From 8ad77b5850dd047993f6dfa7cf8cdc5e17aa009d Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Thu, 22 Aug 2024 09:16:34 -0700 Subject: [PATCH 01/12] freshness review --- windows-365/business/add-user-assign-licenses.md | 2 +- windows-365/enterprise/customer-permissions.md | 2 +- windows-365/enterprise/device-images-convert-generation-2.md | 2 +- windows-365/enterprise/end-of-support.md | 2 +- .../enterprise/provide-localized-windows-experience.md | 2 +- .../enterprise/troubleshoot-azure-network-connection.md | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows-365/business/add-user-assign-licenses.md b/windows-365/business/add-user-assign-licenses.md index 8074ae97295..4cb6db510cc 100644 --- a/windows-365/business/add-user-assign-licenses.md +++ b/windows-365/business/add-user-assign-licenses.md @@ -19,7 +19,7 @@ ms.assetid: #ROBOTS: #audience: -ms.reviewer: +ms.reviewer: nandis ms.suite: ems search.appverid: MET150 #ms.tgt_pltfrm: diff --git a/windows-365/enterprise/customer-permissions.md b/windows-365/enterprise/customer-permissions.md index 3a30db18607..31b69db6332 100644 --- a/windows-365/enterprise/customer-permissions.md +++ b/windows-365/enterprise/customer-permissions.md @@ -19,7 +19,7 @@ ms.assetid: #ROBOTS: #audience: -ms.reviewer: elaineyou +ms.reviewer: ericor ms.suite: ems search.appverid: MET150 #ms.tgt_pltfrm: diff --git a/windows-365/enterprise/device-images-convert-generation-2.md b/windows-365/enterprise/device-images-convert-generation-2.md index 7ea11d75f62..7e821a7b146 100644 --- a/windows-365/enterprise/device-images-convert-generation-2.md +++ b/windows-365/enterprise/device-images-convert-generation-2.md @@ -19,7 +19,7 @@ ms.assetid: #ROBOTS: #audience: -ms.reviewer: chbrinkh +ms.reviewer: evas ms.suite: ems search.appverid: MET150 #ms.tgt_pltfrm: diff --git a/windows-365/enterprise/end-of-support.md b/windows-365/enterprise/end-of-support.md index 924c23346b8..f98c9578e09 100644 --- a/windows-365/enterprise/end-of-support.md +++ b/windows-365/enterprise/end-of-support.md @@ -19,7 +19,7 @@ ms.assetid: #ROBOTS: #audience: -ms.reviewer: naramkri +ms.reviewer: evas ms.suite: ems search.appverid: MET150 #ms.tgt_pltfrm: diff --git a/windows-365/enterprise/provide-localized-windows-experience.md b/windows-365/enterprise/provide-localized-windows-experience.md index abc1bd0784d..fd4eb48077b 100644 --- a/windows-365/enterprise/provide-localized-windows-experience.md +++ b/windows-365/enterprise/provide-localized-windows-experience.md @@ -19,7 +19,7 @@ ms.assetid: #ROBOTS: #audience: -ms.reviewer: chrimo +ms.reviewer: satulim ms.suite: ems search.appverid: MET150 #ms.tgt_pltfrm: diff --git a/windows-365/enterprise/troubleshoot-azure-network-connection.md b/windows-365/enterprise/troubleshoot-azure-network-connection.md index 77dd5e2aa88..8f491982c94 100644 --- a/windows-365/enterprise/troubleshoot-azure-network-connection.md +++ b/windows-365/enterprise/troubleshoot-azure-network-connection.md @@ -7,7 +7,7 @@ keywords: author: ErikjeMS ms.author: erikje manager: dougeby -ms.date: 06/15/2023 +ms.date: 08/22/2024 ms.topic: troubleshooting ms.service: windows-365 ms.subservice: windows-365-enterprise @@ -19,7 +19,7 @@ ms.assetid: #ROBOTS: #audience: -ms.reviewer: mattsha +ms.reviewer: ericor ms.suite: ems search.appverid: MET150 #ms.tgt_pltfrm: From 563722b88a32745d86c84fdd6d267444d8cd511b Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 22 Aug 2024 12:33:23 -0700 Subject: [PATCH 02/12] Retire and redirect Firewall Migration Tool article. --- .openpublishing.redirection.json | 5 +++++ memdocs/intune/toc.yml | 2 -- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f74a4287569..5ceee9a62a5 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2714,6 +2714,11 @@ "source_path": "autopilot/autopilot-faq.yml", "redirect_url": "/autopilot/faq", "redirect_document_id": false + }, + { + "source_path": "memdocs/intune/protect/endpoint-security-firewall-rule-tool.md", + "redirect_url": "/mem/intune/protect/endpoint-security-firewall-policy", + "redirect_document_id": false } ] } \ No newline at end of file diff --git a/memdocs/intune/toc.yml b/memdocs/intune/toc.yml index d7fd5d15633..258112b2c92 100644 --- a/memdocs/intune/toc.yml +++ b/memdocs/intune/toc.yml @@ -667,8 +667,6 @@ items: href: ./protect/mde-security-integration.md - name: Manage endpoint security policies in Microsoft Defender href: /defender-endpoint/manage-security-policies?toc=/mem/intune/toc.json&bc=/mem/breadcrumb/toc.json - - name: Firewall rule migration - href: ./protect/endpoint-security-firewall-rule-tool.md - name: Tenant attach href: ./protect/tenant-attach-intune.md - name: Encrypt disks From 537e5d63563744eb1ace529863b9591123a6fcb1 Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 22 Aug 2024 12:38:38 -0700 Subject: [PATCH 03/12] Delete the file --- .../endpoint-security-firewall-rule-tool.md | 41 ------------------- 1 file changed, 41 deletions(-) delete mode 100644 memdocs/intune/protect/endpoint-security-firewall-rule-tool.md diff --git a/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md b/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md deleted file mode 100644 index d98be6d111d..00000000000 --- a/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -# required metadata - -title: Endpoint security firewall rule migration tool for Microsoft Intune -description: Learn about the endpoint security firewall rule migration tool for Microsoft Intune. -keywords: -author: brenduns -ms.author: brenduns -manager: dougeby -ms.date: 06/07/2024 -ms.topic: overview -ms.service: microsoft-intune -ms.subservice: protect -ms.localizationpriority: high -# optional metadata - -ROBOTS: NOINDEX -#audience: - -ms.suite: ems -search.appverid: MET150 -#ms.tgt_pltfrm: -ms.custom: intune-azure -ms.collection: -- tier3 -- M365-identity-device-management -- ContentEnagagementFY24 -- sub-secure-endpoints - -ms.reviewer: ---- - -# Endpoint security firewall rule migration tool overview - -> [!IMPORTANT] -> -> In June 2024, a change to MSGraph affected the operation of the Intune endpoint security Firewall Rule migration tool. With this change, the tool is unable to successfully create new firewall rule profiles and is therefore no longer supported or offered for download. Compounding the issue, the tool was capable of creating profiles for only the *Windows 10 and later* platform, a platform that has deprecated and [replaced by a new platform for firewall rule profiles](../protect/endpoint-security-firewall-policy.md) that supports the current Intune settings format. -> ->The challenges affecting the tool are not issues that can be resolved in the short term. -> -> We are evaluating options to offer a new tool for firewall rule migration. However, it is not yet known if or when a new tool could be available. Should we be able to provide a new tool, we will announce its availability in the [What’s New in Microsoft Intune](../fundamentals/whats-new.md) article at that time. From 4383be21658cbbf39b8f2a9c27d4b2aabf67550b Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 22 Aug 2024 16:49:52 -0400 Subject: [PATCH 04/12] changes --- .../configuration/platform-sso-macos.md | 82 +++++++++++++------ .../preference-file-settings-macos.md | 15 ++-- 2 files changed, 64 insertions(+), 33 deletions(-) diff --git a/memdocs/intune/configuration/platform-sso-macos.md b/memdocs/intune/configuration/platform-sso-macos.md index f5194008227..c02725b7265 100644 --- a/memdocs/intune/configuration/platform-sso-macos.md +++ b/memdocs/intune/configuration/platform-sso-macos.md @@ -7,7 +7,7 @@ keywords: author: MandiOhlinger ms.author: mandia manager: dougeby -ms.date: 08/21/2024 +ms.date: 08/22/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: configuration @@ -38,7 +38,7 @@ This article applies to: - macOS -The [Microsoft Enterprise SSO plug-in](/entra/identity-platform/apple-sso-plugin) in Microsoft Entra ID includes two SSO features - **Platform SSO** and the **SSO app extension**. This article focuses on configuring [Platform SSO with Entra ID](/entra/identity/devices/macos-psso) for macOS devices which is in preview. +The [Microsoft Enterprise SSO plug-in](/entra/identity-platform/apple-sso-plugin) in Microsoft Entra ID includes two SSO features - **Platform SSO** and the **SSO app extension**. This article focuses on configuring [Platform SSO with Microsoft Entra ID](/entra/identity/devices/macos-psso) for macOS devices (public preview). Some benefits of Platform SSO include: @@ -59,12 +59,25 @@ This article shows you how to configure Platform SSO for macOS devices in Intune ## Prerequisites - Devices must be running macOS 13.0 and newer. -- Microsoft Intune [Company Portal app](../apps/apps-company-portal-macos.md) version **5.2404.0** and newer is required. This version includes Platform SSO. -- Supported web browsers include: + +- Microsoft Intune [Company Portal app](../apps/apps-company-portal-macos.md) version **5.2404.0** and newer is required on the devices. This version includes Platform SSO. + +- The following web browsers support Platform SSO: + - Microsoft Edge - - Google Chrome with the [Microsoft Single Sign On extension](https://chromewebstore.google.com/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji). You can deploy this extension using [Chrome Enterprise policy - ExtensionInstallForcelist](https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist) (opens Google's web site) in the settings catalog. + - Google Chrome with the [Microsoft Single Sign On extension](https://chromewebstore.google.com/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji) + + Using an [Intune preference file (.plist) policy](preference-file-settings-macos.md), you can force this extension to install. In your `.plist` file, you need some of the information at [Chrome Enterprise policy - ExtensionInstallForcelist](https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist) (opens Google's web site). + + > ![WARNING] + > There are sample `.plist` files at [ManagedPreferencesApplications examples on GitHub](https://github.com/ProfileCreator/ProfileManifests/tree/master/Manifests/ManagedPreferencesApplications). This GitHub repository is not owned, not maintained, and not created by Microsoft. Use the information at your own risk. + - Safari -- To create the Intune policy, at a minimum, sign in with an account that has the following Intune permissions: + + You can use Intune to add web browser apps, including [package (`.pkg`)](../apps/lob-apps-macos.md) and [disk image (`.dmg`)](../apps/lob-apps-macos-dmg.md) files, and deploy the app to your macOS devices. To get started, go to [Add apps to Microsoft Intune](../apps/apps-add.md). + +- Platform SSO uses the Intune settings catalog to configure the required settings. To create the settings catalog policy, at a minimum, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) with an account that has the following Intune permissions: + - Device Configuration **Read**, **Create**, **Update**, and **Assign** permissions There are some built-in roles that have these permissions, including the **Policy and Profile Manager** Intune RBAC role. For more information on RBAC roles in Intune, go to [Role-based access control (RBAC) with Microsoft Intune](../fundamentals/role-based-access-control.md). @@ -149,9 +162,12 @@ For more information, go to [Microsoft Entra certificate-based authentication on ## Step 2 - Create the Platform SSO policy in Intune -To configure the Platform SSO policy, use the following steps to create an [Intune settings catalog](settings-catalog.md) policy. These settings are required by the Microsoft Enterprise SSO plug-in. For more information, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin). +To configure the Platform SSO policy, use the following steps to create an [Intune settings catalog](settings-catalog.md) policy. The Microsoft Enterprise SSO plug-in requires the settings listed. + +- To learn more about the plug-in, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin). +- For details about the payload settings for the Extensible Single Sign-on extension, go to [Extensible Single Sign-on MDM payload settings for Apple devices](https://support.apple.com/guide/deployment/depfd9cdf845/web) (opens Apple's web site). -For details about the payload settings for the Extensible Single Sign-on extension, go to [Extensible Single Sign-on MDM payload settings for Apple devices](https://support.apple.com/guide/deployment/depfd9cdf845/web) (opens Apple's web site). +**Create the policy**: 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Select **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy**. @@ -190,7 +206,7 @@ For details about the payload settings for the Extensible Single Sign-on extensi > [!TIP] > There are more Platform SSO settings you can configure in the policy: > - > - [Settings for non-Microsoft apps and Microsoft Enterprise SSO Extension](#settings-for-non-microsoft-apps-and-microsoft-enterprise-sso-extension) (in this article) + > - [Non-Microsoft apps and Microsoft Enterprise SSO Extension settings](#non-microsoft-apps-and-microsoft-enterprise-sso-extension-settings) (in this article) > - [End user experience settings](#end-user-experience-settings) (in this article) 8. Configure the following required settings: @@ -198,16 +214,16 @@ For details about the payload settings for the Extensible Single Sign-on extensi | Name | Configuration value | Description | |---|---|---| | **Authentication Method (Deprecated)**
(macOS 13 only) | **Password** or **UserSecureEnclave** | Select the Platform SSO authentication method that you chose in [Step 1 - Decide the authentication method](#step-1---decide-the-authentication-method) (in this article).

