diff --git a/memdocs/configmgr/core/servers/manage/updates.md b/memdocs/configmgr/core/servers/manage/updates.md index 16b889671c6..1c1dd2d2e12 100644 --- a/memdocs/configmgr/core/servers/manage/updates.md +++ b/memdocs/configmgr/core/servers/manage/updates.md @@ -59,7 +59,6 @@ The following supported versions`*`, of Configuration Manager are cur |-------------|-----------|------------|--------------|------------------------| | [**2403**](../../plan-design/changes/whats-new-in-version-2403.md)
(5.00.9128) | April 22, 2024 | October 22, 2025 | Yes[Note 1](#bkmk_note1) | Yes | | [**2309**](../../plan-design/changes/whats-new-in-version-2309.md)
(5.00.9122) | October 9, 2023 | April 9, 2025 | No | Yes | -| [**2303**](../../plan-design/changes/whats-new-in-version-2303.md)
(5.00.9106) | April 10, 2023 | October 10, 2024 | Yes[Note 1](#bkmk_note1) | Yes | > [!NOTE] > The **Availability date** in this table is when the [early update ring](checklist-for-installing-update-2403.md#early-update-ring) was released. Baseline media will be available on the VLSC soon after the update is globally available. @@ -87,8 +86,9 @@ The following table lists historical versions of Configuration Manager current b | Version | Availability date | Support end date | Baseline | In-console update | |----------------------------------|-------------------|--------------------|----------|-------------------| -| **2211**
(5.00.9096)) | December 5, 2022 | June 5, 2024 | No | Yes | -| **2207**
(5.00.9088)) | August 12, 2022 | February 12, 2024 | No | Yes | +| **2303**
(5.00.9106) | April 10, 2023 | October 10, 2024 | Yes | Yes | +| **2211**
(5.00.9096) | December 5, 2022 | June 5, 2024 | No | Yes | +| **2207**
(5.00.9088) | August 12, 2022 | February 12, 2024 | No | Yes | | **2203**
(5.00.9078) | April 6, 2022 | October 6, 2023 | Yes | Yes | | **2111**
(5.00.9068) | December 1, 2021 | June 1, 2023 | No | Yes | | **2107**
(5.00.9058) | August 2, 2021 | February 2, 2023 | No | Yes | diff --git a/memdocs/intune/fundamentals/in-development.md b/memdocs/intune/fundamentals/in-development.md index f7f683f9006..6a3920b61a8 100644 --- a/memdocs/intune/fundamentals/in-development.md +++ b/memdocs/intune/fundamentals/in-development.md @@ -7,7 +7,7 @@ keywords: author: dougeby ms.author: dougeby manager: dougeby -ms.date: 10/01/2024 +ms.date: 10/17/2024 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: fundamentals @@ -77,25 +77,6 @@ EPM is available as an [Intune Suite add-on-capability](../fundamentals/intune-a ## App management -### Updates to app configuration policies for Android Enterprise devices - -App configuration policies for Android Enterprise devices will soon support overriding the following additional permissions: - -- Access background location -- Bluetooth (connect) - -For more information about app configuration policies for Android Enterprise devices, see [Add app configuration policies for managed Android Enterprise devices](../apps/app-configuration-policies-use-android.md). - -Applies to: - -- Android Enterprise devices - -### New UI for Intune Company Portal app for Windows - -The UI for the Intune Company Portal app for Windows will be updated. Users will be able to use the same functionality they’re used to with an improved experience for their desktop app. With the updated design, users will see improvements in user experience for the **Home**, **Devices**, and **Downloads & updates** pages. The new design will be more intuitive and will highlight areas where users need to take action. - -For more information, see [New look for Intune Company Portal app for Windows](https://techcommunity.microsoft.com/t5/intune-customer-success/new-look-for-intune-company-portal-app-for-windows/ba-p/4158755). - ### Added protection for iOS/iPadOS app widgets To protect organizational data for MAM managed accounts and apps, Intune app protection policies now provide the capability to block data sync from policy managed app data to app widgets. App widgets can be added to end-user's iOS/iPadOS device lock screen, which can expose data contained by these widgets, such as meeting titles, top sites, and recent notes. In Intune, you'll be able to set the app protection policy setting **Sync policy managed app data with app widgets** to **Block** for iOS/iPadOS apps. This setting will be available as part of the **Data Protection** settings in app protection policies. This new setting will be an app protection feature similar to the **Sync policy managed app data with native app or add-ins** setting. @@ -112,35 +93,10 @@ Applies to: - - - ## Device management -### Minimum OS version for Android devices will be Android 10 and later for user-based management methods - -From October 2024, the minimum OS supported for Android devices will be Android 10 and later for user-based management methods, which includes: - -- Android Enterprise personally-owned work profile -- Android Enterprise corporate owned work profile -- Android Enterprise fully managed -- Android Open Source Project (AOSP) user-based -- Android device administrator -- App protection policies (APP) -- App configuration policies (ACP) for managed apps - -For enrolled devices on unsupported OS versions (Android 9 and lower) - -- Intune technical support won't be provided. -- Intune won't make changes to address bugs or issues. -- New and existing features aren't guaranteed to work. - -While Intune won't prevent enrollment or management