diff --git a/autopilot/dfci-management.md b/autopilot/dfci-management.md
index 361abc4aa14..2501ce555d5 100644
--- a/autopilot/dfci-management.md
+++ b/autopilot/dfci-management.md
@@ -56,7 +56,7 @@ See the following figure:
- A currently supported version of Windows and a supported UEFI is required.
- The device manufacturer must have DFCI added to their UEFI firmware in the manufacturing process, or as a firmware update that can be installed. Work with the device vendors to determine the [manufacturers that support DFCI](#oems-that-support-dfci), or the firmware version needed to use DFCI.
- The device must be managed with Microsoft Intune. For more information, see [Enroll Windows devices in Intune using Windows Autopilot](/mem/intune/enrollment/enrollment-autopilot).
-- The device must be registered for Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider), or registered directly by the OEM. For Surface devices, Microsoft registration support is available at [Microsoft Devices Autopilot Support](https://prod.support.services.microsoft.com/supportrequestform/0d8bf192-cab7-6d39-143d-5a17840b9f5f).
+- The device must be registered for Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider), or registered directly by the OEM. For Surface devices, Microsoft registration support is available at [Microsoft Devices Autopilot Support](https://support.microsoft.com/supportrequestform/0d8bf192-cab7-6d39-143d-5a17840b9f5f).
> [!IMPORTANT]
>
diff --git a/memdocs/analytics/toc.yml b/memdocs/analytics/tocyml.old
similarity index 98%
rename from memdocs/analytics/toc.yml
rename to memdocs/analytics/tocyml.old
index 682e35732ed..91ec406e33a 100644
--- a/memdocs/analytics/toc.yml
+++ b/memdocs/analytics/tocyml.old
@@ -54,4 +54,4 @@ items:
- name: Data collection
href: data-collection.md
- name: Get support
- href: get-support.md
\ No newline at end of file
+ href: get-support.md
diff --git a/memdocs/configmgr/comanage/workloads.md b/memdocs/configmgr/comanage/workloads.md
index 8560bd95d88..a49fdb89587 100644
--- a/memdocs/configmgr/comanage/workloads.md
+++ b/memdocs/configmgr/comanage/workloads.md
@@ -152,6 +152,8 @@ For more information on the Intune feature, see [What is Microsoft Intune app ma
When you enable Microsoft Connected Cache on your Configuration Manager distribution points, they can serve Microsoft Intune Win32 apps to co-managed clients. For more information, see [Microsoft Connected Cache with Configuration Manager](../core/plan-design/hierarchy/microsoft-connected-cache.md#support-for-intune-win32-apps).
+For example, if you wish to deploy the new Store applications (winget) via Microsoft Intune, you need to switch this workload.
+
## Diagram for app workloads
:::image type="content" source="media/co-management-apps.svg" alt-text="Diagram of co-management app workloads." lightbox="media/co-management-apps.svg":::
diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md
index c6e78ae9769..b70a466efa5 100644
--- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md
+++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md
@@ -67,8 +67,10 @@ For more information, see the following articles:
### Supported server OS versions
- **Windows Server 2022**: IoT, Standard, Datacenter (_starting in Configuration Manager version 2107_)
+ - *Windows Server IoT 2022 for Storage* is not supported
-- **Windows Server 2019**: IoT, Standard, Datacenter
+- **Windows Server 2019**: IoT, Standard, Datacenter
+ - *Windows Server IoT 2019 for Storage* is not supported
- **Windows Server 2016**: Standard, Datacenter
diff --git a/memdocs/configmgr/core/plan-design/hierarchy/accounts.md b/memdocs/configmgr/core/plan-design/hierarchy/accounts.md
index f04f3119a8e..9262ede7440 100644
--- a/memdocs/configmgr/core/plan-design/hierarchy/accounts.md
+++ b/memdocs/configmgr/core/plan-design/hierarchy/accounts.md
@@ -364,7 +364,7 @@ The site server uses the **Exchange Server connection account** to connect to th
### Management point connection account
-The management point uses the **Management point connection account** to connect to the Configuration Manager site database. It uses this connection to send and retrieve information for clients. The management point uses its computer account by default, but you can configure an alternate service account instead. When the management point is in an untrusted domain from the site server, you must specify a alternate service account.
+The management point uses the **Management point connection account** to connect to the Configuration Manager site database. It uses this connection to send and retrieve information for clients. The management point uses its computer account by default, but you can configure an alternate service account instead. When the management point is in an untrusted domain from the site server, you must specify an alternate service account.
