Merge branch 'main' into patch-1

autopilot/device-preparation/known-issues.md

@@ -8,7 +8,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 10/10/2024
+ms.date: 10/18/2024
 ms.collection:
   - M365-modern-desktop
   - highpri
@@ -42,12 +42,15 @@ This article describes known issues that can often be resolved with:
 
 ## Deployments fail when Managed installer policy is enabled for the tenant
 
-Date added: *October 10, 2024*
+Date added: *October 10, 2024*<br>
+Date updated: *October 18, 2024*
 
 When the [Managed installer policy](/mem/intune/protect/endpoint-security-app-control-policy#managed-installer) is **Active** for a tenant and Win32 apps are selected in the Windows Autopilot device preparation policy, Windows Autopilot device preparation deployments fails. The issue is being investigated.
 
 As a workaround, remove Win32 applications from the list of selected apps in all device preparation policies.
 
+For more information, see [Known issue: Windows Autopilot device preparation with Win32 apps and managed installer policy](https://techcommunity.microsoft.com/t5/intune-customer-success/known-issue-windows-autopilot-device-preparation-with-win32-apps/ba-p/4273286).
+
 ## Security group membership update failures might lead to non-compliant devices
 
 Date added: *September 27, 2024*

memdocs/configmgr/comanage/tutorial-co-manage-clients.md

@@ -2,7 +2,7 @@
 title: Tutorial: Enable co-management for existing clients
 titleSuffix: Configuration Manager
 description: Configure co-management with Microsoft Intune when you already manage Windows devices with Configuration Manager.
-ms.date: 03/21/2022
+ms.date: 10/18/2024
 ms.subservice: co-management
 ms.service: configuration-manager
 ms.topic: tutorial

memdocs/configmgr/core/clients/deploy/plan/client-installation-methods.md

@@ -2,7 +2,7 @@
 title: Client installation methods
 titleSuffix: Configuration Manager
 description: Learn about the methods of installing the Configuration Manager client.
-ms.date: 10/01/2021
+ms.date: 10/18/2024
 ms.subservice: client-mgt
 ms.service: configuration-manager
 ms.topic: conceptual

memdocs/configmgr/core/plan-design/security/enable-tls-1-2-client.md

@@ -2,7 +2,7 @@
 title: How to enable Transport Layer Security (TLS) 1.2 on clients
 titleSuffix: Configuration Manager
 description: Information about how to enable TLS 1.2 for Configuration Manager clients.
-ms.date: 05/04/2021
+ms.date: 10/18/2024
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: how-to

memdocs/configmgr/core/plan-design/security/enable-tls-1-2.md

@@ -2,7 +2,7 @@
 title: Enable Transport Layer Security (TLS) 1.2 overview
 titleSuffix: Configuration Manager
 description: Overview of how to enable TLS 1.2 for Configuration Manager.
-ms.date: 05/04/2021
+ms.date: 10/18/2024
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: conceptual

memdocs/configmgr/core/servers/deploy/install/install-consoles.md

@@ -2,7 +2,7 @@
 title: Install console
 titleSuffix: Configuration Manager
 description: Install the Configuration Manager console to connect to a central administration site or primary site.
-ms.date: 04/12/2022
+ms.date: 10/18/2022
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: how-to

memdocs/configmgr/core/servers/manage/updates.md

@@ -59,7 +59,6 @@ The following supported versions<sup>`*`</sup>, of Configuration Manager are cur
 |-------------|-----------|------------|--------------|------------------------|
 | [**2403**](../../plan-design/changes/whats-new-in-version-2403.md)<br /> (5.00.9128) | April 22, 2024 | October 22, 2025 | Yes<sup>[Note 1](#bkmk_note1)</sup> | Yes |
 | [**2309**](../../plan-design/changes/whats-new-in-version-2309.md)<br /> (5.00.9122) | October 9, 2023 | April 9, 2025 | No | Yes |
-| [**2303**](../../plan-design/changes/whats-new-in-version-2303.md)<br /> (5.00.9106) | April 10, 2023 | October 10, 2024 | Yes<sup>[Note 1](#bkmk_note1)</sup> | Yes |
 
