baselines as part of compliance policy assessment](../compliance/deploy-use/create-configuration-baselines.md#bkmk_CAbaselines).
For more information on the Intune feature, see [Use compliance policies to set rules for devices you manage with Intune](../../intune/protect/device-compliance-get-started.md).
diff --git a/memdocs/configmgr/compliance/deploy-use/create-configuration-baselines.md b/memdocs/configmgr/compliance/deploy-use/create-configuration-baselines.md
index e7eb3ae1dd2..44a7e658137 100644
--- a/memdocs/configmgr/compliance/deploy-use/create-configuration-baselines.md
+++ b/memdocs/configmgr/compliance/deploy-use/create-configuration-baselines.md
@@ -79,7 +79,7 @@ To create a configuration baseline by using the **Create Configuration Baseline*
## Include custom configuration baselines as part of compliance policy assessment
-You can add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you have an option to **Evaluate this baseline as part of compliance policy assessment**. When adding or editing a compliance policy rule, you have a condition called **Include configured baselines in compliance policy assessment**. For co-managed devices, and when you configure Intune to take Configuration Manager compliance assessment results as part of the overall compliance status, this information is sent to Microsoft Entra ID. You can then use it for conditional access to your Microsoft 365 Apps resources. For more information, see [Conditional access with co-management](../../comanage/quickstart-conditional-access.md).
+You can add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you have an option to **Evaluate this baseline as part of compliance policy assessment**. When adding or editing a compliance policy rule, you have a condition called **Include configured baselines in compliance policy assessment**. For co-managed devices, and when you configure Intune to take Configuration Manager compliance assessment results as part of the overall compliance status, this information is sent to Microsoft Entra ID. You can then use it for Conditional Access to your Microsoft 365 Apps resources. For more information, see [Conditional Access with co-management](../../comanage/quickstart-conditional-access.md).
To include custom configuration baselines as part of compliance policy assessment, do the following:
diff --git a/memdocs/configmgr/core/clients/manage/client-notification.md b/memdocs/configmgr/core/clients/manage/client-notification.md
index f720ab4ec5c..d5955f26072 100644
--- a/memdocs/configmgr/core/clients/manage/client-notification.md
+++ b/memdocs/configmgr/core/clients/manage/client-notification.md
@@ -121,9 +121,9 @@ Trigger clients to switch to the next available software update point. For more
Trigger Windows 10 or later clients to check and send their latest device health state. For more information, see [Health attestation](../../servers/manage/health-attestation.md).
-### Check conditional access compliance
+### Check Conditional Access compliance
-Trigger clients to check compliance for conditional access policies. For more information, see [Conditional access](../../../comanage/quickstart-conditional-access.md).
+Trigger clients to check compliance for Conditional Access policies. For more information, see [Conditional Access](../../../comanage/quickstart-conditional-access.md).
### Wake Up
diff --git a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1601.md b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1601.md
index dd6550bf6a7..9edfe904457 100644
--- a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1601.md
+++ b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1601.md
@@ -58,9 +58,9 @@ In the 1601 Technical Preview, we have added support for the following features:
### Improvements to Conditional Access
-- **Conditional access support for PCs that are managed by Configuration Manager**
+- **Conditional Access support for PCs that are managed by Configuration Manager**
- You can now set conditional access policies for PCs managed by Configuration Manager, which will require that the PCs be compliant with the compliance policy in order to access Exchange Online and SharePoint Online services. With this new functionality, you can also register PCs with Microsoft Entra ID through the compliance policy, and to monitor and report on Microsoft Entra registration.
+ You can now set Conditional Access policies for PCs managed by Configuration Manager, which will require that the PCs be compliant with the compliance policy in order to access Exchange Online and SharePoint Online services. With this new functionality, you can also register PCs with Microsoft Entra ID through the compliance policy, and to monitor and report on Microsoft Entra registration.
> [!NOTE]
> Conditional Access is not yet supported on Windows 10.
@@ -73,7 +73,7 @@ In the 1601 Technical Preview, we have added support for the following features:
- [Prerequisites for Microsoft Entra auto-registration](/azure/active-directory/devices/hybrid-azuread-join-plan?rnd=1).
- To use the option, you must create a compliance policy in Configuration Manager with specific rules described below, and set a conditional access policy in the Intune console. Also, to make sure only compliant PCs are allowed access, you must set the Windows PC requirement to **Devices must be compliant** option. Following are the compliant policy rules that are applicable to PCs managed by Configuration Manager.
+ To use the option, you must create a compliance policy in Configuration Manager with specific rules described below, and set a Conditional Access policy in the Intune console. Also, to make sure only compliant PCs are allowed access, you must set the Windows PC requirement to **Devices must be compliant** option. Following are the compliant policy rules that are applicable to PCs managed by Configuration Manager.
- **Require registration in Microsoft Entra ID:** This rule checks if the user's device is work place joined to Microsoft Entra ID, and if not, the device is automatically registered in Microsoft Entra ID. Automatic registration is only supported on Windows 8.1. For Windows 7 PCs, deploy an MSI to perform the auto registration. For more information, see [here](/azure/active-directory/devices/hybrid-azuread-join-plan?rnd=1).
@@ -86,7 +86,7 @@ In the 1601 Technical Preview, we have added support for the following features:
End-users who are blocked due to noncompliance will view compliance information in the Software Center and will initiate a new policy evaluation when compliance issues are remediated.
-- **Conditional access with Health Attestation Service** You can now restrict access to email and 0365 services based on the health of the devices as reported by the Health Attestation Service. Additionally, devices that are managed by Intune are included in the device health reports.
+- **Conditional Access with Health Attestation Service** You can now restrict access to email and 0365 services based on the health of the devices as reported by the Health Attestation Service. Additionally, devices that are managed by Intune are included in the device health reports.
A new compliance rule has been added to the configuration manager console that allows you to specify if the devices should be allowed or blocked access based on their health status. To create this rule, open the **Create Compliance Policy Wizard**, and add a new rule. Select the **Reported as health by Health Attestation Service** for the condition, and set the value to **True**. This will make sure that only devices that are reported as healthy will have access to your company resources. For details about Health Attestation Service and how the health of the devices is reported in Intune, see [Device Health Attestation](capabilities-in-technical-preview-1512.md#bkmk_devicehealth).
diff --git a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1610.md b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1610.md
index 46a5ad49347..137355f7da8 100644
--- a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1610.md
+++ b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1610.md
@@ -153,9 +153,9 @@ In addition to Full Administrator, the following built-in security roles now hav
Read-only access to these areas of the Configuration Manager console is still granted to the **Read-only Analyst** role.
-## Conditional access for Windows 10 VPN profiles
+## Conditional Access for Windows 10 VPN profiles
-You can now require Windows 10 devices enrolled in Microsoft Entra ID to be compliant in order to have VPN access through Windows 10 VPN profiles created in the Configuration Manager console. This is possible through the new **Enable conditional access for this VPN connection** checkbox on the **Authentication Method** page in the VPN profile wizard and VPN profile properties for Windows 10 VPN profiles. You can also specify a separate certificate for single sign-on authentication if you enable conditional access for the profile.
+You can now require Windows 10 devices enrolled in Microsoft Entra ID to be compliant in order to have VPN access through Windows 10 VPN profiles created in the Configuration Manager console. This is possible through the new **Enable Conditional Access for this VPN connection** checkbox on the **Authentication Method** page in the VPN profile wizard and VPN profile properties for Windows 10 VPN profiles. You can also specify a separate certificate for single sign-on authentication if you enable Conditional Access for the profile.
## See Also
[Technical Preview for Configuration Manager](../../core/get-started/technical-preview.md)
diff --git a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1702.md b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1702.md
index 6e012644332..c1a08655f63 100644
--- a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1702.md
+++ b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1702.md
@@ -105,15 +105,15 @@ See the following for more information about Microsoft Entra ID:
- [Microsoft Entra Domain Services product information](https://azure.microsoft.com/services/active-directory-ds)
- [Active Directory Domain Services documentation](/azure/active-directory-domain-services/)
-## Conditional access device compliance policy improvements
+## Conditional Access device compliance policy improvements
-A new device compliance policy rule is available to help you block access to corporate resources that support conditional access, when users are using apps that are part of a non-compliant list of apps. The non-compliant list of apps can be defined by the admin when adding the new compliant rule **Apps that cannot be installed**. This rule requires the admin to enter the **App Name**, the **App ID**, and the **App Publisher** (optional) when adding an app to the non-compliant list. This setting only applies to iOS and Android devices.
+A new device compliance policy rule is available to help you block access to corporate resources that support Conditional Access, when users are using apps that are part of a non-compliant list of apps. The non-compliant list of apps can be defined by the admin when adding the new compliant rule **Apps that cannot be installed**. This rule requires the admin to enter the **App Name**, the **App ID**, and the **App Publisher** (optional) when adding an app to the non-compliant list. This setting only applies to iOS and Android devices.
Additionally, this helps organizations to mitigate data leakage through unsecured apps, and prevent excessive data consumption through certain apps.
### Try it out
-**Scenario:** Identify apps that might be causing data leakage by sending corporate data outside your company, or that are causing excessive data consumption, then [create a conditional access device compliance policy](../../mdm/understand/what-happened-to-hybrid.md) that adds these apps into the non-compliant list of apps. This will block access to corporate resources that support conditional access until the user can remove the blocked app.
+**Scenario:** Identify apps that might be causing data leakage by sending corporate data outside your company, or that are causing excessive data consumption, then [create a Conditional Access device compliance policy](../../mdm/understand/what-happened-to-hybrid.md) that adds these apps into the non-compliant list of apps. This will block access to corporate resources that support Conditional Access until the user can remove the blocked app.
## Antimalware client version alert
Beginning with this preview version, Configuration Manager Endpoint Protection provides an alert if more than 20% (default) of managed clients are using an expired version of the antimalware client (i.e. Windows Defender or Endpoint Protection client).
@@ -124,7 +124,7 @@ Ensure Endpoint Protection is enabled on all desktop and server clients using cl
To configure the percentage at which the alert is generated, expand **Monitoring** > **Alerts** > **All Alerts**, double-click **Antimalware clients out of date** and modify the **Raise alert if percentage of managed clients with an outdated version of the antimalware client is more than** option.
## Compliance assessment for Windows Update for Business updates
-You can now configure a compliance policy update rule to include a Windows Update for Business assessment result as part of the conditional access evaluation.
+You can now configure a compliance policy update rule to include a Windows Update for Business assessment result as part of the Conditional Access evaluation.
> [!IMPORTANT]
> You must have Windows 10 Insider Preview Build 15019 or later to use compliance assessment for Windows Update for Business updates.
diff --git a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1706.md b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1706.md
index 32ab1a016db..541d9fc7380 100644
--- a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1706.md
+++ b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1706.md
@@ -566,9 +566,9 @@ Setting DisallowCrossProfileCopyPaste to true prevents copy-paste behavior betwe
3. In the device setting groups to configure, select **Work Profile**, and choose **Next**.
4. Select the value for **Allow data sharing between work and personal profiles**, and then complete the wizard.
-## Device Health Attestation assessment for compliance policies for conditional access
+## Device Health Attestation assessment for compliance policies for Conditional Access
-Starting with this release you can use Device Health Attestation status as a compliance policy rule for conditional access to company resources.
+Starting with this release you can use Device Health Attestation status as a compliance policy rule for Conditional Access to company resources.
### Try it out
Select a Device Health Attestation rule as part of a compliance policy assessment.
diff --git a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1709.md b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1709.md
index 73875c80b30..c681e4c87dc 100644
--- a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1709.md
+++ b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1709.md
@@ -106,7 +106,7 @@ The following are general prerequisites for you to enable co-management:
After you enable co-management, Configuration Manager continues to manage all workloads. When you decide that you are ready, you can have Intune start managing available workloads. In this release, you can have Intune manage the following workloads.
#### Compliance policies
-Compliance policies define the rules and settings that a device must comply with to be considered compliant by conditional access policies. You can also use compliance policies to monitor and remediate compliance issues with devices independently of conditional access.
+Compliance policies define the rules and settings that a device must comply with to be considered compliant by Conditional Access policies. You can also use compliance policies to monitor and remediate compliance issues with devices independently of Conditional Access.
#### Windows Update for Business policies
Windows Update for Business policies let you configure deferral policies for Windows 10 feature updates or quality updates for Windows 10 devices managed directly by Windows Update for Business. For details, see [Configure Windows Update for Business deferral policies](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10#configure-windows-update-for-business-deferral-policies).
diff --git a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1710.md b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1710.md
index 856059d44a2..757806d1d1a 100644
--- a/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1710.md
+++ b/memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1710.md
@@ -81,7 +81,7 @@ Add an icon for your app in Software Center. To try it out see [Create applicati
## Check compliance from Software Center for co-managed devices
-In this release, users can use Software Center to check the compliance of their co-managed Windows 10 devices even when conditional access is managed by Intune. For details, see [Co-management for Windows 10 devices](./capabilities-in-technical-preview-1709.md#co-management-for-windows-10-devices).
+In this release, users can use Software Center to check the compliance of their co-managed Windows 10 devices even when Conditional Access is managed by Intune. For details, see [Co-management for Windows 10 devices](./capabilities-in-technical-preview-1709.md#co-management-for-windows-10-devices).
## Support for Exploit Guard
diff --git a/memdocs/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md b/memdocs/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md
index f78481d5b02..cd415e91da3 100644
--- a/memdocs/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md
+++ b/memdocs/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md
@@ -74,12 +74,12 @@ The following features are no longer supported. In some cases, they're no longer
| Desktop Analytics tile and page for **Security Updates** | December 2020 | March 2021 |
| Desktop Analytics option to **View recent data** for device enrollment and security updates. For more information, see [Data latency](../../../../desktop-analytics/troubleshooting.md#data-latency).|May 2020|July 2020|
| Windows Analytics and Upgrade Readiness integration. For more information, see [KB 4521815: Windows Analytics retirement on January 31, 2020](https://support.microsoft.com/help/4521815/windows-analytics-retirement). | October 14, 2019 | January 31, 2020 |
-| Device health attestation assessment for conditional access compliance policies For more information, see [What happened to hybrid MDM](../../../../mdm/understand/what-happened-to-hybrid.md).| July 3, 2019 | Version 1910 |
+| Device health attestation assessment for Conditional Access compliance policies For more information, see [What happened to hybrid MDM](../../../../mdm/understand/what-happened-to-hybrid.md).| July 3, 2019 | Version 1910 |
| The Configuration Manager Company Portal app | May 21, 2019 | Version 1910 |
| The application catalog, including both site system roles: the application catalog website point and web service point. For more information, see [Remove the application catalog](../../../../apps/plan-design/plan-for-and-configure-application-management.md#remove-the-application-catalog). | May 21, 2019 | Version 1910 |
|Certificate-based authentication with Windows Hello for Business settings in Configuration Manager
For more information, see [Windows Hello for Business settings](../../../../protect/deploy-use/windows-hello-for-business-settings.md).|December 2017|Version 1910|
|System Center Endpoint Protection for Mac and Linux
For more information, see [End of support blog post](https://techcommunity.microsoft.com/t5/configuration-manager-blog/end-of-support-for-scep-for-mac-and-scep-for-linux-on-december/ba-p/286257).|October 2018|December 31, 2018|
-|On-premises conditional access
For more information, see [What happened to hybrid MDM](../../../../mdm/understand/what-happened-to-hybrid.md).|January 30, 2019|September 1, 2019|
+|On-premises Conditional Access
For more information, see [What happened to hybrid MDM](../../../../mdm/understand/what-happened-to-hybrid.md).|January 30, 2019|September 1, 2019|
|Hybrid mobile device management (MDM)
For more information, see [What happened to hybrid MDM](../../../../mdm/understand/what-happened-to-hybrid.md).
Starting with the 1902 Intune service release, expected at the end of February 2019, new customers can't create a new hybrid connection.|August 14, 2018|September 1, 2019|
|Security Content Automation Protocol (SCAP) extensions.
|September 2018|Version 1810|
|The **Silverlight user experience** for the application catalog website point is no longer supported. Users should use the new Software Center. For more information, see [Configure Software Center](../../../../apps/plan-design/plan-for-software-center.md#configure-software-center).|August 11, 2017| Version 1806|
diff --git a/memdocs/configmgr/core/plan-design/changes/features-and-capabilities.md b/memdocs/configmgr/core/plan-design/changes/features-and-capabilities.md
index 9437ec5fe04..e3bdcf14e4f 100644
--- a/memdocs/configmgr/core/plan-design/changes/features-and-capabilities.md
+++ b/memdocs/configmgr/core/plan-design/changes/features-and-capabilities.md
@@ -22,7 +22,7 @@ This article summarizes the primary management features of Configuration Manager
## Co-management
-Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It enables you to concurrently manage Windows devices by using both Configuration Manager and Microsoft Intune. Co-management lets you cloud-attach your existing investment in Configuration Manager by adding new functionality like conditional access. For more information, see [What is co-management](../../../comanage/overview.md)?
+Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It enables you to concurrently manage Windows devices by using both Configuration Manager and Microsoft Intune. Co-management lets you cloud-attach your existing investment in Configuration Manager by adding new functionality like Conditional Access. For more information, see [What is co-management](../../../comanage/overview.md)?
## Cloud-attached management
diff --git a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1602.md b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1602.md
index 499978e72b8..b98020eafd6 100644
--- a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1602.md
+++ b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1602.md
@@ -108,10 +108,10 @@ You will find these apps in the **Applications** node of the Configuration Manag
Kiosk mode allows you to lock a device so that only certain features work. For example, you can allow a device to run only one managed app that you specify, or you can disable the volume buttons on a device. These settings might be used for a demonstration model of a device, or a device that is dedicated to performing only one function, such as a point-of-sale device. In Configuration Manager, you can now specify kiosk mode settings for Samsung KNOX Standard devices.
-## Conditional access
+## Conditional Access
-### Conditional access for PCs managed by Configuration Manager
- Previous to this release, to set up conditional access for a PC, the PC either had to be enrolled in Intune or had to be a domain-joined PC. Beginning with the 1602 update, conditional access for PCs managed by Configuration Manager is supported. For your PCs that are managed by Configuration Manager, you can restrict access to Exchange Online and SharePoint Online only to devices that are compliant with the compliance policies you set.
+### Conditional Access for PCs managed by Configuration Manager
+ Previous to this release, to set up Conditional Access for a PC, the PC either had to be enrolled in Intune or had to be a domain-joined PC. Beginning with the 1602 update, Conditional Access for PCs managed by Configuration Manager is supported. For your PCs that are managed by Configuration Manager, you can restrict access to Exchange Online and SharePoint Online only to devices that are compliant with the compliance policies you set.
### Restricting access based on the health of devices
diff --git a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1610.md b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1610.md
index d5a4ec6ee29..d482a89e6c2 100644
--- a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1610.md
+++ b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1610.md
@@ -196,7 +196,7 @@ You can now get a quick view of overall compliance for devices, and the top reas
## Lookout integration for hybrid implementations to protect iOS and Android devices
-Microsoft is integrating with Lookout's mobile threat protection solution to protect iOS and Android mobile devices by detecting malware, risky apps, and more, on devices. Lookout's solution helps you determine the threat level, which is configurable. You can create a compliance policy rule in Configuration Manager to determine device compliance based on the risk assessment by Lookout. Using conditional access policies, you can allow or block access to company resources based on the device compliance status.
+Microsoft is integrating with Lookout's mobile threat protection solution to protect iOS and Android mobile devices by detecting malware, risky apps, and more, on devices. Lookout's solution helps you determine the threat level, which is configurable. You can create a compliance policy rule in Configuration Manager to determine device compliance based on the risk assessment by Lookout. Using Conditional Access policies, you can allow or block access to company resources based on the device compliance status.
Users of noncompliant iOS devices will be prompted to enroll. They'll be required to install the Lookout for Work app on their devices, activate the app, and remediate threats reported in the Lookout for Work application to gain access to company data.
diff --git a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1702.md b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1702.md
index 519aee212c3..4bc2bcbc228 100644
--- a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1702.md
+++ b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1702.md
@@ -291,9 +291,9 @@ You can now associate multiple Apple volume-purchase program tokens with Configu
You can now sync custom line of business apps from the Windows Store for Business.
-### Conditional access device compliance policy improvements
+### Conditional Access device compliance policy improvements
-A new device compliance policy rule is available to help you block access to corporate resources that support conditional access, when users are using apps that are part of a noncompliant list of apps. The noncompliant list of apps can be defined by the admin when adding the new compliant rule **Apps that cannot be installed**. This rule requires the admin to enter the **App Name**, the **App ID**, and the **App Publisher** (optional) when adding an app to the noncompliant list. This setting only applies to iOS and Android devices.
+A new device compliance policy rule is available to help you block access to corporate resources that support Conditional Access, when users are using apps that are part of a noncompliant list of apps. The noncompliant list of apps can be defined by the admin when adding the new compliant rule **Apps that cannot be installed**. This rule requires the admin to enter the **App Name**, the **App ID**, and the **App Publisher** (optional) when adding an app to the noncompliant list. This setting only applies to iOS and Android devices.
Additionally, this helps organizations to mitigate data leakage through unsecured apps, and prevent excessive data consumption through certain apps.
diff --git a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1802.md b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1802.md
index cbc36d8ecdb..7e847b1ad58 100644
--- a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1802.md
+++ b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1802.md
@@ -243,7 +243,7 @@ When this client setting option is enabled, user available applications that req
### Software Center shows user additional compliance information
- When using Device Health Attestation status as a compliance policy rule for conditional access to company resources, Software Center now shows the user the Device Health Attestation setting that is not compliant.
+ When using Device Health Attestation status as a compliance policy rule for Conditional Access to company resources, Software Center now shows the user the Device Health Attestation setting that is not compliant.
## Software updates
diff --git a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1910.md b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1910.md
index 8428390d250..bf1808cd544 100644
--- a/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1910.md
+++ b/memdocs/configmgr/core/plan-design/changes/whats-new-in-version-1910.md
@@ -129,7 +129,7 @@ For more information, see [Microsoft Connected Cache with Configuration Manager]
You can now add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you can now use the **Evaluate this baseline as part of compliance policy assessment** option. When you add or edit a compliance policy rule, you have a condition called **Include configured baselines in compliance policy assessment**.
-For co-managed devices, and when you configure Intune to take Configuration Manager compliance assessment results as part of the overall compliance status, this information is sent to Azure Active Directory. You can then use it for conditional access to your Microsoft 365 resources.
+For co-managed devices, and when you configure Intune to take Configuration Manager compliance assessment results as part of the overall compliance status, this information is sent to Azure Active Directory. You can then use it for Conditional Access to your Microsoft 365 resources.
For more information, see [Include custom configuration baselines as part of compliance policy assessment](../../../compliance/deploy-use/create-configuration-baselines.md#bkmk_CAbaselines).