of devices on unsupported Android OS versions, functionality isn't guaranteed, and use isn't recommended. - -Userless methods of Android device management (Dedicated and AOSP userless) and Microsoft Teams certified Android devices won't be affected by this change. - ### Device Inventory for Windows Device inventory lets you collect and view additional hardware properties from your managed devices to help you better understand the state of your devices and make business decisions. @@ -151,33 +107,10 @@ Applies to: - Windows (Corporate owned devices managed by Intune) -### Collection of additional device inventory details - -We're adding additional files and registry keys to be collected to assist in troubleshooting the Device Hardware Inventory feature. - -Applies to: - -- Windows - ## Device security -### New strong mapping requirements for Intune-issued SCEP certificates - -To align with the Windows Kerberos Key Distribution Center's (KDC) strong mapping attribute requirements described in [KB5014754](https://support.microsoft.com/help/5014754), SCEP certificates issued by Microsoft Intune will be required to have the following tag in the Subject Alternative Name (SAN) field: - -`URL=tag:microsoft.com,2022-09-14:sid:` - -This tag will ensure that certificates are compliant with the KDC's latest requirements, and that certificate-based authentication continues working. Microsoft Intune will be adding support for the SID variable in SCEP profiles. You will be able to modify or create a new SCEP profile to include the OnPremisesSecurityIdentifier variable in the SCEP profile. This action will trigger Microsoft Intune to issue new certificates with the appropriate tag to all applicable users and devices. - -These requirements apply to: - -- Android, iOS/iPadOS, and macOS user certificates. -- Windows 10/11 user and device certificates. - -They don't apply to device certificates used with Microsoft Entra joined users or devices, because SID is an on-premises identifier. - ### Support for Intune Device control policy for devices managed by Microsoft Defender for Endpoint You'll be able to use the endpoint security policy for *Device control* (Attack surface reduction policy) from the Microsoft Intune with the devices you manage through the [Microsoft Defender for Endpoint security settings management](../protect/mde-security-integration.md) capability. diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index dc6eafda2f0..3791d16f6de 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -7,7 +7,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 10/09/2024 +ms.date: 10/19/2024 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: fundamentals @@ -54,8 +54,8 @@ You can also read: > > For new information about Windows Autopilot solutions, see: > -> - [Windows Autopilot device preparation: What's new](/autopilot/device-preparation/whats-new). -> - [Windows Autopilot: What's new](/autopilot/whats-new). +> - [Windows Autopilot device preparation: What's new](/autopilot/device-preparation/whats-new) +> - [Windows Autopilot: What's new](/autopilot/whats-new) You can use RSS to be notified when this page is updated. For more information, see [How to use the docs](../../use-docs.md#notifications). @@ -76,18 +76,96 @@ You can use RSS to be notified when this page is updated. For more information, --> +## Week of October 14, 2024 (Service release 2410) + +### App management + +#### Updates to app configuration policies for Android Enterprise devices + +App configuration policies for Android Enterprise devices now support overriding the following permissions: + +- Access background location +- Bluetooth (connect) + +For more information about app configuration policies for Android Enterprise devices, see [Add app configuration policies for managed Android Enterprise devices](../apps/app-configuration-policies-use-android.md). + +Applies to: + +- Android Enterprise devices + +### Device configuration + +#### Windows Autopilot device preparation support in Intune operated by 21Vianet in China + +Intune now supports *Windows Autopilot device preparation* policy for [Intune operated by 21Vianet in China](../fundamentals/china.md) cloud. Customers with tenants located in China can now use *Windows Autopilot device preparation* with Intune to provision devices. + +For information about this Autopilot support, see the following in the Autopilot documentation: + +- Overview: [Overview of Windows Autopilot device preparation](/autopilot/device-preparation/overview) +- Tutorial: [Windows Autopilot device preparation scenarios](/autopilot/device-preparation/tutorial/scenarios) + +### Device management + +#### Minimum OS version for Android devices is Android 10 and later for user-based management methods + +Beginning in October 2024, Android 10 and later is the minimum Android OS version that is supported for user-based management methods, which includes: + +- Android Enterprise personally-owned work profile +- Android Enterprise corporate owned work profile +- Android Enterprise fully managed +- Android Open Source Project (AOSP) user-based +- Android device administrator +- App protection policies (APP) +- App configuration policies (ACP) for managed apps + +For enrolled devices on unsupported OS versions (Android 9 and lower) + +- Intune technical support is not provided. +- Intune won't make changes to address bugs or issues. +- New and existing features aren't guaranteed