 > [!NOTE]
 > The **Availability date** in this table is when the [early update ring](checklist-for-installing-update-2403.md#early-update-ring) was released. Baseline media will be available on the VLSC soon after the update is globally available.
@@ -87,8 +86,9 @@ The following table lists historical versions of Configuration Manager current b
 
 | Version                          | Availability date | Support end date   | Baseline | In-console update |
 |----------------------------------|-------------------|--------------------|----------|-------------------|
-| **2211** <br /> (5.00.9096))     |  December 5, 2022 | June 5, 2024       | No       | Yes               |
-| **2207** <br /> (5.00.9088))     | August 12, 2022   | February 12, 2024  | No       | Yes               |
+| **2303** <br /> (5.00.9106)      | April 10, 2023    | October 10, 2024   | Yes      | Yes               |
+| **2211** <br /> (5.00.9096)      |  December 5, 2022 | June 5, 2024       | No       | Yes               |
+| **2207** <br /> (5.00.9088)      | August 12, 2022   | February 12, 2024  | No       | Yes               |
 | **2203** <br /> (5.00.9078)      | April 6, 2022     | October 6, 2023    | Yes      | Yes               |
 | **2111** <br /> (5.00.9068)      | December 1, 2021  | June 1, 2023       | No       | Yes               |
 | **2107** <br /> (5.00.9058)      | August 2, 2021    | February 2, 2023   | No       | Yes               |

memdocs/configmgr/core/understand/software-center.md

@@ -5,7 +5,7 @@ description: Learn about the features and functionality of Software Center
 ms.author: baladell 
 author: BalaDelli
 manager: apoorvseth
-ms.date: 06/10/2020
+ms.date: 10/18/2024
 ms.topic: end-user-help
 ms.subservice: core-infra
 ms.service: configuration-manager

memdocs/intune/enrollment/android-aosp-corporate-owned-user-associated-enroll.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 09/18/2024
+ms.date: 09/24/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -62,12 +62,12 @@ Create an enrollment profile to enable enrollment on devices.
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Go to **Devices** > **Enrollment**.  
 3. Select the **Android** tab.  
-4. Under **Android Open Source Project (AOSP) (Preview)**, choose **Corporate-owned, user-associated devices (Preview)**.  
+4. Under **Android Open Source Project (AOSP)**, choose **Corporate-owned, user-associated devices**.  
 5. Select **Create profile**.  
 6. Enter the basics for your profile:
     - **Name**: Give the profile a name. Note the name down for later, because you'll need it when you set up the dynamic device group.  
     - **Description**: Enter a description for the profile. This setting is optional, but recommended.  
-    - **Token expiration date**: Select the date the token expires, up to 90 days in the future.    
+    - **Token expiration date**: Select the date the token expires, which can be up to 65 years in the future.    
     - **SSID**: Identifies the network that the device will connect to.  
 
         > [!NOTE]
@@ -88,7 +88,7 @@ Create an enrollment profile to enable enrollment on devices.
 After you create a profile, Intune generates a token that's needed for enrollment. The token appears as a QR code. During device setup, when prompted to, scan the QR code to enroll the device in Intune.
 
 To view the token as a QR code, select your enrollment profile from the enrollment profile list. Then select **Token**.   
-You can also export the enrollment profile JSON file. To create a JSON file, select Export**.  
+You can also export the enrollment profile JSON file. To create a JSON file, select **Export**.  
 
 > [!IMPORTANT]
 >- The QR code will contain any credentials provided in the profile in plain text to allow the device to successfully authenticate with the network. This is required as the user will not be able to join a network from the device.
@@ -101,10 +101,10 @@ You can generate a new token to replace one that's nearing its expiration date.
 
 1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
 2. Select the **Android** tab.  
-3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, user-associated devices (Preview)**.   
+3. In the **Android Open Source Project (AOSP)** section, choose **Corporate-owned, user-associated devices**.   
 3. Choose the profile that you want to work with.
 4. Select **Token** > **Replace token**.
-5. Enter the new token expiration date. Tokens must be replaced at least every 90 days. 
+5. Enter the token's new expiration date, which can be up to 65 years in the future. 
 6. Select **OK**. 
 