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1802.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1802.md
index cf07d802fba..fc610ae9088 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1802.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1802.md
@@ -498,6 +498,6 @@ For Configuration Manager version 1802, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1806.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1806.md
index a2c23674cb3..5f55fab4502 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1806.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1806.md
@@ -533,6 +533,6 @@ For Configuration Manager version 1806, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1810.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1810.md
index a5f919d28c5..63e2acef27b 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1810.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1810.md
@@ -563,7 +563,7 @@ For Configuration Manager version 1810, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1902.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1902.md
index 5b320b9be23..3cafdcc611d 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1902.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1902.md
@@ -579,7 +579,7 @@ For Configuration Manager version 1902, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1906.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1906.md
index d123ffc7e05..02d4d2aeab5 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1906.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1906.md
@@ -584,7 +584,7 @@ For Configuration Manager version 1906, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1910.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1910.md
index 65dc846d03c..16c98dadd24 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1910.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-1910.md
@@ -594,7 +594,7 @@ For Configuration Manager version 1910, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2002.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2002.md
index 2ba1d862e81..01c88a56520 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2002.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2002.md
@@ -632,7 +632,7 @@ For Configuration Manager version 2002, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2006.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2006.md
index a07ffe2e719..efca0bed8d6 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2006.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2006.md
@@ -638,7 +638,7 @@ For Configuration Manager version 2006, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2010.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2010.md
index ad79d5eb5b0..bd3fa12ec5c 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2010.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2010.md
@@ -678,7 +678,7 @@ For Configuration Manager version 2010, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2103.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2103.md
index 2d46131ab45..0e078fcd15e 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2103.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2103.md
@@ -675,7 +675,7 @@ For Configuration Manager version 2103, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2107.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2107.md
index 330a26d0e89..b42190371f2 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2107.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2107.md
@@ -683,7 +683,7 @@ For Configuration Manager version 2107, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2111.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2111.md
index c339b60573f..2f01aba3840 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2111.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2111.md
@@ -693,7 +693,7 @@ For Configuration Manager version 2111, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2203.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2203.md
index 0b25cd240ef..b4d7b890cf2 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2203.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2203.md
@@ -703,7 +703,7 @@ For Configuration Manager version 2203, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2207.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2207.md
index 0b4294cf7f9..07337bd56e1 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2207.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2207.md
@@ -723,7 +723,7 @@ For Configuration Manager version 2207, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2211.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2211.md
index bb0fec2044c..04739f2c63a 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2211.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2211.md
@@ -727,7 +727,7 @@ For Configuration Manager version 2211, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2303.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2303.md
index 48319c11466..1b170ac637b 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2303.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2303.md
@@ -731,7 +731,7 @@ For Configuration Manager version 2303, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2309.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2309.md
index 5697ebf534d..eae41323de0 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2309.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2309.md
@@ -735,7 +735,7 @@ For Configuration Manager version 2309, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2403.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2403.md
index 87aed31f442..9869a53f34f 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2403.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2403.md
@@ -735,7 +735,7 @@ For Configuration Manager version 2403, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2409.md b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2409.md
index db49a3e4b4f..6b88ad44163 100644
--- a/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2409.md
+++ b/memdocs/configmgr/core/plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2409.md
@@ -735,7 +735,7 @@ For Configuration Manager version 2409, this level includes the following data:
- Top 50 CPUs in the environment
-- Type of Exchange Active Sync (EAS) conditional access policies (block or quarantine) for devices that Microsoft Intune manages
+- Type of Exchange Active Sync (EAS) Conditional Access policies (block or quarantine) for devices that Microsoft Intune manages
- Microsoft Store for Business application details: non-aggregate list of synced applications including AppID, online state or offline state, and total purchased license counts
diff --git a/memdocs/configmgr/core/servers/manage/community-hub.md b/memdocs/configmgr/core/servers/manage/community-hub.md
index 5770ebea921..20558ebfd10 100644
--- a/memdocs/configmgr/core/servers/manage/community-hub.md
+++ b/memdocs/configmgr/core/servers/manage/community-hub.md
@@ -190,7 +190,7 @@ If you delete a downloaded report from the **Monitoring** > **Reports** node, th
When single sign on with multifactor authentication is used, you may not be able to sign in for the following features when using Configuration Manager 2103 and earlier:
- Community hub
- Community hub from CMPivot
-- Custom tabs in Software Center that load a website that's subject to conditional access policies
+- Custom tabs in Software Center that load a website that's subject to Conditional Access policies
## Next steps
diff --git a/memdocs/configmgr/core/understand/product-and-licensing-faq.yml b/memdocs/configmgr/core/understand/product-and-licensing-faq.yml
index 9219524e8bc..ac111f53207 100644
--- a/memdocs/configmgr/core/understand/product-and-licensing-faq.yml
+++ b/memdocs/configmgr/core/understand/product-and-licensing-faq.yml
@@ -101,7 +101,7 @@ sections:
|iOS, Android, macOS enrollment|No|Yes|
|Autopilot|No|Yes|
|Mobile Application Management (MAM)|No|Yes|
- |Conditional access
(additional AADP1 required)|Yes|Yes|
+ |Conditional Access
(additional AADP1 required)|Yes|Yes|
|Device profiles|Yes|Yes|
|Software update management|Yes|Yes|
|Inventory|Yes|Yes|
@@ -117,7 +117,7 @@ sections:
- [Windows Autopilot requirements](/windows/deployment/windows-autopilot/windows-autopilot-requirements)
- [Tenant attach prerequisites](../../tenant-attach/prerequisites.md)
- [Endpoint analytics licensing prerequisites](../../../analytics/overview.md#licensing-prerequisites)
- - [Use conditional access with Intune](../../../intune/protect/conditional-access.md#ways-to-use-conditional-access-with-intune)
+ - [Use Conditional Access with Intune](../../../intune/protect/conditional-access.md#ways-to-use-conditional-access-with-intune)
- [TeamViewer prerequisites](../../../intune/remote-actions/teamviewer-support.md#prerequisites)
- question: |
diff --git a/memdocs/configmgr/develop/adminservice/faq.yml b/memdocs/configmgr/develop/adminservice/faq.yml
index 6eaf17ec33f..aeb39817816 100644
--- a/memdocs/configmgr/develop/adminservice/faq.yml
+++ b/memdocs/configmgr/develop/adminservice/faq.yml
@@ -55,7 +55,7 @@ sections:
- Add additional security layers. For example, [Azure App Proxy](/azure/active-directory/manage-apps/application-proxy).
- question: |
- Can I use it with conditional access?
+ Can I use it with Conditional Access?
answer: |
Yes, and that configuration is easiest if you use [Azure App Proxy](/azure/active-directory/manage-apps/application-proxy).
diff --git a/memdocs/configmgr/mdm/understand/what-happened-to-hybrid.md b/memdocs/configmgr/mdm/understand/what-happened-to-hybrid.md
index 11f5aaf8d30..c4b137f6edf 100644
--- a/memdocs/configmgr/mdm/understand/what-happened-to-hybrid.md
+++ b/memdocs/configmgr/mdm/understand/what-happened-to-hybrid.md
@@ -56,14 +56,14 @@ The following note is the original deprecation announcement:
>
> - The on-premises MDM feature in Configuration Manager isn't deprecated. Starting in Configuration Manager version 1810, you can use on-premises MDM without an Intune connection. For more information, see [An Intune connection is no longer required for new on-premises MDM deployments](../../core/plan-design/changes/whats-new-in-version-1810.md#bkmk_opmdm).
>
-> - The on-premises conditional access feature of Configuration Manager is also deprecated with hybrid MDM. If you use conditional access on devices managed with the Configuration Manager client, make sure they are protected before you migrate.
-> 1. Set up conditional access policies in Azure
+> - The on-premises Conditional Access feature of Configuration Manager is also deprecated with hybrid MDM. If you use Conditional Access on devices managed with the Configuration Manager client, make sure they are protected before you migrate.
+> 1. Set up Conditional Access policies in Azure
> 2. Set up compliance policies in Intune portal
> 3. Finish hybrid migration, and set the MDM authority to Intune
> 4. Enable co-management
> 5. Move the compliance policies co-management workload to Intune
>
-> For more information, see [Conditional access with co-management](../../comanage/quickstart-conditional-access.md).
+> For more information, see [Conditional Access with co-management](../../comanage/quickstart-conditional-access.md).
>
> **What do I need to do to prepare for this change?**
>
diff --git a/memdocs/configmgr/tenant-attach/troubleshoot.md b/memdocs/configmgr/tenant-attach/troubleshoot.md
index dbf29c88150..9b6bd2073b2 100644
--- a/memdocs/configmgr/tenant-attach/troubleshoot.md
+++ b/memdocs/configmgr/tenant-attach/troubleshoot.md
@@ -193,4 +193,4 @@ If a device is a distribution point that uses the same PKI certificate for both
## Next steps
- [Troubleshoot ConfigMgr client details](troubleshoot-client-details.md)
-- [Enable co-management](../comanage/overview.md) to get additional cloud-powered capabilities like conditional access.
+- [Enable co-management](../comanage/overview.md) to get additional cloud-powered capabilities like Conditional Access.
diff --git a/memdocs/intune/apps/app-configuration-policies-outlook.md b/memdocs/intune/apps/app-configuration-policies-outlook.md
index 74e4223c4a3..a4616b34af8 100644
--- a/memdocs/intune/apps/app-configuration-policies-outlook.md
+++ b/memdocs/intune/apps/app-configuration-policies-outlook.md
@@ -32,10 +32,10 @@ ms.custom: intune-azure
The Outlook for iOS and Android app is designed to enable users in your organization to do more from their mobile devices, by bringing together email, calendar, contacts, and other files.
-The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as conditional access. At a minimum, you will want to deploy a conditional access policy that allows connectivity to Outlook for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
+The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as Conditional Access. At a minimum, you will want to deploy a Conditional Access policy that allows connectivity to Outlook for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
## Apply Conditional Access
-Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Outlook for iOS and Android. To do this, you will need a conditional access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
+Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Outlook for iOS and Android. To do this, you will need a Conditional Access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
1. Follow the steps in [Require approved client apps or app protection policy with mobile devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices). This policy allows Outlook for iOS and Android, but blocks OAuth and basic authentication capable Exchange ActiveSync mobile clients from connecting to Exchange Online.
@@ -49,7 +49,7 @@ Organizations can use Microsoft Entra Conditional Access policies to ensure that
3. Follow the steps in [How to: Block legacy authentication to Microsoft Entra ID with Conditional Access](/azure/active-directory/conditional-access/block-legacy-authentication) to block legacy authentication for other Exchange protocols on iOS and Android devices; this policy should target only Microsoft Exchange Online cloud app and iOS and Android device platforms. This ensures mobile apps using Exchange Web Services, IMAP4, or POP3 protocols with basic authentication cannot connect to Exchange Online.
> [!NOTE]
-> To leverage app-based conditional access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
+> To leverage app-based Conditional Access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
## Create Intune app protection policies
diff --git a/memdocs/intune/apps/app-management.md b/memdocs/intune/apps/app-management.md
index 3df9d4ccb3d..88624873d70 100644
--- a/memdocs/intune/apps/app-management.md
+++ b/memdocs/intune/apps/app-management.md
@@ -47,7 +47,7 @@ The benefits of app management in Microsoft Intune include:
Examples of using app management with Microsoft Intune include:
- Deploying, protecting, and managing apps for specific groups of users within your organization
- Configuring app settings, such as data sharing restrictions, to ensure compliance with corporate policies
-- Implementing conditional access policies to control access to apps based on factors like device compliance, location, and user risk
+- Implementing Conditional Access policies to control access to apps based on factors like device compliance, location, and user risk
- Automating app updates to keep employees up-to-date with the latest features and security patches
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4MRyj]
diff --git a/memdocs/intune/apps/mamedge-1-mamca.md b/memdocs/intune/apps/mamedge-1-mamca.md
index 084bbfad370..2a47cbc8c27 100644
--- a/memdocs/intune/apps/mamedge-1-mamca.md
+++ b/memdocs/intune/apps/mamedge-1-mamca.md
@@ -1,9 +1,9 @@
---
# required metadata
-title: Step 1. Create Microsoft Entra conditional access with Microsoft Edge for Business
+title: Step 1. Create Microsoft Entra Conditional Access with Microsoft Edge for Business
titleSuffix:
-description: Step 1. Create Microsoft Entra conditional access with Microsoft Edge for Business.
+description: Step 1. Create Microsoft Entra Conditional Access with Microsoft Edge for Business.
keywords:
author: Erikre
ms.author: erikre
@@ -30,11 +30,11 @@ ms.collection:
- FocusArea_Apps_AppManagement
---
-# Step 1. Create Microsoft Entra conditional access with Microsoft Edge for Business
+# Step 1. Create Microsoft Entra Conditional Access with Microsoft Edge for Business
-The modern security perimeter extends beyond an organization's network perimeter to include user and device identity. Organizations now use identity-driven signals as part of their access control decisions. Microsoft Entra conditional access brings signals together to help enforce organizational policies. It's Microsoft's Zero Trust policy engine that takes signals from various sources into account when enforcing policy decisions.
+The modern security perimeter extends beyond an organization's network perimeter to include user and device identity. Organizations now use identity-driven signals as part of their access control decisions. Microsoft Entra Conditional Access brings signals together to help enforce organizational policies. It's Microsoft's Zero Trust policy engine that takes signals from various sources into account when enforcing policy decisions.
-Conditional access policies at their simplest include *if-then* statements. If a user wants to access a resource, then they must complete an action. For example, if a user wants to access an application or service such as Microsoft 365, then they must perform multifactor authentication to gain access.
+Conditional Access policies at their simplest include *if-then* statements. If a user wants to access a resource, then they must complete an action. For example, if a user wants to access an application or service such as Microsoft 365, then they must perform multifactor authentication to gain access.
Identity-driven signals may include:
@@ -46,19 +46,19 @@ Identity-driven signals may include:
:::image type="content" alt-text="Conditional Access Policy Decision Making.." source="./media/securing-data-edge-for-business/securing-data-edge-for-businessCA.png" lightbox="./media/securing-data-edge-for-business/securing-data-edge-for-businessCA.png":::
-Conditional access is enforced after initial authentication is completed. It isn't intended to be an organization's frontline of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access.
+Conditional Access is enforced after initial authentication is completed. It isn't intended to be an organization's frontline of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access.
-## Conditional access compliance
+## Conditional Access compliance
-Protecting your organizational data involves preventing data loss. Data Loss Prevention (DLP) is effective only when your organizational data can’t be accessed from any unprotected system or device. App protection policies can be used with conditional access (CA) to ensure that these policies aren’t only supported but also enforced in a client application before granting access to protected resources, such as organizational data. This approach allows end-users with personal devices, including Windows, Android, and iOS, to use APP-managed applications, including Microsoft Edge for Business, to access Microsoft Entra resources without the need for full management of their personal device.
+Protecting your organizational data involves preventing data loss. Data Loss Prevention (DLP) is effective only when your organizational data can’t be accessed from any unprotected system or device. App protection policies can be used with Conditional Access (CA) to ensure that these policies aren’t only supported but also enforced in a client application before granting access to protected resources, such as organizational data. This approach allows end-users with personal devices, including Windows, Android, and iOS, to use APP-managed applications, including Microsoft Edge for Business, to access Microsoft Entra resources without the need for full management of their personal device.
-Secure your Microsoft Edge for Business with Microsoft Entra conditional access policies by using the following steps.
+Secure your Microsoft Edge for Business with Microsoft Entra Conditional Access policies by using the following steps.
-In this scenario, you'll create a conditional access policy using Microsoft Intune. To create the policy, you must perform the following steps:
+In this scenario, you'll create a Conditional Access policy using Microsoft Intune. To create the policy, you must perform the following steps:
1. Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Endpoint security** > **Conditional access** > **New policy**.
+2. Select **Endpoint security** > **Conditional Access** > **New policy**.
3. On the **Conditional Access policy** pane, set the following details:
@@ -79,13 +79,13 @@ In this scenario, you'll create a conditional access policy using Microsoft Intu
## Browser only access for Windows BYOD
-In an era where Bring Your Own Device (BYOD) has become the norm, implementing conditional access policies specifically for browser-only access is critical towards securing your digital boundaries and ensuring seamless user experience.
+In an era where Bring Your Own Device (BYOD) has become the norm, implementing Conditional Access policies specifically for browser-only access is critical towards securing your digital boundaries and ensuring seamless user experience.
-In the previous steps, you implemented conditional access as a required app protection policy. In the following steps, you'll configure a policy to ensure that same resources (O365 in this example) are not accessed from desktop apps. A similar approach could be taken for mobile apps. However, mobile apps also support app protection policies, so it is important look at the scenario rather than block access from mobile apps and allow browser access only.
+In the previous steps, you implemented Conditional Access as a required app protection policy. In the following steps, you'll configure a policy to ensure that same resources (O365 in this example) are not accessed from desktop apps. A similar approach could be taken for mobile apps. However, mobile apps also support app protection policies, so it is important look at the scenario rather than block access from mobile apps and allow browser access only.
1. Navigate to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Endpoint security** > **Conditional access** > **New policy**.
+2. Select **Endpoint security** > **Conditional Access** > **New policy**.
4. On this new policy, you'll restrict access from desktop apps to managed devices only. You'll select target resources and select apps once they select **Office 365** to follow the example in this page.
@@ -110,7 +110,7 @@ In the previous steps, you implemented conditional access as a required app prot
> Probably to this last control, customers should add also MFA or other options as well.*
-8. Select **Done** \> select **Create** and complete the conditional access policy creation as you performed on the previous step.
+8. Select **Done** \> select **Create** and complete the Conditional Access policy creation as you performed on the previous step.
## Next step
diff --git a/memdocs/intune/apps/mamedge-2-app.md b/memdocs/intune/apps/mamedge-2-app.md
index fbec5db404c..fda5b21c166 100644
--- a/memdocs/intune/apps/mamedge-2-app.md
+++ b/memdocs/intune/apps/mamedge-2-app.md
@@ -123,7 +123,7 @@ Incorporate Microsoft Edge for Business into your existing data security and man
Microsoft Edge for Business provide benefits for both management and security:
- **Management**: Microsoft Edge for Business is the only mobile browser natively supported by Microsoft Intune with seamless integration. To secure productivity for your organization, App level management allows IT to configure the right balance between data protection and access.
-- **Security**: Data protection and leakage prevention are based on conditional access and user identities. Microsoft 365 security features extend to Microsoft Edge for Business mobile including Microsoft Entra Conditional Access, and Data Loss Prevention. For organizations utilizing VPN solutions, Microsoft Edge mobile offers support for identity-enlightened per-app VPN. This includes the integration of Microsoft Tunnel with Intune for a seamless and secure connection. Additionally, solutions that don't require a VPN are also available.
+- **Security**: Data protection and leakage prevention are based on Conditional Access and user identities. Microsoft 365 security features extend to Microsoft Edge for Business mobile including Microsoft Entra Conditional Access, and Data Loss Prevention. For organizations utilizing VPN solutions, Microsoft Edge mobile offers support for identity-enlightened per-app VPN. This includes the integration of Microsoft Tunnel with Intune for a seamless and secure connection. Additionally, solutions that don't require a VPN are also available.
### App protection policies for mobile
diff --git a/memdocs/intune/apps/mamedge-3-scc.md b/memdocs/intune/apps/mamedge-3-scc.md
index 4f9b5184dc4..e824bc9a912 100644
--- a/memdocs/intune/apps/mamedge-3-scc.md
+++ b/memdocs/intune/apps/mamedge-3-scc.md
@@ -3,7 +3,7 @@
title: Step 3. Integrate Mobile Threat Defense for App Protection Policy
titleSuffix:
-description: Step 3. Integrate Microsoft Entra conditional access with Microsoft Edge for Business.
+description: Step 3. Integrate Microsoft Entra Conditional Access with Microsoft Edge for Business.
keywords:
author: Erikre
ms.author: erikre
@@ -33,7 +33,7 @@ ms.collection:
# Step 3. Integrate Mobile Threat Defense
-The Microsoft Mobile Threat Defense (MTD) connector is a feature in Microsoft Intune that creates a channel of communication between Intune and your chosen MTD vendor, regardless of the device’s operating system. There are various supported MTD partners for both Windows and mobile devices. Intune integrates data from an MTD vendor as an information source for device compliance policies and device conditional access rules. The information provided by this communication channel can help protect corporate resources, such as Exchange and SharePoint data, by blocking access from compromised devices.
+The Microsoft Mobile Threat Defense (MTD) connector is a feature in Microsoft Intune that creates a channel of communication between Intune and your chosen MTD vendor, regardless of the device’s operating system. There are various supported MTD partners for both Windows and mobile devices. Intune integrates data from an MTD vendor as an information source for device compliance policies and device Conditional Access rules. The information provided by this communication channel can help protect corporate resources, such as Exchange and SharePoint data, by blocking access from compromised devices.
Mobile Application Management (MAM) threat detection can be integrated with various MTD partners, including Windows Security Center. This integration provides a client device health assessment to Intune application protection policies (APP) via a service-to-service connector. This assessment supports gating the flow and access to organizational data on personal unmanaged devices.
diff --git a/memdocs/intune/apps/mamedge-5-end-user-experience.md b/memdocs/intune/apps/mamedge-5-end-user-experience.md
index 6aa05cd9abe..7f98dc2cac7 100644
--- a/memdocs/intune/apps/mamedge-5-end-user-experience.md
+++ b/memdocs/intune/apps/mamedge-5-end-user-experience.md
@@ -32,7 +32,7 @@ ms.collection:
# Step 5. Understand Microsoft Edge for Business end user experience for Windows
-Now that you've configured your Microsoft Entra conditional access policy and created your first app protection policy for Windows, you can launch **Microsoft Edge for Business** using a managed or unmanaged device.
+Now that you've configured your Microsoft Entra Conditional Access policy and created your first app protection policy for Windows, you can launch **Microsoft Edge for Business** using a managed or unmanaged device.
The end user experience in Microsoft Edge for Business is designed to be productive, secure, and user-friendly. This secure enterprise browser experience includes the following features:
diff --git a/memdocs/intune/apps/mamedge-overview.md b/memdocs/intune/apps/mamedge-overview.md
index 4cd4f1df5e1..36697a9ddf5 100644
--- a/memdocs/intune/apps/mamedge-overview.md
+++ b/memdocs/intune/apps/mamedge-overview.md
@@ -43,7 +43,7 @@ This content helps you implement and secure enterprise browser configuration for
The target audience for this content includes:
- **Intune Administrators:** This content provides detailed guidance about configuring and managing Microsoft Edge for Business in Microsoft Intune.
-- **Security Professionals:** This content includes security related areas, such as the [data protection framework using app protection policies](../apps/app-protection-framework.md), [app configuration policies](../apps/app-configuration-policies-overview.md), data encryption, and [conditional access policies](../apps/app-protection-framework.md#conditional-access-policies). You can use this content to enhance your organization's security posture.
+- **Security Professionals:** This content includes security related areas, such as the [data protection framework using app protection policies](../apps/app-protection-framework.md), [app configuration policies](../apps/app-configuration-policies-overview.md), data encryption, and [Conditional Access policies](../apps/app-protection-framework.md#conditional-access-policies). You can use this content to enhance your organization's security posture.
- **Decision Makers:** This content can help decision makers understand the security, productivity, and manageability benefits of Microsoft Edge for Business. In addition, this content helps decision makers make informed decisions about their browser choice for their organization.
> [!NOTE]
@@ -53,7 +53,7 @@ The target audience for this content includes:
This guide provides the following content:
-1. **Microsoft Entra conditional access with Microsoft Edge for Business** - Create an Entra conditional access policy and Intune app protection policy for browsing on Android, iOS and Windows.
+1. **Microsoft Entra Conditional Access with Microsoft Edge for Business** - Create an Entra Conditional Access policy and Intune app protection policy for browsing on Android, iOS and Windows.
2. **App protection policies for Microsoft Edge for Business** - Ensure secure access and usage of enterprise applications when implementing app protection policies.
3. **Integrate Mobile Threat Defense** - Enhance the overall security posture of your organization by using the secure enterprise browser to integrate with the Windows Security Center, Microsoft Defender or any MTD Partners.
4. **App configuration policies for Microsoft Edge for Business** - Understand Microsoft Edge for Business and Microsoft Application Management can be used to protect your organization from various cyber threats.
@@ -90,7 +90,7 @@ In addition to the above benefits, you can enable protected Mobile Application M
- Intune application configuration policies (ACP) with Microsoft Edge for Business. Using ACP allows you to leverage Edge’s settings to better enable a secure browsing experience.
- Intune application protection policies (APP) to secure organization data and ensure the client device is healthy.
- Mobile Threat Protection (MTP) integrated with Intune APP to detect local health threats on personal Windows and all mobile devices.
-- Microsoft Entra conditional access to ensure the device is protected and healthy before granting protected services access via Microsoft Entra.
+- Microsoft Entra Conditional Access to ensure the device is protected and healthy before granting protected services access via Microsoft Entra.
## Zero Trust Methodology
@@ -128,4 +128,4 @@ This solution provides insights into securing your enterprise browser configurat
[](mamedge-1-mamca.md)
-Continue with [Step 1](mamedge-1-mamca.md) to create Microsoft Entra conditional access.
