diff --git a/memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md b/memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md
index 8ab6d41d3db..8e61348e8fe 100644
--- a/memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md
+++ b/memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md
@@ -61,7 +61,7 @@ Individual Android apps are enabled for APP in a few ways:
For more information on this tool, see [prepare line-of-business apps for app protection policies](../developer/apps-prepare-mobile-application-management.md).
-To see a list of apps enabled with APP, see [managed apps with a rich set of mobile application protection policies](https://www.microsoft.com/cloud-platform/microsoft-intune-apps).
+To see a list of apps enabled with APP, see [managed apps with a rich set of mobile application protection policies](/mem/intune/apps/apps-supported-intune-apps).
## Deployment scenarios
diff --git a/memdocs/intune/apps/mam-faq.yml b/memdocs/intune/apps/mam-faq.yml
index e382cc3c825..5b20f335105 100644
--- a/memdocs/intune/apps/mam-faq.yml
+++ b/memdocs/intune/apps/mam-faq.yml
@@ -59,7 +59,7 @@ sections:
questions:
- question: Which apps can be managed by app protection policies?
answer: |
- Any app that has been integrated with the [Intune App SDK](../developer/app-sdk.md) or wrapped by the [Intune App Wrapping Tool](../developer/apps-prepare-mobile-application-management.md) can be managed using Intune app protection policies. See the official list of [Intune-managed apps](https://www.microsoft.com/cloud-platform/microsoft-intune-apps) available for public use.
+ Any app that has been integrated with the [Intune App SDK](../developer/app-sdk.md) or wrapped by the [Intune App Wrapping Tool](../developer/apps-prepare-mobile-application-management.md) can be managed using Intune app protection policies. See the official list of [Intune-managed apps](/mem/intune/apps/apps-supported-intune-apps) available for public use.
- question: What are the baseline requirements to use app protection policies on an Intune-managed app?
answer: |
diff --git a/memdocs/intune/apps/manage-microsoft-edge.md b/memdocs/intune/apps/manage-microsoft-edge.md
index eff856589ac..21f5061e98f 100644
--- a/memdocs/intune/apps/manage-microsoft-edge.md
+++ b/memdocs/intune/apps/manage-microsoft-edge.md
@@ -8,7 +8,7 @@ keywords:
author: Erikre
ms.author: erikre
manager: dougeby
-ms.date: 02/27/2024
+ms.date: 10/24/2024
ms.topic: how-to
ms.service: microsoft-intune
ms.subservice: apps
@@ -282,7 +282,7 @@ Edge for iOS and Android allows organizations to disable certain features that a
|Key |Value |
|:-----------|:-------------|
-|com.microsoft.intune.mam.managedbrowser.disabledFeatures|**password** disables prompts that offer to save passwords for the end user
**inprivate** disables InPrivate browsing
**autofill** disables "Save and Fill Addresses" and "Save and Fill Payment info". Autofill will be disabled even for previously saved information
**translator** disables translator
**readaloud** disables read aloud
**drop** disables drop
**coupons** disables coupons
**extensions** disables extensions (Edge for Android only)
**developertools** grays out the build version numbers to prevent users from accessing Developer options (Edge for Android only)
**UIRAlert** suppress re-verify account popups in new tab page screen
To disable multiple features, separate values with `|`. For example, `inprivate|password` disables both InPrivate and password storage. |
+|com.microsoft.intune.mam.managedbrowser.disabledFeatures|**password** disables prompts that offer to save passwords for the end user
**inprivate** disables InPrivate browsing
**autofill** disables "Save and Fill Addresses" and "Save and Fill Payment info". Autofill will be disabled even for previously saved information
**translator** disables translator
**readaloud** disables read aloud
**drop** disables drop
**coupons** disables coupons
**extensions** disables extensions (Edge for Android only)
**developertools** grays out the build version numbers to prevent users from accessing Developer options (Edge for Android only)
**UIRAlert** suppress re-verify account popups in new tab page screen
**share** disables Share under menu
**sendtodevices** disables Send to devices under menu
**weather** disables weather in NTP (New Tab Page)
To disable multiple features, separate values with `|`. For example, `inprivate|password` disables both InPrivate and password storage. |
#### Disable import passwords feature
@@ -316,9 +316,12 @@ Edge for Android can be enabled as a kiosk app with the following settings:
|com.microsoft.intune.mam.managedbrowser.showAddressBarInKioskMode |**true** shows the address bar in kiosk mode
**false** (default) hides the address bar when kiosk mode is enabled|
|com.microsoft.intune.mam.managedbrowser.showBottomBarInKioskMode |**true** shows the bottom action bar in kiosk mode
**false** (default) hides the bottom bar when kiosk mode is enabled |
+> [!NOTE]
+> Kiosk mode is not supported on iOS devices. However, you may want to use Locked View Mode (MDM policy only) to achieve a similar user experience, where users are unable to navigate to other websites, as the URL address bar becomes read-only in Locked View Mode.
+
### Locked view mode
-Edge for iOS and Android can be enabled as locked view mode with MDM policy EdgeLockedViewModeEnabled.
+Edge for iOS and Android can be enabled as locked view mode with MDM policy **[EdgeLockedViewModeEnabled](/deployedge/microsoft-edge-mobile-policies#edgelockedviewmodeenabled)**.
|Key |Value |
|:---------|:---------|
@@ -485,16 +488,6 @@ Organizations can configure a search provider for users. To configure a search p
|com.microsoft.intune.mam.managedbrowser.DefaultSearchProviderName | The corresponding value is a string
**Example** `My Intranet Search` |
|com.microsoft.intune.mam.managedbrowser.DefaultSearchProviderSearchURL | The corresponding value is a string
**Example** `https://search.my.company/search?q={searchTerms}`|
-### Open external apps
-When a web page requests to open an external app, users will see a pop-up asking them to open the external app or not. Organizations can manage the behavior.