 ### Revoke a token  
@@ -117,7 +117,7 @@ Revoke a token to immediately expire it and make it unusable. For example, it's
 
 1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
 2. Select the **Android** tab.  
-3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, user-associated devices (Preview)**.
+3. In the **Android Open Source Project (AOSP)** section, choose **Corporate-owned, user-associated devices**.
 4.	Choose the profile that you want to work with.  
 5.	Select **Token** > **Revoke token** > **Yes**.   
 

memdocs/intune/enrollment/android-aosp-corporate-owned-userless-enroll.md

@@ -72,12 +72,12 @@ Create an enrollment profile to enable enrollment on devices.
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Go to **Devices** > **Enrollment**.  
 3. Select the **Android** tab.  
-4. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, userless devices (Preview)**.  
+4. In the **Android Open Source Project (AOSP)** section, choose **Corporate-owned, userless devices**.  
 5. Select **Create profile**.  
 6.	Enter the basics for your profile:  
     - **Name**: Give the profile a name. Note the name down for later, because you'll need it when you set up the dynamic device group.   
     - **Description**: Enter a description for the profile. This setting is optional, but recommended.    
-    - **Token expiration date**: Select the date the token expires, up to 90 days in the future.  
+    - **Token expiration date**: Select the date the token expires, which can be up to 90 days in the future.  
     - **SSID**: Identifies the network that the device will connect to.  
 
         > [!NOTE]
@@ -98,20 +98,20 @@ Create an enrollment profile to enable enrollment on devices.
 ### Access enrollment token  
 After you create a profile, Intune generates a token that's needed for enrollment. To access the token:
 
-1. Go to **Corporate-owned, userless devices (Preview)**.
+1. Go to **Corporate-owned, userless devices**.
 2. From the list, select your enrollment profile. 
 3. Select **Tokens**. 
 
 Another way to find the token is:
-1. Go to **Corporate-owned, userless devices (Preview)**.
+1. Go to **Corporate-owned, userless devices**.
 2. Locate your profile in the list, and then select the **More** (**...**) menu that's next to it.
 3. Select **View enrollment token**.  
 
 The token appears as a QR code. During device setup, when prompted to, scan the QR code to enroll the device in Intune.
 
 You can also export the enrollment profile JSON file. To create a JSON file:
 
-1. Go to **Corporate-owned, userless devices (Preview)**.
+1. Go to **Corporate-owned, userless devices**.
 2. From the list, select your enrollment profile.
 3. Select **Token > Export**.   
 
@@ -125,10 +125,10 @@ Generate a new token to replace one that's nearing its expiration date. Replacin
 
 1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
 2. Select the **Android** tab.  
-3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, userless devices (Preview)**. 
+3. In the **Android Open Source Project (AOSP)** section, choose **Corporate-owned, userless devices**. 
 4. Choose the profile that you want to work with.
 5. Select **Token** > **Replace token**.
-6. Enter the new token expiration date. Tokens must be replaced at least every 90 days. 
+6. Enter the token's new expiration date. The token must be replaced at least every 90 days. 
 7. Select **OK**.    
 
 ### Revoke token  
@@ -141,7 +141,7 @@ Revoke a token to immediately expire it and make it unusable. For example, it's
 
 1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Enrollment**.  
 2. Select the **Android** tab.  
-3. In the **Android Open Source Project (AOSP) (Preview)** section, choose **Corporate-owned, userless devices (Preview)**.  
+3. In the **Android Open Source Project (AOSP)** section, choose **Corporate-owned, userless devices**.  
 4.	Choose the profile that you want to work with.
 5.	Select **Token** > **Revoke token** > **Yes**.   
 

memdocs/intune/fundamentals/in-development.md

@@ -7,7 +7,7 @@ keywords:
 author: dougeby
 ms.author: dougeby
 manager: dougeby
-ms.date: 10/01/2024
+ms.date: 10/17/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -77,25 +77,6 @@ EPM is available as an [Intune Suite add-on-capability](../fundamentals/intune-a
 
 ## App management
 
-### Updates to app configuration policies for Android Enterprise devices<!-- 26711672 -->
-
-App configuration policies for Android Enterprise devices will soon support overriding the following additional permissions:
-
-- Access background location
-- Bluetooth (connect)
-
-For more information about app configuration policies for Android Enterprise devices, see [Add app configuration policies for managed Android Enterprise devices](../apps/app-configuration-policies-use-android.md).
-
-Applies to:
-
-- Android Enterprise devices
-
-### New UI for Intune Company Portal app for Windows<!-- 27219294 -->
-
-The UI for the Intune Company Portal app for Windows will be updated. Users will be able to use the same functionality they’re used to with an improved experience for their desktop app. With the updated design, users will see improvements in user experience for the **Home**, **Devices**, and **Downloads & updates** pages. The new design will be more intuitive and will highlight areas where users need to take action.
-
-For more information, see [New look for Intune Company Portal app for Windows](https://techcommunity.microsoft.com/t5/intune-customer-success/new-look-for-intune-company-portal-app-for-windows/ba-p/4158755).
-
 ### Added protection for iOS/iPadOS app widgets<!-- 14614429 -->
 