> [!NOTE]
> For enhanced security posture it is recommended to leverage alternate service account rather than Computer account for ‘Management point connection account’.
@@ -391,7 +391,11 @@ For more information, see [Use multicast to deploy Windows over the network](../
### Network access account
-Client computers use the **network access account** when they can't use their local computer account to access content on distribution points. It mostly applies to workgroup clients and computers from untrusted domains. This account is also used during OS deployment, when the computer that's installing the OS doesn't yet have a computer account on the domain.
+Client computers use the **network access account** when they can't use their local computer account to access content on distribution points. It mostly applies to workgroup clients and computers from untrusted domains.
+This account is also used during OS deployment, when the computer that's installing the OS doesn't yet have a computer account on the domain.
+
+> [!NOTE]
+> Managing clients in untrusted domains and cross-forest scenarios allows for multiple network access accounts.
> [!IMPORTANT]
> The network access account is never used as the security context to run programs, install software updates, or run task sequences. It's used only for accessing resources on the network.
@@ -441,7 +445,6 @@ The network access account is still required for the following actions (includin
- Task Sequence properties setting to **Run another program first**. This setting runs a package and program from a network share before the task sequence starts. For more information, see [Task sequences properties: Advanced tab](../../../osd/deploy-use/manage-task-sequences-to-automate-tasks.md#advanced-tab).
-- Managing clients in untrusted domains and cross-forest scenarios allows for multiple network access accounts.
### Package access account
@@ -746,7 +749,7 @@ Configuration Manager grants access to the account used for the reporting servic
## Elevated permissions
-Configuration Manager requires some accounts to have elevated permissions for on-going operations. For example, see [Prerequisites for installing a primary site](../../servers/deploy/install/prerequisites-for-installing-sites.md#bkmk_PrereqPri). The following list summarizes these permissions and the reasons why they're needed.
+Configuration Manager requires some accounts to have elevated permissions for ongoing operations. For example, see [Prerequisites for installing a primary site](../../servers/deploy/install/prerequisites-for-installing-sites.md#bkmk_PrereqPri). The following list summarizes these permissions and the reasons why they're needed.
- The computer account of the primary site server and central administration site server requires:
diff --git a/memdocs/configmgr/core/plan-design/network/internet-endpoints.md b/memdocs/configmgr/core/plan-design/network/internet-endpoints.md
index 18c020c93f2..3ac54a3a1d1 100644
--- a/memdocs/configmgr/core/plan-design/network/internet-endpoints.md
+++ b/memdocs/configmgr/core/plan-design/network/internet-endpoints.md
@@ -188,6 +188,8 @@ If you use Configuration Manager to deploy and update Microsoft 365 Apps for ent
- `contentstorage.osi.office.net` to support the evaluation of Office add-in readiness
+- `clients.config.office.net` to retrieve the names of the files needed for a particular Microsoft 365 Apps update. For more information, see [Using the Microsoft 365 Apps file list API](/office/client-developer/shared/manageability-applications-with-the-office-365-click-to-run-installer#using-the-microsoft-365-apps-file-list-api).
+
Your top-level site server needs access to the following endpoint to download the Microsoft Apps 365 readiness file:
- Starting March 2, 2021: `https://omex.cdn.office.net/mirrored/sccmreadiness/SOT_SCCM_AddinReadiness.CAB`
diff --git a/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md b/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md
index 28fdf953346..1237771cac7 100644
--- a/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md
+++ b/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md
@@ -79,7 +79,7 @@ For example, you install the Configuration Manager console from a site server th
Each time the Configuration Manager console opens:
-- Tt determines the configured language settings for the computer
+- It determines the configured language settings for the computer
- Verifies whether an associated language pack is available for the Configuration Manager console
- Opens the console by using the appropriate language pack
@@ -381,4 +381,4 @@ You can modify these values or disable alerts for each site:
You may need to uninstall a Configuration Manager site system role, site, or hierarchy. For more information, see [Uninstall roles, sites, and hierarchies](../deploy/install/uninstall-sites-and-hierarchies.md).
-Starting in version 2002, you can also remove the CAS from a hierarchy, but keep the primary site. For more information, see [Remove the CAS](../deploy/install/remove-central-administration-site.md).