This setting applies to macOS 13 only. For macOS 14.0 and later, use the **Platform SSO** > **Authentication Method** setting.| - | **Extension Identifier** | `com.microsoft.CompanyPortalMac.ssoextension` | This ID is the SSO app extension that the profile needs for SSO to work.

The **Extension Identifier** and **Team Identifier** values work together. | - | **Platform SSO** > **Authentication Method**
(macOS 14+) | **Password**, **UserSecureEnclave** or **SmartCard** | Select the Platform SSO authentication method that you chose in [Step 1 - Decide the authentication method](#step-1---decide-the-authentication-method) (in this article).

This setting applies to macOS 14 and later. For macOS 13, use the **Authentication Method (Deprecated)** setting. | + | **Extension Identifier** | `com.microsoft.CompanyPortalMac.ssoextension` | Copy and paste this value in the setting.

This ID is the SSO app extension that the profile needs for SSO to work.

The **Extension Identifier** and **Team Identifier** values work together. | + | **Platform SSO** > **Authentication Method**
(macOS 14+) | **Password**, **UserSecureEnclave**, or **SmartCard** | Select the Platform SSO authentication method that you chose in [Step 1 - Decide the authentication method](#step-1---decide-the-authentication-method) (in this article).

This setting applies to macOS 14 and later. For macOS 13, use the **Authentication Method (Deprecated)** setting. | | **Platform SSO** > **Use Shared Device Keys**
(macOS 14+) | **Enabled** | When enabled, Platform SSO uses the same signing and encryption keys for all users on the same device.

Users upgrading from macOS 13.x to 14.x are prompted to register again. | - | **Registration token** | `{{DEVICEREGISTRATION}}` | You must include the curly braces. For more information on this registration token, go to [Configure Microsoft Entra device registration](/entra/identity-platform/apple-sso-plugin#configure-microsoft-entra-device-registration).

This setting requires that you also configure the `AuthenticationMethod` setting.

- If you use only macOS 13 devices, then configure the **Authentication Method (Deprecated)** setting.
- If you use only macOS 14+ devices, then configure the **Platform SSO** > **Authentication Method** setting.
- If you have a mix of macOS 13 and macOS 14+ devices, then configure both authentication settings in the same profile. | + | **Registration token** | `{{DEVICEREGISTRATION}}` | Copy and paste this value in the setting. You must include the curly braces.

To learn more about this registration token, go to [Configure Microsoft Entra device registration](/entra/identity-platform/apple-sso-plugin#configure-microsoft-entra-device-registration).

This setting requires that you also configure the `AuthenticationMethod` setting.

- If you use only macOS 13 devices, then configure the **Authentication Method (Deprecated)** setting.
- If you use only macOS 14+ devices, then configure the **Platform SSO** > **Authentication Method** setting.
- If you have a mix of macOS 13 and macOS 14+ devices, then configure both authentication settings in the same profile. | | **Screen Locked Behavior** | **Do Not Handle** | When set to **Do Not Handle**, the request continues without SSO. | - | **Token To User Mapping** > **Account Name** | `preferred_username` | This token specifies that the Entra [`preferred_username`](/entra/identity-platform/id-token-claims-reference#payload-claims) attribute value is used for the macOS account's Account Name value. | - | **Token To User Mapping** > **Full Name** | `name` | This token specifies that the Entra [`name`](/entra/identity-platform/id-token-claims-reference#payload-claims) claim is used for the macOS account's Full Name value. | - | **Team Identifier** | `UBF8T346G9` | This identifier is the team identifier of the Enterprise SSO plug-in app extension. | + | **Token To User Mapping** > **Account Name** | `preferred_username` | Copy and paste this value in the setting.