 To protect organizational data for MAM managed accounts and apps, Intune app protection policies now provide the capability to block data sync from policy managed app data to app widgets. App widgets can be added to end-user's iOS/iPadOS device lock screen, which can expose data contained by these widgets, such as meeting titles, top sites, and recent notes. In Intune, you'll be able to set the app protection policy setting **Sync policy managed app data with app widgets** to **Block** for iOS/iPadOS apps. This setting will be available as part of the **Data Protection** settings in app protection policies. This new setting will be an app protection feature similar to the **Sync policy managed app data with native app or add-ins** setting.
@@ -112,35 +93,10 @@ Applies to:
 
 <!-- ## Device enrollment -->
 
-<!-- *********************************************** -->
-
-
 <!-- *********************************************** -->
 
 ## Device management
 
-### Minimum OS version for Android devices will be Android 10 and later for user-based management methods<!-- 14755802 -->
-
-From October 2024, the minimum OS supported for Android devices will be Android 10 and later for user-based management methods, which includes:
-
-- Android Enterprise personally-owned work profile
-- Android Enterprise corporate owned work profile
-- Android Enterprise fully managed
-- Android Open Source Project (AOSP) user-based
-- Android device administrator
-- App protection policies (APP)
-- App configuration policies (ACP) for managed apps
-
-For enrolled devices on unsupported OS versions (Android 9 and lower)
-
-- Intune technical support won't be provided.
-- Intune won't make changes to address bugs or issues.
-- New and existing features aren't guaranteed to work.
-
-While Intune won't prevent enrollment or management of devices on unsupported Android OS versions, functionality isn't guaranteed, and use isn't recommended.
-
-Userless methods of Android device management (Dedicated and AOSP userless) and Microsoft Teams certified Android devices won't be affected by this change.
-
 ### Device Inventory for Windows<!-- 24853010 -->
 
 Device inventory lets you collect and view additional hardware properties from your managed devices to help you better understand the state of your devices and make business decisions.
@@ -151,33 +107,10 @@ Applies to:
 
 - Windows (Corporate owned devices managed by Intune)
 
-### Collection of additional device inventory details<!-- 29460196 -->
-
-We're adding additional files and registry keys to be collected to assist in troubleshooting the Device Hardware Inventory feature.
-
-Applies to:
-
-- Windows
-
 <!-- *********************************************** -->
 
 ## Device security
 
-### New strong mapping requirements for Intune-issued SCEP certificates<!-- 29005591 -->
-
-To align with the Windows Kerberos Key Distribution Center's (KDC) strong mapping attribute requirements described in [KB5014754](https://support.microsoft.com/help/5014754), SCEP certificates issued by Microsoft Intune will be required to have the following tag in the Subject Alternative Name (SAN) field:
-
-`URL=tag:microsoft.com,2022-09-14:sid:<value>`
-
-This tag will ensure that certificates are compliant with the KDC's latest requirements, and that certificate-based authentication continues working. Microsoft Intune will be adding support for the SID variable in SCEP profiles. You will be able to modify or create a new SCEP profile to include the OnPremisesSecurityIdentifier variable in the SCEP profile. This action will trigger Microsoft Intune to issue new certificates with the appropriate tag to all applicable users and devices.
-
-These requirements apply to:
-
-- Android, iOS/iPadOS, and macOS user certificates.
-- Windows 10/11 user and device certificates.
-
-They don't apply to device certificates used with Microsoft Entra joined users or devices, because SID is an on-premises identifier.
-
 ### Support for Intune Device control policy for devices managed by Microsoft Defender for Endpoint<!-- 15466620 -->
 
 You'll be able to use the endpoint security policy for *Device control* (Attack surface reduction policy) from the Microsoft Intune with the devices you manage through the [Microsoft Defender for Endpoint security settings management](../protect/mde-security-integration.md) capability.