-
-|Key |Value |
-|:-----------|:-------------|
-|com.microsoft.intune.mam.managedbrowser.OpeningExternalApps |**0** (default) Show the pop-up for users to choose stay in Edge or open by external apps.
**1** Always open within Edge without showing the pop-up.
**2** Always open with external apps without showing the pop-up. If external apps aren't installed, the behavior will be the same as value 1|
-
-> [!NOTE]
-> As of version 120.2210.99, the app jump blocker feature is removed. External apps will be opened from Edge by default. Therefore, this policy is no longer valid from version 120.2210.99.
-
### Copilot
> [!NOTE]
diff --git a/memdocs/intune/apps/store-apps-microsoft.md b/memdocs/intune/apps/store-apps-microsoft.md
index 1179b58d2e3..a4958e2dfbb 100644
--- a/memdocs/intune/apps/store-apps-microsoft.md
+++ b/memdocs/intune/apps/store-apps-microsoft.md
@@ -77,6 +77,9 @@ An [Intune administrator](../fundamentals/users-add.md#types-of-administrators)
The Microsoft Store provides a large variety of apps designed to work on your Microsoft devices. Within Intune, you can search and add the apps you want to assign to your workforce at your organization.
+> [!IMPORTANT]
+> There is no age restriction when searching for apps in the Microsoft Store.
+
1. Select **Search the Microsoft Store app** to display the search panel which features a search bar and includes the following columns:
- **Name** – The name of the app.
@@ -90,9 +93,8 @@ The Microsoft Store provides a large variety of apps designed to work on your Mi
> Specific Microsoft Store apps may not be displayed and available in Intune. Common reasons an app doesn't appear when searching within Intune include the following:
>
> - The app is not available in US region.
- > - The app is not available if there is an age restriction.
> - The app is a paid app, which is not supported.
- > - The app is an Android app.
+ > - The app platform isn't supported in the Microsoft Store.
3. Choose the app that you want to deploy and choose **Select**.
@@ -124,7 +126,7 @@ The Microsoft Store provides a large variety of apps designed to work on your Mi
You can choose how you want to assign Microsoft Store apps to users and devices.
> [!NOTE]
-> If you assign an app to a device that is located in a region where that app is not supported or where that app does not meet the age restrictions, the app will not install on the device. However, if the device is moved to a region that supports the app, the app will install on the device.
+> If you assign an app to a device that is located in a region where that app is not supported, the app will not install on the device. However, if the device is moved to a region that supports the app, the app will install on the device.
The following table provides assignment type details:
diff --git a/memdocs/intune/configuration/kiosk-settings-windows.md b/memdocs/intune/configuration/kiosk-settings-windows.md
index ab12dbee5b8..5324b12ffb8 100644
--- a/memdocs/intune/configuration/kiosk-settings-windows.md
+++ b/memdocs/intune/configuration/kiosk-settings-windows.md
@@ -100,7 +100,7 @@ Runs only one app on the device, such as a web browser or Store app.
For more information on these options, see [Deploy Microsoft Edge kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy#supported-configuration-types).
- - **Add Kiosk browser**: Select **Kiosk browser settings**. These settings control a web browser app on the kiosk. Be sure you get the [Kiosk browser app](https://businessstore.microsoft.com/store/details/kiosk-browser/9NGB5S5XG2KP) from the Store, add it to Intune as a [Client App](../apps/apps-add.md). Then, assign the app to the kiosk devices.
+ - **Add Kiosk browser**: Select **Kiosk browser settings**. These settings control a web browser app on the kiosk. Be sure you get the [Kiosk browser app](https://apps.microsoft.com/detail/9ngb5s5xg2kp?) from the Store, add it to Intune as a [Client App](../apps/apps-add.md). Then, assign the app to the kiosk devices.
Enter the following settings:
diff --git a/memdocs/intune/fundamentals/cloud-configuration-setup-guide.md b/memdocs/intune/fundamentals/cloud-configuration-setup-guide.md
index f1c0a8d5e7c..9796042f2b2 100644
--- a/memdocs/intune/fundamentals/cloud-configuration-setup-guide.md
+++ b/memdocs/intune/fundamentals/cloud-configuration-setup-guide.md
@@ -287,18 +287,9 @@ The script is deployed to devices using in Intune. To add and deploy the script,
#### Microsoft Store app
-If you previously removed the Microsoft Store app, you can redeploy it using Microsoft Intune. To re-add the Microsoft Store app (or any other apps you want to re-add), add the Microsoft Store app to your private organization app repository. Then, deploy the app to devices using Intune. The Microsoft Store app helps keep apps updated.
+If you previously removed the Microsoft Store app, you can redeploy it using Microsoft Intune. To re-add the Microsoft Store app (or any other apps you want to re-add), add the Microsoft Store app to your private organization app repository. Then, deploy the app to devices using Intune. The Microsoft Store app helps keep apps updated. For information about how to configure access to the Microsoft Store app, see [Manage access to private store](/microsoft-store/manage-access-to-private-store).
-Your private organization app repository can be:
-
-- The Intune Company Portal app or website (preferred)
-
-- Microsoft Store for Business or Microsoft Store for Education
-
- Previously, the Microsoft Store app had a Microsoft Store for Business tab. This tab is removed. If you use Microsoft Store for Business, then to access your private app repository, go to the [Microsoft Store for Business website](https://businessstore.microsoft.com/). For more information, go to [Manage access to private store](/microsoft-store/manage-access-to-private-store).
-
- > [!NOTE]
- > The Microsoft Store for Business and Microsoft Store for Education will be retired. For more information, go to [Microsoft Store for Business and Microsoft Store for Education](/microsoft-store/microsoft-store-for-business-overview).
+Your private organization app repository can be the Intune Company Portal app or website.