This token specifies that the Entra [`preferred_username`](/entra/identity-platform/id-token-claims-reference#payload-claims) attribute value is used for the macOS account's Account Name value. | + | **Token To User Mapping** > **Full Name** | `name` | Copy and paste this value in the setting.

This token specifies that the Entra [`name`](/entra/identity-platform/id-token-claims-reference#payload-claims) claim is used for the macOS account's Full Name value. | + | **Team Identifier** | `UBF8T346G9` | Copy and paste this value in the setting.

This identifier is the team identifier of the Enterprise SSO plug-in app extension. | | **Type** | Redirect | | - | **URLs** | Enter all the following URLs:

`https://login.microsoftonline.com`
`https://login.microsoft.com`
`https://sts.windows.net`

If your environment needs to allow sovereign cloud domains, then also add the following URLs:

`https://login.partner.microsoftonline.cn`
`https://login.chinacloudapi.cn`
`https://login.microsoftonline.us`
`https://login-us.microsoftonline.com` | These URL prefixes are the identity providers that do SSO app extensions. The URLs are required for **redirect** payloads and are ignored for **credential** payloads.

For more information on these URLs, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin). | + | **URLs** | Copy and paste all the following URLs:

`https://login.microsoftonline.com`
`https://login.microsoft.com`
`https://sts.windows.net`

If your environment needs to allow sovereign cloud domains, like Azure Government or Azure China 21Vianet, then also add the following URLs:

`https://login.partner.microsoftonline.cn`
`https://login.chinacloudapi.cn`
`https://login.microsoftonline.us`
`https://login-us.microsoftonline.com` | These URL prefixes are the identity providers that do SSO app extensions. The URLs are required for **redirect** payloads and are ignored for **credential** payloads.

For more information on these URLs, go to [Microsoft Enterprise SSO plug-in for Apple devices](/entra/identity-platform/apple-sso-plugin). | > [!IMPORTANT] > If you have a mix of macOS 13 and macOS 14+ devices in your environment, then configure the **Platform SSO** > **Authentication Method** and the **Authentication Method (Deprecated)** authentication settings in the same profile. @@ -237,12 +253,12 @@ The Company Portal app for macOS deploys and installs the Microsoft Enterprise S Using Intune, you can add the Company Portal app and deploy it as a required app to your macOS devices: -- For the steps, go to [Add the Company Portal app for macOS](../apps/apps-company-portal-macos.md). -- Optional. Configure the Company Portal app to include your organization information. For the steps, go to [How to configure the Intune Company Portal apps, Company Portal website, and Intune app](../apps/company-portal-app.md). +- [Add the Company Portal app for macOS](../apps/apps-company-portal-macos.md) lists the steps. +- Configure the Company Portal app to include your organization information (Optional). For the steps, go to [How to configure the Intune Company Portal apps, Company Portal website, and Intune app](../apps/company-portal-app.md). There aren't any specific steps to configure the app for Platform SSO. Just make sure the latest Company Portal app is added to Intune and deployed to your macOS devices. -If you have an older version of the Company Portal app installed, then Platform SSO won't work. +If you have an older version of the Company Portal app installed, then Platform SSO fails. ## Step 4 - Enroll the devices and apply the policies @@ -265,7 +281,7 @@ When the device receives the policy, there's a **Registration required** notific :::image type="content" border="false" source="./media/platform-sso-macos/platform-sso-macos-registration-required.png" alt-text="Screenshot that shows the registration required prompt on end user devices when you configure Platform SSO in Microsoft Intune."::: -- End users select this notification, sign in to the Microsoft Entra ID plug-in with their organization account, and complete multifactor authentication (MFA) if required. +- End users select this notification, sign in to the Microsoft Entra ID plug-in with their organization account, and complete multifactor authentication (MFA), if required. > [!NOTE] > MFA is a feature of Microsoft Entra. Make sure MFA is enabled in your tenant. For more information, including any other app requirements, go to [Microsoft Entra multifactor authentication](/entra/identity/authentication/concept-mfa-howitworks). @@ -291,7 +307,7 @@ After you confirm that your settings catalog policy is working, unassign any exi If you keep both policies, conflicts can occur. -## Settings for non-Microsoft apps and Microsoft Enterprise SSO Extension +## Non-Microsoft apps and Microsoft Enterprise SSO Extension settings If you previously used the Microsoft Enterprise SSO Extension, and/or want to enable SSO on non-Microsoft apps, then add the **Extension Data** setting to your existing Platform SSO settings catalog policy. @@ -310,21 +326,21 @@ The following settings are commonly recommended for configuring SSO settings, in 1. In your existing Platform SSO settings catalog policy, add **Extension Data**: - 1. In the Intune admin center (**Devices** > **Manage devices** > **Configuration**), select your existing Platform SSO settings catalog policy. - 2. In **Configuration settings**, select **Edit** > **Add settings**. + 1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) (**Devices** > **Manage devices** > **Configuration**), select your existing Platform SSO settings catalog policy. + 2. In **Properties** > **Configuration settings**, select **Edit** > **Add settings**. 3. In the settings picker, expand **Authentication**, and select **Extensible Single Sign On (SSO)**: :::image type="content" source="./media/platform-sso-macos/settings-picker-authentication-extensible-sso.png" alt-text="Screenshot that shows the Settings Catalog settings picker, and selecting authentication and extensible SSO category in Microsoft Intune."::: 4. In the list, select **Extension Data** and close the settings picker: - :::image type="content" source="./media/platform-sso-macos/settings-picker-authentication-extensible-sso-extension-data.png" alt-text="Screenshot that shows the Settings Catalog settings picker, and selecting authentication and extensible SSO category in Microsoft Intune, specifically Extension Data."::: + :::image type="content" source="./media/platform-sso-macos/settings-picker-authentication-extensible-sso-extension-data.png" alt-text="Screenshot that shows the Settings Catalog settings picker, and selecting authentication and Extension Data in Microsoft Intune."::: -2. In **Extension Data**, **Add** the following keys and values: +2. In **Extension Data**, **Add** the following keys and values: | Key | Type | Value | Description | | --- | --- | --- | --- | - | **AppPrefixAllowList** | String | `com.microsoft.,com.apple.` | **AppPrefixAllowList** lets you create a list of app vendors with apps that can use SSO. You can add more app vendors to this list as needed. | + | **AppPrefixAllowList** | String | `com.microsoft.,com.apple.` | Copy and paste this value in the setting.