to work. + +While Intune doesn't prevent enrollment or management of devices on unsupported Android OS versions, functionality isn't guaranteed, and use isn't recommended. + +Userless methods of Android device management (Dedicated and AOSP userless) and Microsoft Teams certified Android devices are not affected by this change. + +#### Collection of additional device inventory details + +Intune now collects additional files and registry keys to assist in troubleshooting the Device Hardware Inventory feature. + +Applies to: + +- Windows + ## Week of October 7, 2024 ### App management #### New UI for Intune Company Portal app for Windows -The UI for the Intune Company Portal app for Windows has been updated. Users will see an improved experience for their desktop app without changing the functionality they've used in the past. Specific UI improvements are focused on the **Home**, **Devices**, and **Downloads & updates** pages. The new design is more intuitive and highlights areas where users need to take action. For more information, see [New look for Intune Company Portal app for Windows](https://techcommunity.microsoft.com/t5/intune-customer-success/new-look-for-intune-company-portal-app-for-windows/ba-p/4158755). For end user details, see [Install and share apps on your device](../user-help/install-apps-cpapp-windows.md). + +The UI for the Intune Company Portal app for Windows is updated. Users now see an improved experience for their desktop app without changing the functionality they've used in the past. Specific UI improvements are focused on the **Home**, **Devices**, and **Downloads & updates** pages. The new design is more intuitive and highlights areas where users need to take action. + +For more information, see [New look for Intune Company Portal app for Windows](https://techcommunity.microsoft.com/t5/intune-customer-success/new-look-for-intune-company-portal-app-for-windows/ba-p/4158755). For end user details, see [Install and share apps on your device](../user-help/install-apps-cpapp-windows.md). ### Device security +#### New strong mapping requirements for SCEP certificates authenticating with KDC + +The Key Distribution Center (KDC) requires user or device objects to be strongly mapped to Active Directory for certificate-based authentication. This means that a Simple Certificate Enrollment Protocol (SCEP) certificate's subject alternative name (SAN) must have a security identifier (SID) extension that maps to the user or device SID in Active Directory. The mapping requirement protects against certificate spoofing and ensures that certificate-based authentication against the KDC continues working. + +To meet requirements, modify or create a SCEP certificate profile in Microsoft Intune. Then add a `URI` attribute and the `OnPremisesSecurityIdentifier` variable to the SAN. After you do that, Microsoft Intune appends a tag with the SID extension to the SAN and issues new certificates to targeted users and devices. If the user or device has a SID on premises that's been synced to Microsoft Entra ID, the certificate shows the SID. If they don't have a SID, a new certificate is issued without the SID. + +For more information and steps, see [Update certificate connector: Strong mapping requirements for KB5014754](../protect/certificates-profile-scep.md). + +Applies to: + +- Windows 10/11, iOS/iPadOS, and macOS user certificates +- Windows 10/11 device certificates + +This requirement isn't applicable to device certificates used with Microsoft Entra joined users or devices, because the SID attribute is an on-premises identifier. + #### Defender for Endpoint security settings support in government cloud environments (public preview) -In public preview, customer tenants in US Government Community (GCC) High, and Department of Defense (DoD) environments can now use Intune to manage the Defender security settings on the devices you’ve onboarded to Defender without enrolling those devices with Intune. This capability is known as [Defender for Endpoint security settings management](../protect/mde-security-integration.md). +In public preview, customer tenants in US Government Community (GCC) High, and Department of Defense (DoD) environments can now use Intune to manage the Defender security settings on the devices that onboarded to Defender without enrolling those devices with Intune. This capability is known as [Defender for Endpoint security settings management](../protect/mde-security-integration.md). For more information about the Intune features supported in GCC High and DoD environments, see [Intune US Government service description](../fundamentals/intune-govt-service-description.md). @@ -97,7 +175,7 @@ For more information about the Intune features supported in GCC High and DoD env #### Updates to PKCS certificate issuance process in Microsoft Intune Certificate Connector, version 6.2406.0.1001 -We've updated the process for PKCS certificate issuance in Microsoft Intune to support the SID information requirements described in [KB5014754](https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16). As part of this update, an OID attribute containing the user or device SID has been added to the certificate. This change is available with the Certificate Connector for Microsoft Intune, version 6.2406.0.1001, and applies to users and devices synced from Active Directory on-premises to Microsoft Entra ID. +We've updated the process for Public Key