+Continue with [Step 1](mamedge-1-mamca.md) to create Microsoft Entra Conditional Access.
diff --git a/memdocs/intune/apps/manage-microsoft-edge.md b/memdocs/intune/apps/manage-microsoft-edge.md
index a98bbdc6483..25f4f3e9bb4 100644
--- a/memdocs/intune/apps/manage-microsoft-edge.md
+++ b/memdocs/intune/apps/manage-microsoft-edge.md
@@ -44,7 +44,7 @@ This feature applies to:
> [!NOTE]
> Edge for iOS and Android doesn't consume settings that users set for the native browser on their devices, because Edge for iOS and Android can't access these settings.
-The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as conditional access. At a minimum, you'll want to deploy a conditional access policy that only allows connectivity to Edge for iOS and Android from mobile devices and an Intune app protection policy that ensures the browsing experience is protected.
+The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as Conditional Access. At a minimum, you'll want to deploy a Conditional Access policy that only allows connectivity to Edge for iOS and Android from mobile devices and an Intune app protection policy that ensures the browsing experience is protected.
> [!NOTE]
> New web clips (pinned web apps) on iOS devices will open in Edge for iOS and Android instead of the Intune Managed Browser when required to open in a protected browser. For older iOS web clips, you must re-target these web clips to ensure they open in Edge for iOS and Android rather than the Managed Browser.
@@ -82,7 +82,7 @@ Regardless of whether the device is enrolled in a unified endpoint management (U
## Apply Conditional Access
While it's important to protect Microsoft Edge with App Protection Policies (APP), it's also crucial to ensure Microsoft Edge is the mandatory browser for opening corporate applications. Users might otherwise use other unprotected browsers to access corporate applications, potentially leading to data leaks.
-Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Edge for iOS and Android. To do this, you'll need a conditional access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
+Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Edge for iOS and Android. To do this, you'll need a Conditional Access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
Follow the steps in [Require approved client apps or app protection policy with mobile devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices), which allows Edge for iOS and Android, but blocks other mobile device web browsers from connecting to Microsoft 365 endpoints.
@@ -92,7 +92,7 @@ Follow the steps in [Require approved client apps or app protection policy with
With Conditional Access, you can also target on-premises sites that you have exposed to external users via the [Microsoft Entra application proxy](/azure/active-directory/active-directory-application-proxy-get-started).
> [!NOTE]
-> To leverage app-based conditional access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
+> To leverage app-based Conditional Access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
## Single sign-on to Microsoft Entra connected web apps in policy-protected browsers
diff --git a/memdocs/intune/apps/manage-microsoft-office.md b/memdocs/intune/apps/manage-microsoft-office.md
index 757629b2953..cb60445832d 100644
--- a/memdocs/intune/apps/manage-microsoft-office.md
+++ b/memdocs/intune/apps/manage-microsoft-office.md
@@ -40,10 +40,10 @@ Microsoft 365 (Office) for iOS and Android delivers several key benefits includi
- Integrating Microsoft Lens technology to unlock the power of the camera with capabilities like converting images into editable Word and Excel documents, scanning PDFs, and capturing whiteboards with automatic digital enhancements to make the content easier to read.
- Adding new functionality for common tasks people often encounter when working on a phone—things like making quick notes, signing PDFs, scanning QR codes, and transferring files between devices.
-The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as conditional access. At a minimum, you will want to deploy a conditional access policy that allows connectivity to Microsoft 365 (Office) for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
+The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as Conditional Access. At a minimum, you will want to deploy a Conditional Access policy that allows connectivity to Microsoft 365 (Office) for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
## Apply Conditional Access
-Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Microsoft 365 (Office) for iOS and Android. To do this, you will need a conditional access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
+Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Microsoft 365 (Office) for iOS and Android. To do this, you will need a Conditional Access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
1. Follow the steps in [Require approved client apps or app protection policy with mobile devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices), which allows Microsoft 365 (Office) for iOS and Android, but blocks third-party OAuth capable mobile device clients from connecting to Microsoft 365 endpoints.
@@ -51,7 +51,7 @@ Organizations can use Microsoft Entra Conditional Access policies to ensure that
> This policy ensures mobile users can access all Microsoft 365 endpoints using the applicable apps.
> [!NOTE]
-> To leverage app-based conditional access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
+> To leverage app-based Conditional Access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
## Create Intune app protection policies
diff --git a/memdocs/intune/apps/manage-microsoft-teams.md b/memdocs/intune/apps/manage-microsoft-teams.md
index 665a5fb776d..f5d9fa40091 100644
--- a/memdocs/intune/apps/manage-microsoft-teams.md
+++ b/memdocs/intune/apps/manage-microsoft-teams.md
@@ -36,14 +36,14 @@ ms.collection:
Microsoft Teams is the hub for team collaboration in Microsoft 365 that integrates the people, content, and tools your team needs to be more engaged and effective.
-The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as conditional access. At a minimum, you'll want to deploy a conditional access policy that allows connectivity to Teams for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
+The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as Conditional Access. At a minimum, you'll want to deploy a Conditional Access policy that allows connectivity to Teams for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
## Apply Conditional Access
-Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Teams for iOS and Android. To do this, you will need a conditional access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
+Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Teams for iOS and Android. To do this, you will need a Conditional Access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
> [!NOTE]
-> To leverage app-based conditional access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
+> To leverage app-based Conditional Access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
Follow the steps in [Require approved client apps or app protection policy with mobile devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices), which allows Teams for iOS and Android, but blocks third-party OAuth capable mobile device clients from connecting to Microsoft 365 endpoints.
diff --git a/memdocs/intune/apps/protect-mam-windows.md b/memdocs/intune/apps/protect-mam-windows.md
index 667771bb9c6..7cd5ac02221 100644
--- a/memdocs/intune/apps/protect-mam-windows.md
+++ b/memdocs/intune/apps/protect-mam-windows.md
@@ -78,7 +78,7 @@ Preventing data loss is a part of protecting your organizational data. Data loss
This MAM service syncs compliance state per user, per app, and per device to the Microsoft Entra CA service. This includes the threat information received from the Mobile Threat Defense (MTD) vendors starting with Windows Security Center.
> [!NOTE]
-> This MAM service uses the same conditional access compliance workflow that is used to [manage Microsoft Edge on iOS and Android devices](../apps/manage-microsoft-edge.md).
+> This MAM service uses the same Conditional Access compliance workflow that is used to [manage Microsoft Edge on iOS and Android devices](../apps/manage-microsoft-edge.md).
When a change is detected, the MAM service updates the device compliance state immediately. The service also includes MTD health state as part of the compliance state.
@@ -88,7 +88,7 @@ When a change is detected, the MAM service updates the device compliance state i
The MAM Client communicates the client heath state (or health metadata) to the MAM Service upon check-in. The health state includes any failure of APP Health Checks for **Block** or **Wipe** conditions. In addition, Microsoft Entra ID guides end-users through remediation steps when they attempt to access a blocked CA resource.
### Conditional Access Compliance
-Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using policy managed applications on Windows. To do this, you'll need a conditional access policy that targets all potential users. Follow the steps in [Require an app protection policy on Windows devices](/azure/active-directory/conditional-access/how-to-app-protection-policy-windows), which allows Microsoft Edge for Windows, but blocks other web browsers from connecting to Microsoft 365 endpoints.
+Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using policy managed applications on Windows. To do this, you'll need a Conditional Access policy that targets all potential users. Follow the steps in [Require an app protection policy on Windows devices](/azure/active-directory/conditional-access/how-to-app-protection-policy-windows), which allows Microsoft Edge for Windows, but blocks other web browsers from connecting to Microsoft 365 endpoints.
With Conditional Access, you can also target on-premises sites that you have exposed to external users via the [Microsoft Entra application proxy](/azure/active-directory/active-directory-application-proxy-get-started).
diff --git a/memdocs/intune/configuration/device-profile-assign.md b/memdocs/intune/configuration/device-profile-assign.md
index 84a8e9d7e68..5aa7f42b36d 100644
--- a/memdocs/intune/configuration/device-profile-assign.md
+++ b/memdocs/intune/configuration/device-profile-assign.md
@@ -40,7 +40,7 @@ In Intune, you can create and assign the following policies:
- App protection policies
- App configuration policies
- Compliance policies
-- Conditional access policies
+- Conditional Access policies
- Device configuration profiles
- Enrollment policies
diff --git a/memdocs/intune/configuration/device-profile-troubleshoot.md b/memdocs/intune/configuration/device-profile-troubleshoot.md
index 033ed40794f..866d264d2ae 100644
--- a/memdocs/intune/configuration/device-profile-troubleshoot.md
+++ b/memdocs/intune/configuration/device-profile-troubleshoot.md
@@ -40,7 +40,7 @@ This article applies to the following policies:
- App protection policies
- App configuration policies
- Compliance policies
-- Conditional access policies
+- Conditional Access policies
- Device configuration profiles
- Enrollment policies
diff --git a/memdocs/intune/configuration/device-profiles.md b/memdocs/intune/configuration/device-profiles.md
index ace0952e590..75b48eb82ec 100644
--- a/memdocs/intune/configuration/device-profiles.md
+++ b/memdocs/intune/configuration/device-profiles.md
@@ -265,7 +265,7 @@ This feature supports:
## Microsoft Defender for Endpoint
-[Microsoft Defender for Endpoint](../protect/advanced-threat-protection.md) integrates with Intune to monitor and help protect devices. You set risk levels, and determine what happens if devices exceed that level. When combined with conditional access, you can help prevent malicious activity in your organization.
+[Microsoft Defender for Endpoint](../protect/advanced-threat-protection.md) integrates with Intune to monitor and help protect devices. You set risk levels, and determine what happens if devices exceed that level. When combined with Conditional Access, you can help prevent malicious activity in your organization.
This feature supports:
diff --git a/memdocs/intune/configuration/tutorial-walkthrough-administrative-templates.md b/memdocs/intune/configuration/tutorial-walkthrough-administrative-templates.md
index d83515a4c24..4d6d6ecb958 100644
--- a/memdocs/intune/configuration/tutorial-walkthrough-administrative-templates.md
+++ b/memdocs/intune/configuration/tutorial-walkthrough-administrative-templates.md
@@ -202,7 +202,7 @@ In these next steps, you create security groups, and add users to these groups.
- [Dynamic Group Membership in Microsoft Entra ID (Part 1)](/archive/blogs/pauljones/dynamic-group-membership-in-azure-active-directory-part-1)
- [Dynamic Group Membership in Microsoft Entra ID (Part 2)](/archive/blogs/pauljones/dynamic-group-membership-in-azure-active-directory-part-2)
-- Microsoft Entra ID P1 or P2 includes other services that are commonly used when managing apps and devices, including [multifactor authentication (MFA)](/azure/active-directory/authentication/concept-mfa-howitworks) and [conditional access](/azure/active-directory/conditional-access/overview).
+- Microsoft Entra ID P1 or P2 includes other services that are commonly used when managing apps and devices, including [multifactor authentication (MFA)](/azure/active-directory/authentication/concept-mfa-howitworks) and [Conditional Access](/azure/active-directory/conditional-access/overview).
- Many administrators ask when to use user groups and when to use device groups. For some guidance, go to [User groups vs. device groups](device-profile-assign.md#user-groups-vs-device-groups).
diff --git a/memdocs/intune/configuration/vpn-settings-windows-10.md b/memdocs/intune/configuration/vpn-settings-windows-10.md
index 54dce306e9a..a59b49f8242 100644
--- a/memdocs/intune/configuration/vpn-settings-windows-10.md
+++ b/memdocs/intune/configuration/vpn-settings-windows-10.md
@@ -2,7 +2,7 @@
# required metadata
title: Windows 10/11 VPN settings in Microsoft Intune
-description: Learn and read about all the available VPN settings in Microsoft Intune, what they're used for, and what they do. See the traffic rules, conditional access, and DNS and proxy settings for Windows 10/11 and Windows Holographic for Business devices.
+description: Learn and read about all the available VPN settings in Microsoft Intune, what they're used for, and what they do. See the traffic rules, Conditional Access, and DNS and proxy settings for Windows 10/11 and Windows Holographic for Business devices.
keywords:
author: MandiOhlinger
ms.author: mandia
diff --git a/memdocs/intune/developer/app-sdk-android-phase7.md b/memdocs/intune/developer/app-sdk-android-phase7.md
index 6a74718ff22..9178f809678 100644
--- a/memdocs/intune/developer/app-sdk-android-phase7.md
+++ b/memdocs/intune/developer/app-sdk-android-phase7.md
@@ -602,7 +602,7 @@ Most notifications are [MAMUserNotification]s, which provide information specifi
- Your app called [unregisterAccountForMAM].
- An IT admin initiated a remote wipe.
-- Admin-required conditional access policies weren't satisfied.
+- Admin-required Conditional Access policies weren't satisfied.
> [!WARNING]
> An app should never register for both the `WIPE_USER_DATA` and `WIPE_USER_AUXILIARY_DATA` notifications.
diff --git a/memdocs/intune/developer/app-sdk-ios-phase6.md b/memdocs/intune/developer/app-sdk-ios-phase6.md
index e090d24def4..635a0934108 100644
--- a/memdocs/intune/developer/app-sdk-ios-phase6.md
+++ b/memdocs/intune/developer/app-sdk-ios-phase6.md
@@ -171,8 +171,8 @@ To fetch the Microsoft Entra object ID for the accountId parameter of the MAM SD
#### Configuring a test user for App Protection CA
1. Sign in with your administrator credentials to https://portal.azure.com.
-2. Select **Microsoft Entra ID** > **Security** > **Conditional Access** > **New policy**. Create a new conditional access policy.
-3. Configure conditional access policy by setting the following items:
+2. Select **Microsoft Entra ID** > **Security** > **Conditional Access** > **New policy**. Create a new Conditional Access policy.
+3. Configure Conditional Access policy by setting the following items:
- Filling in the **Name** field.
- Enabling the policy.
- Assigning the policy to a user or group.
diff --git a/memdocs/intune/enrollment/android-enterprise-overview.md b/memdocs/intune/enrollment/android-enterprise-overview.md
index 8daa7408163..f7a0a9d27bd 100644
--- a/memdocs/intune/enrollment/android-enterprise-overview.md
+++ b/memdocs/intune/enrollment/android-enterprise-overview.md
@@ -95,7 +95,7 @@ Android Enterprise doesn't provide a default email app or native email profile o
Gmail and Nine Work are two Exchange ActiveSync (EAS) client apps in the Play Store that support Android Enterprise app configuration. Intune provides configuration templates for Gmail and Nine Work apps so you can manage them as work apps. You can configure other email apps that support app configuration profiles in an app configuration policy.
-If you're using Exchange ActiveSync conditional access for a personal or corporate-owned device, consider using the Gmail or Nine Work email app. The Microsoft Outlook for Android app, and any other email app that uses modern authentication via MSAL, is also supported. For more information, see [How to configure email settings in Microsoft Intune](../configuration/email-settings-configure.md).
+If you're using Exchange ActiveSync Conditional Access for a personal or corporate-owned device, consider using the Gmail or Nine Work email app. The Microsoft Outlook for Android app, and any other email app that uses modern authentication via MSAL, is also supported. For more information, see [How to configure email settings in Microsoft Intune](../configuration/email-settings-configure.md).
> [!TIP]
> Azure AD Authentication Library (ADAL) has been deprecated, so we recommend updating apps that currently use ADAL to MSAL. For more information, see [Update your applications to use Microsoft Authentication Library (MSAL) and Microsoft Graph API](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363).
diff --git a/memdocs/intune/enrollment/automated-device-enrollment-authentication.md b/memdocs/intune/enrollment/automated-device-enrollment-authentication.md
index a8fe7e65cd3..ae33fcc55ce 100644
--- a/memdocs/intune/enrollment/automated-device-enrollment-authentication.md
+++ b/memdocs/intune/enrollment/automated-device-enrollment-authentication.md
@@ -50,7 +50,7 @@ Use the Intune Company Portal app as the authentication method if you want to:
- Use multifactor authentication (MFA).
- Prompt users to change their passwords when they first sign in.
- Prompt users to reset their expired passwords during enrollment.
- - Register devices in Microsoft Entra ID and use features available with Microsoft Entra ID, such as conditional access.
+ - Register devices in Microsoft Entra ID and use features available with Microsoft Entra ID, such as Conditional Access.
- Automatically install the Company Portal app during enrollment. If your company uses the Volume Purchase Program (VPP), you can automatically install Company Portal app during enrollment without user Apple IDs.
- You want to lock the device until the Company Portal app installs.
@@ -65,7 +65,7 @@ This option provides the same security as Intune Company Portal authentication b
* Use multifactor authentication (MFA).
* Prompt users to change their passwords when they first sign in.
* Prompt users to reset their expired passwords during enrollment.
-* Register devices in Microsoft Entra ID and use features available with Microsoft Entra ID, such as conditional access.
+* Register devices in Microsoft Entra ID and use features available with Microsoft Entra ID, such as Conditional Access.
* Automatically install the Company Portal app during enrollment. If your company uses the Volume Purchase Program (VPP), you can automatically install Company Portal app during enrollment without user Apple IDs.
* Allow users to use the device even when the Company Portal app isn't installed.
@@ -86,7 +86,7 @@ In both scenarios, the Company Portal installation option is hidden from the dev
### Multifactor authentication
-Multifactor authentication (MFA) will be required if a [conditional access policy that requires it](multi-factor-authentication.md) is applied at enrollment or during Company Portal sign-in. However, MFA is optional, based on the Microsoft Entra settings in the targeted conditional access policy.
+Multifactor authentication (MFA) will be required if a [Conditional Access policy that requires it](multi-factor-authentication.md) is applied at enrollment or during Company Portal sign-in. However, MFA is optional, based on the Microsoft Entra settings in the targeted Conditional Access policy.
External authentication methods are supported in Microsoft Entra ID, which means you can use your preferred MFA solution to facilitate MFA during device enrollment. If you choose to use a third-party MFA provider, before you deploy enrollment profiles to all devices, do a test run to ensure that both the Microsoft Entra MFA screen and MFA work during enrollment. For more information and support details about external authentication methods, see [Public preview: External authentication methods in Microsoft Entra ID](https://techcommunity.microsoft.com/t5/microsoft-entra-blog/public-preview-external-authentication-methods-in-microsoft/ba-p/4078808).
@@ -96,9 +96,9 @@ After they go through the Setup Assistant screens, the device user lands on the
- Won’t be fully registered with Microsoft Entra ID.
- Won’t show up in the user’s device list in Microsoft Entra ID.
-- Won’t have access to resources protected by conditional access.
+- Won’t have access to resources protected by Conditional Access.
- Won’t be evaluated for device compliance.
-- Will be redirected to the Company Portal from other apps if the user tries to open any managed applications that are protected by conditional access.
+- Will be redirected to the Company Portal from other apps if the user tries to open any managed applications that are protected by Conditional Access.
## Option 3: Just in Time Registration for Setup Assistant with modern authentication
diff --git a/memdocs/intune/enrollment/device-enrollment-manager-enroll.md b/memdocs/intune/enrollment/device-enrollment-manager-enroll.md
index 3e621b94bc5..19f8436fbf6 100644
--- a/memdocs/intune/enrollment/device-enrollment-manager-enroll.md
+++ b/memdocs/intune/enrollment/device-enrollment-manager-enroll.md
@@ -116,8 +116,8 @@ Applying a Microsoft Entra maximum device limit of less than 1,000 to a DEM acco
### Certificates
You must use device-level certificates to manage Wi-Fi and email connections.
-### Conditional access
-Conditional access is only supported with DEM on devices running:
+### Conditional Access
+Conditional Access is only supported with DEM on devices running:
* Windows 10, version 1803 and later
* Windows 11
diff --git a/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md b/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md
index 2aedbcd14cb..baf58e8c054 100644
--- a/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md
+++ b/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md
@@ -152,9 +152,9 @@ At the end of this procedure, you can assign this profile to Microsoft Entra dev
- Registers with Microsoft Entra ID.
- Is added to the user's device record in Microsoft Entra ID.
- Can be evaluated for device compliance.
- - Gains access to resources protected by conditional access.
+ - Gains access to resources protected by Conditional Access.
- If the user doesn't sign in to the Company Portal to complete registration, they'll be redirected to the Company Portal app each time they try to open a managed app with conditional access protection.
+ If the user doesn't sign in to the Company Portal to complete registration, they'll be redirected to the Company Portal app each time they try to open a managed app with Conditional Access protection.
Devices running macOS 10.15 and later can use this method. Older macOS devices fall back to using the legacy Setup Assistant method. For more information about how to get the Company Portal app to Mac users, see [Add the Company Portal for macOS app](../apps/apps-company-portal-macos.md).
@@ -283,7 +283,7 @@ Optionally, you can select a default enrollment profile. The default profile is
Distribute prepared devices throughout your organization.
-* New or wiped Macs: New or wiped Macs configured in Apple Business Manager or Apple School Manager automatically enroll in Microsoft Intune during Setup Assistant when someone turns on the device. If you assigned the device to a macOS enrollment profile with user affinity, the device user must sign in to the Company Portal after Setup Assistant is done to finish Microsoft Entra registration and conditional access requirements.
+* New or wiped Macs: New or wiped Macs configured in Apple Business Manager or Apple School Manager automatically enroll in Microsoft Intune during Setup Assistant when someone turns on the device. If you assigned the device to a macOS enrollment profile with user affinity, the device user must sign in to the Company Portal after Setup Assistant is done to finish Microsoft Entra registration and Conditional Access requirements.
* Existing Macs: You can enroll devices that already went through Setup Assistant. Complete these steps to enroll corporate-owned Macs running macOS 10.13 and later.
@@ -300,7 +300,7 @@ Distribute prepared devices throughout your organization.
1. Follow the onscreen prompts to download the Microsoft Intune management profile, certificates, and policies.
>[!TIP]
> You can confirm which profiles are on the device anytime by returning to **System Preferences** > **Profiles**.
- 1. If you assigned the device to a macOS enrollment profile with user affinity, sign in to the Company Portal app to complete Microsoft Entra registration and conditional access requirements, and finish enrollment.
+ 1. If you assigned the device to a macOS enrollment profile with user affinity, sign in to the Company Portal app to complete Microsoft Entra registration and Conditional Access requirements, and finish enrollment.
## Renew enrollment program token
Complete these steps to renew a server token that's about to expire. This procedure ensures that the associated enrollment program token in Intune remains active.
diff --git a/memdocs/intune/enrollment/device-enrollment-shared-ipad.md b/memdocs/intune/enrollment/device-enrollment-shared-ipad.md
index dc5bb6b5570..5d826bea087 100644
--- a/memdocs/intune/enrollment/device-enrollment-shared-ipad.md
+++ b/memdocs/intune/enrollment/device-enrollment-shared-ipad.md
@@ -159,7 +159,7 @@ The following limitations exist in Intune for Shared iPad:
- Company Portal and available apps not supported: Intune Company Portal app and the Intune Company Portal website are not supported with Shared iPad.
- App assignment requirements: You must assign apps as _required_ to device groups. *Available* apps are not supported with Shared iPad.
- Passcode complexity can't be managed with Shared iPad: Shared iPad passcodes must have eight alphanumeric characters, and can't be changed in Apple Business Manager. The passcode complexity and length settings available in Intune device configuration profiles don't apply to Shared iPad. An MDM administrator can set the grace period, which specifies the number of minutes a user has to unlock the iPad without a passcode.
-- Some policies not supported: These Intune policies are not supported with Shared iPad: app-based and device-based conditional access policies, app protection policies, and compliance policies.
+- Some policies not supported: These Intune policies are not supported with Shared iPad: app-based and device-based Conditional Access policies, app protection policies, and compliance policies.
- Email profile not supported: Email profiles aren't supported with Shared iPad. An error occurs when you assign an email profile to a Shared iPad device.
- User-assigned policies don't appear in reports: Intune doesn't report device status or user status in reports for Shared iPad apps and profiles assigned to Microsoft Entra user groups.