**AppPrefixAllowList** lets you create a list of app vendors with apps that can use SSO. You can add more app vendors to this list as needed. | | **browser_sso_interaction_enabled** | Integer | `1` | Configures a recommended broker setting. | | **disable_explicit_app_prompt** | Integer | `1` | Configures a recommended broker setting. | @@ -343,10 +359,22 @@ The following settings let you customize the end-user experience and give more g | Platform SSO settings | Possible values | Usage | | --- | --- | --- | | **Account Display Name** | Any string value. | Customize the organization name end users see in the Platform SSO notifications. | -| **Enable Create User At Login** | **Enable** or **Disable**. | Allow any organizational user to sign in to the device using their Microsoft Entra credentials. When creating new local accounts, the provided username and password must be the same as the user's Entra ID UPN (e.g., `user@contoso.com`) and password.| +| **Enable Create User At Login** | **Enable** or **Disable**. | Allow any organizational user to sign in to the device using their Microsoft Entra credentials. When you create new local accounts, the provided username and password must be the same as the user's Microsoft Entra ID UPN (`user@contoso.com`) and password.| | **New User Authorization Mode** | **Standard**, **Admin**, or **Groups** | One-time permissions the user has at sign-in when the account is created using Platform SSO. Currently, **Standard** and **Admin** values are supported. At least one **Admin** user is required on the device before **Standard** mode can be used.| | **User Authorization Mode** | **Standard**, **Admin**, or **Groups** | Persistent permissions the user has at sign-in each time the user authenticates using Platform SSO. Currently, **Standard** and **Admin** values are supported. At least one **Admin** user is required on the device before **Standard** mode can be used.| +## Other MDMs + +You can configure Platform SSO with other mobile device management services (MDMs), if that MDM supports Platform SSO. When using another MDM service, use the following guidance: + +- The settings listed in this article are the Microsoft-recommended settings you should configure. You can copy/paste the setting values from this article in your MDM service policy. + + The configuration steps in your MDM service can be different. We recommend you work with your MDM service vendor to correctly configure and deploy these Platform SSO settings. + +- Device registration with Platform SSO is more secure and uses hardware-bound device certificates. These changes can affect some MDM flows, like integration with [device compliance partners](../protect/device-compliance-partners.md). + + You should talk to your MDM service vendor to understand if the MDM tested Platform SSO, certified that their software works properly with Platform SSO, and is ready to support customers using Platform SSO. + ## Common errors When you configure Platform SSO, you might see the following errors: diff --git a/memdocs/intune/configuration/preference-file-settings-macos.md b/memdocs/intune/configuration/preference-file-settings-macos.md index 7ce27f74787..11a7bc9465a 100644 --- a/memdocs/intune/configuration/preference-file-settings-macos.md +++ b/memdocs/intune/configuration/preference-file-settings-macos.md @@ -8,7 +8,7 @@ keywords: preference file, property list file, plist, macOS, microsoft intune, e author: MandiOhlinger ms.author: mandia manager: dougeby -ms.date: 01/16/2024 +ms.date: 08/22/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: configuration @@ -37,7 +37,10 @@ This feature applies to: Property list files, also called preference files, include information about your macOS apps. You define app properties or settings that you want to preconfigure. When the file is ready, you can use Intune to deploy the file to your devices and configure the app settings in your file. -Property list files are typically used for web browsers, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac), and custom apps. +Property list files are typically used for web browsers, like Google Chrome, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac), and custom apps. + +> ![WARNING] +> There are sample `.plist` files at [ManagedPreferencesApplications examples on GitHub](https://github.com/ProfileCreator/ProfileManifests/tree/master/Manifests/ManagedPreferencesApplications). This GitHub repository is not owned, not maintained, and not created by Microsoft. Use the information at your own risk. > [!TIP] > For Microsoft Edge version 77 and newer, you can use the settings catalog. You don't have to use a preference file. For more information, go to [Settings catalog](settings-catalog.md). @@ -55,16 +58,16 @@ These settings are added to a device configuration profile in Intune, and then a ## What you need to know -- These settings aren't validated. Test your changes before assigning the profile to your devices. -- If you're not sure how to enter an app key, change the setting within the app. Then, review the app's preference file using [Xcode](https://developer.apple.com/xcode/) to see how the setting is configured. +- Test your changes before assigning the profile to your devices. Intune doesn't validate the settings in the property list file. +- Review the app's preference file using [Xcode](https://developer.apple.com/xcode/) to see how the setting is configured. If you're not sure how to enter an app key, change the setting within the app. Then, review the app's preference file using [Xcode](https://developer.apple.com/xcode/). Apple recommends removing nonmanageable settings using Xcode before importing the file. - Only some apps work with managed preferences, and might not allow you to manage all settings. - Be sure you upload property list files that target device channel settings, not user channel settings. Property list files target the entire device. -- If you're configuring the Microsoft Edge version 77 and newer app, then use the [Settings catalog](settings-catalog.md). For a list of the settings you can configure, go to [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies) (opens another Microsoft website). +- Use the [Settings catalog](settings-catalog.md) to configure Microsoft Edge version 77 and newer. For a list of the settings you can configure, go to [Microsoft Edge - Policies](/DeployEdge/microsoft-edge-policies) (opens another Microsoft website). - Be sure macOS is listed as a supported platform. If some settings aren't available in the settings catalog, then it's recommended to continue using the preference file. + Be sure macOS is listed as a supported platform. If some settings aren't available in the settings catalog, then use the preference file. ## Create the profile From 8a7435817232dce9262eefe89115a085522a7deb Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 22 Aug 2024 14:04:01 -0700 Subject: [PATCH 05/12] Monitor security baselines - fresheness check --- .../intune/protect/security-baselines-monitor.