Cryptography Standards (PKCS) certificate issuance in Microsoft Intune to support the security identifiers (SID) information requirements described in [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16). As part of this update, an OID attribute containing the user or device SID is added to the certificate. This change is available with the Certificate Connector for Microsoft Intune, version 6.2406.0.1001, and applies to users and devices synced from Active Directory on-premises to Microsoft Entra ID. The SID update is available for user certificates across all platforms, and for device certificates specifically on Microsoft Entra hybrid joined Windows devices. @@ -113,7 +191,7 @@ For more information, see: #### Working Time settings for app protection policies -Working time settings allow you to enforce policies that limit access to apps and mute message notifications received from apps during non-working time. The limit access setting is now available for the Microsoft Teams and Microsoft Edge apps. You can limit access by using App Protection Policies (APP) to block or warn end users from using the iOS/iPadOS or Android Teams and Edge apps during non-working time by setting the **Non-working time** conditional launch setting. Also, you can create a non-working time policy to mute notifications from the Teams app to end users during non-working time. +Working time settings allow you to enforce policies that limit access to apps and mute message notifications received from apps during non-working time. The limit access setting is now available for the Microsoft Teams and Microsoft Edge apps. You can limit access by using App Protection Policies (APP) to block or warn end users from using the iOS/iPadOS or Android Teams and Microsoft Edge apps during non-working time by setting the **Non-working time** conditional launch setting. Also, you can create a non-working time policy to mute notifications from the Teams app to end users during non-working time. Applies to: @@ -218,7 +296,7 @@ There are new settings in the Settings Catalog. To see these settings, in the [M #### Consent prompt update for remote log collection -End users might see a different consent experience for remote log collection after the Android APP SDK 10.4.0 and iOS APP SDK 19.6.0 updates. End users will no longer see a common prompt from Intune and will only see a prompt from the application, if it has one. +End users might see a different consent experience for remote log collection after the Android APP SDK 10.4.0 and iOS APP SDK 19.6.0 updates. End users no longer see a common prompt from Intune and only see a prompt from the application, if it has one. Adoption of this change is per-application and is subject to each applications release schedule. @@ -294,9 +372,9 @@ All Android devices automatically migrate to the updated Managed Home Screen (MH #### Support has ended for Apple profile-based user enrollment with Company Portal -Apple supports two types of manual enrollment methods for users and devices in bring-your-own-device (BYOD) scenarios: *profile-based enrollment* and *account-driven enrollment*. Apple has ended support for profile-based user enrollment, known in Intune as *user enrollment with Company Portal*. This method was their privacy-focused BYOD enrollment flow that used managed Apple IDs. As a result of this change, Intune has ended support for [profile-based user enrollment with Company Portal](../enrollment/apple-user-enrollment-with-company-portal.md). Users can no longer enroll devices targeted with this enrollment profile type. Devices already enrolled with this profile type aren't impacted by this change, so you can continue to manage them in the admin center and receive Microsoft Intune technical support. Less than 1% of Apple devices across all Intune tenants are currently enrolled this way, so this change doesn't affect the majority of enrolled devices. +Apple supports two types of manual enrollment methods for users and devices in bring-your-own-device (BYOD) scenarios: *profile-based enrollment* and *account-driven enrollment*. Apple has ended support for profile-based user enrollment, known in Intune as *user enrollment with Company Portal*. This method was their privacy-focused BYOD enrollment flow that used managed Apple IDs. As a result of this change, Intune has ended support for [profile-based user enrollment with Company Portal](../enrollment/apple-user-enrollment-with-company-portal.md). Users can no longer enroll devices targeted with this enrollment profile type. This change doesn't affect devices that are already enrolled with this profile type, so you can continue to manage them in the admin center and receive Microsoft Intune technical support. Less than 1% of Apple devices across all Intune tenants are currently enrolled this way, so this change doesn't affect most enrolled devices. -There is no change to profile-based device enrollment with Company Portal, the default enrollment method for BYOD scenarios. Devices enrolled via Apple automated device enrollment also remain unaffected. +There's no change to profile-based device enrollment with Company Portal, the default enrollment method for BYOD scenarios. Devices enrolled via Apple automated device enrollment also remain unaffected. We recommend account-driven user enrollment as a replacement method for devices. For more information about your BYOD enrollment options in Intune, see: @@ -376,7 +454,7 @@ For related information, see: #### Updates to the Discovered Apps report -The **Discovered Apps** report, which provides a list of detected apps that are on Intune enrolled devices for your tenant, now provides publisher data for Win32 apps, in addition to Store apps. Rather than providing publisher information only in the exported report data, we are including it as a column in the **Discovered Apps** report. +The **Discovered Apps** report, which provides a list of detected apps that are on Intune enrolled devices for your tenant, now provides publisher data for Win32 apps, in addition to Store apps. Rather than providing publisher information only in the exported report data, we're including it as a column in the **Discovered Apps** report. For more information, see [Intune Discovered apps](../apps/app-discovered-apps.md#monitor-discovered-apps-with-intune). @@ -518,7 +596,7 @@ For more information, see [Connect Intune account to Managed Google Play account ### Device management -#### 21 Vianet support for Mobile Threat Defense connectors +#### 21Vianet support for Mobile Threat Defense connectors Intune operated by 21Vianet now supports Mobile Threat Defense (MTD) connectors for Android and iOS/iPadOS devices for MTD vendors that also have support in that environment. When an MTD partner is supported and you sign in to a 21Vianet tenant, the supported connectors are available. @@ -632,7 +710,7 @@ For more information, see: ### Microsoft Intune Suite -#### Endpoint Privilege Management, Advanced Analytics, and Intune Plan 2 is available for GCC High and DoD +#### Endpoint Privilege Management, Advanced Analytics, and Intune Plan 2 are available for GCC High and DoD We are excited to announce that the following capabilities from the Microsoft Intune Suite are now supported in U.S. Government Community Cloud (GCC) High and U.S. Department of Defense (DoD) environments. @@ -740,7 +818,7 @@ In an Intune device restrictions configuration policy, you can configure the **A The available options are updated to **Allow**, **Block**, and **Not configured**. -There is no impact to existing profiles using this setting. +There's no impact to existing profiles using this setting. For more information on this setting and the values you can currently configure, see [Android Enterprise device settings list to allow or restrict features on corporate-owned devices using Intune](../configuration/device-restrictions-android-for-work.md). @@ -884,7 +962,7 @@ The following protected apps are now available for Microsoft Intune: - HCSS Field: Time, cost, safety (iOS) by Heavy Construction Systems Specialists, Inc. - Synchrotab for Intune (iOS) by Synchrotab, LLC -For more information about protected apps, see [Microsoft Intune protected apps](../apps/apps-supported-intune-apps.md). +For more information about protected apps, see [Microsoft Intune protected apps](../apps/apps-supported-intune-apps.md). ## Week of July 15, 2024 @@ -894,9 +972,7 @@ For more information about protected apps, see [Microsoft Intune protected apps] We've added a new category and setting to the Device Control profile for the *Windows 10, Windows 11, and Windows Server* platform of Intune [Attack surface reduction policy](../protect/endpoint-security-asr-policy.md). -The new setting is **Allow Storage Card**, and found in the new **System** category of the profile. This setting is also available from the Intune [settings catalog](../configuration/settings-catalog.md). - -for the Windows devices. +The new setting is **Allow Storage Card**, and found in the new **System** category of the profile. This setting is also available from the Intune [settings catalog](../configuration/settings-catalog.md) for the Windows devices. This setting controls whether the user is allowed to use the storage card for device storage, and can prevent programmatic access to the storage card. For more information on this new setting, see [AllowStorageCard](/windows/client-management/mdm/policy-csp-system?branch=main&branchFallbackFrom=pr-en-us-15655&WT.mc_id=Portal-fx#allowstoragecard) in the Windows documentation. @@ -935,13 +1011,13 @@ You can now configure Managed Home Screen (MHS) to enable a virtual app-switcher We've made changes to the device registration process for Apple devices enrolling with Intune Company Portal. Previously, Microsoft Entra device registration occurred during enrollment. With this change, registration occurs after enrollment. -Existing enrolled devices are not affected by this change. For new user or device enrollments that utilize Company Portal, users must return to Company Portal to complete registration: +Existing enrolled devices aren't affected by this change. For new user or device enrollments that utilize Company Portal, users must return to Company Portal to complete registration: -- For iOS users: Users with notifications enabled will be prompted to return to the Company Portal app for iOS. If they disable notifications, they won't be alerted, but still need to return to Company Portal to complete registration. +- For iOS users: Users with notifications enabled are prompted to return to the Company Portal app for iOS. If they disable notifications, they aren't alerted, but still need to return to Company Portal to complete registration. -- For macOS devices: The Company Portal app for macOS will detect the installation of the management profile and automatically register