- Microsoft Entra federation requirement not enforced: The Microsoft Entra federation requirement isn't enforced. If the Managed Apple ID matches the Microsoft Entra UPN, and the Microsoft Entra user is assigned a user applicable device configuration profile, the profile will apply to the user when they sign in to a shared iPad using their Managed Apple ID.
diff --git a/memdocs/intune/enrollment/macos-enroll.md b/memdocs/intune/enrollment/macos-enroll.md
index a363bde7593..ae6f85e17a0 100644
--- a/memdocs/intune/enrollment/macos-enroll.md
+++ b/memdocs/intune/enrollment/macos-enroll.md
@@ -90,7 +90,7 @@ You can monitor the escrow status for any enrolled Mac in the admin center. The
2. Go to **Devices** > **By platform** > **macOS**.
3. Select a device from your list of macOS devices.
4. Select **Hardware**.
-5. In your hardware details, scroll down to **Conditional access** > **Bootstrap token escrowed**.
+5. In your hardware details, scroll down to **Conditional Access** > **Bootstrap token escrowed**.
### Manage kernel extensions and software updates
diff --git a/memdocs/intune/enrollment/multi-factor-authentication.md b/memdocs/intune/enrollment/multi-factor-authentication.md
index 6668def27e4..44515169671 100644
--- a/memdocs/intune/enrollment/multi-factor-authentication.md
+++ b/memdocs/intune/enrollment/multi-factor-authentication.md
@@ -59,7 +59,7 @@ Complete these steps to enable multifactor authentication during Microsoft Intun
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Go to **Devices**.
-1. Expand **Manage devices**, and then select **Conditional access**. This conditional access area is the same as the conditional access area available in the Microsoft Entra admin center. For more information about the available settings, see [Building a Conditional Access policy](/entra/identity/conditional-access/concept-conditional-access-policies).
+1. Expand **Manage devices**, and then select **Conditional Access**. This Conditional Access area is the same as the Conditional Access area available in the Microsoft Entra admin center. For more information about the available settings, see [Building a Conditional Access policy](/entra/identity/conditional-access/concept-conditional-access-policies).
1. Choose **Create new policy**.
1. Name your policy.
1. Select the **Users** category.
diff --git a/memdocs/intune/enrollment/web-based-device-enrollment-ios.md b/memdocs/intune/enrollment/web-based-device-enrollment-ios.md
index 442dedd32ed..3cc006d1c52 100644
--- a/memdocs/intune/enrollment/web-based-device-enrollment-ios.md
+++ b/memdocs/intune/enrollment/web-based-device-enrollment-ios.md
@@ -79,7 +79,7 @@ Return to **Enrollment types** to see a list of your enrollment profiles. Intune
## Step 3: Prepare employees for enrollment
When an employee attempts to sign into a work app on their personal device, the app alerts them to the enrollment requirement and redirects them to the Company Portal website for enrollment.
-Alternatively, you can provide employees and students with a URL that opens the Company Portal website. If you aren't utilizing conditional access, it's important to share the enrollment link with device users so that they know how to initiate enrollment. The link to share is:
+Alternatively, you can provide employees and students with a URL that opens the Company Portal website. If you aren't utilizing Conditional Access, it's important to share the enrollment link with device users so that they know how to initiate enrollment. The link to share is:
`https://portal.manage.microsoft.com/enrollment/webenrollment/ios`
diff --git a/memdocs/intune/enrollment/windows-bulk-enroll.md b/memdocs/intune/enrollment/windows-bulk-enroll.md
index ae7609b6284..77e92c24c04 100644
--- a/memdocs/intune/enrollment/windows-bulk-enroll.md
+++ b/memdocs/intune/enrollment/windows-bulk-enroll.md
@@ -129,6 +129,6 @@ You can check for success/failure of the settings in your package in the **Provi
When not using an open network, you must use [device-level certificates](../protect/certificates-configure.md) to initiate connections. Bulk enrolled devices are unable to use to user-targeted certificates for network access.
-### Conditional access
+### Conditional Access
-Conditional access is available for devices enrolled via bulk enrollment running Windows 11 or Windows 10, version 1803 and later.
+Conditional Access is available for devices enrolled via bulk enrollment running Windows 11 or Windows 10, version 1803 and later.
diff --git a/memdocs/intune/enrollment/windows-enrollment-create-cname.md b/memdocs/intune/enrollment/windows-enrollment-create-cname.md
index 4916dce2fd6..b036dec1f51 100644
--- a/memdocs/intune/enrollment/windows-enrollment-create-cname.md
+++ b/memdocs/intune/enrollment/windows-enrollment-create-cname.md
@@ -87,7 +87,7 @@ Alternate redirection methods aren't supported with Intune. For example, you can
## Registration CNAME
-Microsoft Entra ID uses a different CNAME during device registration for iOS/iPadOS, Android, and Windows devices. Intune conditional access requires devices to be registered to Microsoft Entra ID (also called *workplace joined*). If you plan to use conditional access, you should configure the *EnterpriseRegistration* CNAME for each company name you have.
+Microsoft Entra ID uses a different CNAME during device registration for iOS/iPadOS, Android, and Windows devices. Intune Conditional Access requires devices to be registered to Microsoft Entra ID (also called *workplace joined*). If you plan to use Conditional Access, you should configure the *EnterpriseRegistration* CNAME for each company name you have.
| Type | Host name | Points to | TTL |
| --- | --- | --- | --- |
diff --git a/memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md b/memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md
index 6d76c46de27..a7381ace291 100644
--- a/memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md
+++ b/memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md
@@ -139,7 +139,7 @@ Windows 10 or Windows 11 Administrative Templates are supported for Windows 10 o
To list supported Administrative Templates, you'll need to use the filter in Settings catalog.
-## Compliance and Conditional access
+## Compliance and Conditional Access
You can secure your Windows 10 or Windows 11 Enterprise multi-session VMs by configuring compliance policies and Conditional Access policies in the Microsoft Intune admin center. The following compliance policies are supported on Windows 10 or Windows 11 Enterprise multi-session VMs:
diff --git a/memdocs/intune/fundamentals/azure-virtual-desktop.md b/memdocs/intune/fundamentals/azure-virtual-desktop.md
index 052cb73e702..4a453a2f2c0 100644
--- a/memdocs/intune/fundamentals/azure-virtual-desktop.md
+++ b/memdocs/intune/fundamentals/azure-virtual-desktop.md
@@ -51,7 +51,7 @@ For more information on Azure Virtual Desktop licensing requirements, see [What
For information about working with multi-session remote desktops, see [Windows 10 or Windows 11 Enterprise multi-session remote desktops](azure-virtual-desktop-multi-session.md).
-Intune treats Azure Virtual Desktop personal VMs the same as Windows 10 or Windows 11 Enterprise physical desktops. This treatment lets you use some of your existing configurations and secure the VMs with compliance policy and conditional access. Intune management doesn't depend on or interfere with Azure Virtual Desktop management of the same virtual machine.
+Intune treats Azure Virtual Desktop personal VMs the same as Windows 10 or Windows 11 Enterprise physical desktops. This treatment lets you use some of your existing configurations and secure the VMs with compliance policy and Conditional Access. Intune management doesn't depend on or interfere with Azure Virtual Desktop management of the same virtual machine.
## Limitations
diff --git a/memdocs/intune/fundamentals/deployment-guide-enroll.md b/memdocs/intune/fundamentals/deployment-guide-enroll.md
index ef72e3c7235..23487ca7d84 100644
--- a/memdocs/intune/fundamentals/deployment-guide-enroll.md
+++ b/memdocs/intune/fundamentals/deployment-guide-enroll.md
@@ -105,7 +105,7 @@ If you're looking for more control, including where the terms appear, consider c
For more information, see [Terms and conditions for user access](../enrollment/terms-and-conditions-create.md).
### Require multifactor authentication
-Require users to authenticate via multi-factor authentication (MFA) during enrollment. If you require MFA, people wanting to enroll devices must authenticate with a second device and two forms of credentials before they can enroll their device. This is a one-time conditional step, and ensures that the person on the device is who they say they are. You can enable this behavior for all platforms except Linux by using a conditional access policy with an MFA policy. Microsoft Entra ID P1 or P2 is required.
+Require users to authenticate via multi-factor authentication (MFA) during enrollment. If you require MFA, people wanting to enroll devices must authenticate with a second device and two forms of credentials before they can enroll their device. This is a one-time conditional step, and ensures that the person on the device is who they say they are. You can enable this behavior for all platforms except Linux by using a Conditional Access policy with an MFA policy. Microsoft Entra ID P1 or P2 is required.
For more information, see [Require multifactor authentication for Intune device enrollments](../enrollment/multi-factor-authentication.md).
diff --git a/memdocs/intune/fundamentals/deployment-guide-enrollment-macos.md b/memdocs/intune/fundamentals/deployment-guide-enrollment-macos.md
index 45cbe84fbbc..bed921c0dc4 100644
--- a/memdocs/intune/fundamentals/deployment-guide-enrollment-macos.md
+++ b/memdocs/intune/fundamentals/deployment-guide-enrollment-macos.md
@@ -149,14 +149,14 @@ This task list provides an overview. For more specific information, go to [Autom
- You want to use multifactor authentication (MFA).
- You want to prompt users to update their expired password when they first sign in.
- You want to prompt users to reset their expired passwords during enrollment.
- - You want devices registered in Microsoft Entra ID. When they're registered, you can use features available with Microsoft Entra ID, such as conditional access.
+ - You want devices registered in Microsoft Entra ID. When they're registered, you can use features available with Microsoft Entra ID, such as Conditional Access.
> [!NOTE]
> During the Setup Assistant, users must enter their organization Microsoft Entra credentials (`user@contoso.com`). When they enter their credentials, the enrollment starts. If you want, users can also enter their Apple ID to access Apple specific features, such as Apple Pay.
>
> After the Setup Assistant completes, users can use the device. When the home screen shows, the enrollment is complete, and user affinity is established. The device isn't fully registered with Microsoft Entra ID, and doesn't show in a user's device list in Microsoft Entra ID.
>
- > If users need access to resources protected by conditional access or should be fully registered with Microsoft Entra ID, then [install the Company Portal app](../apps/apps-company-portal-macos.md). After it's installed, users open the Company Portal app, and sign in with their organization Microsoft Entra account (`user@contoso.com`). During this second login, any conditional access policies are evaluated, and Microsoft Entra registration is complete. Users can install and use organizational resources, including LOB apps.
+ > If users need access to resources protected by Conditional Access or should be fully registered with Microsoft Entra ID, then [install the Company Portal app](../apps/apps-company-portal-macos.md). After it's installed, users open the Company Portal app, and sign in with their organization Microsoft Entra account (`user@contoso.com`). During this second login, any Conditional Access policies are evaluated, and Microsoft Entra registration is complete. Users can install and use organizational resources, including LOB apps.
- In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Apple Configurator** enrollment and create an enrollment profile. Choose to **Enroll with user affinity** (associate a user to the device), or **Enroll without user affinity** (user-less devices or shared devices).
diff --git a/memdocs/intune/fundamentals/deployment-guide-platform-linux.md b/memdocs/intune/fundamentals/deployment-guide-platform-linux.md
index 86e7da5a8f2..cb18146dbeb 100644
--- a/memdocs/intune/fundamentals/deployment-guide-platform-linux.md
+++ b/memdocs/intune/fundamentals/deployment-guide-platform-linux.md
@@ -35,14 +35,14 @@ This guide describes everything you need to do to protect and manage Linux apps
* Prepare your tenant for device enrollment.
* Create Linux device compliance policies.
* Add custom compliance settings.
-* Enforce conditional access policies in Microsoft Edge.
+* Enforce Conditional Access policies in Microsoft Edge.
* Support employees and students enrolling their desktops.
-For each section in this guide, review the associated tasks. Some tasks are required and some, like setting up conditional access, are optional. Select the provided links in each section to go to our recommended help docs on Microsoft Learn, where you can find more detailed information and how-to instructions.
+For each section in this guide, review the associated tasks. Some tasks are required and some, like setting up Conditional Access, are optional. Select the provided links in each section to go to our recommended help docs on Microsoft Learn, where you can find more detailed information and how-to instructions.
## Step 1: Prerequisites
- Microsoft Intune, Microsoft Entra ID, and Microsoft Edge power the feature and capabilities for Linux desktop management. Microsoft Intune powers the device management and compliance capabilities. Microsoft Entra ID powers conditional access, which is used alongside Microsoft Intune compliance policies. Microsoft Edge is the web browser app used to provide protected access to Microsoft 365 web apps.
+ Microsoft Intune, Microsoft Entra ID, and Microsoft Edge power the feature and capabilities for Linux desktop management. Microsoft Intune powers the device management and compliance capabilities. Microsoft Entra ID powers Conditional Access, which is used alongside Microsoft Intune compliance policies. Microsoft Edge is the web browser app used to provide protected access to Microsoft 365 web apps.
Complete the following prerequisites as an Intune administrator to enable your tenant's endpoint management capabilities:
@@ -71,7 +71,7 @@ You can enforce device compliance policies based on Linux distribution type, ver
| [Create a device compliance policy](../protect/create-compliance-policy.md)|Get step-by-step guidance on how to create and assign a device compliance policy for Linux devices. |
| [Add custom compliance settings](../protect/compliance-use-custom-settings.md) | With custom compliance settings, you can write your own Bash scripts to address compliance scenarios not yet included in the device compliance options built into Microsoft Intune. This article describes how to create, monitor, and troubleshoot custom compliance policies for Linux devices. Custom compliance settings require you to [create a custom script](../protect/compliance-custom-script.md) that identifies the settings and value pairs.|
| [Add actions for noncompliance](../protect/actions-for-noncompliance.md) |Choose what happens when devices no longer meet the conditions of your compliance policy. Examples of actions include sending alerts, remotely locking devices, or retiring devices. You can add actions for noncompliance when you configure a device compliance policy, or later by editing the policy. |
-| Create [a device-based](../protect/create-conditional-access-intune.md) or [app-based](../protect/app-based-conditional-access-intune-create.md) conditional access policy| Set up a conditional access policy to protect and grant access to Microsoft 365 web apps in the Microsoft Edge browser for Linux. Conditional access blocks noncompliant devices from accessing protected work apps in Edge, and grants access to compliant devices. You must have a device compliance policy for conditional access to work with Linux devices. |
+| Create [a device-based](../protect/create-conditional-access-intune.md) or [app-based](../protect/app-based-conditional-access-intune-create.md) Conditional Access policy| Set up a Conditional Access policy to protect and grant access to Microsoft 365 web apps in the Microsoft Edge browser for Linux. Conditional Access blocks noncompliant devices from accessing protected work apps in Edge, and grants access to compliant devices. You must have a device compliance policy for Conditional Access to work with Linux devices. |
## Step 4: Enroll devices
@@ -81,7 +81,7 @@ Enrollment is supported on Linux desktops running:
* RedHat Enterprise Linux 8
* RedHat Enterprise Linux 9
-Employees assigned Intune licenses can enroll their personal Linux devices into Microsoft Intune whenever they want. During enrollment, their device is registered with Microsoft Entra ID and evaluated for compliance. If you've applied a conditional access policy to Edge, users will be prompted to enroll their devices before they can access Microsoft 365 web apps with their work account.
+Employees assigned Intune licenses can enroll their personal Linux devices into Microsoft Intune whenever they want. During enrollment, their device is registered with Microsoft Entra ID and evaluated for compliance. If you've applied a Conditional Access policy to Edge, users will be prompted to enroll their devices before they can access Microsoft 365 web apps with their work account.
As an Intune administrator, you don't need to do anything to enable enrollment for employees, other than what's described under [Prerequisites](deployment-guide-platform-linux.md#step-1-prerequisites). However, it's important to provide them with help resources in case they need guidance during enrollment.
@@ -93,7 +93,7 @@ As an Intune administrator, you don't need to do anything to enable enrollment f
|[Install Microsoft Intune app for Linux](../user-help/microsoft-intune-app-linux.md)| Employees must install the Microsoft Intune app on their personal device for enrollment. This article describes how to install, update, and remove the Microsoft Intune app for Linux in the Terminal app. |
|[Install Microsoft Edge web browser)](https://www.microsoft.com/edge)| To access protected websites and files, employees must have Microsoft Edge web browser, version 102.*X* or later. After they enroll their device, employees can sign into Microsoft Edge with their work account and access websites and files. |
|[Enroll Linux device in Intune](../user-help/enroll-device-linux.md)| This article is for device users and describes how to enroll a device with the Microsoft Intune app, and includes system requirements, prerequisites, and next steps. During this step, Microsoft Intune registers the device with Microsoft Entra ID and creates a device record in Intune. After registration is complete, device compliance checks begin. |
-|[Check device status and resolve compliance issues](../user-help/check-status-linux.md)| This article is for device users and describes how to resolve compliance issues in the Microsoft Intune app. Compliance checks happen during enrollment and thereafter when the device checks in with Intune. The Intune app notifies employees when they have a noncompliant setting on their device. Intune determines compliance and actions for noncompliance by using your device compliance and conditional access policies. |
+|[Check device status and resolve compliance issues](../user-help/check-status-linux.md)| This article is for device users and describes how to resolve compliance issues in the Microsoft Intune app. Compliance checks happen during enrollment and thereafter when the device checks in with Intune. The Intune app notifies employees when they have a noncompliant setting on their device. Intune determines compliance and actions for noncompliance by using your device compliance and Conditional Access policies. |
## Next steps
diff --git a/memdocs/intune/fundamentals/deployment-guide-platform-windows.md b/memdocs/intune/fundamentals/deployment-guide-platform-windows.md
index a5c2b973cf4..cd62749c294 100644
--- a/memdocs/intune/fundamentals/deployment-guide-platform-windows.md
+++ b/memdocs/intune/fundamentals/deployment-guide-platform-windows.md
@@ -64,7 +64,7 @@ You can use Microsoft Entra Conditional Access policies in conjunction with devi
| ---- | ------ |
| [Create a compliance policy](../protect/create-compliance-policy.md)|Get step-by-step guidance on how to create and assign a compliance policy to user and device groups. |
| [Add actions for noncompliance](../protect/actions-for-noncompliance.md) |Choose what happens when devices no longer meet the conditions of your compliance policy. Examples of actions include sending alerts, remotely locking devices, or retiring devices. You can add actions for noncompliance when you configure a device compliance policy, or later by editing the policy. |
-| Create [a device-based](../protect/create-conditional-access-intune.md) or [app-based](../protect/app-based-conditional-access-intune-create.md) conditional access policy| Select the apps or services you want to protect and define the conditions for access. |
+| Create [a device-based](../protect/create-conditional-access-intune.md) or [app-based](../protect/app-based-conditional-access-intune-create.md) Conditional Access policy| Select the apps or services you want to protect and define the conditions for access. |
|[Block access to apps that don't use modern authentication](../protect/app-modern-authentication-block.md) | Create an app-based Conditional Access policy to block apps that use authentication methods other than OAuth2; for example, those apps that use basic and form-based authentication. Before you block access, however, sign in to Microsoft Entra ID and review the [authentication methods activity report](/azure/active-directory/authentication/howto-authentication-methods-activity) to see if users are using basic authentication to access essential things you forgot about or are unaware of. For example, things like meeting room calendar kiosks use basic authentication. |
| [Add custom compliance settings](../protect/compliance-use-custom-settings.md) | With custom compliance settings, you can write your own Bash scripts to address compliance scenarios not yet included in the device compliance options built into Microsoft Intune. This article describes how to create, monitor, and troubleshoot custom compliance policies for Windows devices. Custom compliance settings require you to [create a custom script](../protect/compliance-custom-json.md) that identifies the settings and value pairs.|
diff --git a/memdocs/intune/fundamentals/deployment-plan-compliance-policies.md b/memdocs/intune/fundamentals/deployment-plan-compliance-policies.md
index b486c540b5e..dd6cee60baf 100644
--- a/memdocs/intune/fundamentals/deployment-plan-compliance-policies.md
+++ b/memdocs/intune/fundamentals/deployment-plan-compliance-policies.md
@@ -40,14 +40,14 @@ ms.collection:
### Defender for Endpoint
-### Conditional access ?
+### Conditional Access ?
-->
# Step 3 – Plan for compliance policies
Previously, you set up your Intune subscription and created app protection policies. Next, plan for and configure device compliance settings and policies to help protect organizational data by requiring devices to meet requirements that you set.
-:::image type="content" source="./media/deployment-plan-compliance-policies/deployment-plan-compliance-conditional-access.png" alt-text="Diagram that shows getting started with Microsoft Intune with step 3, which is creating compliance and conditional access policies.":::
+:::image type="content" source="./media/deployment-plan-compliance-policies/deployment-plan-compliance-conditional-access.png" alt-text="Diagram that shows getting started with Microsoft Intune with step 3, which is creating compliance and Conditional Access policies.":::
If you’re not yet familiar with compliance policies, see [Compliance overview](../protect/device-compliance-get-started.md).
@@ -198,7 +198,7 @@ With robust device compliance policies in place, you can then implement more adv
- Integrating device compliance status with *Conditional Access* to help gate which devices are allowed to access email, other cloud services, or on-premises resources.
-- Including compliance data from *third-party compliance partners*. With such a configuration, compliance data from those devices can be used with your [conditional access policies](../protect/device-compliance-get-started.md#integrate-with-conditional-access).
+- Including compliance data from *third-party compliance partners*. With such a configuration, compliance data from those devices can be used with your [Conditional Access policies](../protect/device-compliance-get-started.md#integrate-with-conditional-access).
- Expanding on built-in device compliance policies by defining custom compliance settings that aren't available natively through the Intune compliance policy UI.
diff --git a/memdocs/intune/fundamentals/deployment-plan-protect-apps.md b/memdocs/intune/fundamentals/deployment-plan-protect-apps.md
index 73427bba58d..043334a5e3a 100644
--- a/memdocs/intune/fundamentals/deployment-plan-protect-apps.md
+++ b/memdocs/intune/fundamentals/deployment-plan-protect-apps.md
@@ -187,7 +187,7 @@ For more information about app configuration, go to the following topics:
The Outlook for iOS and Android app is designed to enable users in your organization to do more from their mobile devices, by bringing together email, calendar, contacts, and other files.
-The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as conditional access. At a minimum, you will want to deploy a conditional access policy that allows connectivity to Outlook for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
+The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Microsoft Entra ID P1 or P2 features, such as Conditional Access. At a minimum, you will want to deploy a Conditional Access policy that allows connectivity to Outlook for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
For more information about configuring Microsoft Outlook, go to the following topic:
diff --git a/memdocs/intune/fundamentals/get-started-with-intune.md b/memdocs/intune/fundamentals/get-started-with-intune.md
index 5cfa06bac1c..92f66fe2403 100644
--- a/memdocs/intune/fundamentals/get-started-with-intune.md
+++ b/memdocs/intune/fundamentals/get-started-with-intune.md
@@ -39,7 +39,7 @@ Microsoft Intune is a cloud-based service that helps you manage your devices and
This article provides an overview of the steps to start your Intune deployment.
-:::image type="content" source="./media/get-started-with-intune/get-started-overview.png" alt-text="Diagram that shows the different steps to get started with Microsoft Intune, including set up, adding apps, using compliance & conditional access, configuring device features, and then enrolling devices to be managed.":::
+:::image type="content" source="./media/get-started-with-intune/get-started-overview.png" alt-text="Diagram that shows the different steps to get started with Microsoft Intune, including set up, adding apps, using compliance & Conditional Access, configuring device features, and then enrolling devices to be managed.":::
> [!TIP]
> As a companion to this article, the Microsoft 365 admin center also has some setup guidance. The guide customizes your experience based on your environment. To access this deployment guide, go to the [Microsoft Intune setup guide in the Microsoft 365 admin center](https://go.microsoft.com/fwlink/?linkid=2224812), and sign in with the **Global Reader** (at a minimum). For more information on these deployment guides and the roles needed, go to [Advanced deployment guides for Microsoft 365 and Office 365 products](/microsoft-365/enterprise/setup-guides-for-microsoft-365).
diff --git a/memdocs/intune/fundamentals/guided-scenarios-office-mobile.md b/memdocs/intune/fundamentals/guided-scenarios-office-mobile.md
index d7cc3df9326..0f76f1f27fe 100644
--- a/memdocs/intune/fundamentals/guided-scenarios-office-mobile.md
+++ b/memdocs/intune/fundamentals/guided-scenarios-office-mobile.md
@@ -50,13 +50,13 @@ You can use App protection policies to prevent users from saving work files in u
- Data relocation policies like **Save copies of org data**, and **Restrict cut, copy, and paste**.