Using Intune, on Windows 10/11 Enterprise and Education devices, you can block end users from installing Microsoft Store apps outside of your organization's private app repository.
diff --git a/memdocs/intune/fundamentals/education-settings-configure-ios.md b/memdocs/intune/fundamentals/education-settings-configure-ios.md
index 17020f81d9a..2bd57b06222 100644
--- a/memdocs/intune/fundamentals/education-settings-configure-ios.md
+++ b/memdocs/intune/fundamentals/education-settings-configure-ios.md
@@ -162,7 +162,7 @@ When you're finished configuring certificates, choose **OK**.
The profile is created and appears on the profiles list pane.
-Assign the profile to student devices in the classroom groups that were created when you synchronized your school data with Microsoft Entra ID (see [How to assign device profiles](../configuration/device-profile-assign.md).
+Assign the profile to student devices in the classroom groups that were created when you synchronized your school data with Microsoft Entra ID (see [How to assign device profiles](../configuration/device-profile-assign.md)).
## Next steps
diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md
index 76a708ef796..60f00240b75 100644
--- a/memdocs/intune/fundamentals/intune-endpoints.md
+++ b/memdocs/intune/fundamentals/intune-endpoints.md
@@ -48,7 +48,7 @@ To manage devices behind firewalls and proxy servers, you must enable communicat
- For some tasks, Intune requires unauthenticated proxy server access to manage.microsoft.com, *.azureedge.net, and graph.microsoft.com.
> [!NOTE]
- > SSL traffic inspection is not supported for 'manage.microsoft.com', 'dm.microsoft.com', or the [Device Health Attestation (DHA) endpoints listed in the compliance section](#migrating-device-health-attestation-compliance-policies-to-microsoft-azure-attestation).
+ > SSL traffic inspection is not supported for '\*.manage.microsoft.com', '\*.dm.microsoft.com', or the [Device Health Attestation (DHA) endpoints listed in the compliance section](#migrating-device-health-attestation-compliance-policies-to-microsoft-azure-attestation).
You can modify proxy server settings on individual client computers. You can also use Group Policy settings to change settings for all client computers located behind a specified proxy server.
diff --git a/memdocs/intune/fundamentals/intune-planning-guide.md b/memdocs/intune/fundamentals/intune-planning-guide.md
index 82caaf3feb0..2d39a8ba885 100644
--- a/memdocs/intune/fundamentals/intune-planning-guide.md
+++ b/memdocs/intune/fundamentals/intune-planning-guide.md
@@ -623,7 +623,7 @@ Validate the end-user experience with success metrics in your deployment plan. S
- Tools and resources
- Q & A
-The community-based [Intune forum](https://social.technet.microsoft.com/Forums/home) and [end-user documentation](/intune-user-help/use-managed-devices-to-get-work-done) are also great resources.
+The community-based [Intune forum](https://social.technet.microsoft.com/Forums/home) and [end-user documentation](/mem/intune/user-help/use-managed-devices-to-get-work-done) are also great resources.
## Related articles
diff --git a/memdocs/intune/fundamentals/intune-scale-guidelines.md b/memdocs/intune/fundamentals/intune-scale-guidelines.md
index a6072d64e44..88d50b1ff9b 100644
--- a/memdocs/intune/fundamentals/intune-scale-guidelines.md
+++ b/memdocs/intune/fundamentals/intune-scale-guidelines.md
@@ -224,7 +224,7 @@ For more information, go to [How many tokens can I upload.](../apps/vpp-apps-ios
- Local admins can create Win32 apps as needed within the cross-platform, line-of-business app and web-link limit. For more information, go to [Win32 app management](../apps/apps-win32-app-management.md).
> [!NOTE]
- > [Microsoft Store for Business](/microsoft-store/microsoft-store-for-business-overview) is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
+ > Microsoft Store for Business is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
#### Android
diff --git a/memdocs/intune/fundamentals/manage-apps.md b/memdocs/intune/fundamentals/manage-apps.md
index f5bcbfb2ed9..beb5c63fd50 100644
--- a/memdocs/intune/fundamentals/manage-apps.md
+++ b/memdocs/intune/fundamentals/manage-apps.md
@@ -125,7 +125,7 @@ The app features in the Intune admin center make it easier to deploy these diffe
- [Win32 app management](../apps/apps-win32-app-management.md)
> [!NOTE]
- > [Microsoft Store for Business](/microsoft-store/microsoft-store-for-business-overview) is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
+ > Microsoft Store for Business is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
## Configure apps before they're installed
diff --git a/memdocs/intune/industry/education/tutorial-school-deployment/enroll-autopilot.md b/memdocs/intune/industry/education/tutorial-school-deployment/enroll-autopilot.md
index 9247927bf69..6fa6279abfa 100644
--- a/memdocs/intune/industry/education/tutorial-school-deployment/enroll-autopilot.md
+++ b/memdocs/intune/industry/education/tutorial-school-deployment/enroll-autopilot.md
@@ -161,7 +161,7 @@ With the devices joined to Microsoft Entra tenant and managed by Intune, you can
[MSFT-1]: https://partner.microsoft.com/
-[INT-1]: /intune/network-bandwidth-use
+[INT-1]: /mem/intune/fundamentals/network-bandwidth-use
[M365-1]: https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
diff --git a/memdocs/intune/industry/education/tutorial-school-deployment/manage-surface-devices.md b/memdocs/intune/industry/education/tutorial-school-deployment/manage-surface-devices.md
index 144c273b266..38ef96e2fad 100644
--- a/memdocs/intune/industry/education/tutorial-school-deployment/manage-surface-devices.md
+++ b/memdocs/intune/industry/education/tutorial-school-deployment/manage-surface-devices.md
@@ -42,6 +42,6 @@ To access and use the Surface Management Portal:
-[INT-1]: /intune/configuration/device-firmware-configuration-interface-windows
+[INT-1]: /mem/intune/configuration/device-firmware-configuration-interface-windows-settings
[MEM-1]: /mem/autopilot/dfci-management
[SURF-1]: /surface/surface-manage-dfci-guide
diff --git a/memdocs/intune/protect/create-conditional-access-intune.md b/memdocs/intune/protect/create-conditional-access-intune.md
index 3a8a1136801..bf7f35120d7 100644
--- a/memdocs/intune/protect/create-conditional-access-intune.md
+++ b/memdocs/intune/protect/create-conditional-access-intune.md
@@ -119,4 +119,4 @@ To take advantage of device compliance status, configure Conditional Access poli
## Next steps
- [App-based Conditional Access with Intune](app-based-conditional-access-intune.md)
-- [Troubleshooting Intune Conditional Access](https://support.microsoft.com/help/4456106)
+- [Troubleshooting Intune Conditional Access](/troubleshoot/mem/intune/device-protection/troubleshoot-conditional-access)
diff --git a/memdocs/intune/protect/derived-credentials.md b/memdocs/intune/protect/derived-credentials.md
index cfef3be419d..bbcb6d33ddc 100644
--- a/memdocs/intune/protect/derived-credentials.md
+++ b/memdocs/intune/protect/derived-credentials.md
@@ -141,7 +141,7 @@ The following are key considerations for each supported partner. Become familiar
Review the platform-specific user workflow for the devices you'll use with derived credentials.