\ No newline at end of file
+Starting in version 2002, you can also remove the CAS from a hierarchy, but keep the primary site. For more information, see [Remove the CAS](../deploy/install/remove-central-administration-site.md).
diff --git a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml
index 4d7bab8ed49..090f03a43d9 100644
--- a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml
+++ b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml
@@ -24,26 +24,26 @@ sections:
- question: |
Why do I need antivirus and antispyware software?
answer: |
- It is critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer any time you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software, can also be programmed to run at unexpected times, not just when it is installed.
+ It's critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer anytime you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software can also be programmed to run at unexpected times, not just when it's installed.
Windows Defender or Endpoint Protection offers three ways to help keep malicious software from infecting your computer:
- - **Using real-time protection** - Real-time protection enables Windows Defender to monitor your computer all the time and alert you when malicious software, including viruses, spyware, or other potentially unwanted software attempts to install itself or run on your computer. Windows Defender then suspends the software and enables you to you to follow its recommendation on the software or take an alternative action.
+ - **Using real-time protection** - Real-time protection enables Windows Defender to monitor your computer all the time and alert you when malicious software, including viruses, spyware, or other potentially unwanted software attempts to install itself or run on your computer. Windows Defender then suspends the software and enables you to follow its recommendation on the software or take an alternative action.
- **Scanning options** - You can use Windows Defender to scan for potential threats, such as viruses, spyware, and other malicious software that might put your computer at risk. You can also use it to schedule scans on a regular basis and to remove malicious software that is detected during a scan.
- - **Microsoft Active Protection Service community** - The online Microsoft Active Protection Service community helps you see how other people respond to software that has not yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do.
+ - **Microsoft Active Protection Service community** - The online Microsoft Active Protection Service community helps you see how other people respond to software that hasn't yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do.
- question: |
How can I tell if my computer is infected with malicious software?
answer: |
You might have some form of malicious software, including viruses, spyware, or other potentially unwanted software, on your computer if:
- - You notice new toolbars, links, or favorites that you did not intentionally add to your Web browser.
+ - You notice new toolbars, links, or favorites that you didn't intentionally add to your Web browser.
- Your home page, mouse pointer, or search program changes unexpectedly.
- - You type the address for a specific site, such as a search engine, but you are taken to a different Web site without notice.
+ - You type the address for a specific site, such as a search engine, but you're taken to a different Web site without notice.
- Files are automatically deleted from your computer.
@@ -65,7 +65,7 @@ sections:
answer: |
If Windows Defender detects malicious software or potentially unwanted software on your computer (either when monitoring your computer using real-time protection or after running a scan), it notifies you about the detected item by displaying a notification message in the bottom right-hand corner of your screen.
- The notification message includes a **Clean computer** button and a **Show details** link that lets you view additional information about the detected item. Click the **Show details** link to open the **Potential threat details** window to get additional information about the detected item. You can now choose which action to apply to the item, or click **Clean computer**. If you need help determining which action to apply to the detected item, use the alert level that Windows Defender assigned to the item as your guide (for more information see, Understanding alert levels).
+ The notification message includes a **Clean computer** button and a **Show details** link that lets you view additional information about the detected item. Click the **Show details** link to open the **Potential threat details** window to get additional information about the detected item. You can now choose which action to apply to the item, or click **Clean computer**. If you need help with determining which action to apply to the detected item, use the alert level that Windows Defender assigned to the item as your guide (for more information see, Understanding alert levels).
Alert levels help you choose how to respond to viruses, spyware, and other potentially unwanted software. While Windows Defender will recommend that you remove all viruses and spyware, not all software that is flagged is malicious or unwanted. The following information can help you decide what to do if Windows Defender detects potentially unwanted software on your computer.
@@ -110,7 +110,7 @@ sections:
answer: |
Both viruses and spyware are installed on your computer without your knowledge and both have the potential to be intrusive and destructive. They also have the ability to capture information on your computer and damage or delete that information. They both can negatively affect your computer's performance.
- The main differences between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it is there.
+ The main difference between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it's there.
- question: |
Where do viruses, spyware, and other potentially unwanted software come from?
@@ -125,7 +125,7 @@ sections:
- question: |
Why is it important to review license agreements before installing software?
answer: |
- When you visit websites, do not automatically agree to download anything the site offers. If you download free software, such as file sharing programs or screen savers, read the license agreement carefully. Look for clauses that say that you must accept advertising and pop-ups from the company, or that the software will send certain information back to the software publisher.
+ When you visit websites, don't automatically agree to download anything the site offers. If you download free software, such as file sharing programs or screen savers, read the license agreement carefully. Look for clauses that say that you must accept advertising and pop-ups from the company, or that the software will send certain information back to the software publisher.
