diff --git a/memdocs/intune/fundamentals/remote-help-windows.md b/memdocs/intune/fundamentals/remote-help-windows.md index bbcfb32d43f..568e10cd49a 100644 --- a/memdocs/intune/fundamentals/remote-help-windows.md +++ b/memdocs/intune/fundamentals/remote-help-windows.md @@ -391,7 +391,7 @@ Microsoft Edge WebView2 is required to use Remote Help. If you get an error mess ## Known Issues For remotely starting a session on the user's device, notifications that are sent to the sharer's device when a helper launches a Remote Help session fails if the Microsoft Intune Management Service isn't running. -After the user's device is restarted, there's a delay for the service to start. You can either manually wait for the service to start (30-60 seconds after restart), or manually start the service through services.msc. +After the user's device is restarted, there's a delay for the service to start. You can either manually wait for the service to start (30 minutes after restart), or manually start the service through services.msc. For newly enrolled devices, there's a 1 hour delay before the user's device begins receiving notifications when a helper initiates a session. ## What's New for Remote Help diff --git a/memdocs/intune/fundamentals/role-based-access-control.md b/memdocs/intune/fundamentals/role-based-access-control.md index 00b49d14ee7..b5bef210f22 100644 --- a/memdocs/intune/fundamentals/role-based-access-control.md +++ b/memdocs/intune/fundamentals/role-based-access-control.md @@ -38,6 +38,7 @@ To create, edit, or assign roles, your account must have one of the following pe - **Global Administrator** - **Intune Service Administrator** (also known as **Intune Administrator**) +- An Intune role with Role permissions ## Roles @@ -76,6 +77,9 @@ You can create your own roles with custom permissions. For more information abou ### Microsoft Entra roles with Intune access +Microsoft recommends following the principle of least-permissions by only assigning the minimum required permissions for an administrator to perform their duties. Global Administrator and Intune Service Administrator +are [privileged roles](/entra/identity/role-based-access-control/privileged-roles-permissions) and assignment should be limited. + | Microsoft Entra role | All Intune data | Intune audit data | | --- | :---: | :---: | | Global Administrator | Read/write | Read/write | @@ -101,13 +105,13 @@ A role assignment defines: - what resources they can see - what resources they can change. -You can assign both custom and built-in roles to your users. To be assigned an Intune role, the user must have an Intune license. +You can assign both custom and built-in roles to your users who are administrators in Intune. To be assigned an Intune role, the user must have an Intune license. To see a role assignment, choose **Intune** > **Tenant administration** > **Roles** > **All roles** > choose a role > **Assignments** > choose an assignment. On the **Properties** page, you can edit: - **Basics**: The assignments name and description. - **Members**: All users in the listed Azure security groups have permission to manage the users/devices that are listed in Scope (Groups). - **Scope (Groups)**: Scope Groups are Microsoft Entra security groups of users or devices or both for which administrators in that role assignment are limited to performing operations on. For example, deployment of a policy or application to a user or remotely locking a device. All users and devices in these Microsoft Entra security groups can be managed by the users in Members. -- **[Scope (Tags)](scope-tags.md)**: Users in Members can see the resources that have the same scope tags. +- **[Scope Tags](scope-tags.md)**: Users in Members can see the resources that have the same scope tags. > [!NOTE] > Scope Tags are freeform text values that an administrator defines and then adds to a Role Assignment. The scope tag added on a role controls visibility of the role itself, while the scope tag added in role assignment limits the visibility of Intune objects (such as policies and apps) or devices to only administrators in that role assignment because the role assignment contains one or more matching scope tags. diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md index bcfc9d51fbb..07f27d7970a 100644 --- a/windows-365/enterprise/whats-new.md +++ b/windows-365/enterprise/whats-new.md @@ -55,16 +55,6 @@ For more information about public preview items, see [Public preview in Windows ### Windows 365 app --> - -## Week of October 7, 2024 - - -### Device management - -#### Call redirection - -Windows 365 now supports multimedia redirection call redirection. For more information, see [Use multimedia redirection](/azure/virtual-desktop/multimedia-redirection). - ## Week of September 30, 2024 (Service release 2409)