-- [iOS and iPadOS](/intune-user-help/enroll-ios-device-disa-purebred)
+- [iOS and iPadOS](/mem/intune/user-help/enroll-ios-device-disa-purebred)
- [Android Enterprise](../user-help/enroll-android-device-disa-purebred.md) - *Corporate-Owned Work Profile* or *Fully managed devices*
**Key requirements include**:
@@ -167,7 +167,7 @@ For information getting and configuring the DISA Purebred app, see [Deploy the D
Review the platform-specific user workflow for the devices you'll use with derived credentials.
-- [iOS and iPadOS](/intune-user-help/enroll-ios-device-entrust-datacard)
+- [iOS and iPadOS](/mem/intune/user-help/enroll-ios-device-entrust-datacard)
- [Android Enterprise](../user-help/enroll-android-device-entrust-datacard.md)- *Corporate-Owned Work Profile* or *Fully managed devices*
**Key requirements include**:
@@ -191,7 +191,7 @@ Review the platform-specific user workflow for the devices you'll use with deriv
Review the platform-specific user workflow for the devices you'll use with derived credentials.
-- [iOS and iPadOS](/intune-user-help/enroll-ios-device-intercede)
+- [iOS and iPadOS](/mem/intune/user-help/enroll-ios-device-intercede)
- [Android Enterprise](../user-help/enroll-android-device-intercede.md) - *Corporate-Owned Work Profile* or *Fully managed devices*
**Key requirements include**:
diff --git a/memdocs/intune/protect/encrypt-devices-filevault.md b/memdocs/intune/protect/encrypt-devices-filevault.md
index 1d0b5bb4cc8..03a605115ca 100644
--- a/memdocs/intune/protect/encrypt-devices-filevault.md
+++ b/memdocs/intune/protect/encrypt-devices-filevault.md
@@ -1,18 +1,18 @@
---
# required metadata
-title: Encrypt macOS devices with FileVault disk encryption with Intune
+title: Encrypt macOS FileVault disk encryption with Intune policy
titleSuffix: Microsoft Intune
-description: Use Microsoft Intune encryption policy to encrypt macOS devices with FileVault, and manage recovery keys for encrypted macOS devices from within the Microsoft Intune admin center.
+description: Use Microsoft Intune policy to configure FileVault on macOS devices, and use the admin center to manage their recovery keys.
keywords:
author: brenduns
ms.author: brenduns
manager: dougeby
-ms.date: 06/21/2024
+ms.date: 10/25/2024
ms.topic: how-to
ms.service: microsoft-intune
ms.subservice: protect
ms.localizationpriority: high
-ms.assetid:
+ms.assetid:
# optional metadata
@@ -30,7 +30,7 @@ ms.collection:
---
-# Use FileVault disk encryption for macOS with Intune
+# Use FileVault disk encryption for macOS with Intune
Use Microsoft Intune to configure and manage macOS FileVault disk encryption. FileVault is a whole-disk encryption program that is included with macOS. With Intune you can deploy policies that configure FileVault, and then manage recovery keys on devices that run **macOS 10.13 or later**.
@@ -66,62 +66,18 @@ You can add this permission and right to your own [custom RBAC roles](../fundame
- Help Desk Operator
- Endpoint Security Administrator
-## Create device configuration policy for FileVault
-
-1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-
-2. Select **Devices** > **Manage devices** > **Configuration** > On the *Policies* tab, select **+ Create**.
-
-3. On the **Create a profile** page, set the following options, and then select **Create**:
- - **Platform**: macOS
- - **Profile type**: Templates
- - **Template name**: Endpoint protection
-
- :::image type="content" source="./media/encrypt-devices-filevault/select-macos-filevault-dc.png" alt-text="Select the Endpoint protection profile.":::
-
-4. On the **Basics** page, enter the following properties:
-
- - **Name**: Enter a descriptive name for the policy. Name your policies so you can easily identify them later. For example, a good policy name might include the profile type and platform.
-
- - **Description**: Enter a description for the policy. This setting is optional, but recommended.
-
-5. On the **Configuration settings** page, select **FileVault** to expand the available settings:
-
- :::image type="content" source="./media/encrypt-devices-filevault/filevault-settings.png" alt-text="FileVault settings.":::
-
-6. Configure the following settings:
-
- - For *Enable FileVault*, select **Yes**.
-
- - For *Recovery key type*, select **Personal key**.
-
- - For *Escrow location description of personal recovery key*, add a message to help guide users on [how to retrieve the recovery key](#retrieve-a-personal-recovery-key) for their device. This information can be useful for your users when you use the setting for Personal recovery key rotation, which can automatically generate a new recovery key for a device periodically.
-
- For example: To retrieve a lost or recently rotated recovery key, sign in to the Intune Company Portal website from any device. In the portal, go to *Devices* and select the device that has FileVault enabled, and then select *Get recovery key*. The current recovery key is displayed.