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/memdocs/intune/protect/security-baselines-monitor.md b/memdocs/intune/protect/security-baselines-monitor.md index 9358b2cdccc..9884caaf3bc 100644 --- a/memdocs/intune/protect/security-baselines-monitor.md +++ b/memdocs/intune/protect/security-baselines-monitor.md @@ -1,18 +1,18 @@ --- # required metadata -title: Check for the success or failure of security baselines in Microsoft Intune -description: Monitor the device and per-setting results of security baselines you deploy with Microsoft Intune, and identify when multiple baselines that apply to the same device result in conflicts. +title: Monitor security baselines deployed by Microsoft Intune +description: Monitor device and per-setting results of security baselines you deploy with Microsoft Intune, and identify conflicts for devices. keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 10/09/2023 +ms.date: 08/22/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: protect ms.localizationpriority: high -ms.assetid: +ms.assetid: # optional metadata @@ -55,7 +55,7 @@ For more information about the feature, see [Security baselines in Intune](secur > > The following information applies to profile versions released in May 2023 or later. To view information for profile versions released prior to May 2023, see [Monitor profiles for baseline versions released before May 2023](#monitor-profiles-for-baseline-versions-released-before-may-2023), later in this article. -When you select a security baseline profile that you’ve deployed, you can gain insights into the security state of devices that received that baseline. To view these insights, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Security baselines** and select a security baseline type like the *Microsoft 365 Apps for Enterprise Security Baseline*. Then, from the *Profiles* pane, select the profile instance for which you want to view details to open the profiles dashboard view. +When you select a security baseline profile that you've deployed, you can gain insights into the security state of devices that received that baseline. To view these insights, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Endpoint security** > **Security baselines** and select a security baseline type like the *Microsoft 365 Apps for Enterprise Security Baseline*. Then, from the *Profiles* pane, select the profile instance for which you want to view details to open the profiles dashboard view. :::image type="content" source="./media/security-baselines-monitor/view-baseline-policy-details.png" alt-text="View the dashboard for a security baseline profile."::: @@ -84,7 +84,7 @@ You can filter this report view for specific *Assignment status* values, and the If you select the name of a device from the *Device name* column, Intune displays the *Profile Settings* view where you can view that devices status results for each setting in the security baseline. Next, from the Profile Settings page, you can select a setting to view more details, which is useful when a device reports a result for any setting other than *Succeeded*. -In the following image, we have drilled in on EAGLE003, the only device to show success for the baseline, and then selected the setting *Add-on Management*: +In the following image, we drill in on EAGLE003, the only device to show success for the baseline, and then selected the setting *Add-on Management*: :::image type="content" source="./media/security-baselines-monitor/drill-in-for-setting-details-pane.png" alt-text="View a devices' reported status for each setting in the baseline."::: @@ -92,7 +92,7 @@ On the settings Setting Details pane, we can see each profile that is assigned t For this device, there's only one source profile that manages the Add-on-management setting. If there were other profiles that configured this setting, those profiles would also be listed as a Source Profile. -Should this setting have been in conflict, this view can help you identify the other profiles so you can then reconcile a consistent configuration, or later baseline profile assignments to remove the conflict. +Should this setting be in conflict, this view can help you identify the other profiles so you can then reconcile a consistent configuration, or later baseline profile assignments to remove the conflict. ### Device assignment status report From 445326fd99d0800a57cb2cb47c486487c2ef7a47 Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 22 Aug 2024 14:14:22 -0700 Subject: [PATCH 06/12] Checkpoint Harmony MTD connector - fresheness check --- ...oint-sandblast-mobile-mobile-threat-defense-connector.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md b/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md index 6ec9f1793c7..01fc7edc2a6 100644 --- a/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md +++ b/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md @@ -8,7 +8,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 11/17/2023 +ms.date: 08/22/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: protect @@ -49,12 +49,12 @@ You can configure Conditional Access policies based on Check Point Harmony Mobil - Microsoft Intune Plan 1 subscription -- Check Point Harmony Mobile Threat Defense subscription +- Check Point Harmony Mobile Threat Defense subscription - See the [CheckPoint Harmony website](https://www.checkpoint.com/harmony). ## How do Intune and Check Point Harmony Mobile help protect your company resources? -Check Point Harmony Mobile app for Android and iOS/iPadOS captures file system, network stack, device and application telemetry where available, then sends the telemetry data to the Check Point Harmony cloud service to assess the device's risk for mobile threats. +Check Point Harmony Mobile app for Android and iOS/iPadOS captures file system, network stack, and device and application telemetry where available, then sends the telemetry data to the Check Point Harmony cloud service to assess the device's risk for mobile threats. The Intune device compliance policy includes a rule for Check Point Harmony Mobile Threat Defense, which is based on the Check Point Harmony risk assessment. When this rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the Harmony Mobile Protect app installed in their devices to resolve the issue and regain access to corporate resources. From a6c2b04e60aee596b250274195baf54cac1f59db Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Thu, 22 Aug 2024 17:17:25 -0400 Subject: [PATCH 07/12] tags --- memdocs/intune/configuration/platform-sso-macos.md | 2 +- memdocs/intune/configuration/preference-file-settings-macos.