- Access policy settings to require simple PIN for access, and block managed apps from running on jailbroken or rooted devices.
-App-based conditional access and client app management add a security layer by making sure only client apps that support Intune app protection policies can access Exchange online and other Microsoft 365 services.
+App-based Conditional Access and client app management add a security layer by making sure only client apps that support Intune app protection policies can access Exchange online and other Microsoft 365 services.
You can block the built-in mail apps on iOS/iPadOS and Android when you allow only the Microsoft Outlook app to access Exchange Online. Additionally, you can block apps that don't have Intune app protection policies applied from accessing SharePoint Online.
-In this example, the admin has applied app protection policies to the Outlook app followed by a conditional access rule that adds the Outlook app to an approved list of apps that can be used when accessing corporate e-mail.
+In this example, the admin has applied app protection policies to the Outlook app followed by a Conditional Access rule that adds the Outlook app to an approved list of apps that can be used when accessing corporate e-mail.
-
+
## Prerequisites
@@ -120,7 +120,7 @@ The following settings are applied when using the **Enhanced data protection** s
In this step, you can choose the user groups that you want to include to ensure that they have access to your corporate data. App protection is assigned to users, and not devices, so your corporate data will be secure regardless of the device used and its enrollment status.
-Users without app protection policies and conditional access settings assigned will be able to save data from their corporate profile to personal apps and nonmanaged local storage on their mobile devices. They could also connect to corporate data services, such as Microsoft Exchange, with personal apps.
+Users without app protection policies and Conditional Access settings assigned will be able to save data from their corporate profile to personal apps and nonmanaged local storage on their mobile devices. They could also connect to corporate data services, such as Microsoft Exchange, with personal apps.
## Step 6 - Review + create
@@ -131,4 +131,4 @@ The final step allows you to review a summary of the settings you configured. On
## Next steps
-- Enhance the security of work files by assigning users an App-based conditional access policy to protect cloud services from sending work files to unprotected apps. For more information, see [Set up app-based Conditional Access policies with Intune](../protect/app-based-conditional-access-intune-create.md).
+- Enhance the security of work files by assigning users an App-based Conditional Access policy to protect cloud services from sending work files to unprotected apps. For more information, see [Set up app-based Conditional Access policies with Intune](../protect/app-based-conditional-access-intune-create.md).
diff --git a/memdocs/intune/fundamentals/licenses.md b/memdocs/intune/fundamentals/licenses.md
index bd538e0c96f..da78ff7a575 100644
--- a/memdocs/intune/fundamentals/licenses.md
+++ b/memdocs/intune/fundamentals/licenses.md
@@ -109,7 +109,7 @@ You can purchase device licenses based on your estimated usage. Microsoft Intune
When a device is enrolled by using a device license, the following Intune functions aren't supported:
- [Intune app protection policies](../apps/app-protection-policy.md)
-- [Conditional access](../protect/conditional-access.md)
+- [Conditional Access](../protect/conditional-access.md)
- User-based management features, such as email and calendaring
## Confirm your licenses
diff --git a/memdocs/intune/fundamentals/migrate-to-intune.md b/memdocs/intune/fundamentals/migrate-to-intune.md
index edb56701467..740aac8b982 100644
--- a/memdocs/intune/fundamentals/migrate-to-intune.md
+++ b/memdocs/intune/fundamentals/migrate-to-intune.md
@@ -136,7 +136,7 @@ To evaluate and migrate policies from Basic Mobility and Security to Intune:
:::image type="content" source="./media/migrate-to-intune/recommendations-page.png" alt-text="Screenshot of migration evaluation example in the Microsoft Intune admin center after migrating Microsoft 365 Basic Mobility and Security policies to Intune":::
- Not all device settings correspond exactly to Intune settings and values. So, they can't be moved with precise one-to-one mapping. You need to review and possibly adjust these settings.
- - The conditional access (CA) settings that control the Office 365 services are the same CA policies in Microsoft Entra ID. So, you don't need to review or make changes to them unless you want to.
+ - The Conditional Access (CA) settings that control the Office 365 services are the same CA policies in Microsoft Entra ID. So, you don't need to review or make changes to them unless you want to.
4. Select an item in the list. The **Compliance policy recommendation overview** page opens. Review the instructions.
5. Select **Details** to review the recommended settings and group assignments:
@@ -206,13 +206,13 @@ This section describes what happens behind the scenes when you migrate from Basi
- [Configurations policy mapping from Basic Mobility and Security to Intune](policy-map-configurations.md)
- [Miscellaneous policy mapping from Basic Mobility and Security to Intune](policy-map-miscellaneous.md)
-- When you complete the migration, your migrated policies are in Microsoft Intune admin center. The new policies include compliance policies, device configuration profiles, and conditional access policies. The new policies are in the following locations:
+- When you complete the migration, your migrated policies are in Microsoft Intune admin center. The new policies include compliance policies, device configuration profiles, and Conditional Access policies. The new policies are in the following locations:
| Intune policy type | Intune location |
| --- | --- |
| [Compliance policies](../protect/device-compliance-get-started.md)Specify the device settings as access requirements. | [Microsoft Intune Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Compliance** |
| [Configuration profiles](../configuration/device-profiles.md) Specify other settings that aren't part of the access requirements, including email profiles. | [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Manage devices** > **Configuration** |
- | [Conditional access policies]( ../protect/conditional-access.md) Microsoft Entra Conditional Access blocks access if the settings aren't compliant. | [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Conditional access** > **Classic policies** |
+ | [Conditional Access policies]( ../protect/conditional-access.md) Microsoft Entra Conditional Access blocks access if the settings aren't compliant. | [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Conditional Access** > **Classic policies** |
## Known issues
diff --git a/memdocs/intune/fundamentals/policy-map-miscellaneous.md b/memdocs/intune/fundamentals/policy-map-miscellaneous.md
index c0d9687ca8e..1610d6b7828 100644
--- a/memdocs/intune/fundamentals/policy-map-miscellaneous.md
+++ b/memdocs/intune/fundamentals/policy-map-miscellaneous.md
@@ -83,7 +83,7 @@ These settings are backed by the Conditional Access policy [GraphAggregatorServi
This setting modifies one classic Conditional Access policy:
-- **Endpoint security** > **Conditional access** > **Classic policies** > **[GraphAggregatorService] Device policy** > **Conditions** > **Client apps (Preview)** > **Mobile apps and desktop clients** > **Exchange ActiveSync clients** > **Apply policy only to supported platform**
+- **Endpoint security** > **Conditional Access** > **Classic policies** > **[GraphAggregatorService] Device policy** > **Conditions** > **Client apps (Preview)** > **Mobile apps and desktop clients** > **Exchange ActiveSync clients** > **Apply policy only to supported platform**
### Are there any security groups you want to exclude from access control?
@@ -95,7 +95,7 @@ This setting modifies five classic Conditional Access policies:
- [Office 365 SharePoint Online] Device policy
- [Outlook Service for OneDrive] Device policy
-- **Endpoint security** > **Conditional access** > policy name > **Users and groups** > **Exclude**
+- **Endpoint security** > **Conditional Access** > policy name > **Users and groups** > **Exclude**
## Device security policy Name and Description
diff --git a/memdocs/intune/fundamentals/remote-help-macos.md b/memdocs/intune/fundamentals/remote-help-macos.md
index 1965687d518..4ffaa79f755 100644
--- a/memdocs/intune/fundamentals/remote-help-macos.md
+++ b/memdocs/intune/fundamentals/remote-help-macos.md
@@ -56,7 +56,7 @@ The Remote Help web app supports the following capabilities on macOS:
- **Use Remote Help with unenrolled devices**: Disabled by default, you can choose to allow help to devices that aren't enrolled with Intune.
-- **Conditional access**: Administrators can now utilize conditional access capability when setting up policies and conditions for Remote Help. For more information on setting up conditional access, see [Setup Conditional Access for Remote Help](remote-help-windows.md#setup-conditional-access-for-remote-help).
+- **Conditional Access**: Administrators can now utilize Conditional Access capability when setting up policies and conditions for Remote Help. For more information on setting up Conditional Access, see [Setup Conditional Access for Remote Help](remote-help-windows.md#setup-conditional-access-for-remote-help).
- **Compliance Warnings**: Remote Help will show non-compliance warnings if the device the helper is connecting to isn't compliant with its assigned policies. This warning doesn't block access but provides transparency about the risk of using sensitive data like administrative credentials during the session.
diff --git a/memdocs/intune/fundamentals/remote-help-webapp.md b/memdocs/intune/fundamentals/remote-help-webapp.md
index 2f7e86b7e2a..55e1e2002e8 100644
--- a/memdocs/intune/fundamentals/remote-help-webapp.md
+++ b/memdocs/intune/fundamentals/remote-help-webapp.md
@@ -45,7 +45,7 @@ The Remote Help web app supports the following capabilities:
Use Remote Help with unenrolled devices: Disabled by default, you can choose to allow help to devices that aren't enrolled with Intune.
-- **Conditional access**: Administrators can now utilize conditional access capability when setting up policies and conditions for Remote Help. For more information on setting up conditional access, go to [Setup Conditional Access for Remote Help](remote-help-windows.md#setup-conditional-access-for-remote-help).
+- **Conditional Access**: Administrators can now utilize Conditional Access capability when setting up policies and conditions for Remote Help. For more information on setting up Conditional Access, go to [Setup Conditional Access for Remote Help](remote-help-windows.md#setup-conditional-access-for-remote-help).
- **Compliance Warnings**: Before connecting to a user's device, a helper will see a non-compliance warning about that device if it's not compliant with its assigned policies. This warning doesn’t block access but provides transparency about the risk of using sensitive data like administrative credentials during the session.
diff --git a/memdocs/intune/fundamentals/remote-help-windows.md b/memdocs/intune/fundamentals/remote-help-windows.md
index 568e10cd49a..2cc5bb51323 100644
--- a/memdocs/intune/fundamentals/remote-help-windows.md
+++ b/memdocs/intune/fundamentals/remote-help-windows.md
@@ -48,7 +48,7 @@ The Remote Help app is available from Microsoft to install on both devices enrol
The Remote Help app supports the following capabilities on Windows:
-- **Conditional access**: Administrators can now utilize conditional access capability when setting up policies and conditions for Remote Help. For example, multi-factor authentication, installing security updates, and locking access to Remote Help for a specific region or IP addresses. For more information on setting up conditional access, go to [Setup Conditional Access for Remote Help](#setup-conditional-access-for-remote-help)
+- **Conditional Access**: Administrators can now utilize Conditional Access capability when setting up policies and conditions for Remote Help. For example, multi-factor authentication, installing security updates, and locking access to Remote Help for a specific region or IP addresses. For more information on setting up Conditional Access, go to [Setup Conditional Access for Remote Help](#setup-conditional-access-for-remote-help)
- **Compliance Warnings**: Before a helper can connect to a user's device, the helper sees a non-compliance warning about that device if it's not compliant with its assigned policies. This warning doesn't block access but provides transparency about the risk of using sensitive data like administrative credentials during the session.
@@ -275,9 +275,9 @@ Depending on the environment that Remote Help is utilized in, it may be necessar
- C:\Program Files\Remote help\RHService.exe
- C:\Program Files\Remote help\RemoteHelpRDP.exe
-## Setup conditional access for Remote Help
+## Setup Conditional Access for Remote Help
-This section outlines the steps for provisioning the Remote Help service on the tenant for conditional access.
+This section outlines the steps for provisioning the Remote Help service on the tenant for Conditional Access.
1. Open PowerShell in admin mode.
- It may be necessary to install [Microsoft Graph PowerShell](/powershell/microsoftgraph/installation)
diff --git a/memdocs/intune/fundamentals/role-based-access-control-reference.md b/memdocs/intune/fundamentals/role-based-access-control-reference.md
index 14ea9f58d98..66921ba74d5 100644
--- a/memdocs/intune/fundamentals/role-based-access-control-reference.md
+++ b/memdocs/intune/fundamentals/role-based-access-control-reference.md
@@ -186,7 +186,7 @@ Application Managers manage mobile and managed applications, can read device inf
## Endpoint Security Manager
-Manages security and compliance features such as security baselines, device compliance, conditional access, and Microsoft Defender ATP.
+Manages security and compliance features such as security baselines, device compliance, Conditional Access, and Microsoft Defender ATP.
| Permission | Action |
| ---------- | ------ |
diff --git a/memdocs/intune/fundamentals/role-based-access-control.md b/memdocs/intune/fundamentals/role-based-access-control.md
index f13ee07c426..40fc2b496b5 100644
--- a/memdocs/intune/fundamentals/role-based-access-control.md
+++ b/memdocs/intune/fundamentals/role-based-access-control.md
@@ -59,7 +59,7 @@ You can assign built-in roles to groups without further configuration. You can't
- **Application Manager**: Manages mobile and managed applications, can read device information and can view device configuration profiles.
- **Endpoint Privilege Manager**: Manages Endpoint Privilege Management policies in the Intune console.
- **Endpoint Privilege Reader**: Endpoint Privilege Readers can view Endpoint Privilege Management policies in the Intune console.
-- **Endpoint Security Manager**: Manages security and compliance features, such as security baselines, device compliance, conditional access, and Microsoft Defender for Endpoint.
+- **Endpoint Security Manager**: Manages security and compliance features, such as security baselines, device compliance, Conditional Access, and Microsoft Defender for Endpoint.
- **Help Desk Operator**: Performs remote tasks on users and devices, and can assign applications or policies to users or devices.
- **Intune Role Administrator**: Manages custom Intune roles and adds assignments for built-in Intune roles. It's the only Intune role that can assign permissions to Administrators.
- **Policy and Profile Manager**: Manages compliance policy, configuration profiles, Apple enrollment, corporate device identifiers, and security baselines.
diff --git a/memdocs/intune/fundamentals/tutorial-walkthrough-endpoint-manager.md b/memdocs/intune/fundamentals/tutorial-walkthrough-endpoint-manager.md
index c9dea49e46f..265e92e9a8b 100644
--- a/memdocs/intune/fundamentals/tutorial-walkthrough-endpoint-manager.md
+++ b/memdocs/intune/fundamentals/tutorial-walkthrough-endpoint-manager.md
@@ -108,7 +108,7 @@ Follow the steps below to better understand Intune in the Microsoft Intune admin
5. From the **Devices - Overview** pane, select **Conditional Access** to display details about access policies.
- :::image type="content" alt-text="Screenshot of the Microsoft Intune admin center - Conditional access." source="./media/tutorial-walkthrough-endpoint-manager/tutorial-walkthrough-mem-05.png" lightbox="./media/tutorial-walkthrough-endpoint-manager/tutorial-walkthrough-mem-05.png":::
+ :::image type="content" alt-text="Screenshot of the Microsoft Intune admin center - Conditional Access." source="./media/tutorial-walkthrough-endpoint-manager/tutorial-walkthrough-mem-05.png" lightbox="./media/tutorial-walkthrough-endpoint-manager/tutorial-walkthrough-mem-05.png":::
> [!TIP]
> If you have previously used Intune in the Azure portal, you found the above details in the Azure portal by signing in to [Intune](https://go.microsoft.com/fwlink/?linkid=2090973) and selecting **Conditional Access**.
diff --git a/memdocs/intune/fundamentals/what-is-device-management.md b/memdocs/intune/fundamentals/what-is-device-management.md
index 2fd75bfb51c..3ee9e542e4d 100644
--- a/memdocs/intune/fundamentals/what-is-device-management.md
+++ b/memdocs/intune/fundamentals/what-is-device-management.md
@@ -69,7 +69,7 @@ For more information about Intune and its benefits, go to:
### Cloud attach your on-premises Configuration Manager
-Many organizations use on-premises Configuration Manager to manage devices, including desktops and servers. You can cloud-attach your on-premises Configuration Manager to Microsoft Intune. When you cloud-attach, you get the benefits of Intune and the cloud, including [conditional access](../../configmgr/comanage/quickstart-conditional-access.md), [running remote actions](../../configmgr/comanage/quickstart-remote-actions.md), [using Windows Autopilot](../../configmgr/comanage/quickstart-autopilot.md), and more.
+Many organizations use on-premises Configuration Manager to manage devices, including desktops and servers. You can cloud-attach your on-premises Configuration Manager to Microsoft Intune. When you cloud-attach, you get the benefits of Intune and the cloud, including [Conditional Access](../../configmgr/comanage/quickstart-conditional-access.md), [running remote actions](../../configmgr/comanage/quickstart-remote-actions.md), [using Windows Autopilot](../../configmgr/comanage/quickstart-autopilot.md), and more.
For more information, go to:
diff --git a/memdocs/intune/fundamentals/what-is-intune.md b/memdocs/intune/fundamentals/what-is-intune.md
index b06c27beef2..428273111e2 100644
--- a/memdocs/intune/fundamentals/what-is-intune.md
+++ b/memdocs/intune/fundamentals/what-is-intune.md
@@ -85,7 +85,7 @@ For more information, go to [Manage apps using Microsoft Intune](manage-apps.md)
✅ **Automate policy deployment**
-You can create policies for apps, security, device configuration, compliance, conditional access, and more. When the policies are ready, you can deploy these policies to your user groups and device groups. To receive these policies, the devices only need internet access.
+You can create policies for apps, security, device configuration, compliance, Conditional Access, and more. When the policies are ready, you can deploy these policies to your user groups and device groups. To receive these policies, the devices only need internet access.
For more information, go to [Assign policies in Microsoft Intune](../configuration/device-profile-assign.md).
@@ -169,7 +169,7 @@ Microsoft Intune integrates with other Microsoft products and services that focu
- **[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint)** to help enterprises prevent, detect, investigate, and respond to threats
- In Intune, you can create a service-to-service connection between Intune and Microsoft Defender for Endpoint. When they're connected, you can create policies that scan files, detect threats, and report threat levels to Microsoft Defender for Endpoint. You can also create compliance policies that set an allowable level of risk. When combined with conditional access, you can block access to organization resources for devices that are noncompliant.
+ In Intune, you can create a service-to-service connection between Intune and Microsoft Defender for Endpoint. When they're connected, you can create policies that scan files, detect threats, and report threat levels to Microsoft Defender for Endpoint. You can also create compliance policies that set an allowable level of risk. When combined with Conditional Access, you can block access to organization resources for devices that are noncompliant.
For more specific information, go to:
@@ -252,7 +252,7 @@ On devices enrolled in Intune, you can:
- Create and deploy policies that configure security settings, set password requirements, deploy certificates, and more.
- Use mobile threat defense services to scan devices, detect threats, and remediate threats.
- View data and reports that measure compliance with your security settings and rules.
-- Use conditional access to only allow managed and compliant devices access to organization resources, apps, and data.
+- Use Conditional Access to only allow managed and compliant devices access to organization resources, apps, and data.
- Remove organization data if a device is lost or stolen.
For personal devices, users might not want their IT admins to have full control. To support a hybrid work environment, give users options. For example, users enroll their devices if they want full access to your organization's resources. Or, if these users only want access to Outlook or Microsoft Teams, then use app protection policies that require multifactor authentication (MFA).
@@ -262,7 +262,7 @@ On devices using application management, you can:
- Use mobile threat defense services to protect app data. The service can scan devices, detect threats, and assess risk.
- Prevent organization data from being copied and pasted into personal apps.
- Use app protection policies on apps and on unmanaged devices enrolled in a third party or partner MDM.
-- Use conditional access to restrict the apps that can access organization email and files.
+- Use Conditional Access to restrict the apps that can access organization email and files.
- Remove organization data within apps.
For more information, go to:
diff --git a/memdocs/intune/fundamentals/whats-new-archive.md b/memdocs/intune/fundamentals/whats-new-archive.md
index b4b41c64ea9..a4abcd9077a 100644
--- a/memdocs/intune/fundamentals/whats-new-archive.md
+++ b/memdocs/intune/fundamentals/whats-new-archive.md
@@ -810,7 +810,7 @@ Due to the rollout timelines, we're updating our documentation to the new experi
#### BlackBerry Protect Mobile now supports app protection policies
-You can now use Intune app protection policies with *BlackBerry Protect Mobile* (powered by Cylance AI). With this change, Intune supports BlackBerry Protect Mobile for mobile application management (MAM) scenarios for [unenrolled devices](../protect/mtd-add-apps-unenrolled-devices.md). This support includes the use of risk assessment with Conditional access and configuration of Conditional Launch settings for unenrolled devices.
+You can now use Intune app protection policies with *BlackBerry Protect Mobile* (powered by Cylance AI). With this change, Intune supports BlackBerry Protect Mobile for mobile application management (MAM) scenarios for [unenrolled devices](../protect/mtd-add-apps-unenrolled-devices.md). This support includes the use of risk assessment with Conditional Access and configuration of Conditional Launch settings for unenrolled devices.
While configuring the CylancePROTECT Mobile connector (formerly BlackBerry Mobile), you now can select options to turn on *App protection policy evaluation* for both Android and iOS/iPadOS devices.
@@ -2907,12 +2907,12 @@ For related information, see [Plan for Change: Ending support for Microsoft Stor
### Device configuration
-#### Remote Help now supports conditional access capability
-Administrators can now utilize conditional access capability when setting up policies and conditions for Remote Help. For example, multifactor authentication, installing security updates, and locking access to Remote Help for a specific region or IP addresses.
+#### Remote Help now supports Conditional Access capability
+Administrators can now utilize Conditional Access capability when setting up policies and conditions for Remote Help. For example, multifactor authentication, installing security updates, and locking access to Remote Help for a specific region or IP addresses.
For more information, see:
-- [Conditional access](../protect/conditional-access.md)
+- [Conditional Access](../protect/conditional-access.md)
- [Remote Help](remote-help-windows.md#setup-conditional-access-for-remote-help)
### Device security
@@ -3725,7 +3725,7 @@ Configure Microsoft Intune to skip or show a new Setup Assistant pane called **T
As a public preview, you can use the Mobile Application Management (MAM) to the Microsoft Tunnel VPN gateway for iOS/iPadOS. With this preview for iOS devices that haven't enrolled with Intune, supported apps on those unenrolled devices can use Microsoft Tunnel to connect to your organization when working with corporate data and resources. This feature includes VPN gateway support for:
- Secure access to on-premises apps and resources using modern authentication
-- Single Sign On and conditional access
+- Single Sign On and Conditional Access
For more information, go to:
@@ -3749,7 +3749,7 @@ Applies to:
- Windows 11
#### SentinelOne – New mobile threat defense partner
-You can now use [SentinelOne](../protect/sentinelone-mobile-threat-defense-connector.md) as an integrated Mobile Threat Defense (MTD) partner with Intune. By configuring the SentinelOne connector in Intune, you can control mobile device access to corporate resources using conditional access that's based on risk assessment in your compliance policy. The SentinelOne connector can also send risk levels to app protection policies.
+You can now use [SentinelOne](../protect/sentinelone-mobile-threat-defense-connector.md) as an integrated Mobile Threat Defense (MTD) partner with Intune. By configuring the SentinelOne connector in Intune, you can control mobile device access to corporate resources using Conditional Access that's based on risk assessment in your compliance policy. The SentinelOne connector can also send risk levels to app protection policies.
### Device configuration
@@ -4063,7 +4063,7 @@ For more information, see [Use Access policies to require multiple administrativ
As a public preview, you can now use Microsoft Tunnel with unenrolled devices. This capability is called [Microsoft Tunnel for Mobile Application Management](../protect/microsoft-tunnel-mam.md) (MAM). This preview supports Android, and without any changes to your existing Tunnel infrastructure, supports the Tunnel VPN gateway for:
- Secure access to on-premises apps and resources using modern authentication
-- Single Sign On and conditional access
+- Single Sign On and Conditional Access
To use Tunnel MAM, unenrolled devices must install Microsoft Edge, Microsoft Defender for Endpoint, and the Company Portal. You can then use the Microsoft Intune admin center to configure the following profiles for the unenrolled devices:
@@ -4751,7 +4751,7 @@ The **All devices** option is now available for [compliance policy](../protect/c
When you include the *All devices* group, you can then exclude individual groups of devices to further refine the assignment scope.