-
- Configure the remaining [FileVault settings](endpoint-protection-macos.md#filevault) to meet your business needs, and then select **Next**.
-
-7. If applicable, on the **Scope (Tags)** page, choose **Select scope tags** to open the Select tags pane to assign scope tags to the profile.
-
- Select **Next** to continue.
-
-8. On the **Assignments** page, select groups to receive this profile. For more information on assigning profiles, see Assign user and device profiles.
-Select **Next**.
-
-9. On the **Review + create** page, when you're done, choose **Create**. The new profile is displayed in the list when you select the policy type for the profile you created.
-
## Create endpoint security policy for FileVault
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Select **Endpoint security** > **Disk encryption** > **Create Policy**.
-1. On the **Basics** page, enter the following properties, and then choose **Next**.
-- **Platform**: macOS
-- **Profile**: FileVault
+3. On the **Basics** page, enter the following properties, and then choose **Next**.
+ - **Platform**: macOS
+ - **Profile**: FileVault
![Select the FileVault profile](./media/encrypt-devices-filevault/select-macos-filevault-es.png)
-
+
4. On the **Configuration settings** page:
1. Set *Enable FileVault* to **Yes**.
2. For *Recovery key type*, only **Personal Recovery Key** is supported.
@@ -172,7 +128,7 @@ Select **Next**.
7. If applicable, on the **Scope (Tags)** page, choose **Select scope tags** to open the *Select tags* pane to assign scope tags to the profile. Select **Next** to continue.
-8. On the **Assignments** page, select the groups that will receive this profile. For more information on assigning profiles, see Assign user and device profiles. Select **Next**.
+8. On the **Assignments** page, select the groups that receive this profile. For more information on assigning profiles, see Assign user and device profiles. Select **Next**.
9. On the **Review + create** page, when you're done, select **Create**. The new profile is displayed in the list when you select the policy type for the profile you created.
@@ -187,16 +143,61 @@ For devices that run macOS 14 and later, your settings catalog policy can also e
- When *Await final Configuration* set to *Yes* for a device, you can then add the following Full Disk Encryption setting for FileVault in your settings catalog profile
- FileVault > **Force Enable in Setup Assistant** – Set to **Enabled**.
-
+
The following image shows the settings catalog profile configured with the core settings to enable FileVault and use the Setup Assistant to enforce encryption. In this example, the Location setting uses the simple name of our domain, *Contoso*:
-
-
> [!IMPORTANT]
> The **Defer** setting must be configured to **Enabled** to successfully enable FileVault in Setup Assistant for devices running macOS 14.4.
-
+
:::image type="content" source="./media/encrypt-devices-filevault/filevault-setup-assistant-configuration.png" alt-text="Screenshot of the settings needed to enable File Vault in Setup Assistant.":::
+## Create device configuration policy for FileVault (Deprecated)
+
+> [!NOTE]
+> The macOS template for Endpoint Protection is deprecated and no longer supports creating new profiles. Instead, use the [Endpoint security](#create-endpoint-security-policy-for-filevault) or the [settings catalog](#create-settings-catalog-policy-for-filevault) to configure and manage new FileVault profiles.
+
+1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
+2. Select **Devices** > **Manage devices** > **Configuration** > On the *Policies* tab, select **+ Create**.
+
+3. On the **Create a profile** page, set the following options, and then select **Create** > **New policy**:
+ - **Platform**: macOS
+ - **Profile type**: Templates
+ - **Template name**: Endpoint protection (Deprecated)
+
+ :::image type="content" source="./media/encrypt-devices-filevault/select-macos-filevault-dc.png" alt-text="Screen shot that displays the the Endpoint protection profile.":::
+
+4. On the **Basics** page, enter the following properties:
+
+ - **Name**: Enter a descriptive name for the policy. Name your policies so you can easily identify them later. For example, a good policy name might include the profile type and platform.
+
+ - **Description**: Enter a description for the policy. This setting is optional, but recommended.
+
+5. On the **Configuration settings** page, select **FileVault** to expand the available settings:
+
+ :::image type="content" source="./media/encrypt-devices-filevault/filevault-settings.png" alt-text="Screen shot that displays FileVault settings.":::
+
+6. Configure the following settings:
+
+ - For *Enable FileVault*, select **Yes**.
+
+ - For *Recovery key type*, select **Personal key**.
+
+ - For *Escrow location description of personal recovery key*, add a message to help guide users on [how to retrieve the recovery key](#retrieve-a-personal-recovery-key) for their device. This information can be useful for your users when you use the setting for Personal recovery key rotation, which can automatically generate a new recovery key for a device periodically.
+
+ For example: To retrieve a lost or recently rotated recovery key, sign in to the Intune Company Portal website from any device. In the portal, go to *Devices* and select the device that has FileVault enabled, and then select *Get recovery key*. The current recovery key is displayed.
+
+ Configure the remaining [FileVault settings](endpoint-protection-macos.md#filevault) to meet your business needs, and then select **Next**.
+
+7. If applicable, on the **Scope (Tags)** page, choose **Select scope tags** to open the Select tags pane to assign scope tags to the profile.
+
+ Select **Next** to continue.
+
+8. On the **Assignments** page, select groups to receive this profile. For more information on assigning profiles, see Assign user and device profiles.
+Select **Next**.
+
+9. On the **Review + create** page, when you're done, choose **Create**. The new profile is displayed in the list when you select the policy type for the profile you created.
+
## Manage FileVault
To view information about devices that receive FileVault policy, see [Monitor disk encryption](../protect/encryption-monitor.md).
@@ -224,7 +225,7 @@ Intune can’t manage FileVault disk encryption on a macOS device that is encryp
- [Upload a personal recovery key to Intune](#upload-a-personal-recovery-key) – Use this method when the user knows their personal recovery key.
- [The user generates a new recovery key on the device](#generate-a-new-recovery-key-on-the-device) – Use this method if the personal recovery key isn’t known by the user.