the device, unless the user closes the app. If they close the app, they must reopen it to complete registration. +- For macOS devices: The Company Portal app for macOS detects the installation of the management profile and automatically register the device, unless the user closes the app. If they close the app, they must reopen it to complete registration. -If you're using dynamic groups, which rely on device registration to work, it's important for users to complete device registration. Update your user guidance and admin documentation as needed. If you're using Conditional Access (CA) policies, no action is required. When users attempt to sign in to a CA-protected app, they will be prompted to return to Company Portal to complete registration. +If you're using dynamic groups, which rely on device registration to work, it's important for users to complete device registration. Update your user guidance and admin documentation as needed. If you're using Conditional Access (CA) policies, no action is required. When users attempt to sign in to a CA-protected app, they are prompted to return to Company Portal to complete registration. These changes are currently rolling out and will be made available to all Microsoft Intune tenants by the end of July. There's no change to the Company Portal user interface. For more information about device enrollment for Apple devices, see: @@ -954,7 +1030,7 @@ These changes are currently rolling out and will be made available to all Micros #### Add corporate device identifiers for Windows -Microsoft Intune now supports corporate device identifiers for devices running Windows 11, version 22H2 and later so that you can identify corporate machines ahead of enrollment. When a device that matches the model, manufacturer, and serial number criteria enrolls, Microsoft Intune will mark it as a corporate device and enable the appropriate management capabilities. For more information, see [Add corporate identifiers](../enrollment/corporate-identifiers-add.md). +Microsoft Intune now supports corporate device identifiers for devices running Windows 11, version 22H2 and later so that you can identify corporate machines ahead of enrollment. When a device that matches the model, manufacturer, and serial number criteria enrolls, Microsoft Intune marks it as a corporate device and enable the appropriate management capabilities. For more information, see [Add corporate identifiers](../enrollment/corporate-identifiers-add.md). ## Week of June 17, 2024 (Service release 2406) @@ -1066,7 +1142,7 @@ For more information, see [Create device platform restrictions](../enrollment/cr ### Updates to replace Wandera with Jamf is complete in the Intune admin center -We've completed rebranding in the Microsoft Intune admin center to support replacing Wandera with Jamf. This includes updates to the name of the Mobile Threat Defense connector, which is now *Jamf*, and changes to the minimum required platforms to use the Jamf connector: +We've completed a rebrand in the Microsoft Intune admin center to support replacing Wandera with Jamf. This includes updates to the name of the Mobile Threat Defense connector, which is now *Jamf*, and changes to the minimum required platforms to use the Jamf connector: - Android 11 and later - iOS / iPadOS 15.6 and later @@ -1130,7 +1206,7 @@ Each new permission supports the following rights for the related policy: - Update - View Reports -Each time we add a new granular permission for an endpoint security policy to Intune, those same rights are removed from the *Security baselines* permission. If you use custom roles with the *Security baselines* permission, the new RBAC permission is assigned automatically to your custom roles with the same rights that were granted through the *Security baseline* permission. This auto-assignment ensures your admins continue to have the same permissions they have today. +Each time we add a new granular permission for an endpoint security policy to Intune, those same rights are removed from the *Security baselines* permission. If you use custom roles with the *Security baselines* permission, the new RBAC permission is assigned automatically to your custom roles with the same rights that were granted through the *Security baseline* permission. This autoassignment ensures your admins continue to have the same permissions they have today. For more information about current RBAC permissions and built-in roles, see: @@ -1148,7 +1224,7 @@ For more information about current RBAC permissions and built-in roles, see: #### New enrollment time grouping feature for devices -Enrollment time grouping is a new, faster way to group devices during enrollment. When it's configured, Intune adds devices to the appropriate group without requiring inventory discovery and dynamic membership evaluations. To set up enrollment time grouping, you must configure a static Microsoft Entra security group in each enrollment profile. After a device enrolls, Intune adds it to the static security group and delivers assigned apps and policies. +Enrollment time grouping is a new, faster way to group devices during enrollment. When configured, Intune adds devices to the appropriate group without requiring inventory discovery and dynamic membership evaluations. To set up enrollment time grouping, you must configure a static Microsoft Entra security group in each enrollment profile. After a device enrolls, Intune adds it to the