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/intune/configuration/platform-sso-macos.md b/memdocs/intune/configuration/platform-sso-macos.md index 7a2bb086d77..9fd9842f56a 100644 --- a/memdocs/intune/configuration/platform-sso-macos.md +++ b/memdocs/intune/configuration/platform-sso-macos.md @@ -69,7 +69,7 @@ This article shows you how to configure Platform SSO for macOS devices in Intune Using an [Intune preference file (.plist) policy](preference-file-settings-macos.md), you can force this extension to install. In your `.plist` file, you need some of the information at [Chrome Enterprise policy - ExtensionInstallForcelist](https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist) (opens Google's web site). - > ![WARNING] + > [!WARNING] > There are sample `.plist` files at [ManagedPreferencesApplications examples on GitHub](https://github.com/ProfileCreator/ProfileManifests/tree/master/Manifests/ManagedPreferencesApplications). This GitHub repository is not owned, not maintained, and not created by Microsoft. Use the information at your own risk. - Safari diff --git a/memdocs/intune/configuration/preference-file-settings-macos.md b/memdocs/intune/configuration/preference-file-settings-macos.md index 11a7bc9465a..a94a569f899 100644 --- a/memdocs/intune/configuration/preference-file-settings-macos.md +++ b/memdocs/intune/configuration/preference-file-settings-macos.md @@ -39,7 +39,7 @@ Property list files, also called preference files, include information about you Property list files are typically used for web browsers, like Google Chrome, [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-mac), and custom apps. -> ![WARNING] +> [!WARNING] > There are sample `.plist` files at [ManagedPreferencesApplications examples on GitHub](https://github.com/ProfileCreator/ProfileManifests/tree/master/Manifests/ManagedPreferencesApplications). This GitHub repository is not owned, not maintained, and not created by Microsoft. Use the information at your own risk. > [!TIP] From 5e82a09bb5f9adb77d11a8929efefec9517bb321 Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 22 Aug 2024 14:28:45 -0700 Subject: [PATCH 08/12] Configure Web PRotection (MDE) for android devcies - fresheness check --- ...vanced-threat-protection-manage-android.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/memdocs/intune/protect/advanced-threat-protection-manage-android.md b/memdocs/intune/protect/advanced-threat-protection-manage-android.md index a42e045d19d..16b89cd4a5a 100644 --- a/memdocs/intune/protect/advanced-threat-protection-manage-android.md +++ b/memdocs/intune/protect/advanced-threat-protection-manage-android.md @@ -1,13 +1,13 @@ --- # required metadata -title: Configure Defender for Endpoint Web protection on Android devices in Intune - Azure -description: Use Intune policy to manage Microsoft Defender for Endpoint web protection settings on Android devices managed by Microsoft Intune. +title: Configure Defender for Endpoint Web protection on Android devices in Microsoft Intune +description: Use Intune policy to manage Microsoft Defender for Endpoint web protection settings on Android devices managed by Microsoft Intune. keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 10/09/2023 +ms.date: 08/22/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: protect @@ -32,13 +32,13 @@ ms.collection: When you integrate [Microsoft Defender for Endpoint](../protect/advanced-threat-protection-configure.md) with Microsoft Intune, you can use device configuration profiles to modify some Defender for Endpoint settings on Android devices. -By default, Microsoft Defender for Endpoint for Android includes and enables the [Web protection](/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) feature that can help to secure devices against web threats and protect users from phishing attacks. +By default, Microsoft Defender for Endpoint for Android includes and enables the Microsoft Defender for Endpoint [Web protection](/windows/security/threat-protection/microsoft-defender-atp/web-protection-overview) feature that can help to secure devices against web threats and protect users from phishing attacks. -While this protection is enabled by default, there are valid reasons to disable it on some Android devices. For example, you might decide to use only the Defender for Endpoint app scan feature or to prevent web protection from using your VPN while it scans for harmful URLs. +While enabled by default, there are valid reasons to disable it on some Android devices. For example, you might decide to use only the Defender for Endpoint app scan feature or to prevent web protection from using your VPN while it scans for harmful URLs. With Intune device configuration policy, you can turn off all or part of the web protection feature. The method you use and the capabilities you can disable depend on how the Android device is enrolled with Intune: -- **Android device administrator**. Use a configuration profile to set custom OMA-URI settings on the device that disable the entire web protection feature or that disable only the use of VPNs. For general information about custom settings for Android devices, see [Custom settings](../configuration/custom-settings-android.md). +- **Android device administrator**. Use a configuration profile to set custom OMA-URI settings on the device that disable the entire web protection feature or that disable only the use of VPNs. For general information about custom settings for Android devices, see [Use custom settings for Android devices in Microsoft Intune](../configuration/custom-settings-android.md). - **Android Enterprise personally owned work profile**. Use an app configuration profile and the configuration designer to disable web protection. This method and enrollment type support disabling all web protection capabilities but don't support disabling only the use of VPNs. For general information about app configuration policies, see [Use the configuration designer](../apps/app-configuration-policies-use-android.md#use-the-configuration-designer). @@ -80,13 +80,13 @@ To configure web protection on devices, use the following procedures to create a - **Disable only the use of VPN by web protection**: - **Name**: Enter a unique name for this OMA-URI setting so you can find it easily. For example, **Disable Microsoft Defender for Endpoint web protection VPN**. - **Description**: (Optional) Enter a description that provides an overview of the setting and any other important details. - - **OMA-URI**: Enter `./Vendor/MSFT/DefenderATP/Vpn` + - **OMA-URI**: Enter `./Vendor/MSFT/DefenderATP/Vpn` - **Data type**: Select **Integer** in the drop-down list. - **Value**: To disable the VPN-based scan, set *Value* to **0**. To enable the VPN-based scan, enter **1**, which is the default. Select **Add** to save the OMA-URI settings configuration, and then select **Next** to continue. -6. In **Assignments**, specify the groups that will receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md). +6. In **Assignments**, specify the groups that receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md). 7. In **Review + create**, when you're done, select **Create**. The new profile is displayed in the list when you select the policy type for the profile you created. @@ -126,7 +126,7 @@ To configure web protection on devices, use the following procedures to create a Select **Next** to continue. -8. In **Assignments**, specify the groups that will receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md). +8. In **Assignments**, specify the groups that receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md). 9. In **Review + create**, when you're done, select **Create**. The new profile is displayed in the list when you select the policy type for the profile you created. @@ -149,14 +149,14 @@ To configure web protection on devices, use the following procedures to create a Select **Next** to continue. -2. In **Assignments**, specify the groups that will receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md). +2. In **Assignments**, specify the groups that receive the profile. For more information on assigning profiles, see [Assign user and device profiles](../configuration/device-profile-assign.md). 