-Both methods require that the device has active policy from Intune that manages FileVault encryption. To deliver this policy, you can use an [endpoint security disk encryption profile](#create-endpoint-security-policy-for-filevault), or a [device configuration endpoint protection profile](#create-device-configuration-policy-for-filevault) to encrypt devices with FileVault.
+Both methods require that the device has active policy from Intune that manages FileVault encryption. To deliver this policy, use an [endpoint security disk encryption profile](#create-endpoint-security-policy-for-filevault).
#### Upload a personal recovery key
@@ -238,7 +239,7 @@ Upon upload, Intune rotates the key to create a new personal recovery key. Intun
Before Intune can assume management of encryption of a user-encrypted device, that device must receive an Intune FileVault policy for disk encryption.
- Use either an [endpoint security disk encryption profile](#create-endpoint-security-policy-for-filevault), or a [device configuration endpoint protection profile](#create-device-configuration-policy-for-filevault) to encrypt devices with FileVault.
+ Use an [endpoint security disk encryption profile](#create-endpoint-security-policy-for-filevault), to encrypt devices with FileVault.
- **The user who encrypted the device must have access to their personal recovery key for the device and be directed to upload it to Intune.**
@@ -271,7 +272,7 @@ To enable Intune to manage FileVault on a previously encrypted device, the user
Before Intune can assume management of encryption of a user-encrypted device, that device must receive an Intune FileVault policy for disk encryption.
- Use either an [endpoint security disk encryption profile](#create-endpoint-security-policy-for-filevault), or a [device configuration endpoint protection profile](#create-device-configuration-policy-for-filevault) to encrypt devices with FileVault.
+ Use an [endpoint security disk encryption profile](#create-endpoint-security-policy-for-filevault) to encrypt devices with FileVault.
- **The device user must have access to the Terminal app on the encrypted device.**
diff --git a/memdocs/intune/protect/endpoint-protection-macos.md b/memdocs/intune/protect/endpoint-protection-macos.md
index 6363abf7bfc..3f6f0889110 100644
--- a/memdocs/intune/protect/endpoint-protection-macos.md
+++ b/memdocs/intune/protect/endpoint-protection-macos.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 08/15/2022
+ms.date: 10/25/2024
ms.topic: reference
ms.service: microsoft-intune
ms.subservice: protect
@@ -32,7 +32,9 @@ ms.collection:
# macOS endpoint protection settings in Intune
> [!IMPORTANT]
-> The macOS endpoint protection template has been deprecated. Existing policies remain unchanged, but you can no longer create new policies using this template. We recommend using the settings catalog to create new configuration policies for FileVault, Firewall, and System Policy Control (Gatekeeper) payloads. For more information, see [macOS settings catalog](../configuration/settings-catalog.md).
+> The macOS endpoint protection template has been deprecated. Existing policies remain unchanged, but you can no longer create new policies using this template. > Instead, use one of the following options:
+> - Use Endpoint security policies like [disk encryption](../protect/endpoint-security-disk-encryption-policy.md) for Filevault, or [Firewall](../protect/endpoint-security-firewall-policy.md) policy.
+> - Use the Settings catalog to create new configuration policies for FileVault, Firewall, and System Policy Control (Gatekeeper) payloads. For more information, see [macOS settings catalog](../configuration/settings-catalog.md).
This article shows you the endpoint protection settings that you can configure for devices that run macOS. You configure these settings by using a macOS device configuration profile for [endpoint protection](endpoint-protection-configure.md) in Intune.
diff --git a/memdocs/intune/protect/media/encrypt-devices-filevault/select-macos-filevault-dc.png b/memdocs/intune/protect/media/encrypt-devices-filevault/select-macos-filevault-dc.png
index 508706d6685..5ed1319e5ad 100644
Binary files a/memdocs/intune/protect/media/encrypt-devices-filevault/select-macos-filevault-dc.png and b/memdocs/intune/protect/media/encrypt-devices-filevault/select-macos-filevault-dc.png differ
diff --git a/memdocs/intune/protect/microsoft-tunnel-prerequisites.md b/memdocs/intune/protect/microsoft-tunnel-prerequisites.md
index 78756e9d0bd..72936ff4236 100644
--- a/memdocs/intune/protect/microsoft-tunnel-prerequisites.md
+++ b/memdocs/intune/protect/microsoft-tunnel-prerequisites.md
@@ -5,7 +5,7 @@ keywords:
author: brenduns
ms.author: brenduns
manager: dougeby
-ms.date: 09/06/2024
+ms.date: 10/24/2024
ms.topic: how-to
ms.service: microsoft-intune
ms.subservice: protect
@@ -34,6 +34,8 @@ At a high level, the Microsoft Tunnel requires:
- An Azure subscription.
- A *Microsoft Intune Plan 1* subscription.
+ > [!NOTE]
+ > This prerequisite is for *Microsoft Tunnel*, and does not include [Microsoft Tunnel for Mobile Application Management](../protect/microsoft-tunnel-mam.md), which is an [Intune add-on](../fundamentals/intune-add-ons.md) that requires a *Microsoft Intune Plan 2* subscription.
- A Linux server that runs containers. The server can be on-premises or in the cloud, and supports one of the following container types:
- **Podman** for Red Hat Enterprise Linux (RHEL). See the [Linux server](#linux-server) requirements.
- **Docker** for all other Linux distributions.
@@ -48,7 +50,6 @@ The following sections detail the prerequisites for the Microsoft Tunnel, and pr
> [!NOTE]
> Tunnel and Global Secure Access (GSA) cannot be use simultaneously on the same device.
-
## Linux server
Set up a Linux based virtual machine or a physical server on which to install the Microsoft Tunnel Gateway.
@@ -111,7 +112,7 @@ Set up a Linux based virtual machine or a physical server on which to install th
- [Install Podman on Red Hat Enterprise Linux 8.4 and later (scroll down to RHEL8)](https://podman.io/get-started).