- question: |
Why doesn't Windows Defender detect cookies?
@@ -145,12 +145,12 @@ sections:
- If you receive an e-mail with an attachment and you're unsure of the source, then you should delete it immediately. Don't download any applications or files from unknown sources, and be careful when trading files with other users.
- - Install and use a firewall. It is recommended that you enable Windows Firewall.
+ - Install and use a firewall. It's recommended that you enable Windows Firewall.
- question: |
What are virus and spyware definitions?
answer: |
- When you use Windows Defender or Endpoint Protection, it is important to have up-to-date virus and spyware definitions. Definitions are files that act like an ever-growing encyclopedia of potential software threats. Windows Defender or Endpoint Protection uses definitions to determine if software that it detects is a virus, spyware, or other potentially unwanted software, and then to alert you to potential risks. To help keep your definitions up to date, Windows Defender or Endpoint Protection works with Microsoft Update to install new definitions automatically as they are released. You can also set Windows Defender or Endpoint Protection to check online for updated definitions before scanning.
+ When you use Windows Defender or Endpoint Protection, it's important to have up-to-date virus and spyware definitions. Definitions are files that act like an ever-growing encyclopedia of potential software threats. Windows Defender or Endpoint Protection uses definitions to determine if software that it detects is a virus, spyware, or other potentially unwanted software, and then to alert you to potential risks. To help keep your definitions up to date, Windows Defender or Endpoint Protection works with Microsoft Update to install new definitions automatically as they're released. You can also set Windows Defender or Endpoint Protection to check online for updated definitions before scanning.
- question: |
How do I keep virus and spyware definitions up to date?
@@ -236,12 +236,23 @@ sections:
- Yellow indicates that your computer's status is "potentially unprotected."
- Red indicates that your computer's status is "at risk."
-
+ - question: |
+ Can you describe a little bit what protected, potentially protected or at risk means?
+ answer: |
+
+ Depending whether Defender or another antivirus product is being used as primary provider, the general states above represented by a color show the overall assessment of the security state of the device.
+ In case of security level being satisfactory, a green label will be provided.
+
+ The "potentially unprotected" state is mostly due to settings - not directly impacting detection - not being set to the recommended security level. For example, in Defender case, a quick scan didn't run in a while, or cloud protection is turned off.
+ In the case of another antivirus, those states are reported via Security Center and could be in basically the following categories - a scan is recommended, settings change is recommended or an update is recommended.
+
+ The "at risk" status represents serious security issues, such as a malware detection, software out of date or antivirus not running at all. In the case of another Antivirus that could mean license has expired.
+
- question: |
How to set up Windows Defender or Endpoint Protection alerts?
answer: |
- When Windows Defender is running on your computer, it automatically alerts you if it detects viruses, spyware, or other potentially unwanted software. You can also set Windows Defender to alert you if you run software that has not yet been analyzed, and you can choose to be alerted when software makes changes to your computer.
+ When Windows Defender is running on your computer, it automatically alerts you if it detects viruses, spyware, or other potentially unwanted software. You can also set Windows Defender to alert you if you run software that hasn't yet been analyzed, and you can choose to be alerted when software makes changes to your computer.
### To set up alerts
diff --git a/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md b/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md
index a3a68244a22..14a7e2fd713 100644
--- a/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md
+++ b/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md
@@ -21,10 +21,6 @@ ms.collection: tier3
The **Third-Party Software Update Catalogs** node in the Configuration Manager console allows you to subscribe to third-party catalogs, publish their updates to your software update point (SUP), and then deploy them to clients.
-> [!Note]
-> - Microsoft does not test or verify third party update catalogs or their contents in any way. Before deploying you should verify that any updates downloaded from third party update catalogs are free from malicious software and verify them in a testing environment prior to deploying them in your environment.
-> - In version 2006 and earlier, Configuration Manager doesn't enable this feature by default. Before using it, enable the optional feature **Enable third party update support on clients**. For more information, see [Enable optional features from updates](../../core/servers/manage/optional-features.md).
-
## Prerequisites
- Sufficient disk space on the top-level software update point's `WSUSContent` directory to store the source binary content for third-party software updates.
@@ -193,7 +189,7 @@ You can edit an existing subscription by selecting **Properties** from the ribbo
> Some options are only available for v3 third-party update catalogs, which support categories for updates. These options are disabled for catalogs that aren't published in the v3 format.