3. In **Review + create**, when you're done, select **Create**. The new profile is displayed in the list when you select the policy type for the profile you created. ## Next steps -- [Monitor compliance for risk levels](../protect/advanced-threat-protection-monitor.md) +- [Monitor device compliance status for risk levels](../protect/advanced-threat-protection-monitor.md) - [Use security tasks with Defender for Endpoints Vulnerability Management to remediate problems on devices](../protect/atp-manage-vulnerabilities.md) - Learn more from the Microsoft Defender for Endpoint documentation: From eef2dd2a319f5f2e19c0c6137957be0cc75182b0 Mon Sep 17 00:00:00 2001 From: brenduns Date: Thu, 22 Aug 2024 14:42:36 -0700 Subject: [PATCH 09/12] CoOnfigure MTD devcie compliance policy - fresheness check --- .../protect/mtd-device-compliance-policy-create.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/memdocs/intune/protect/mtd-device-compliance-policy-create.md b/memdocs/intune/protect/mtd-device-compliance-policy-create.md index 862aa70957f..b01e390470e 100644 --- a/memdocs/intune/protect/mtd-device-compliance-policy-create.md +++ b/memdocs/intune/protect/mtd-device-compliance-policy-create.md @@ -8,7 +8,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 11/01/2023 +ms.date: 08/22/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: protect @@ -52,13 +52,13 @@ With integration complete and the partner policy in place, you can then create I 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -2. Select **Endpoint security** > **Device Compliance** > **Create policy**. +2. Select **Endpoint security** > **Device compliance** > **Create policy**. 3. Select the **Platform**: - For most platforms, the *Profile type* is automatically set. If not automatically set, select the appropriate Profile type. - To continue, select **Create**. -4. On **Basics**, specify a device compliance policy **Name**, and **Description** (optional). Select **Next** to continue. +4. On **Basics**, specify a device compliance policy **Name**, and **Description** (optional). Select **Next** to continue. 5. On **Compliance settings**, expand and configure **Device Health**. Choose a threat-level from the drop-down list for **Require the device to be at or under the Device Threat Level**. @@ -74,7 +74,7 @@ With integration complete and the partner policy in place, you can then create I 6. On the **Actions for noncompliance** tab, specify a sequence of actions to apply automatically to devices that don't meet this compliance policy. - You can add multiple actions and configure schedules and other details for some actions. For example, you might change the schedule of the default action *Mark device noncompliant* to occur after one day. You can then add an action to send an email to the user when the device isn't compliant to warn them of that status. You can also add actions that lock or retire devices that remain noncompliant. + You can add multiple actions and configure schedules and other details for some actions. For example, you might change the schedule of the default action *Mark device noncompliant* to occur after one day. You can then add an action to send an email to the user when the device isn't compliant to warn them of that status. You can also add actions that lock or retire devices that remain noncompliant. For information about the actions you can configure, see [Add actions for noncompliant devices](actions-for-noncompliance.md), including how to create notification emails to send to your users. @@ -88,7 +88,7 @@ With integration complete and the partner policy in place, you can then create I ## Monitoring risk score sent by Mobile Threat Defense partner -Your Mobile Threat Defense partner can send a risk score for each device for which the MTD app is installed. You can view this under **Reports** > **Device compliance** > **Reports** > **Device Compliance**. Make sure **Device threat level** is selected when opening the **Columns** tab, this may require you to hit **Generate** first. +Your Mobile Threat Defense partner can send a risk score for each device for which the MTD app is installed. You can view this under **Reports** > **Device compliance** > **Reports** > **Device Compliance**. Make sure **Device threat level** is selected when opening the **Columns** tab, this may require you to hit **Generate** first. > [!IMPORTANT] > From 00520435a39ae20d03f2a0797edb6b79fca8f853 Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Thu, 22 Aug 2024 14:58:44 -0700 Subject: [PATCH 10/12] n-able parter --- windows-365/media/partners/nable.png | Bin 0 -> 5195 bytes windows-365/partners.md | 15 ++++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 windows-365/media/partners/nable.png diff --git a/windows-365/media/partners/nable.png b/windows-365/media/partners/nable.png new file mode 100644 index 0000000000000000000000000000000000000000..2570add30d75fbab138f76faa80c046637fbde11 GIT binary patch literal 5195 zcmbVQ2|UyP|DPjgIdbKm(M7Yl84AsPR&qo%+prv)ZOm=>iX0(H03R1zyIU+|NkEU-yV<8_I`gp&-e5By0^!!+E^JM;1c5k000L}P2gu4 zpUsTxFb5j|z=VsrY0KDf;!GR~006hZ-o*sClXVCHU|q!6IuIQ!EnrBjk0Jtvbweu# z`rsI706^zdAP#}_LKA^*Xb+69E@+{$1_Z>QbV2rNmQYLFX|yNCBp8oA7i?vV4E925 zp+Kij0(Amm3<4iC5djSJ@%AOa0(C(@d0~w8-faj7_!C0((go@72?8A~ZGfk-cr;K; zQ3;HMLY09UT8apDgu05B`U#*iR9O`QRe>legP|HQRZW<(3h>tp#E`?I++kkHgtM7Ux7iMk+$sek+6gZo44OZXKhM#Lb22pmL75xVEoPaq2U2Z!^=d;b(iAt7jQ zv=7>sNMK-<{$O#QSR$6-iTz)w|2+N|0Y+>sE&pizTU&g5{zwprh5-yWeg)*;q6xM^ zI5gxent=7kBhiKd3^Qf-yuravc_OB)!f3079NRZ@kislXU(M*g7CzoC{`6vjR1-$FHDDq8;nWfTnxK}7sV zFbWBC$Krhu439BB2oE#_=j#Ci{)r>(G}ar7X9zQ_Q~7Cyr6tVNmq0}LBGIOBT@b@* zMGOW7(^AtyX{aGIz{&^}b;g^j78s$4QU{~e(P~;q1j=0*sr36i9E4A zYdnV0TL|y}nrE-$_G$uVf*~-n74)km&Y}H&t-LY7pJf0;Aot2!7lho)D;fp*bsO_v zN8oQ-k|&x$`hTSRZx{jVP9!1lXnhYxwElBFK^WFU_B!!zMbi`Yzj}wp(s}yV|nDo^wG;iy3Uy!7f>Asrj(3$;P*rJI4o-l2?^j zE&R6AFF1^{%ep^vfBof_K7a?>DLi)X-8T`jvHB0u@}^v*frWRRR$?8y={-ZKHHC>N z(|6?S-~6NM6S~dt1xv3TRz%XSH3U1mK8$!_G9^?JC+)wTD|)+^`WhPgo^*a`5MWe{ zqk7wj8Sl=fzTuJG@-xSrJxKBFP*{fu4(Ti>gkucq1&y{pzuR_Z)7n~p%A&O$SZw3T zDFCRCH(rxi*nG;DN5OH_WPeChcxZJlo6mp7Y|4tb))gI}FL``pJtVZ}fjy!%GMRjk zmP-dR`9O3>(DHYdzl00V2y;L zPi9g%Hr^Kik3&P6>{Pm%UA5nbwmGWZ6>Lf(us$+)Ab73UWi?JXpKB@p;UyPOwL|vB zwMNcyPgDQ;QM^+vZ;>!VvMnkL*o77KRk~6?3y8>FG$Xt1sMxU8+m*$8 z>28Jc(^BqRk6f;OOlW>_6Gd-e8SA!}AhVMv$r+|r(caaGb$oe_KVC!uUe9knj}#Td zy0V44(PdNi%__wDNH9H8#F=?gi&)4$;K${JDg|)QK0W@SDd6(+yW`ZC&URbp$$WV$M@5Tdv(&PfIrZLwvvHIyU2f*iOi$7mH9NL! zPHX6`o+dtuCX;vB1C41R3!yqQtgu{>PwrRU@e`g;%uIXvD_-R3*2YRnmxpbwqoxjD ztfKK}d>mv0iSbKXpUb92YZD5e(7AY8y2Mc>_h>@lBX#-b2A?>*Nm!fo$m-z+xYWl* zS^9GTVr3H!dV8gFLax49RZG(f3^o=%;o`6;X{gGPr@=AyEcnglE7n1$v~p^Rqzlzg zyXMxj4!H;bHag89RvbHUILaVne4A-{D+}C~VX!BpUi(+~v&1CJHMfAgnNhE+t-{&GyW)M)ELGVuZO&(neI|NWD{Ef# zAJttZ0ghV40B}>QQd}-LYOw$9LsBuwi{0f!_L)9-u2D8~gAI2n^RC$=Ift2Hc0t*r zk5){}G!6uI9o_vP739hpn!MxnE@Gi6Vv6g`lqp3^)?RaH1Zr#XK3mz<>MJ~mrCaR5 zXU)Z+gi53P7(nBz4*qV1r&1fm?7ZhnD@L-L8=`jFRWbtU3*_Cr5u+!5gYoTw&sDzm z@jPUa|F}>!vv^-RcR63ufun6Wwwm)gE=AoZ^W!LY)k4}@Z0!lKv^eY8&!;#-N8^5o zUw>iFwBJa6IDGBq0+YG!xV-6yn3>2W7t!yZ%$!WKD?BcX7Lr4Z;7uzdl9iu&Zi;CI z11-YKZ{@(_)z!tnf0n#{stX=HQ_@g*Ug3nEBIf%uCzCPCMvNNxyC%NK!@ zZtvKkDn8Lp7xaXDl>tj#t=gdZ|& zPvaJH0q+QN&lyN>>fix2`eBkd*+qAC(NlyuG5LFG$Kxr=H5jumtU-X=1=U!f$DzB6 zJ=0jf@3c?0@WNx@s;CNIY+KebUf_z`lRDyq>>!y&nh(9Kw% zHudd{yI6TYMd)$L?Kn`uU0TiJ1pBun7us>&JD6Gv^FZdu?A1)OYUA#&rlS_s_j4#e zca)?U0P>kXGi)BumUiuff6KctL$8r%6L7Ig=&HHMB%wCm8Yv*ZOAh^dh*P3FXf=nP+& z-u4W#%B1&Wob!0z(vD0^wx7$!oyJ%eXN&H@jRiRcIj5&fSAVEl#B`=jg;$NeKqkiV zn2Ux=uwNqvn+=FvvU(etz-||mvZ|j_X(pOCp?2u;lnXy_xB`rDJ#xJ5%ypwyZ)g)l znF5}#ESxam2f08m$-N1;1My!G2M{Mi9el>y+Eu+T0px$pU=Rv2JR+==nMn ztw372xXWJa>NM^OFE%}KIBbaNCC5WEe*Ld5yqKjL$^)(V>JVM{rs|IZDGIg6+$f8cp?kASqK@W8IZ5y6TGty5llm&omkJs2aTybtZ zAGm+lY+9f`>3QaKJnvm7NCD|4nz(e5J0+H>B*^b^Ou%E_FfR4>lW%Tn@2eD{XPDL1 z4ha+@RoB|QteGNwTRd>{{jW;LK8#m8AF;G=lJ-d5E!