#### Trend Micro – New mobile threat defense partner
-You can now use [Trend Micro Mobile Security as a Service](../protect/trend-micro-mobile-threat-defense-connector.md) as an integrated mobile threat defense (MTD) partner with Intune. By configuring the Trend MTD connector in Intune, you can control mobile device access to corporate resources using conditional access that's based on risk assessment.
+You can now use [Trend Micro Mobile Security as a Service](../protect/trend-micro-mobile-threat-defense-connector.md) as an integrated mobile threat defense (MTD) partner with Intune. By configuring the Trend MTD connector in Intune, you can control mobile device access to corporate resources using Conditional Access that's based on risk assessment.
For more information, see:
- [Mobile threat defense integration with Intune](../protect/mobile-threat-defense.md)
diff --git a/memdocs/intune/protect/actions-for-noncompliance.md b/memdocs/intune/protect/actions-for-noncompliance.md
index 1ccb1736ded..f6a3266ada7 100644
--- a/memdocs/intune/protect/actions-for-noncompliance.md
+++ b/memdocs/intune/protect/actions-for-noncompliance.md
@@ -269,7 +269,7 @@ You can add optional actions when you create a compliance policy, or update an e
- **Send push notification to end user**: Configure this action to send a push notification about noncompliance to a device through the Company Portal app or Intune App on the device.
-5. Configure a **Schedule**: Enter the number of days (0 to 365) after noncompliance to trigger the action on users' devices. After this grace period, you can enforce a [conditional access](conditional-access-intune-common-ways-use.md) policy. If you enter **0** (zero) number of days, then conditional access takes effect **immediately**. For example, if a device is noncompliant, use conditional access to block access to email, SharePoint, and other organization resources immediately.
+5. Configure a **Schedule**: Enter the number of days (0 to 365) after noncompliance to trigger the action on users' devices. After this grace period, you can enforce a [Conditional Access](conditional-access-intune-common-ways-use.md) policy. If you enter **0** (zero) number of days, then Conditional Access takes effect **immediately**. For example, if a device is noncompliant, use Conditional Access to block access to email, SharePoint, and other organization resources immediately.
When you create a compliance policy, the **Mark device noncompliant** action is automatically created, and automatically set to **0** days (immediately). With this action, when the device checks in with Intune and evaluates the policy, if it isn't compliant to that policy Intune immediately marks that device as noncompliant. If the client checks in at a later time after remediating the issues that lead to noncompliance, its status will update to its new compliance status. If you use Conditional Access, those policies also apply as soon as a device is marked as noncompliant. To set a grace period to allow for a condition of noncompliance to be remediated before the device is marked as noncompliant, change the **Schedule** on the **Mark device noncompliant** action.
diff --git a/memdocs/intune/protect/advanced-threat-protection-configure.md b/memdocs/intune/protect/advanced-threat-protection-configure.md
index 1b5618f4fb0..2db78c2b781 100644
--- a/memdocs/intune/protect/advanced-threat-protection-configure.md
+++ b/memdocs/intune/protect/advanced-threat-protection-configure.md
@@ -2,7 +2,7 @@
# required metadata
title: Configure Microsoft Defender for Endpoint in Microsoft Intune
-description: Configure Microsoft Defender for Endpoint in Intune, including connecting to Defender for Endpoint, onboarding devices, assigning compliance for risk levels, and conditional access policies.
+description: Configure Microsoft Defender for Endpoint in Intune, including connecting to Defender for Endpoint, onboarding devices, assigning compliance for risk levels, and Conditional Access policies.
keywords: configure, manage, capabilities, attack surface reduction, next-generation protection, security controls, endpoint detection and response, auto investigation and remediation, security controls, controls, microsoft defender for endpoint, mde
author: brenduns
ms.author: brenduns
@@ -38,7 +38,7 @@ Use the information and procedures in this article to configure integration of M
- **Establish a service-to-service connection between Intune and Microsoft Defender for Endpoint**. This connection lets Microsoft Defender for Endpoint collect data about machine risk from supported devices you manage with Intune. See the [prerequisites](../protect/advanced-threat-protection.md#prerequisites) to use Microsoft Defender for Endpoint with Intune.
- **Use Intune policy to onboard devices with Microsoft Defender for Endpoint**. You onboard devices to configure them to communicate with Microsoft Defender for Endpoint and to provide data that helps assess their risk level.
- **Use Intune device compliance policies to set the level of risk you want to allow**. Microsoft Defender for Endpoint reports a devices risk level. Devices that exceed the allowed risk level are identified as noncompliant.
-- **Use a conditional access policy** to block users from accessing corporate resources from devices that are noncompliant.
+- **Use a Conditional Access policy** to block users from accessing corporate resources from devices that are noncompliant.
- **Use** [**app protection policies**](../protect/mtd-app-protection-policy.md) for Android and iOS/iPadOS, to set device risk levels. App protection policies work with both enrolled and unenrolled devices.
In addition to managing settings for Microsoft Defender for Endpoint on devices that enroll with Intune, you can manage Defender for Endpoint security configurations on devices that aren’t enrolled with Intune. This scenario is called *Security Management for Microsoft Defender for Endpoint* and requires configuring the *Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations* toggle to *On*. For more information, see [MDE Security Configuration Management](../protect/mde-security-integration.md).
@@ -282,16 +282,16 @@ Use the procedure to [create an application protection policy for either iOS/iPa
> [!IMPORTANT]
> If you create an app protection policy for any protected app, the device's threat level is assessed. Depending on the configuration, devices that don’t meet an acceptable level are either blocked or selectively wiped through conditional launch. If blocked, they are prevented from accessing corporate resources until the threat on the device is resolved and reported to Intune by the chosen MTD vendor.
-## Create a conditional access policy
+## Create a Conditional Access policy
-Conditional access policies can use data from Microsoft Defender for Endpoint to block access to resources for devices that exceed the threat level you set. You can block access from the device to corporate resources, such as SharePoint or Exchange Online.
+Conditional Access policies can use data from Microsoft Defender for Endpoint to block access to resources for devices that exceed the threat level you set. You can block access from the device to corporate resources, such as SharePoint or Exchange Online.
> [!TIP]
>
> Conditional Access is a Microsoft Entra technology. The *Conditional Access* node found in the Microsoft Intune admin center is the node from *Microsoft Entra*.
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Endpoint security** > **Conditional access** > **Create new policy**. Because Intune presents the policy creation user interface for Conditional Access from the Azure portal, the interface is different than the policy creation workflow you might be familiar with.
+2. Select **Endpoint security** > **Conditional Access** > **Create new policy**. Because Intune presents the policy creation user interface for Conditional Access from the Azure portal, the interface is different than the policy creation workflow you might be familiar with.
3. Enter a policy **Name**.
4. For **Users**, use the *Include* and *Exclude* tabs to configure groups that will receive this policy.
5. For **Target resources**, set *Select what this policy applies to* to **Cloud apps**, and then choose which apps to protect. For example, choose **Select apps** and then for *Select*, search for and select **Office 365 SharePoint Online** and **Office 365 Exchange Online**.
diff --git a/memdocs/intune/protect/advanced-threat-protection.md b/memdocs/intune/protect/advanced-threat-protection.md
index 8b4d8a00323..9dc035f70e7 100644
--- a/memdocs/intune/protect/advanced-threat-protection.md
+++ b/memdocs/intune/protect/advanced-threat-protection.md
@@ -45,7 +45,7 @@ To be successful, use the following configurations in concert, which are detaile
- **Use a device compliance policy to set the level of risk you want to allow**. Risk levels are reported by Microsoft Defender for Endpoint. Devices that exceed the allowed risk level are identified as noncompliant. See [Create and assign compliance policy to set device risk level](../protect/advanced-threat-protection-configure.md#create-and-assign-compliance-policy-to-set-device-risk-level) and [Create and assign app protection policy to set device risk level](../protect/advanced-threat-protection-configure.md#create-and-assign-app-protection-policy-to-set-device-risk-level).
-- **Use a conditional access policy** to block users from accessing corporate resources from devices that are noncompliant. See [Create a conditional access policy](../protect/advanced-threat-protection-configure.md#create-a-conditional-access-policy).
+- **Use a Conditional Access policy** to block users from accessing corporate resources from devices that are noncompliant. See [Create a Conditional Access policy](../protect/advanced-threat-protection-configure.md#create-a-conditional-access-policy).
When you integrate Intune with Microsoft Defender for Endpoint, you can take advantage of Microsoft Defender for Endpoints Threat & Vulnerability Management (TVM) and [use Intune to remediate endpoint weakness identified by TVM](atp-manage-vulnerabilities.md).
@@ -66,7 +66,7 @@ Microsoft Defender for Endpoint can help resolve security events like this scena
You can integrate Microsoft Defender for Endpoint with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization.
-Because you have an Intune device compliance policy to classify devices with a *Medium* or *High* level of risk as noncompliant, the compromised device is classified as noncompliant. This classification allows your conditional access policy to kick in and block access from that device to your corporate resources.
+Because you have an Intune device compliance policy to classify devices with a *Medium* or *High* level of risk as noncompliant, the compromised device is classified as noncompliant. This classification allows your Conditional Access policy to kick in and block access from that device to your corporate resources.
For devices that run Android, you can use Intune policy to modify the configuration of Microsoft Defender for Endpoint on Android. For more information, see [Microsoft Defender for Endpoint web protection](../protect/advanced-threat-protection-manage-android.md).
@@ -94,7 +94,7 @@ For the system requirements for Microsoft Defender for Endpoint, see [Minimum re
## Next steps
-- To connect Microsoft Defender for Endpoint to Intune, onboard devices, and configure conditional access policies, see [Configure Microsoft Defender for Endpoint in Intune](../protect/advanced-threat-protection-configure.md).
+- To connect Microsoft Defender for Endpoint to Intune, onboard devices, and configure Conditional Access policies, see [Configure Microsoft Defender for Endpoint in Intune](../protect/advanced-threat-protection-configure.md).
Learn more from the Intune documentation:
diff --git a/memdocs/intune/protect/app-based-conditional-access-intune-create.md b/memdocs/intune/protect/app-based-conditional-access-intune-create.md
index 7352b8095ce..71e5159966c 100644
--- a/memdocs/intune/protect/app-based-conditional-access-intune-create.md
+++ b/memdocs/intune/protect/app-based-conditional-access-intune-create.md
@@ -51,7 +51,7 @@ Before you can create Conditional Access policies from the Microsoft Intune admi
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-2. Select **Endpoint security** > **Conditional access** > **New policy**.
+2. Select **Endpoint security** > **Conditional Access** > **New policy**.
3. Enter a policy **Name**, and then under *Assignments*, select **Users or workload identities**, and apply the policy to *Users and groups*. Use the Include or Exclude options to add your groups for the policy.
diff --git a/memdocs/intune/protect/app-modern-authentication-block.md b/memdocs/intune/protect/app-modern-authentication-block.md
index 2a1f63f39cd..d5f4a111005 100644
--- a/memdocs/intune/protect/app-modern-authentication-block.md
+++ b/memdocs/intune/protect/app-modern-authentication-block.md
@@ -37,7 +37,7 @@ App-based Conditional Access with app protection policies rely on applications u
## Block access to apps
-To block access to apps that don't use modern authentication, use Intune app protection policies to implement conditional access. For more information, see [App-based Conditional Access with Intune](app-based-conditional-access-intune.md).
+To block access to apps that don't use modern authentication, use Intune app protection policies to implement Conditional Access. For more information, see [App-based Conditional Access with Intune](app-based-conditional-access-intune.md).
## Additional information
diff --git a/memdocs/intune/protect/compliance-policy-create-windows.md b/memdocs/intune/protect/compliance-policy-create-windows.md
index 32a36401240..bfbb092bcf8 100644
--- a/memdocs/intune/protect/compliance-policy-create-windows.md
+++ b/memdocs/intune/protect/compliance-policy-create-windows.md
@@ -267,7 +267,7 @@ Applies only to co-managed devices running Windows 10/11. Intune-only devices re
### Microsoft Defender for Endpoint rules
-For additional information on Microsoft Defender for Endpoint integration in conditional access scenarios, see [Configure Conditional Access in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-conditional-access).
+For additional information on Microsoft Defender for Endpoint integration in Conditional Access scenarios, see [Configure Conditional Access in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/configure-conditional-access).
- **Require the device to be at or under the machine risk score**:
Use this setting to take the risk assessment from your defense threat services as a condition for compliance. Choose the maximum allowed threat level:
diff --git a/memdocs/intune/protect/compliance-use-custom-settings.md b/memdocs/intune/protect/compliance-use-custom-settings.md
index 1bc42be16ee..d43c9b5956c 100644
--- a/memdocs/intune/protect/compliance-use-custom-settings.md
+++ b/memdocs/intune/protect/compliance-use-custom-settings.md
@@ -49,7 +49,7 @@ Before you can add custom settings to a policy, you must prepare a JSON file, an
The scripts must be uploaded to the Microsoft Intune admin center before you create a compliance policy. You select the script when you’re configuring a policy to support custom settings.
-After you deploy custom compliance settings and devices report back, you can view the results alongside the built-in compliance setting details in the Microsoft Intune admin center. Custom compliance settings can be used for conditional access decisions in the same way built-in compliance settings are. Together they form a compound rule set, equally affecting the device compliance state.
+After you deploy custom compliance settings and devices report back, you can view the results alongside the built-in compliance setting details in the Microsoft Intune admin center. Custom compliance settings can be used for Conditional Access decisions in the same way built-in compliance settings are. Together they form a compound rule set, equally affecting the device compliance state.
## Prerequisites
diff --git a/memdocs/intune/protect/conditional-access-exchange-create.md b/memdocs/intune/protect/conditional-access-exchange-create.md
index b8fed4d7100..bde9a7a186e 100644
--- a/memdocs/intune/protect/conditional-access-exchange-create.md
+++ b/memdocs/intune/protect/conditional-access-exchange-create.md
@@ -100,7 +100,7 @@ Before you can configure Conditional Access, verify the following configurations
8. After you create the email profile, [assign it to groups](/mem/intune/configuration/device-profile-assign).
- 9. Set up [device-based conditional access](/mem/intune/protect/conditional-access-intune-common-ways-use#device-based-conditional-access).
+ 9. Set up [device-based Conditional Access](/mem/intune/protect/conditional-access-intune-common-ways-use#device-based-conditional-access).
> [!NOTE]
> Microsoft Outlook for Android and iOS/iPadOS is not supported via the Exchange on-premises connector. If you want to leverage Microsoft Entra Conditional Access policies and Intune App Protection Policies with Outlook for iOS/iPadOS and Android for your on-premises mailboxes, please see [Using hybrid Modern Authentication with Outlook for iOS/iPadOS and Android](/Exchange/clients/outlook-for-ios-and-android/use-hybrid-modern-auth).
diff --git a/memdocs/intune/protect/create-conditional-access-intune.md b/memdocs/intune/protect/create-conditional-access-intune.md
index bf7f35120d7..7ab2da8f6d6 100644
--- a/memdocs/intune/protect/create-conditional-access-intune.md
+++ b/memdocs/intune/protect/create-conditional-access-intune.md
@@ -54,7 +54,7 @@ To take advantage of device compliance status, configure Conditional Access poli
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Endpoint security** > **Conditional access** > **Create new policy**.
+2. Select **Endpoint security** > **Conditional Access** > **Create new policy**.
:::image type="content" source="./media/create-conditional-access-intune/create-ca.png" alt-text="Create a new Conditional Access policy":::
The **New** pane opens, which is the configuration pane from Microsoft Entra. The policy you’re creating is a Microsoft Entra policy for Conditional Access. To learn more about this pane and Conditional Access policies, see [Conditional Access policy components](/azure/active-directory/conditional-access/concept-conditional-access-policies) in the Microsoft Entra content.
diff --git a/memdocs/intune/protect/derived-credentials.md b/memdocs/intune/protect/derived-credentials.md
index bbcb6d33ddc..c9068245c99 100644
--- a/memdocs/intune/protect/derived-credentials.md
+++ b/memdocs/intune/protect/derived-credentials.md
@@ -118,7 +118,7 @@ Before you configure an issuer, review that issuer's documentation to understand
Depending on the issuer you choose, you might need staff to be available at the time of enrollment to help users complete the process. Also review your current Intune configurations to ensure they don't block access that's necessary for devices or users to complete the credential request.
-For example, you might use conditional access to block access to email for noncompliant devices. If you rely on email notifications to inform the user to start the derived credential enrollment process, your users might not receive those instructions until they're compliant with policy.
+For example, you might use Conditional Access to block access to email for noncompliant devices. If you rely on email notifications to inform the user to start the derived credential enrollment process, your users might not receive those instructions until they're compliant with policy.
Similarly, some derived credential request workflows require the use of the device camera to scan an on-screen QR code. This code links that device to the authentication request that occurred against the derived credential issuer with the user's smart card credentials. If device configuration policies block camera use, the user can't complete the derived credential enrollment request.
@@ -128,7 +128,7 @@ Similarly, some derived credential request workflows require the use of the devi
- Users aren't notified that they must enroll for derived credentials until you target them with a policy that requires derived credentials.
-- Notification can be through app notification for the Company Portal, through email, or both. If you choose to use email notifications and you use enabled conditional access, users might not receive the email notification if their device isn't compliant.
+- Notification can be through app notification for the Company Portal, through email, or both. If you choose to use email notifications and you use enabled Conditional Access, users might not receive the email notification if their device isn't compliant.
> [!IMPORTANT]
> To ensure notifications related to device credentials are successfully received by end users, you should enable app notifications for the Company Portal, email notifications, or both.
diff --git a/memdocs/intune/protect/device-compliance-get-started.md b/memdocs/intune/protect/device-compliance-get-started.md
index d91abdb84cb..a64f89c7e84 100644
--- a/memdocs/intune/protect/device-compliance-get-started.md
+++ b/memdocs/intune/protect/device-compliance-get-started.md
@@ -129,7 +129,7 @@ Intune includes a device compliance dashboard that you use to monitor the compli
When you use Conditional Access, you can configure your Conditional Access policies to use the results of your device compliance policies to determine which devices can access your organizational resources. This access control is in addition to and separate from the actions for noncompliance that you include in your device compliance policies.
-When a device enrolls in Intune it registers in Microsoft Entra ID. The compliance status for devices is reported to Microsoft Entra ID. If your Conditional Access policies have Access controls set to *Require device to be marked as compliant*, Conditional access uses that compliance status to determine whether to grant or block access to email and other organization resources.
+When a device enrolls in Intune it registers in Microsoft Entra ID. The compliance status for devices is reported to Microsoft Entra ID. If your Conditional Access policies have Access controls set to *Require device to be marked as compliant*, Conditional Access uses that compliance status to determine whether to grant or block access to email and other organization resources.
If you use device compliance status with Conditional Access policies, review how your tenant configures the *Mark devices with no compliance policy assigned as* option, which you manage under [Compliance policy settings](#compliance-policy-settings).
diff --git a/memdocs/intune/protect/device-compliance-partners.md b/memdocs/intune/protect/device-compliance-partners.md
index 37d5f1fc4f7..26a79e999c1 100644
--- a/memdocs/intune/protect/device-compliance-partners.md
+++ b/memdocs/intune/protect/device-compliance-partners.md
@@ -32,7 +32,7 @@ ms.collection:
# Support third-party device compliance partners in Intune
-Several third-party device compliance partners have been evaluated as a supported partner solution that you can integrate with Microsoft Intune. When you use a [third-party device compliance partner](#supported-device-compliance-partners), the partner adds the compliance state data it collects to Microsoft Entra ID. You can then use the device compliance data from the partner along side the compliance results you collect with Intune to power your [conditional access policies](../protect/device-compliance-get-started.md#integrate-with-conditional-access) that help to protect your organization and data.
+Several third-party device compliance partners have been evaluated as a supported partner solution that you can integrate with Microsoft Intune. When you use a [third-party device compliance partner](#supported-device-compliance-partners), the partner adds the compliance state data it collects to Microsoft Entra ID. You can then use the device compliance data from the partner along side the compliance results you collect with Intune to power your [Conditional Access policies](../protect/device-compliance-get-started.md#integrate-with-conditional-access) that help to protect your organization and data.
Third-party partners support one or more of the following platforms:
@@ -86,7 +86,7 @@ The following compliance partners are supported as generally available:
## Configure Intune to work with a device compliance partner
-Enable support for a device compliance partner to use compliance state data from that partner with your conditional access policies.
+Enable support for a device compliance partner to use compliance state data from that partner with your Conditional Access policies.
### Add a compliance partner to Intune
diff --git a/memdocs/intune/protect/endpoint-security.md b/memdocs/intune/protect/endpoint-security.md
index b9e8fdfb8ed..686eb78733c 100644
--- a/memdocs/intune/protect/endpoint-security.md
+++ b/memdocs/intune/protect/endpoint-security.md
@@ -111,7 +111,7 @@ To learn more about using these security policies, see [Manage device security w
Endpoint security policies are one of several methods in Intune to configure settings on devices. When managing settings, it's important to understand what other methods are in use in your environment that can configure your devices, and avoid conflicts. See [Avoid policy conflicts](#avoid-policy-conflicts) later in this article.
-Also found under *Manage* are *Device compliance* and *Conditional access* policies. These policies types aren't focused security policies for configuring endpoints, but are important tools for managing devices and access to your corporate resources.
+Also found under *Manage* are *Device compliance* and *Conditional Access* policies. These policies types aren't focused security policies for configuring endpoints, but are important tools for managing devices and access to your corporate resources.
## Use device compliance policy
@@ -125,24 +125,24 @@ The [available compliance settings](../protect/device-compliance-get-started.md#
In addition to the policy rules, compliance policies support [Actions for noncompliance](../protect/actions-for-noncompliance.md). These actions are a time-ordered sequence of actions to apply to noncompliant devices. Actions include sending email or notifications to alert device users about noncompliance, remotely locking devices, or even retiring noncompliant devices and removing any company data that might be on it.
-When you integrate Intune Microsoft Entra [Conditional Access policies](#configure-conditional-access) to enforce compliance policies, Conditional access can use the compliance data to gate access to corporate resources for both managed devices, and from devices that you don't manage.
+When you integrate Intune Microsoft Entra [Conditional Access policies](#configure-conditional-access) to enforce compliance policies, Conditional Access can use the compliance data to gate access to corporate resources for both managed devices, and from devices that you don't manage.
To learn more, see [Set rules on devices to allow access to resources in your organization using Intune](../protect/device-compliance-get-started.md).
Device compliance policies are one of several methods in Intune to configure settings on devices. When managing settings, it's important to understand what other methods are in use in your environment that can configure your devices, and to avoid conflicts. See [Avoid policy conflicts](#avoid-policy-conflicts) later in this article.
-## Configure conditional access
+## Configure Conditional Access
To protect your devices and corporate resources, you can use Microsoft Entra Conditional Access policies with Intune.
-Intune passes the results of your device compliance policies to Microsoft Entra, which then uses conditional access policies to enforce which devices and apps can access your corporate resources. Conditional access policies also help to gate access for devices that you don't manage with Intune, and can use compliance details from [Mobile Threat Defense partners](../protect/mobile-threat-defense.md) you integrate with Intune.
+Intune passes the results of your device compliance policies to Microsoft Entra, which then uses Conditional Access policies to enforce which devices and apps can access your corporate resources. Conditional Access policies also help to gate access for devices that you don't manage with Intune, and can use compliance details from [Mobile Threat Defense partners](../protect/mobile-threat-defense.md) you integrate with Intune.
-The following are two common methods of using conditional access with Intune:
+The following are two common methods of using Conditional Access with Intune:
-- **Device-based conditional access**, to ensure only managed and compliant devices can access network resources.
-- **App-based conditional access**, which uses app-protection policies to manage access to network resources by users on devices that you don't manage with Intune.
+- **Device-based Conditional Access**, to ensure only managed and compliant devices can access network resources.