1. In the **Third-Party Software Update Catalogs** node, right-click on the catalog and select **Properties** or select **Properties** from the ribbon.
-1. You can view the following information from the **General tab**, but not edit the information.:
+1. You can view the following information from the **General tab**, but not edit the information:
> [!NOTE]
> If you need to change any of the information here, you have to add a new custom catalog.
> Provided the download URL is unchanged, the existing catalog must be removed before one with the same download URL can be added.
diff --git a/memdocs/intune/apps/apps-supported-intune-apps.md b/memdocs/intune/apps/apps-supported-intune-apps.md
index 551001ff9a1..0b510eb6c85 100644
--- a/memdocs/intune/apps/apps-supported-intune-apps.md
+++ b/memdocs/intune/apps/apps-supported-intune-apps.md
@@ -193,7 +193,6 @@ The following apps support the core Intune App Protection Policy settings. Apps
| :::no-loc text="Fuze Mobile for Intune"::: 
| Fuze Mobile for Intune allows end users to communicate using voice calling, video meetings, contact center, chat messaging, and content sharing. Admins can deploy Fuze Mobile securely and at scale in a BYOD context. Fuze Mobile for Intune requires both a Fuze account and a Microsoft managed environment. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.fuze.fuzeapp),
[App Store link (iOS)](https://apps.apple.com/app/fuze-mobile/id1160444971) |
| :::no-loc text="Global Relay":::
| Put compliance at the heart of your communication with one powerful app. Global Relay is an enterprise unified communication platform purpose-built for financial and other regulated industries to meet collaboration, compliance, privacy, and security requirements.
Global Relay supports BYOD and corporate programs, ensuring compliant communication with customers, colleagues, and industry peers via text, voice, WhatsApp, and other preferred channels.
The Global Relay App is available for mobile, desktop, and web. And, Global Relay is fully integrated with Microsoft Intune SDK to provide MDM/MAM policy control for IT Administrators.
NOTE: You must be a Global Relay customer or partner to use this app. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.globalrelay.message.intune),
[App Store link (iOS)](https://apps.apple.com/app/global-relay/id576031737) |
| :::no-loc text="Goodnotes 6":::
| Goodnotes 6 is a powerful note-taking app designed to provide a seamless and natural handwriting experience on digital paper. This comprehensive solution combines the simplicity of handwriting, the power of digital tools, and advanced AI features to enhance productivity and organization. Whether you're in a meeting, on a call, or brainstorming, Goodnotes keeps your ideas organized and accessible. | [App Store link (iOS)](https://apps.apple.com/us/app/goodnotes-6/id1444383602) |
-| :::no-loc text="Groupdolists":::
| Groupdolists helps to coordinates incident response teams, whether corporate or public sector, in a single organization or across multiple organizations. Groupdolists creates a common operating picture between all responders, wherever they are, and synchronizes their efforts in real time.
Benefits include the following:
- Groupdolists brings emergency (and everyday) operating procedures to interactive life.
- Groupdolists pushes task lists to response teams, regardless of their location or device, instantly synchronizing what needs to be done and by whom, as well as confirming completed tasks in chronological order.
- Groupdolists increases transparency, provides greater accountability, and offers a "leadership view" for those who need to see but not touch.
- Groupdolists instantly synchronizes not just tasks, but photos, videos, links, comments, and documents to all team members. Everything you use is available for reference and action.
- Groupdolists provides complete after-action documentation in both PDF and Excel formats.
| [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.groupdolists.android&hl=en_CA&gl=US) |
| :::no-loc text="HCSS Field: Time, cost, safety"::: 
| HCSS Field is a mobile app for heavy civil construction. It is designed to replace paper-based processes with digital solutions. It integrates with the HCSS software suite to streamline field operations, project management, safety, and team communication. | [App Store link (iOS)](https://apps.apple.com/app/hcss-field-time-cost-safety/id720784422) |
| :::no-loc text="HCSS Plans: Revision control":::
| HCSS Plans is a collaborative app for heavy civil construction. It allows teams to work with the latest project plans and documents, enabling seamless teamwork, smart revision control, and instant document access. | [App Store link (iOS)](https://apps.apple.com/app/hcss-plans-revision-control/id1319971186) |
| :::no-loc text="Hearsay for Intune":::
| Hearsay for Intune enables advisors to manage and nurture their book of business in a protected BYOD environment with mobile application management (MAM). This version of Hearsay allows IT administrators to protect corporate data while keeping advisors in touch with their book of business.