static security group and delivers assigned apps and policies. This feature is available for Windows 11 devices enrolling via Windows Autopilot device preparation. For more information, see [Enrollment time grouping in Microsoft Intune](../enrollment/enrollment-time-grouping.md). @@ -1258,9 +1334,9 @@ Applies to: #### Optional Feature updates -Feature updates can now be made available to end users as **Optional** updates, with the introduction of **Optional** Feature updates. End users will see the update in the **Windows Update** settings page in the same way that it's shown for consumer devices. +Feature updates can now be made available to end users as **Optional** updates, with the introduction of **Optional** Feature updates. End users see the update in the **Windows Update** settings page in the same way that it's shown for consumer devices. -End users can easily opt in to try out the next Feature update and provide feedback. When it's time to roll out the feature as a **Required** update, then admins can change the setting on the policy, and update the rollout settings so that the update is deployed as a **Required** update to devices that do not yet have it installed. +End users can easily opt in to try out the next Feature update and provide feedback. When it's time to roll out the feature as a **Required** update, then admins can change the setting on the policy, and update the rollout settings so that the update is deployed as a **Required** update to devices that don't yet have it installed. For more information on Optional Feature updates, see [Feature updates for Windows 10 and later policy in Intune](..//protect/windows-10-feature-updates.md#create-and-assign-feature-updates-for-windows-10-and-later-policy). @@ -1332,9 +1408,9 @@ For related information, see [Change the Portal settings](../fundamentals/tutori #### Updates to the Managed Home Screen experience -We recently released and improved the Managed Home Screen experience, which is now Generally Available. The app has been redesigned to improve the core workflows throughout the application. The updated design offers a more usable and supportable experience. +We recently released and improved the Managed Home Screen experience, which is now Generally Available. The app is redesigned to improve the core workflows throughout the application. The updated design offers a more usable and supportable experience. -With the release, we stop investing in previous Managed Home Screen workflows. New features and fixes for Managed Home Screen are only added to the new experience. During August 2024, the new experience will automatically be enabled for all devices. +With the release, we stop investing in previous Managed Home Screen workflows. New features and fixes for Managed Home Screen are only added to the new experience. During August 2024, the new experience is automatically enabled for all devices. For more information, see [Configure the Microsoft Managed Home Screen app for Android Enterprise](../apps/app-configuration-managed-home-screen-app.md) and [Android Enterprise device settings list to allow or restrict features on corporate-owned devices using Intune](../configuration/device-restrictions-android-for-work.md). diff --git a/memdocs/intune/includes/intune-notices.md b/memdocs/intune/includes/intune-notices.md index 5798b7b85e0..ef1daca0e81 100644 --- a/memdocs/intune/includes/intune-notices.md +++ b/memdocs/intune/includes/intune-notices.md @@ -212,9 +212,8 @@ If applicable, follow the instructions provided by Jamf to migrate your macOS de After Intune ends support for Android device administrator, devices with access to GMS will be impacted in the following ways: -1. Users won't be able to enroll devices with Android device administrator. -2. Intune won't make changes or updates to Android device administrator management, such as bug fixes, security fixes, or fixes to address changes in new Android versions. -3. Intune technical support will no longer support these devices. +1. Intune won't make changes or updates to Android device administrator management, such as bug fixes, security fixes, or fixes to address changes in new Android versions. +2. Intune technical support will no longer support these devices. #### How can you prepare? diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md index 88fbbb2ef04..a2a6bf9e890 100644 --- a/memdocs/intune/protect/mde-security-integration.md +++ b/memdocs/intune/protect/mde-security-integration.md @@ -102,7 +102,8 @@ With [Microsoft Defender for Endpoint for Linux](/microsoft-365/security/defende - Debian 9 or higher  - SUSE Linux Enterprise Server 12 or higher  - Oracle Linux 7.2 or higher  -- Amazon Linux 2  +- Amazon Linux 2 +- Amazon Linux 2023 - Fedora 33 or higher To confirm the version of the Defender agent, in the Defender portal go to the devices page, and on the devices *Inventories* tab, search for *Defender for Linux*. For guidance on updating the agent version, see [Deploy updates for Microsoft Defender for Endpoint on Linux](/microsoft-365/security/defender-endpoint/linux-updates). diff --git a/windows-365/enterprise/introduction-windows-365-government.md b/windows-365/enterprise/introduction-windows-365-government.md index b19660ce2ae..e0ddc1624cb 100644 --- a/windows-365/enterprise/introduction-windows-365-government.md +++ b/windows-365/enterprise/introduction-windows-365-government.md @@ -64,7 +64,6 @@ The following