+- **App-based Conditional Access**, which uses app-protection policies to manage access to network resources by users on devices that you don't manage with Intune.
-To learn more about using conditional access with Intune, see [Learn about Conditional Access and Intune](../protect/conditional-access.md).
+To learn more about using Conditional Access with Intune, see [Learn about Conditional Access and Intune](../protect/conditional-access.md).
## Set up Integration with Microsoft Defender for Endpoint
@@ -162,7 +162,7 @@ While Intune can integrate with several [Mobile Threat Defense partners](../prot
To manage tasks in the Endpoint security node of the Microsoft Intune admin center, an account must:
- Be assigned a license for Intune.
-- Have role-based access control (RBAC) permissions equal to the permissions provided by the built-in Intune role of **Endpoint Security Manager**. The *Endpoint Security Manager* role grants access to the Microsoft Intune admin center. This role can be used by individuals who manage security and compliance features, including security baselines, device compliance, conditional access, and Microsoft Defender for Endpoint.
+- Have role-based access control (RBAC) permissions equal to the permissions provided by the built-in Intune role of **Endpoint Security Manager**. The *Endpoint Security Manager* role grants access to the Microsoft Intune admin center. This role can be used by individuals who manage security and compliance features, including security baselines, device compliance, Conditional Access, and Microsoft Defender for Endpoint.
For more information, see [Role-based access control (RBAC) with Microsoft Intune](../fundamentals/role-based-access-control.md).
@@ -282,5 +282,5 @@ Configure:
- [Security baselines](../protect/security-baselines.md)
- [Compliance policies](../protect/device-compliance-get-started.md)
-- [Conditional access policies](#configure-conditional-access)
+- [Conditional Access policies](#configure-conditional-access)
- [Integration with Microsoft Defender for Endpoint](../protect/advanced-threat-protection.md)
diff --git a/memdocs/intune/protect/exchange-connector-install.md b/memdocs/intune/protect/exchange-connector-install.md
index 111c9470bc3..a8113173ad6 100644
--- a/memdocs/intune/protect/exchange-connector-install.md
+++ b/memdocs/intune/protect/exchange-connector-install.md
@@ -45,11 +45,11 @@ To help protect access to Exchange, Intune relies on an on-premises component th
> [!IMPORTANT]
> Intune will be removing support for the Exchange On-Premises Connector feature from the Intune service beginning in the 2007 (July) release. Existing customers with an active connector will be able to continue with the current functionality at this time. New customers and existing customers that do not have an active connector will no longer be able to create new connectors or manage Exchange ActiveSync (EAS) devices from Intune. For those tenants, Microsoft recommends the use of Exchange [hybrid modern authentication (HMA)](/office365/enterprise/hybrid-modern-auth-overview) to protect access to Exchange on-premises. HMA enables both Intune App Protection Policies (also known as MAM) and Conditional Access through Outlook Mobile for Exchange on-premises.
-The information in this article can help you install and monitor the Intune Exchange connector. You can use the connector with your [conditional access policies](conditional-access-exchange-create.md) to allow or block access to your Exchange on-premises mailboxes.
+The information in this article can help you install and monitor the Intune Exchange connector. You can use the connector with your [Conditional Access policies](conditional-access-exchange-create.md) to allow or block access to your Exchange on-premises mailboxes.
The connector is installed and runs on your on-premises hardware. It discovers devices that connect to Exchange, communicating device information to the Intune service. The connector allows or blocks devices based on whether the devices are enrolled and compliant. These communications use the HTTPS protocol.
-When a device tries to access your on-premises Exchange server, the Exchange connector maps Exchange ActiveSync (EAS) records in Exchange Server to Intune records to make sure the device enrolls with Intune and complies with your device's policies. Depending on your conditional access policies, the device can be allowed or blocked. For more information, see [What are common ways to use conditional access with Intune?](conditional-access-intune-common-ways-use.md)
+When a device tries to access your on-premises Exchange server, the Exchange connector maps Exchange ActiveSync (EAS) records in Exchange Server to Intune records to make sure the device enrolls with Intune and complies with your device's policies. Depending on your Conditional Access policies, the device can be allowed or blocked. For more information, see [What are common ways to use Conditional Access with Intune?](conditional-access-intune-common-ways-use.md)
Both *discovery* and *allow and block* operations are done by using standard Exchange PowerShell cmdlets. These operations use the service account that's provided when the Exchange connector is initially installed.
@@ -62,9 +62,9 @@ Follow these general steps to set up a connection that enables Intune to communi
3. Validate the Exchange connection.
4. Repeat these steps for each additional Exchange organization you want to connect to Intune.
-## How conditional access for Exchange on-premises works
+## How Conditional Access for Exchange on-premises works
-Conditional access for Exchange on-premises works differently than Azure Conditional Access based policies. You install the Intune Exchange on-premises connector to directly interact with Exchange server. The Intune Exchange connector pulls in all the Exchange Active Sync (EAS) records that exist at the Exchange server so Intune can take these EAS records and map them to Intune device records. These records are devices enrolled and recognized by Intune. This process allows or blocks e-mail access.
+Conditional Access for Exchange on-premises works differently than Azure Conditional Access based policies. You install the Intune Exchange on-premises connector to directly interact with Exchange server. The Intune Exchange connector pulls in all the Exchange Active Sync (EAS) records that exist at the Exchange server so Intune can take these EAS records and map them to Intune device records. These records are devices enrolled and recognized by Intune. This process allows or blocks e-mail access.
If the EAS record is new and Intune isn't aware of it, Intune issues a cmdlet (pronounced "command-let") that directs the Exchange server to block access to e-mail. Following are more details on how this process works:
@@ -87,7 +87,7 @@ If the EAS record is new and Intune isn't aware of it, Intune issues a cmdlet (p
8. The Microsoft Entra Device Registration saves the device state information.
-9. If the user meets the conditional access policies, Intune issues a cmdlet through the Intune Exchange connector that allows the mailbox to sync.
+9. If the user meets the Conditional Access policies, Intune issues a cmdlet through the Intune Exchange connector that allows the mailbox to sync.
10. Exchange server sends the notification to EAS client so the user can access e-mail.
@@ -184,7 +184,7 @@ Follow these steps to install the Intune Exchange connector. If you have multipl
4. In the **User (domain\user)** and **Password** fields, enter credentials to connect to your Exchange server. The account you specify must have a license to use Intune.
-5. Provide credentials to send notifications to a user's Exchange Server mailbox. This user can be dedicated to just notifications. The notifications user needs an Exchange mailbox to send notifications by email. You can configure these notifications by using conditional access policies in Intune.
+5. Provide credentials to send notifications to a user's Exchange Server mailbox. This user can be dedicated to just notifications. The notifications user needs an Exchange mailbox to send notifications by email. You can configure these notifications by using Conditional Access policies in Intune.
Make sure the Autodiscover service and Exchange Web Services are configured on the Exchange CAS. For more information, see [Client Access server](/Exchange/architecture/client-access/client-access?view=exchserver-2019&preserve-view=true).
@@ -288,9 +288,9 @@ In addition to the in-console status, you can use the [System Center Operations
An Intune Exchange connector automatically synchronizes EAS and Intune device records regularly. If the compliance status of a device changes, the automatic sync process regularly updates records so that device access can be blocked or allowed.
-- A **quick sync** occurs regularly, several times a day. A quick sync retrieves device information for Intune-licensed and on-premises Exchange users that are targeted for conditional access and that have changed since the last sync.
+- A **quick sync** occurs regularly, several times a day. A quick sync retrieves device information for Intune-licensed and on-premises Exchange users that are targeted for Conditional Access and that have changed since the last sync.
-- A **full sync** occurs once daily by default. A full sync retrieves device information for all Intune-licensed and on-premises Exchange users that are targeted for conditional access. A full sync also retrieves Exchange Server information and ensures that the configuration that Intune specifies is updated on the Exchange server.
+- A **full sync** occurs once daily by default. A full sync retrieves device information for all Intune-licensed and on-premises Exchange users that are targeted for Conditional Access. A full sync also retrieves Exchange Server information and ensures that the configuration that Intune specifies is updated on the Exchange server.
You can force a connector to run a sync by using the **Quick Sync** or **Full Sync** options on the Intune dashboard:
@@ -305,4 +305,4 @@ You can force a connector to run a sync by using the **Quick Sync** or **Full Sy
## Next steps
-Create a [conditional access policy for on-premises Exchange servers](conditional-access-exchange-create.md).
+Create a [Conditional Access policy for on-premises Exchange servers](conditional-access-exchange-create.md).
diff --git a/memdocs/intune/protect/jamf-mtd-connector.md b/memdocs/intune/protect/jamf-mtd-connector.md
index 16ac3d814cb..f9fdf5ba124 100644
--- a/memdocs/intune/protect/jamf-mtd-connector.md
+++ b/memdocs/intune/protect/jamf-mtd-connector.md
@@ -33,14 +33,14 @@ ms.collection:
# Jamf Mobile Threat Defense connector with Intune
-Control mobile device access to corporate resources using conditional access based on risk assessment conducted by Jamf. Jamf is a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices by the Jamf service, including:
+Control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by Jamf. Jamf is a Mobile Threat Defense (MTD) solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices by the Jamf service, including:
- Operating system vulnerabilities
- Malicious apps installed
- Malicious network profiles
- Cryptojacking
-You can configure *conditional access* policies that are based on Jamf's risk assessment, enabled through Intune device compliance policies. Risk assessment policy can allow or block noncompliant devices from accessing corporate resources based on detected threats.
+You can configure *Conditional Access* policies that are based on Jamf's risk assessment, enabled through Intune device compliance policies. Risk assessment policy can allow or block noncompliant devices from accessing corporate resources based on detected threats.
## How do Intune and Jamf Mobile Threat Defense help protect your company resources?
diff --git a/memdocs/intune/protect/lookout-mtd-connector-integration.md b/memdocs/intune/protect/lookout-mtd-connector-integration.md
index a654e1d033a..9d1a2975a3d 100644
--- a/memdocs/intune/protect/lookout-mtd-connector-integration.md
+++ b/memdocs/intune/protect/lookout-mtd-connector-integration.md
@@ -138,7 +138,7 @@ In the Lookout MES Console, select **System** > **Manage Enrollment** > **Enroll
- For **Disconnected Status**, specify the number of days before an unconnected device is marked as disconnected.
- Disconnected devices are considered as noncompliant and are blocked from accessing your company applications based on the Intune conditional access policies. You can specify values between 1 and 90 days.
+ Disconnected devices are considered as noncompliant and are blocked from accessing your company applications based on the Intune Conditional Access policies. You can specify values between 1 and 90 days.
diff --git a/memdocs/intune/protect/microsoft-tunnel-conditional-access.md b/memdocs/intune/protect/microsoft-tunnel-conditional-access.md
index 1b95225dfd6..cb8227603f5 100644
--- a/memdocs/intune/protect/microsoft-tunnel-conditional-access.md
+++ b/memdocs/intune/protect/microsoft-tunnel-conditional-access.md
@@ -54,7 +54,7 @@ Before you can configure Conditional Access policies for the tunnel, you must en
If you'll use Conditional Access policy to limit user access, we recommend configuring this policy after you provision your tenant to support the Microsoft Tunnel Gateway cloud app, but before you install the Tunnel Gateway.
-1. Sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Endpoint Security** > **Conditional access** > **Create new policy**. The admin center presents the Microsoft Entra interface for creating conditional access policies.
+1. Sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Endpoint Security** > **Conditional Access** > **Create new policy**. The admin center presents the Microsoft Entra interface for creating Conditional Access policies.
2. Specify a name for this policy.
diff --git a/memdocs/intune/protect/mtd-enable-unenrolled-devices.md b/memdocs/intune/protect/mtd-enable-unenrolled-devices.md
index 4348ba1e34f..42bd5ee5b1d 100644
--- a/memdocs/intune/protect/mtd-enable-unenrolled-devices.md
+++ b/memdocs/intune/protect/mtd-enable-unenrolled-devices.md
@@ -37,7 +37,7 @@ During Mobile Threat Defense (MTD) setup, you've configured a policy for classif
[!INCLUDE [mtd-mam-note](../../intune/protect/includes/mtd-mam-note.md)]
-## Classic conditional access policies for Mobile Threat Defense (MTD) apps
+## Classic Conditional Access policies for Mobile Threat Defense (MTD) apps
When you integrate a new Mobile Threat Defense application with Intune and enable the connection to Intune, Intune creates a classic Conditional Access policy in Microsoft Entra ID. Each third-party MTD partner you integrate with creates a new classic Conditional Access policy. These policies can be ignored, but shouldn't be edited, deleted, or disabled.
@@ -55,7 +55,7 @@ Classic Conditional Access policies for MTD apps:
- Are distinct from Conditional Access policies you might create to help manage MTD.
- By default, don't interact with other Condition
-To view classic conditional access policies, in [Azure](https://portal.azure.com/#home), go to **Microsoft Entra ID** > **Conditional Access** > **Classic policies**.
+To view classic Conditional Access policies, in [Azure](https://portal.azure.com/#home), go to **Microsoft Entra ID** > **Conditional Access** > **Classic policies**.
## To enable the Mobile Threat Defense connector
diff --git a/memdocs/intune/protect/tutorial-protect-email-on-enrolled-devices.md b/memdocs/intune/protect/tutorial-protect-email-on-enrolled-devices.md
index 91c680daea5..bb72ec2e80f 100644
--- a/memdocs/intune/protect/tutorial-protect-email-on-enrolled-devices.md
+++ b/memdocs/intune/protect/tutorial-protect-email-on-enrolled-devices.md
@@ -210,7 +210,7 @@ When the test policies are no longer needed, you can remove them.
3. In the **Policy name** list, select the context menu (**...**) for your test policy, and then select **Delete**. Select **OK** to confirm.
-4. Select **Endpoint security** > **Conditional access** > **policies**.
+4. Select **Endpoint security** > **Conditional Access** > **policies**.
5. In the **Policy name** list, select the context menu (**...**) for your test policy, and then select **Delete**. Select **Yes** to confirm.
diff --git a/memdocs/intune/protect/tutorial-protect-email-on-unmanaged-devices.md b/memdocs/intune/protect/tutorial-protect-email-on-unmanaged-devices.md
index 39e63e69c80..04fc7b38015 100644
--- a/memdocs/intune/protect/tutorial-protect-email-on-unmanaged-devices.md
+++ b/memdocs/intune/protect/tutorial-protect-email-on-unmanaged-devices.md
@@ -134,13 +134,13 @@ When you configure Conditional Access policies in the Microsoft Intune admin cen
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Endpoint security** >**Conditional access** > **Create new policy**.
+2. Select **Endpoint security** >**Conditional Access** > **Create new policy**.
3. For **Name**, enter **Test policy for modern auth clients**.
4. Under **Assignments**, for *Users*, select **0 users and groups selected**. On the **Include** tab, select **All users**. The value for *Users* updates to *All users*.
- :::image type="content" source="./media/tutorial-protect-email-on-unmanaged-devices/conditional-access-users.png" alt-text="Begin configuration of the conditional access policy.":::
+ :::image type="content" source="./media/tutorial-protect-email-on-unmanaged-devices/conditional-access-users.png" alt-text="Begin configuration of the Conditional Access policy.":::
5. Under **Assignments**, for *Target resources*, select **No target resources selected**. Ensure that *Select what this policy applies to* is set to **Cloud apps**. Because we want to protect Microsoft 365 Exchange Online email, select it by following these steps:
@@ -258,7 +258,7 @@ When the test policies are no longer needed, you can remove them.
3. In the **Policy name** list, select the context menu (**...**) for your test policy, and then select **Delete**. Select **OK** to confirm.
-4. Go to **Endpoint security** > **Conditional access** > Policies.
+4. Go to **Endpoint security** > **Conditional Access** > Policies.
5. In the **Policy Name** list, select the context menu (**...**) for each of your test policies, and then select **Delete**. Select **Yes** to confirm.
diff --git a/memdocs/intune/remote-actions/device-management.md b/memdocs/intune/remote-actions/device-management.md
index 22fe7967a19..993ab0cb676 100644
--- a/memdocs/intune/remote-actions/device-management.md
+++ b/memdocs/intune/remote-actions/device-management.md
@@ -74,7 +74,7 @@ This article shows you how to see the available remote actions, and lists some o
- **By platform**: View lists of devices by the specific platform.
- **Enrollment**: Opens the enrollment page and lists the different enrollment options for each platform.
- - **Configuration**, **Compliance**, **Conditional access**: These options let you create new policies and view & update existing policies.
+ - **Configuration**, **Compliance**, **Conditional Access**: These options let you create new policies and view & update existing policies.
- **Device cleanup rules**: Automatically removes inactive devices from Intune. For more information, go to [Automatically delete devices with cleanup rules](devices-wipe.md#delete-devices-from-the-intune-admin-center).
- **Device categories**: Create [device categories](../enrollment/device-group-mapping.md) to help organize devices and build dynamic device groups.
- **Help and Support** provides a shortcut on troubleshooting tips, requesting support, or checking the status of Intune.
diff --git a/memdocs/intune/toc.yml b/memdocs/intune/toc.yml
index 3bd30650994..223d0c32887 100644
--- a/memdocs/intune/toc.yml
+++ b/memdocs/intune/toc.yml
@@ -421,7 +421,7 @@ items:
items:
- name: Overview
href: ./apps/mamedge-overview.md
- - name: Step 1. Create Microsoft Entra conditional access
+ - name: Step 1. Create Microsoft Entra Conditional Access
href: ./apps/mamedge-1-mamca.md
- name: Step 2. Create an app protection policy
href: ./apps/mamedge-2-app.md
@@ -1578,7 +1578,7 @@ items:
displayName: group; category; categorize; security group;
- name: Require multifactor authentication
href: ./enrollment/multi-factor-authentication.md
- displayName: multi-factor; enrollment; MFA; verification; conditional access
+ displayName: multi-factor; enrollment; MFA; verification; Conditional Access
- name: Create terms and conditions policy
href: ./enrollment/terms-and-conditions-create.md
displayName: intune; enrollment; terms and conditions; policy
@@ -2161,7 +2161,7 @@ items:
items:
- name: Overview
href: ./apps/mamedge-overview.md
- - name: Step 1. Create Microsoft Entra conditional access
+ - name: Step 1. Create Microsoft Entra Conditional Access
href: ./apps/mamedge-1-mamca.md
- name: Step 2. Create an app protection policy
href: ./apps/mamedge-2-app.md
diff --git a/memdocs/intune/user-help/set-up-migrate-iphone-for-work.md b/memdocs/intune/user-help/set-up-migrate-iphone-for-work.md
index 8a77d9abc1d..6c6501b708d 100644
--- a/memdocs/intune/user-help/set-up-migrate-iphone-for-work.md
+++ b/memdocs/intune/user-help/set-up-migrate-iphone-for-work.md
@@ -89,7 +89,7 @@ Set up your new iPhone. Complete these steps on your new iPhone unless otherwise
4. Initiate the device enrollment workflow:
1. On your new device, open a productivity app, such as Microsoft Teams, and sign in with your work account.
2. Complete the MFA requirements or passwordless authentication using Authenticator on your old phone.
- 3. You'll get blocked by conditional access and prompted to enroll your new device.
+ 3. You'll get blocked by Conditional Access and prompted to enroll your new device.
## Step 3: Device enrollment
When you open a productivity app, such as Microsoft Teams, and sign in with your work account, you'll be prompted to install the Company Portal app for iOS and enroll your device. Complete these steps to finish setting up your device for work.
diff --git a/memdocs/solutions/cloud-native-endpoints/azure-ad-joined-hybrid-azure-ad-joined.md b/memdocs/solutions/cloud-native-endpoints/azure-ad-joined-hybrid-azure-ad-joined.md
index 326ec4a3ef9..44d5421d3b1 100644
--- a/memdocs/solutions/cloud-native-endpoints/azure-ad-joined-hybrid-azure-ad-joined.md
+++ b/memdocs/solutions/cloud-native-endpoints/azure-ad-joined-hybrid-azure-ad-joined.md
@@ -75,7 +75,7 @@ To join Windows endpoints to Microsoft Entra, you have some options:
### Organization IT benefits
-- Using conditional access, you can allow or restrict access to organization resources that meet, or don't meet your requirements.
+- Using Conditional Access, you can allow or restrict access to organization resources that meet, or don't meet your requirements.
- Settings and work data roam through enterprise compliant clouds. No personal Microsoft accounts, like Hotmail are used, and can be blocked.
- Using Windows Hello for Business, you can reduce the risk of credential theft.
@@ -171,13 +171,13 @@ Microsoft Intune, which is a 100% cloud solution, can manage Windows client devi
The [High level planning guide to move to cloud-native endpoints: Intune features you should know](cloud-native-endpoints-planning-guide.md#intune-features-you-should-know) lists some of these features. [What is Intune](../../intune/fundamentals/what-is-intune.md) is also a good resource.
-On Hybrid Microsoft Entra Join endpoints, you can use on-premises group policies objects (GPO) or Intune to control policy settings. It's possible to also use a combination of GPO and Intune, but this combination adds administrative overhead and complexity. If you enable [co-management](../../configmgr/comanage/overview.md) (Intune (cloud) + Configuration Manager (on-premises)), then you can use some Microsoft Entra features, such as conditional access.
+On Hybrid Microsoft Entra Join endpoints, you can use on-premises group policies objects (GPO) or Intune to control policy settings. It's possible to also use a combination of GPO and Intune, but this combination adds administrative overhead and complexity. If you enable [co-management](../../configmgr/comanage/overview.md) (Intune (cloud) + Configuration Manager (on-premises)), then you can use some Microsoft Entra features, such as Conditional Access.
For some guidance, go to [Deployment guide: Setup or move to Microsoft Intune](../../intune/fundamentals/deployment-guide-intune-setup.md).
-#### What device join states are required for device compliance and/or conditional access?
+#### What device join states are required for device compliance and/or Conditional Access?
-Both Hybrid Microsoft Entra Join and Microsoft Entra Join endpoints support [compliance policies](../../intune/protect/device-compliance-get-started.md) and [conditional access](../../intune/protect/conditional-access.md) when managed by Intune or co-managed by Intune and Configuration Manager.
+Both Hybrid Microsoft Entra Join and Microsoft Entra Join endpoints support [compliance policies](../../intune/protect/device-compliance-get-started.md) and [Conditional Access](../../intune/protect/conditional-access.md) when managed by Intune or co-managed by Intune and Configuration Manager.
#### Are there limitations for Hybrid Microsoft Entra Join?
diff --git a/windows-365/business/TOC.yml b/windows-365/business/TOC.yml
index 93968802c2d..b05ed96c59a 100644
--- a/windows-365/business/TOC.yml
+++ b/windows-365/business/TOC.yml
@@ -39,7 +39,7 @@ items:
href: restore-overview.md
- name: Identity and access management
items:
- - name: Set conditional access policies
+ - name: Set Conditional Access policies
href: set-conditional-access-policies.md
- name: Configure single sign-on
href: configure-single-sign-on.md
diff --git a/windows-365/business/configure-single-sign-on.md b/windows-365/business/configure-single-sign-on.md
index 70a997b9179..cedec00d7f1 100644
--- a/windows-365/business/configure-single-sign-on.md
+++ b/windows-365/business/configure-single-sign-on.md
@@ -39,7 +39,7 @@ To enable SSO using Microsoft Entra ID authentication, there are four tasks you
1. Configure the target device groups.
-1. Review your conditional access policies.
+1. Review your Conditional Access policies.
1. Configure your organizational settings to enable SSO.
@@ -53,7 +53,7 @@ When SSO is enabled, users sign in to Windows using a Microsoft Entra ID authent
- Users benefit from a single sign-on experience and can reconnect without authentication prompt when allowed.
- Users can sign back into their session using passwordless authentication like FIDO keys.
-- Conditional access policies, including multifactor authentication and sign-in frequency, are re-evaluated when the user reconnects to their session.
+- Conditional Access policies, including multifactor authentication and sign-in frequency, are re-evaluated when the user reconnects to their session.