+m%NCnZk_^;oL$#Y2XZdPIG zbcfX;PXoi_K|DM>hN)Z5GRZ2jHia^5HySW(_{f!~w3pLZ0_lV5$<(GfK4y9IOV&=> zD}AnQW9_H1z;?@2Kqur}NkURH|HS?aLlQYPV?NhDayK^SKYJ;9jbuu?CmujC2(eBi z&2Pkwc3|$y+ofr>>MV1RojKy_#N~Lo6jnoaR?=qFai}voFD$raODhh% z`m8ikjbzt2f5#)ddr@c>)|n*JFYaqvGooQQzvRTt%iR1$`8MMVfa`Mr(3;u78vQb` z{rbFg8LjW_c`ceN$+hJnne1J;0P4HJCIkL}=wexXUtZ!zae?}ET82#;MN76vWfv`u zCkpj$a+^Lk-Y}xKL<8ewlc=yA$fW^in(>2Ct%s!&RBcrFmz#_qPb^ztd`z8}J0hnh zivF>32e^2_Nl$L`e)Ps&K2NaXq2|7V6ARg-rJ*QZC!T{#Q`>2LH-vd!Rs=70-e%WM zk!2IzSFbNMY2g?@Fvw6~)cwF?$rJS197SgF5#kPq-`Tr$*WMK@-&|DaG! z))G&7`nfD0unlc=9LcU7r~l}?u2l<6?*yNnpcT~wP7NLgWxF#KAq zOO8#w-&m3|)59g6(lfGNw)Ignio3b6dG~=rWHqWr2_&*u)uYJK{)l``4qmVl(^rDh zdtgze`uSpU$s-=nF%R*E=GHBBCh3${<|q-zoK&VOpl{cqgLymYtK}gvKTJ+3Rk0qI z0QTiHGWTJYGE)wOxpGJeN*T=St9Y5GRGq>JE=MG(dj_Y%hF=P%h^PF}ucN#uz!lIu z4D|$q4;EzY6Tf^c@ok`A;}O65I57{WnV`eRz5=__n=O+!l>*Oq@ybr_@XZ#80FCp; z`9k-vaMUEMw%*)HTOD@nlMUIv4EBaB!y5`@HUPIouDbwAWULAOig4{g>b2f>5J%1g zqaqEk_p(FOE%5PNY|qQq!u;Agm)h4>%x(01ZT-m+Os}8B?DB1B&|R_wP*S22b)4){ ztLIEzvhSDf)4J0yR+|g7rcd>BSf|v97|HCYkF29Lo3+DYWgz8Q$+IZ;N*=mnj^7CANs*j_Nm|POayX4;6(j}FQMEUxnv5j>~3G$g?@B%7oF29 zUL`sG!HidAY7$xEbdL8c>7Xn3N2d}svR##j%#v%TGSL$H=? z(l5Ygw+fu>^RHc?EM^i?gV+-5iscr7RN6GNgrSu*8~^(ZDzNNdkYFBl}fQ#C%6eOiKeZFK{2)_cL`O&9w**lJGlnV{DacL3~j)!)?Ku zgG%Jnsb295$lV0m&qiiBX*Y+EI@sQsMfj*Z?(2<~ z2+QGF%=Sn*%CBue6;|$We=QWXtC}%qaCc_+DKsB zLmyYA$nqhX^KaDKYv{JGRE9ZFWTdEkdP9=m4uB{|6e@W%c0EW0cH?F?3$Q@j1 zQd3vN{E368GS!*#Js6?gQaJVH!niSgN;|*!X4-TVPmT6=RcAcq3MJ?*#JB0ovC)0 Date: Thu, 22 Aug 2024 15:02:52 -0700 Subject: [PATCH 11/12] change --- windows-365/partners.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows-365/partners.md b/windows-365/partners.md index 5e7793ffded..b0b05dd4521 100644 --- a/windows-365/partners.md +++ b/windows-365/partners.md @@ -75,7 +75,7 @@ For more information, visit the [IGEL website](https://www.igel.com/windows365/) ![N-able image](./media/partners/nable.png) -A multi-tenant solution for Microsoft's cloud. In a single console, it enables MSPs and CSPs to manage, secure, standardize, and automate: +A multi-tenant solution for Microsoft's cloud. In a single console, it enables MSPs and CSPs to manage, secure, standardize, and automate: - Microsoft 365 users - Azure resource From 2c11b695cb7b2cf96458ec934fb7b9a68d357d0c Mon Sep 17 00:00:00 2001 From: ErikjeMS Date: Thu, 22 Aug 2024 15:05:49 -0700 Subject: [PATCH 12/12] undo --- windows-365/media/partners/nable.png | Bin 5195 -> 0 bytes windows-365/partners.md | 15 +-------------- 2 files changed, 1 insertion(+), 14 deletions(-) delete mode 100644 windows-365/media/partners/nable.png diff --git a/windows-365/media/partners/nable.png b/windows-365/media/partners/nable.png deleted file mode 100644 index 2570add30d75fbab138f76faa80c046637fbde11..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5195 zcmbVQ2|UyP|DPjgIdbKm(M7Yl84AsPR&qo%+prv)ZOm=>iX0(H03R1zyIU+|NkEU-yV<8_I`gp&-e5By0^!!+E^JM;1c5k000L}P2gu4 zpUsTxFb5j|z=VsrY0KDf;!GR~006hZ-o*sClXVCHU|q!6IuIQ!EnrBjk0Jtvbweu# z`rsI706^zdAP#}_LKA^*Xb+69E@+{$1_Z>QbV2rNmQYLFX|yNCBp8oA7i?vV4E925 zp+Kij0(Amm3<4iC5djSJ@%AOa0(C(@d0~w8-faj7_!C0((go@72?8A~ZGfk-cr;K; zQ3;HMLY09UT8apDgu05B`U#*iR9O`QRe>legP|HQRZW<(3h>tp#E`?I++kkHgtM7Ux7iMk+$sek+6gZo44OZXKhM#Lb22pmL75xVEoPaq2U2Z!^=d;b(iAt7jQ zv=7>sNMK-<{$O#QSR$6-iTz)w|2+N|0Y+>sE&pizTU&g5{zwprh5-yWeg)*;q6xM^ zI5gxent=7kBhiKd3^Qf-yuravc_OB)!f3079NRZ@kislXU(M*g7CzoC{`6vjR1-$FHDDq8;nWfTnxK}7sV zFbWBC$Krhu439BB2oE#_=j#Ci{)r>(G}ar7X9zQ_Q~7Cyr6tVNmq0}LBGIOBT@b@* zMGOW7(^AtyX{aGIz{&^}b;g^j78s$4QU{~e(P~;q1j=0*sr36i9E4A zYdnV0TL|y}nrE-$_G$uVf*~-n74)km&Y}H&t-LY7pJf0;Aot2!7lho)D;fp*bsO_v zN8oQ-k|&x$`hTSRZx{jVP9!1lXnhYxwElBFK^WFU_B!!zMbi`Yzj}wp(s}yV|nDo^wG;iy3Uy!7f>Asrj(3$;P*rJI4o-l2?^j zE&R6AFF1^{%ep^vfBof_K7a?>DLi)X-8T`jvHB0u@}^v*frWRRR$?8y={-ZKHHC>N z(|6?S-~6NM6S~dt1xv3TRz%XSH3U1mK8$!_G9^?JC+)wTD|)+^`WhPgo^*a`5MWe{ zqk7wj8Sl=fzTuJG@-xSrJxKBFP*{fu4(Ti>gkucq1&y{pzuR_Z)7n~p%A&O$SZw3T zDFCRCH(rxi*nG;DN5OH_WPeChcxZJlo6mp7Y|4tb))gI}FL``pJtVZ}fjy!%GMRjk zmP-dR`9O3>(DHYdzl00V2y;L zPi9g%Hr^Kik3&P6>{Pm%UA5nbwmGWZ6>Lf(us$+)Ab73UWi?JXpKB@p;UyPOwL|vB zwMNcyPgDQ;QM^+vZ;>!VvMnkL*o77KRk~6?3y8>FG$Xt1sMxU8+m*$8 z>28Jc(^BqRk6f;OOlW>_6Gd-e8SA!}AhVMv$r+|r(caaGb$oe_KVC!uUe9knj}#Td zy0V44(PdNi%__wDNH9H8#F=?gi&)4$;K${JDg|)QK0W@SDd6(+yW`ZC&URbp$$WV$M@5Tdv(&PfIrZLwvvHIyU2f*iOi$7mH9NL! zPHX6`o+dtuCX;vB1C41R3!yqQtgu{>PwrRU@e`g;%uIXvD_-R3*2YRnmxpbwqoxjD ztfKK}d>mv0iSbKXpUb92YZD5e(7AY8y2Mc>_h>@lBX#-b2A?>*Nm!fo$m-z+xYWl* zS^9GTVr3H!dV8gFLax49RZG(f3^o=%;o`6;X{gGPr@=AyEcnglE7n1$v~p^Rqzlzg zyXMxj4!H;bHag89RvbHUILaVne4A-{D+}C~VX!BpUi(+~v&1CJHMfAgnNhE+t-{&GyW)M)ELGVuZO&(neI|NWD{Ef# zAJttZ0ghV40B}>QQd}-LYOw$9LsBuwi{0f!_L)9-u2D8~gAI2n^RC$=Ift2Hc0t*r zk5){}G!6uI9o_vP739hpn!MxnE@Gi6Vv6g`lqp3^)?RaH1Zr#XK3mz<>MJ~mrCaR5 zXU)Z+gi53P7(nBz4*qV1r&1fm?7ZhnD@L-L8=`jFRWbtU3*_Cr5u+!5gYoTw&sDzm z@jPUa|F}>!vv^-RcR63ufun6Wwwm)gE=AoZ^W!LY)k4}@Z0!lKv^eY8&!;#-N8^5o zUw>iFwBJa6IDGBq0+YG!xV-6yn3>2W7t!yZ%$!WKD?BcX7Lr4Z;7uzdl9iu&Zi;CI z11-YKZ{@(_)z!tnf0n#{stX=HQ_@g*Ug3nEBIf%uCzCPCMvNNxyC%NK!@ zZtvKkDn8Lp7xaXDl>tj#t=gdZ|& zPvaJH0q+QN&lyN>>fix2`eBkd*+qAC(NlyuG5LFG$Kxr=H5jumtU-X=1=U!f$DzB6 zJ=0jf@3c?0@WNx@s;CNIY+KebUf_z`lRDyq>>!y&nh(9Kw% zHudd{yI6TYMd)$L?Kn`uU0TiJ1pBun7us>&JD6Gv^FZdu?A1)OYUA#&rlS_s_j4#e zca)?U0P>kXGi)BumUiuff6KctL$8r%6L7Ig=&HHMB%wCm8Yv*ZOAh^dh*P3FXf=nP+& z-u4W#%B1&Wob!0z(vD0^wx7$!oyJ%eXN&H@jRiRcIj5&fSAVEl#B`=jg;$NeKqkiV zn2Ux=uwNqvn+=FvvU(etz-||mvZ|j_X(pOCp?2u;lnXy_xB`rDJ#xJ5%ypwyZ)g)l znF5}#ESxam2f08m$-N1;1My!G2M{Mi9el>y+Eu+T0px$pU=Rv2JR+==nMn ztw372xXWJa>NM^OFE%}KIBbaNCC5WEe*Ld5yqKjL$^)(V>JVM{rs|IZDGIg6+$f8cp?kASqK@W8IZ5y6TGty5llm&omkJs2aTybtZ zAGm+lY+9f`>3QaKJnvm7NCD|4nz(e5J0+H>B*^b^Ou%E_FfR4>lW%Tn@2eD{XPDL1 z4ha+@RoB|QteGNwTRd>{{jW;LK8#m8AF;G=lJ-d5E!+m%NCnZk_^;oL$#Y2XZdPIG zbcfX;PXoi_K|DM>hN)Z5GRZ2jHia^5HySW(_{f!~w3pLZ0_lV5$<(GfK4y9IOV&=> zD}AnQW9_H1z;?@2Kqur}NkURH|HS?aLlQYPV?NhDayK^SKYJ;9jbuu?CmujC2(eBi z&2Pkwc3|$y+ofr>>MV1RojKy_#N~Lo6jnoaR?=qFai}voFD$raODhh% z`m8ikjbzt2f5#)ddr@c>)|n*JFYaqvGooQQzvRTt%iR1$`8MMVfa`Mr(3;u78vQb` z{rbFg8LjW_c`ceN$+hJnne1J;0P4HJCIkL}=wexXUtZ!zae?}ET82#;MN76vWfv`u zCkpj$a+^Lk-Y}xKL<8ewlc=yA$fW^in(>2Ct%s!&RBcrFmz#_qPb^ztd`z8}J0hnh zivF>32e^2_Nl$L`e)Ps&K2NaXq2|7V6ARg-rJ*QZC!T{#Q`>2LH-vd!Rs=70-e%WM zk!2IzSFbNMY2g?@Fvw6~)cwF?$rJS197SgF5#kPq-`Tr$*WMK@-&|DaG! z))G&7`nfD0unlc=9LcU7r~l}?u2l<6?*yNnpcT~wP7NLgWxF#KAq zOO8#w-&m3|)59g6(lfGNw)Ignio3b6dG~=rWHqWr2_&*u)uYJK{)l``4qmVl(^rDh zdtgze`uSpU$s-=nF%R*E=GHBBCh3${<|q-zoK&VOpl{cqgLymYtK}gvKTJ+3Rk0qI z0QTiHGWTJYGE)wOxpGJeN*T=St9Y5GRGq>JE=MG(dj_Y%hF=P%h^PF}ucN#uz!lIu z4D|$q4;EzY6Tf^c@ok`A;}O65I57{WnV`eRz5=__n=O+!l>*Oq@ybr_@XZ#80FCp; z`9k-vaMUEMw%*)HTOD@nlMUIv4EBaB!y5`@HUPIouDbwAWULAOig4{g>b2f>5J%1g zqaqEk_p(FOE%5PNY|qQq!u;Agm)h4>%x(01ZT-m+Os}8B?DB1B&|R_wP*S22b)4){ ztLIEzvhSDf)4J0yR+|g7rcd>BSf|v97|HCYkF29Lo3+DYWgz8Q$+IZ;N*=mnj^7CANs*j_Nm|POayX4;6(j}FQMEUxnv5j>~3G$g?@B%7oF29 zUL`sG!HidAY7$xEbdL8c>7Xn3N2d}svR##j%#v%TGSL$H=? z(l5Ygw+fu>^RHc?EM^i?gV+-5iscr7RN6GNgrSu*8~^(ZDzNNdkYFBl}fQ#C%6eOiKeZFK{2)_cL`O&9w**lJGlnV{DacL3~j)!)?Ku zgG%Jnsb295$lV0m&qiiBX*Y+EI@sQsMfj*Z?(2<~ z2+QGF%=Sn*%CBue6;|$We=QWXtC}%qaCc_+DKsB zLmyYA$nqhX^KaDKYv{JGRE9ZFWTdEkdP9=m4uB{|6e@W%c0EW0cH?F?3$Q@j1 zQd3vN{E368GS!*#Js6?gQaJVH!niSgN;|*!X4-TVPmT6=RcAcq3MJ?*#JB0ovC)0