features aren't yet supported for Windows 365 GCC or GCC High. - Microsoft Purview forensic evidence - Windows 365 Switch - Windows 365 Frontline (available for GCC, not available for GCC High) -- Cloud PC connection quality report - Cross region disaster recovery - [Support for Omnissa Horizon clients and the Blast protocol](set-up-omnissa-horizon.md) - [Microsoft Purview Customer Key](purview-customer-key.md) diff --git a/windows-365/enterprise/media/report-cloud-pc-connection-quality/view-report-connection-quality.png b/windows-365/enterprise/media/report-cloud-pc-connection-quality/view-report-connection-quality.png index dbcc193cd50..3037537ce78 100644 Binary files a/windows-365/enterprise/media/report-cloud-pc-connection-quality/view-report-connection-quality.png and b/windows-365/enterprise/media/report-cloud-pc-connection-quality/view-report-connection-quality.png differ diff --git a/windows-365/enterprise/media/report-cloud-pcs-not-available/view-report-cloud-pcs-not-available.png b/windows-365/enterprise/media/report-cloud-pcs-not-available/view-report-cloud-pcs-not-available.png index 25b64eaf966..c641dc7b0e1 100644 Binary files a/windows-365/enterprise/media/report-cloud-pcs-not-available/view-report-cloud-pcs-not-available.png and b/windows-365/enterprise/media/report-cloud-pcs-not-available/view-report-cloud-pcs-not-available.png differ diff --git a/windows-365/enterprise/report-cloud-pc-connection-quality.md b/windows-365/enterprise/report-cloud-pc-connection-quality.md index 86e6fbc3d8a..f5006b63761 100644 --- a/windows-365/enterprise/report-cloud-pc-connection-quality.md +++ b/windows-365/enterprise/report-cloud-pc-connection-quality.md @@ -7,7 +7,7 @@ keywords: author: ErikjeMS ms.author: erikje manager: dougeby -ms.date: 03/27/2024 +ms.date: 10/18/2024 ms.topic: overview ms.service: windows-365 ms.subservice: windows-365-enterprise @@ -35,7 +35,7 @@ The **Connection quality report** helps Windows 365 administrators identify devi ## Use the Cloud PC connection quality report -To get to the **Cloud PC connection quality** report, sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Overview** > **Cloud PC performance** > **View report** (under **Connection quality**). +To get to the **Cloud PC connection quality** report, sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Reports** > **Cloud PC overview** > **Connection quality**. ![Screenshot of getting to the Cloud PC connection quality report](./media/report-cloud-pc-connection-quality/view-report-connection-quality.png) diff --git a/windows-365/enterprise/report-cloud-pcs-not-available.md b/windows-365/enterprise/report-cloud-pcs-not-available.md index 751476e1a15..021a70a8027 100644 --- a/windows-365/enterprise/report-cloud-pcs-not-available.md +++ b/windows-365/enterprise/report-cloud-pcs-not-available.md @@ -7,7 +7,7 @@ keywords: author: ErikjeMS ms.author: erikje manager: dougeby -ms.date: 08/28/2024 +ms.date: 10/18/2024 ms.topic: overview ms.service: windows-365 ms.subservice: windows-365-enterprise @@ -37,7 +37,7 @@ This report displays recent conditions up to 5 to 15 minutes ago. Therefore, Clo ## Use the Cloud PCs that aren't available report -To get to the **Cloud PCs that aren't available** report, sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Overview** > **Cloud PC performance** > **Cloud PCs that aren't available**. +To get to the **Cloud PCs that aren't available** report, sign in to [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Reports** > **Cloud PC overview** > **Cloud PCs that aren't available**. ![Screenshot of getting to the Cloud PCs that aren't available report](./media/report-cloud-pcs-not-available/view-report-cloud-pcs-not-available.png) diff --git a/windows-365/enterprise/requirements.md b/windows-365/enterprise/requirements.md index 7563cd8e369..c0f53e5b779 100644 --- a/windows-365/enterprise/requirements.md +++ b/windows-365/enterprise/requirements.md @@ -113,7 +113,7 @@ Windows 365 manages the capacity and availability of underlying Azure resources - Canada Central - European Union - North Europe - - West Europe + - West Europe (Restricted) - Italy North - Poland Central - Sweden Central diff --git a/windows-365/enterprise/share-restore-points-storage.md b/windows-365/enterprise/share-restore-points-storage.md index 0ab1e097594..d1b3f0df0e1 100644 --- a/windows-365/enterprise/share-restore-points-storage.md +++ b/windows-365/enterprise/share-restore-points-storage.md @@ -7,7 +7,7 @@ keywords: author: ErikjeMS ms.author: erikje manager: dougeby -ms.date: 08/28/2024 +ms.date: 10/18/2024 ms.topic: conceptual ms.service: windows-365 ms.subservice: windows-365-enterprise @@ -42,8 +42,8 @@ You might want to share (move or copy) a Cloud PC and its contents to: ## Share a single restore point -1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **All devices** > select a device > select the ellipses (**...**) > **Share**. -1. In the **Select restore point** area, select a **Subscription** and **Storage account**. +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Windows 365** > **All Cloud PCs** > select a device > **Restore points** > select the ellipses (**...**) > **Share**. +1. In the **Share restore point** area, select a **Subscription** and **Storage account**. 1. Select **Share**. A folder is created in the storage account. The folder name is identical to the Cloud PC name. The folder contains a VHD copy of the Cloud PC device disk.