## Prerequisites
@@ -186,9 +186,9 @@ To configure the service principal, use the [Microsoft Graph PowerShell SDK](/po
Remove-MgServicePrincipalRemoteDesktopSecurityConfigurationTargetDeviceGroup -ServicePrincipalId $WCLspId -TargetDeviceGroupId ""
```
-## Review your conditional access policies
+## Review your Conditional Access policies
-When SSO is turned on, a new Microsoft Entra ID app is introduced to authenticate users to the Cloud PC. If you have conditional access policies that apply when accessing Windows 365, review the recommendations to [set conditional access policies](set-conditional-access-policies.md) for Windows 365 to make sure users have the desired experience and to secure your environment.
+When SSO is turned on, a new Microsoft Entra ID app is introduced to authenticate users to the Cloud PC. If you have Conditional Access policies that apply when accessing Windows 365, review the recommendations to [set Conditional Access policies](set-conditional-access-policies.md) for Windows 365 to make sure users have the desired experience and to secure your environment.
## Turn on SSO for all Cloud PCs in your account
diff --git a/windows-365/business/set-conditional-access-policies.md b/windows-365/business/set-conditional-access-policies.md
index a34132c0ce6..cb258e421ee 100644
--- a/windows-365/business/set-conditional-access-policies.md
+++ b/windows-365/business/set-conditional-access-policies.md
@@ -1,8 +1,8 @@
---
# required metadata
-title: Set conditional access policies for Windows 365 Business
+title: Set Conditional Access policies for Windows 365 Business
titleSuffix:
-description: Learn how to set conditional access policies for Windows 365 Business.
+description: Learn how to set Conditional Access policies for Windows 365 Business.
keywords:
author: ErikjeMS
ms.author: erikje
@@ -29,7 +29,7 @@ ms.collection:
- tier2
---
-# Set conditional access policies for Windows 365 Business
+# Set Conditional Access policies for Windows 365 Business
Conditional Access is the protection of regulated content in a system by requiring certain criteria to be met before granting access to the content. Conditional Access policies at their simplest are if-then statements. If a user wants to access a resource, then they must complete an action. For example, a payroll manager wants to access the payroll application and is required to perform multi-factor authentication (MFA) to do so.
@@ -51,7 +51,7 @@ Conditional Access policies aren't set for your tenant by default. You can targ
No matter which method you use, the policies will be enforced on the Cloud PC End-user portal and the connection to the Cloud PC.
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Endpoint security** > **Conditional access** > **Create new policy**.
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Endpoint security** > **Conditional Access** > **Create new policy**.
1. Provide a **Name** for your specific Conditional Access policy.
1. Under **Users**, select **0 users and groups selected**.
1. Under the **Include** tab, select **Select users and groups** and check **Users and groups**. If the new pane doesn't open automatically, select **0 users and groups selected**.
@@ -63,13 +63,13 @@ No matter which method you use, the policies will be enforced on the Cloud PC En
- **Azure Virtual Desktop** (app ID 9cdead84-a844-4324-93f2-b2e6bb768d07). This app may also appear as **Windows Virtual Desktop**. This app is used to authenticate to the Azure Virtual Desktop Gateway during the connection and when the client sends diagnostic information to the service.
- **Microsoft Remote Desktop** (app ID a4a365df-50f1-4397-bc59-1a1564b8bb9c) and **Windows Cloud Login** (app ID 270efc09-cd0d-444b-a71f-39af4910ec45). These apps are only needed when you [configure single sign-on](configure-single-sign-on.md) in your environment. These apps are used to authenticate users to the Cloud PC.
- It's recommended to match conditional access policies between these apps. This ensures that the policy applies to the Cloud PC End-user portal, the connection to the Gateway and the Cloud PC for a consistent experience. If you want to exclude apps, you must also choose all of these apps.
+ It's recommended to match Conditional Access policies between these apps. This ensures that the policy applies to the Cloud PC End-user portal, the connection to the Gateway and the Cloud PC for a consistent experience. If you want to exclude apps, you must also choose all of these apps.
> [!IMPORTANT]
> With single sign-on enabled, authentication to the Cloud PC uses the **Microsoft Remote Desktop** Entra ID app today. An upcoming change will transition the authentication to the **Windows Cloud Login** Entra ID app. To ensure a smooth transition, you need to add both Entra ID apps to your CA policies.
> [!NOTE]
- > If you don't see the Windows Cloud Login app when configuring your conditional access policy, use the steps below to create the app. You must have Owner or Contributor permissions on the subscription to make these changes:
+ > If you don't see the Windows Cloud Login app when configuring your Conditional Access policy, use the steps below to create the app. You must have Owner or Contributor permissions on the subscription to make these changes:
>
> 1. Sign into the [Azure Portal](https://portal.azure.com).
> 1. Select **Subscriptions** from the list of Azure Services.
@@ -77,7 +77,7 @@ No matter which method you use, the policies will be enforced on the Cloud PC En
> 1. Select **Resource providers** then select **Microsoft.DesktopVirtualization**.
> 1. Select **Register** at the top.
>
- > After the resource provider is registered, the Windows Cloud Login app appears in the conditional access policy configuration when selecting apps to apply the policy to. If you aren't using Azure Virtual Desktop, you can unregister the Microsoft.DesktopVirtualization resource provider after the Windows Cloud Login app is available.
+ > After the resource provider is registered, the Windows Cloud Login app appears in the Conditional Access policy configuration when selecting apps to apply the policy to. If you aren't using Azure Virtual Desktop, you can unregister the Microsoft.DesktopVirtualization resource provider after the Windows Cloud Login app is available.
1. If you want to fine-tune your policy, under **Grant**, choose **0 controls selected**.
1. In the **Grant** pane, choose the grant or block access options that you want to apply to all objects assigned to this policy, then select **Select**.
1. If you want to test your policy first, under **Enable policy**, select **Report-only**. If you set it to **On**, the policy will be applied as soon as you create it.
diff --git a/windows-365/compliance-overview.md b/windows-365/compliance-overview.md
index 342c1b46a38..757e7d2083e 100644
--- a/windows-365/compliance-overview.md
+++ b/windows-365/compliance-overview.md
@@ -44,7 +44,7 @@ Windows 365 leverages other Microsoft services for compliance, including:
- [Microsoft Purview](/purview/purview): A suite of data governance and compliance tools.
- [Microsoft Entra ID](/entra/fundamentals/whatis): Identity and access management, formerly known as Azure Active Directory (Azure AD).
- [Microsoft Purview Compliance Manager](/purview/compliance-manager): Tools for managing compliance across your organization.
-- [Microsoft Intune](/mem): Enforces device compliance and conditional access policies to protect access to Windows 365 Cloud PCs.
+- [Microsoft Intune](/mem): Enforces device compliance and Conditional Access policies to protect access to Windows 365 Cloud PCs.
## Microsoft Intune capabilities for compliance
diff --git a/windows-365/enterprise/TOC.yml b/windows-365/enterprise/TOC.yml
index be0355e5881..eecc3d841cc 100644
--- a/windows-365/enterprise/TOC.yml
+++ b/windows-365/enterprise/TOC.yml
@@ -181,7 +181,7 @@ items:
href: forensic-evidence-set-up.md
- name: Identity and access management
items:
- - name: Set conditional access policies
+ - name: Set Conditional Access policies
href: set-conditional-access-policies.md
- name: Configure single sign-on
href: configure-single-sign-on.md
diff --git a/windows-365/enterprise/architecture.md b/windows-365/enterprise/architecture.md
index 924fde7b5e0..34d1937f44c 100644
--- a/windows-365/enterprise/architecture.md
+++ b/windows-365/enterprise/architecture.md
@@ -107,7 +107,7 @@ Microsoft Entra ID provides user authentication and authorization for both the W
- cookie persistence for the Windows 365 web portal
- device compliance controls
-For more information on how to use Microsoft Entra Conditional Access with Windows 365, see [Set conditional access policies](set-conditional-access-policies.md).
+For more information on how to use Microsoft Entra Conditional Access with Windows 365, see [Set Conditional Access policies](set-conditional-access-policies.md).
### Active Directory Domain Services
diff --git a/windows-365/enterprise/configure-single-sign-on.md b/windows-365/enterprise/configure-single-sign-on.md
index d1b329f1655..d20d54f4b1e 100644
--- a/windows-365/enterprise/configure-single-sign-on.md
+++ b/windows-365/enterprise/configure-single-sign-on.md
@@ -38,7 +38,7 @@ For information on using passwordless authentication within the session, see [In
To get started, following the steps to [Configure single sign-on](/azure/virtual-desktop/configure-single-sign-on) for Azure Virtual Desktop with the following caveats:
- If the Kerberos Server object isn't present for Microsoft Entra hybrid joined provisioning policies, a new error appears in your Azure Network Connection (ANC) [health check for single sign-on](health-checks.md#supported-checks).
-- If you have conditional access policies that apply when accessing Windows 365, review the recommendations to [set conditional access policies](set-conditional-access-policies.md) for Windows 365 to make sure users have the expected experience.
+- If you have Conditional Access policies that apply when accessing Windows 365, review the recommendations to [set Conditional Access policies](set-conditional-access-policies.md) for Windows 365 to make sure users have the expected experience.
- SSO can be enabled on any provisioning policies. You can find the **Use Microsoft Entra single sign-on** option under the **Join type** on the **General** page. This can be done when [creating a new provisioning policy](create-provisioning-policy.md#continue-creating-a-provisioning-policy) or when [editing an existing provisioning policy](edit-provisioning-policy.md), with an option to apply SSO to existing Cloud PCs.
- When provisioning Frontline Cloud PCs in shared mode, [hide the consent prompt](/azure/virtual-desktop/configure-single-sign-on#hide-the-consent-prompt-dialog) so that users don't see it with each shared device. You can use a dynamic device group based on the provisioning policy name to scope this configuration.
diff --git a/windows-365/enterprise/deploy-security-baselines.md b/windows-365/enterprise/deploy-security-baselines.md
index 73594dd74db..175ee49381b 100644
--- a/windows-365/enterprise/deploy-security-baselines.md
+++ b/windows-365/enterprise/deploy-security-baselines.md
@@ -62,4 +62,4 @@ For more information, see [Use security baselines to configure Windows devices i
For a detailed list of the 24H1 settings, see [Settings list for the Windows 365 Cloud PC security baseline in Intune](/mem/intune/protect/security-baseline-settings-windows-365?pivots=win365-24h1).
-[Set conditional access policies](set-conditional-access-policies.md).
+[Set Conditional Access policies](set-conditional-access-policies.md).
diff --git a/windows-365/enterprise/identity-authentication.md b/windows-365/enterprise/identity-authentication.md
index bd36d73aa95..00cef96eb47 100644
--- a/windows-365/enterprise/identity-authentication.md
+++ b/windows-365/enterprise/identity-authentication.md
@@ -104,7 +104,7 @@ To access the Windows 365 service, users must first authenticate to the service
#### Multifactor authentication
-Follow the instructions in [Set conditional access policies](set-conditional-access-policies.md) to learn how to enforce Microsoft Entra multifactor authentication for your Cloud PCs. That article also tells you how to configure how often your users are prompted to enter their credentials.
+Follow the instructions in [Set Conditional Access policies](set-conditional-access-policies.md) to learn how to enforce Microsoft Entra multifactor authentication for your Cloud PCs. That article also tells you how to configure how often your users are prompted to enter their credentials.
#### Passwordless authentication
diff --git a/windows-365/enterprise/in-development.md b/windows-365/enterprise/in-development.md
index 420d86d9dae..29e6aa59d02 100644
--- a/windows-365/enterprise/in-development.md
+++ b/windows-365/enterprise/in-development.md
@@ -7,7 +7,7 @@ keywords:
author: ErikjeMS
ms.author: erikje
manager: dougeby
-ms.date: 10/02/2024
+ms.date: 12/12/2024
ms.topic: conceptual
ms.service: windows-365
@@ -78,7 +78,15 @@ End users will be able to manually run connectivity checks on their Cloud PCs fr
The remoting connection report will be retired on December 31st, 2024. After this date, refer to the [Cloud PC connection quality report](report-cloud-pc-connection-quality.md).
-
+## Provisioning
+
+### Windows 365 support for Spain Central region
+
+Windows 365 Enterprise will support the Spain Central region. For more information, see [Supported Azure regions for Cloud PC provisioning](requirements.md?tabs=enterprise%2Cent#supported-azure-regions-for-cloud-pc-provisioning).
+
+### Windows 365 support for Mexico Central region
+
+Windows 365 Enterprise will support the Mexico Central region. For more information, see [Supported Azure regions for Cloud PC provisioning](requirements.md?tabs=enterprise%2Cent#supported-azure-regions-for-cloud-pc-provisioning).
@@ -87,7 +95,11 @@ The remoting connection report will be retired on December 31st, 2024. After thi
## Windows 365 app-->
-
+## Windows 365 Frontline
+
+### Concurrency buffer usage alert
+
+You’ll be able to set up a new alert to monitor concurrency buffer usage for Windows 365 Frontline.
## Next steps
diff --git a/windows-365/enterprise/index.yml b/windows-365/enterprise/index.yml
index 2b7edbbb6f8..5fef3f2c623 100644
--- a/windows-365/enterprise/index.yml
+++ b/windows-365/enterprise/index.yml
@@ -90,7 +90,7 @@ conceptualContent:
text: Deploy security baselines
- url: set-conditional-access-policies.md
itemType: how-to-guide
- text: Set conditional access policies
+ text: Set Conditional Access policies
footerLink:
url: security-guidelines.md
text: See more
diff --git a/windows-365/enterprise/restrict-office-365-cloud-pcs.md b/windows-365/enterprise/restrict-office-365-cloud-pcs.md
index bd087454bfd..e94166f5bef 100644
--- a/windows-365/enterprise/restrict-office-365-cloud-pcs.md
+++ b/windows-365/enterprise/restrict-office-365-cloud-pcs.md
@@ -37,9 +37,9 @@ This article describes how to limit access to Office 365 services. You can use t
1. Create a Microsoft Entra security group to manage which users are controlled by the new policy. Add to this group all the Cloud PC users who will be subjected to the new policy. Only users in this group will be restricted to using Cloud PCs when accessing Office 365 services. If you want to change a user’s access, you can just remove them from this group.
-2. Sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Endpoint security** > **Conditional access** > **Create new policy**.
+2. Sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Endpoint security** > **Conditional Access** > **Create new policy**.
- 
+ 
3. Type a **Name** for your new Conditional Access policy. For example, “Restrict Office 365 access to CPCs”.
diff --git a/windows-365/enterprise/security.md b/windows-365/enterprise/security.md
index f2f46f5b6f3..2adcda27ec7 100644
--- a/windows-365/enterprise/security.md
+++ b/windows-365/enterprise/security.md
@@ -54,7 +54,7 @@ As described in [identity and authentication](./identity-authentication.md#authe
- The Windows 365 service.
- The Cloud PC.
-The primary control for securing access is by using Microsoft Entra Conditional Access to conditionally grant access to the Windows 365 service. To secure access to the Cloud PC, see [set conditional access policies](./set-conditional-access-policies.md).
+The primary control for securing access is by using Microsoft Entra Conditional Access to conditionally grant access to the Windows 365 service. To secure access to the Cloud PC, see [set Conditional Access policies](./set-conditional-access-policies.md).
## Secure Cloud PC devices
diff --git a/windows-365/enterprise/set-conditional-access-policies.md b/windows-365/enterprise/set-conditional-access-policies.md
index 62acbd9f643..c207ed79385 100644
--- a/windows-365/enterprise/set-conditional-access-policies.md
+++ b/windows-365/enterprise/set-conditional-access-policies.md
@@ -1,8 +1,8 @@
---
# required metadata
-title: Set conditional access policies for Windows 365
+title: Set Conditional Access policies for Windows 365
titleSuffix:
-description: Learn how to set conditional access policies for Windows 365.
+description: Learn how to set Conditional Access policies for Windows 365.
keywords:
author: ErikjeMS
ms.author: erikje
@@ -29,7 +29,7 @@ ms.collection:
- tier2
---
-# Set conditional access policies
+# Set Conditional Access policies
Conditional Access is the protection of regulated content in a system by requiring certain criteria to be met before granting access to the content. Conditional Access policies at their simplest are if-then statements. If a user wants to access a resource, then they must complete an action. For example, a payroll manager wants to access the payroll application and is required to perform multi-factor authentication (MFA) to do so.
@@ -51,7 +51,7 @@ Conditional Access policies aren't set for your tenant by default. You can targ
No matter which method you use, the policies will be enforced on the Cloud PC End-user portal and the connection to the Cloud PC.
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Endpoint security** > **Conditional access** > **Create new policy**.
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Endpoint security** > **Conditional Access** > **Create new policy**.
2. Provide a **Name** for your specific Conditional Access policy.
3. Under **Users**, select **0 users and groups selected**.
4. Under the **Include** tab, select **Select users and groups** > check **Users and groups** > under **Select**, choose **0 users and groups selected**.
@@ -63,13 +63,13 @@ No matter which method you use, the policies will be enforced on the Cloud PC En
- **Azure Virtual Desktop** (app ID 9cdead84-a844-4324-93f2-b2e6bb768d07). This app may also appear as **Windows Virtual Desktop**. This app is used to authenticate to the Azure Virtual Desktop Gateway during the connection and when the client sends diagnostic information to the service.
- **Microsoft Remote Desktop** (app ID a4a365df-50f1-4397-bc59-1a1564b8bb9c) and **Windows Cloud Login** (app ID 270efc09-cd0d-444b-a71f-39af4910ec45). These apps are only needed when you [configure single sign-on](configure-single-sign-on.md) in a provisioning policy. These apps are used to authenticate users to the Cloud PC.
- It's recommended to match conditional access policies between these apps. This ensures that the policy applies to the Cloud PC End-user portal, the connection to the Gateway and the Cloud PC for a consistent experience. If you want to exclude apps, you must also choose all of these apps.
+ It's recommended to match Conditional Access policies between these apps. This ensures that the policy applies to the Cloud PC End-user portal, the connection to the Gateway and the Cloud PC for a consistent experience. If you want to exclude apps, you must also choose all of these apps.
> [!IMPORTANT]
> With SSO enabled, authentication to the Cloud PC uses the **Microsoft Remote Desktop** Entra ID app today. An upcoming change will transition the authentication to the **Windows Cloud Login** Entra ID app. To ensure a smooth transition, you need to add both Entra ID apps to your CA policies.
> [!NOTE]
- > If you don't see the Windows Cloud Login app when configuring your conditional access policy, use the steps below to create the app. You must have Owner or Contributor permissions on the subscription to make these changes:
+ > If you don't see the Windows Cloud Login app when configuring your Conditional Access policy, use the steps below to create the app. You must have Owner or Contributor permissions on the subscription to make these changes:
>
> 1. Sign into the [Azure Portal](https://portal.azure.com).
> 1. Select **Subscriptions** from the list of Azure Services.
@@ -77,7 +77,7 @@ No matter which method you use, the policies will be enforced on the Cloud PC En
> 1. Select **Resource providers** then select **Microsoft.DesktopVirtualization**.
> 1. Select **Register** at the top.
>
- > After the resource provider is registered, the Windows Cloud Login app appears in the conditional access policy configuration when selecting apps to apply the policy to. If you aren't using Azure Virtual Desktop, you can unregister the Microsoft.DesktopVirtualization resource provider after the Windows Cloud Login app is available.
+ > After the resource provider is registered, the Windows Cloud Login app appears in the Conditional Access policy configuration when selecting apps to apply the policy to. If you aren't using Azure Virtual Desktop, you can unregister the Microsoft.DesktopVirtualization resource provider after the Windows Cloud Login app is available.
9. If you want to fine-tune your policy, under **Grant**, choose **0 controls selected**.
10. In the **Grant** pane, choose the grant or block access options that you want to apply to all objects assigned to this policy > **Select**.
11. If you want to test your policy first, under **Enable policy**, select **Report-only**. If you set it to **On**, the policy will be applied as soon as you create it.
diff --git a/windows-365/enterprise/troubleshooting.md b/windows-365/enterprise/troubleshooting.md
index b61b9586331..1235c44fded 100644
--- a/windows-365/enterprise/troubleshooting.md
+++ b/windows-365/enterprise/troubleshooting.md
@@ -45,11 +45,11 @@ For connections using the Remote Desktop client for Windows to access Cloud PCs,
After the installation, the optimizations to redirect audio and video to your local Windows endpoint don’t work. The user must close Teams and sign out from or restart the Cloud PC to activate the Optimized status.
-## Conditional access
+## Conditional Access
-Make sure that you apply conditional access policies to both the dedicated Windows 365 cloud app and the Azure Virtual Desktop cloud app. You can apply these policies in the conditional access UI of Microsoft Intune admin center or Microsoft Entra ID.
+Make sure that you apply Conditional Access policies to both the dedicated Windows 365 cloud app and the Azure Virtual Desktop cloud app. You can apply these policies in the Conditional Access UI of Microsoft Intune admin center or Microsoft Entra ID.
-Any conditional access policy that you apply will affect:
+Any Conditional Access policy that you apply will affect:
- Access to the end-user web portal
- The connection to the Cloud PC from the Remote Desktop apps.
diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md
index b9df59b6783..e0c3a236458 100644
--- a/windows-365/enterprise/whats-new.md
+++ b/windows-365/enterprise/whats-new.md
@@ -416,7 +416,7 @@ Customers that have Modern Microsoft Cloud Agreements can upgrade their existing
#### Single sign-on Windows 365 clients authentication change
-Single sign-on for Windows 365 is transitioning to use the Windows Cloud Login Entra ID cloud app for Windows authentication starting with the Windows and Web clients. For more information, see [Set conditional access policies](set-conditional-access-policies.md).
+Single sign-on for Windows 365 is transitioning to use the Windows Cloud Login Entra ID cloud app for Windows authentication starting with the Windows and Web clients. For more information, see [Set Conditional Access policies](set-conditional-access-policies.md).
### Monitor and troubleshoot
@@ -672,7 +672,7 @@ For more information, see [Microsoft Purview Customer Lockbox](/purview/customer
#### New faster sign-in frequency option (preview)
-When single sign-on is enabled, selecting the **Conditional access** > **Session** > **Sign-in frequency** > **Every time** option provides a faster reauthentication period of 5-10 minutes depending on the client used. For more information, see [Set conditional access policies](set-conditional-access-policies.md).
+When single sign-on is enabled, selecting the **Conditional Access** > **Session** > **Sign-in frequency** > **Every time** option provides a faster reauthentication period of 5-10 minutes depending on the client used. For more information, see [Set Conditional Access policies](set-conditional-access-policies.md).
### Windows 365 Boot
diff --git a/windows-365/link/TOC.yml b/windows-365/link/TOC.yml
index ccb20625f66..aeb0761f302 100644
--- a/windows-365/link/TOC.yml
+++ b/windows-365/link/TOC.yml
@@ -33,7 +33,7 @@ items:
href: create-intune-filter.md
- name: Configure enrollment restrictions
href: enrollment-restrictions.md
- - name: Synchronize conditional access policies
+ - name: Synchronize Conditional Access policies
href: conditional-access-policies-synchronize.md
- name: Suppress single sign-on prompt
href: single-sign-on-suppress.md
diff --git a/windows-365/link/deployment-overview.md b/windows-365/link/deployment-overview.md
index 5bafdfd1d1b..46eec04781f 100644
--- a/windows-365/link/deployment-overview.md
+++ b/windows-365/link/deployment-overview.md
@@ -40,7 +40,7 @@ To set up your organization's environment to deploy and manage Windows 365 Link
3. [Configure Microsoft Entra Mobility settings to automatically enroll Windows 365 Link devices in Intune](intune-automatic-enrollment.md).
4. [Create an Intune filter for Windows 365 Link devices](create-intune-filter.md) (optional).
5. [Configure enrollment restrictions to let Windows 365 Link devices enroll](enrollment-restrictions.md).
-6. [Validate conditional access policies](conditional-access-policies-synchronize.md).
+6. [Validate Conditional Access policies](conditional-access-policies-synchronize.md).
7. [Suppress single sign-on consent prompt](single-sign-on-suppress.md) (recommended).
After setting up deployment for your Windows 365 Link devices, you can start [onboarding](onboarding.md) them.