- These versions of RHEL don't support Docker. Instead, these versions use Podman, and *podman* is part of a module called "container-tools". In this context, a module is a set of RPM packages that represent a component and that usually install together. A typical module contains packages with an application, packages with the application-specific dependency libraries, packages with documentation for the application, and packages with helper utilities. For more information, see [Introduction to modules](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_managing_and_removing_user-space_components/introduction-to-modules_using-appstream) in the Red Hat documentation.
+ These versions of RHEL don't support Docker. Instead, these versions use Podman, and *podman* is part of a module called "container-tools". In this context, a module is a set of RPM packages that represent a component and that usually install together. A typical module contains packages with an application, packages with the application-specific dependency libraries, packages with documentation for the application, and packages with helper utilities. For more information, see [Introduction to modules](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/installing_managing_and_removing_user-space_components/managing-versions-of-appstream-content_using-appstream) in the Red Hat documentation.
> [!NOTE]
>
diff --git a/memdocs/intune/user-help/enroll-windows-10-device.md b/memdocs/intune/user-help/enroll-windows-10-device.md
index bcfd9756c8d..6f547f14c29 100644
--- a/memdocs/intune/user-help/enroll-windows-10-device.md
+++ b/memdocs/intune/user-help/enroll-windows-10-device.md
@@ -98,7 +98,7 @@ For a non-exhaustive list of error messages and resolutions, see [Troubleshoot W
## Support for IT administrators
-If you're an IT administrator and run into problems while enrolling devices, see [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/help/4469913). This article lists common errors, their causes, and steps to resolve them.
+If you're an IT administrator and run into problems while enrolling devices, see [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/device-enrollment/troubleshoot-windows-enrollment-errors). This article lists common errors, their causes, and steps to resolve them.
## Next steps
If you need more help setting up your device or using Company Portal, contact your support person. Sign in to the [Company Portal website](https://go.microsoft.com/fwlink/?linkid=2010980) for your organization's contact information.
diff --git a/windows-365/enterprise/assign-users-as-local-admin.md b/windows-365/enterprise/assign-users-as-local-admin.md
index 4ff38b43105..094e4dc8273 100644
--- a/windows-365/enterprise/assign-users-as-local-admin.md
+++ b/windows-365/enterprise/assign-users-as-local-admin.md
@@ -35,7 +35,7 @@ ms.collection:
The **User settings** page lets IT administrators manage the following settings for the user:
- **Enable local admin**: If enabled, each user in the assigned groups is elevated to a local administrator of each of their own Cloud PCs. These permissions apply at the user level.
-- **Enable users to reset their Cloud PCs**: If enabled, a **Reset** option is shown in the Windows 365 app and portal for users in the assigned groups. Resetting wipes and reprovisions the Cloud PC, deleting all user data and apps.
+- **Enable users to reset their Cloud PCs**: If enabled, a **Reset** option is shown in the Windows App and portal for users in the assigned groups. Resetting wipes and reprovisions the Cloud PC, deleting all user data and apps.
- **Allow user to initiate restore service**: If enabled, each user in the assigned groups can restore their own Cloud PCs to any available backup version.
When managing settings, keep the following points in mind:
diff --git a/windows-365/enterprise/cisco-webex-support.md b/windows-365/enterprise/cisco-webex-support.md
index 072eddc5876..ea522437b13 100644
--- a/windows-365/enterprise/cisco-webex-support.md
+++ b/windows-365/enterprise/cisco-webex-support.md
@@ -45,7 +45,7 @@ To optimize Cisco Webex, you’ll need to:
These instructions don't support connections through a web browser.
-- **Windows 365 app for Windows**
+- **Windows App**
- **Windows Remote Desktop Client**
- **Operating system**: Windows
diff --git a/windows-365/enterprise/partner-integration-scenarios.md b/windows-365/enterprise/partner-integration-scenarios.md
index 04c8f71bcb3..a37893f4727 100644
--- a/windows-365/enterprise/partner-integration-scenarios.md
+++ b/windows-365/enterprise/partner-integration-scenarios.md
@@ -7,7 +7,7 @@ keywords:
author: ErikjeMS
ms.author: erikje
manager: dougeby
-ms.date: 10/09/2024
+ms.date: 10/23/2024
ms.topic: overview
ms.service: windows-365
ms.subservice: windows-365-enterprise
@@ -33,11 +33,11 @@ ms.collection:
The following partner integration scenarios support partner protocols on top of Windows 365, without compromising the simplicity and predictability that Windows 365 delivers.
-| Partner | Supported clients | Gateway service | Connection protocol |
-| --- | --- | --- | --- |
-| Citrix | Citrix Workspace web client
Citrix Workspace desktop clients for supported platforms | Citrix Cloud Gateway Service | Citrix HDX |
-| HP | HP Anyware web client
HP Anyware desktop clients for supported platforms | HP Anyware Cloud Gateway Service | HP Anyware |
-| Omnissa | Omnissa Workspace ONE web client
Omnissa ONE desktop clients for supported platforms | Omnissa Cloud Gateway Service | Omnissa Blast |
+| Partner | Supported clients | Gateway service | Connection protocol | Supported service plans |
+| --- | --- | --- | --- | --- |
+| Citrix | Citrix Workspace web client
Citrix Workspace desktop clients for supported platforms | Citrix Cloud Gateway Service | Citrix HDX | Enterprise, Frontline
+| HP | HP Anyware web client
HP Anyware desktop clients for supported platforms | HP Anyware Cloud Gateway Service | HP Anyware | Enterprise |
+| Omnissa | Omnissa Workspace ONE web client
Omnissa ONE desktop clients for supported platforms | Omnissa Cloud Gateway Service | Omnissa Blast | Enterprise |
While scenarios not listed here might still work in customers’ production environment, they aren't supported by Microsoft.
diff --git a/windows-365/enterprise/report-cloud-pc-recommendations.md b/windows-365/enterprise/report-cloud-pc-recommendations.md
index b790a3ed7da..d58276759b9 100644
--- a/windows-365/enterprise/report-cloud-pc-recommendations.md
+++ b/windows-365/enterprise/report-cloud-pc-recommendations.md
@@ -42,11 +42,9 @@ An evolving model analyzes this data to determine whether Cloud PCs are:
- Under-used.
- Sized appropriately.
-The Cloud PC recommendations report is in [public preview](..\public-preview.md).
-
## Use the Cloud PC recommendations report
-To get to the **Cloud PC recommendations** report, sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Reports** > **Cloud PC Overview** > **Cloud PC recommendations (preview)**.
+To get to the **Cloud PC recommendations** report, sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Reports** > **Cloud PC Overview** > **Cloud PC recommendations**.
![Screenshot of Cloud PC recommendation report.](media/report-cloud-pc-recommendations/report-cloud-pc-recommendations.png)
diff --git a/windows-365/enterprise/requirements.md b/windows-365/enterprise/requirements.md
index c0f53e5b779..c5060117ed1 100644
--- a/windows-365/enterprise/requirements.md
+++ b/windows-365/enterprise/requirements.md
@@ -63,7 +63,7 @@ A subscription in Azure Government is required for Windows 365 Government custom
## Microsoft Entra ID and Intune requirements
- A valid and working Intune and Microsoft Entra tenant.
-- Intune device type enrollment restrictions set to Allow Windows (MDM) platform for corporate enrollment.
+- Intune default device type enrollment restrictions must be set to Allow Windows (MDM) platform for corporate enrollment. For more information, see [Device Enrollment Restrictions Limitations](/intune/enrollment/enrollment-restrictions-set#limitations).
- Infrastructure configuration: If you plan on provisioning Microsoft Entra hybrid joined Cloud PCs, you must configure your infrastructure to automatically Microsoft Entra hybrid join any devices that domain join to the on-premises Active Directory. This [configuration lets them be recognized and managed in the cloud](/azure/active-directory/devices/overview).
- Microsoft Entra Domain Services isn't supported because it doesn't support Microsoft Entra hybrid join.
@@ -113,7 +113,7 @@ Windows 365 manages the capacity and availability of underlying Azure resources
- Canada Central
- European Union
- North Europe
- - West Europe (Restricted)
+ - West Europe
- Italy North
- Poland Central
- Sweden Central
diff --git a/windows-365/enterprise/security.md b/windows-365/enterprise/security.md
index 3bfc4398950..f2f46f5b6f3 100644
--- a/windows-365/enterprise/security.md
+++ b/windows-365/enterprise/security.md
@@ -108,7 +108,7 @@ To manage RDP features available to the user during their Cloud PC connection, s
Windows 365 Cloud PCs can be accessed from various operating system platforms and clients available in those platforms.
-- **Windows OS platforms**: Windows 365 can be accessed using Remote Desktop client for Windows and the Windows 365 App. Both these apps receive updates using the Windows Update service. For more information, see [Windows Update security](/windows/deployment/update/windows-update-security).
+- **Windows OS platforms**: Windows 365 can be accessed using Remote Desktop client for Windows and the Windows App. Both these apps receive updates using the Windows Update service. For more information, see [Windows Update security](/windows/deployment/update/windows-update-security).
- **Apple devices (macOS and iOS)**: Remote desktop client apps and their updates are distributed by Apple's app store. For more information about MacOS and iOS security measures, see [Apple Platform Security](https://support.apple.com/en-sg/guide/security/welcome/web).
- **Android platforms**: Android platform apps downloaded from Google play stores conform to the Google play store terms and conditions. For more information, see [Google Play Terms of Service](https://play.google.com/about/play-terms/index.html).
diff --git a/windows-365/enterprise/troubleshoot-windows-365-boot.md b/windows-365/enterprise/troubleshoot-windows-365-boot.md
index a78fd5ff600..48e7ac9b159 100644
--- a/windows-365/enterprise/troubleshoot-windows-365-boot.md
+++ b/windows-365/enterprise/troubleshoot-windows-365-boot.md
@@ -70,7 +70,7 @@ Get-AppxPackage –AllUsers -name *MicrosoftCorporationII*
This command shows all the Microsoft-maintained apps (like QuickAssist, Microsoft Family, and so on) on the physical device. In order for Windows 365 Boot to work correctly, confirm the following versions:
-- Windows 365 app version 1.1.162.0 or later.
+- Windows App version 1.1.162.0 or later.
- Azure Virtual Desktop (HostApp) app version 1.2.4159. or later.
Windows 365 Boot also requires the latest version of Windows 11.
diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md
index 6501698b24d..181933fdf69 100644
--- a/windows-365/enterprise/whats-new.md
+++ b/windows-365/enterprise/whats-new.md
@@ -7,7 +7,7 @@ keywords:
author: ErikjeMS
ms.author: erikje
manager: dougeby
-ms.date: 10/15/2024
+ms.date: 10/23/2024
ms.topic: conceptual
ms.service: windows-365
ms.subservice: windows-365-enterprise
@@ -55,6 +55,16 @@ For more information about public preview items, see [Public preview in Windows
### Windows 365 app
-->
+
+## Week of October 21, 2024
+
+
+### Partners
+
+#### Use Citrix HDX Plus with Windows 365 Frontline
+
+You can now use Citrix HDX Plus with Windows 365 Frontline Cloud PCs.
+
## Week of October 14, 2024
diff --git a/windows-365/enterprise/zoom-support.md b/windows-365/enterprise/zoom-support.md
index 9c6ebba9233..250f83a716f 100644
--- a/windows-365/enterprise/zoom-support.md
+++ b/windows-365/enterprise/zoom-support.md
@@ -40,9 +40,8 @@ To optimize Zoom, you’ll need to install the Zoom VDI Client on the Cloud PC a
## Requirements
-- **Windows 365 app for Windows**\*
- **Windows Remote Desktop Client**\*
-- **Windows 365 app**
+- **Windows App**
- **Operating system**: Windows
\* These don't support connections through a web browser.