Hearsay, a mobile application that enables financial services professionals to move business forward. Leverage compliant texting and seamless voice calling to connect with your entire book of business. Stay productive with calendar integration to set appointments, and schedule reminder messages for upcoming meetings, birthday greetings, and more.
Hearsay for Intune gives enterprise users all the features they expect from Hearsay, while providing IT administrators the MAM functionality they need to keep corporate data safe. In the event of a lost or stolen device, IT can remove Hearsay for Intune from the device along with any sensitive data associated with it. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.hearsaysocial.messages.intune),
[App Store link (iOS)](https://apps.apple.com/app/hearsay-for-intune/id1501771956) |
diff --git a/memdocs/intune/configuration/device-profile-troubleshoot.md b/memdocs/intune/configuration/device-profile-troubleshoot.md
index 6cd6514893f..45ae7faf526 100644
--- a/memdocs/intune/configuration/device-profile-troubleshoot.md
+++ b/memdocs/intune/configuration/device-profile-troubleshoot.md
@@ -7,7 +7,7 @@ keywords:
author: MandiOhlinger
ms.author: mandia
manager: dougeby
-ms.date: 05/13/2024
+ms.date: 11/11/2024
ms.topic: troubleshooting
ms.service: microsoft-intune
ms.subservice: configuration
@@ -172,6 +172,12 @@ For more information on dynamic groups, go to:
- [Performance recommendations when using Intune to group, target, and filter](../fundamentals/filters-performance-recommendations.md)
- [Dynamic membership rules for groups in Microsoft Entra ID](/azure/active-directory/enterprise-users/groups-dynamic-membership)
+## "The sync could not be initiated (0x80072f9a)" error
+
+On Windows devices, when trying to sync in the **Settings** app > **Accounts** > **Access work or school**, you might see a `The sync could not be initiated (0x80072f9a)` error.
+
+If the Trusted Platform Module (TPM) was reset to factory settings, then the device must reenrolled to resume syncing. The device's Microsoft Entra identity is stored in the TPM. So, if the ID is removed, then reenrollment is the only way to reestablish the Microsoft Entra identity.
+
## Related articles
- [Troubleshoot policies and profiles](/troubleshoot/mem/intune/troubleshoot-policies-in-microsoft-intune).
diff --git a/memdocs/intune/developer/app-sdk-ios-phase3.md b/memdocs/intune/developer/app-sdk-ios-phase3.md
index b8ae1b08e10..6ce79464ba7 100644
--- a/memdocs/intune/developer/app-sdk-ios-phase3.md
+++ b/memdocs/intune/developer/app-sdk-ios-phase3.md
@@ -413,6 +413,9 @@ The return value of this method tells the SDK if the application must handle the
* If false is returned, the SDK will restart the application after this method returns. The SDK immediately shows a dialog box that tells the user to restart the application.
+>[!NOTE]
+>.NET MAUI apps do not require a restart.
+
## Exit Criteria
After you've either configured the build plugin or integrated the command line tool into your build process, validate that it's running successfully:
diff --git a/memdocs/intune/enrollment/device-enrollment-program-enroll-ios.md b/memdocs/intune/enrollment/device-enrollment-program-enroll-ios.md
index 97e38d865e2..99ee8c68977 100644
--- a/memdocs/intune/enrollment/device-enrollment-program-enroll-ios.md
+++ b/memdocs/intune/enrollment/device-enrollment-program-enroll-ios.md
@@ -216,7 +216,10 @@ Now that you've installed your token, you can create an enrollment profile for a
1. Choose a token, and then select **Profiles**.
1. Select **Create profile** > **iOS/iPadOS**.
1. For **Basics**, give the profile a **Name** and **Description** for administrative purposes. Users don't see these details.
-1. Select **Next**.
+1. Select **Next**.
+
+ > [!IMPORTANT]
+ > You must assign an enrollment policy to your devices before the devices become active. We recommend that you set a default enrollment policy as soon as possible so that as devices sync from Apple Business Manager or Apple School Manager, and then turn on, they can enroll correctly through automated device enrollment. If a device you synced from Apple is not assigned an enrollment policy and someone turns it on to set it up, enrollment will fail.
> [!IMPORTANT]
> If you make changes to an existing enrollment profile, the new settings won't take effect on assigned devices until devices are reset back to factory settings and reactivated. The device name template setting is the only setting you can change that doesn't require a factory reset to take effect. Changes to the naming template take effect at the next check-in.
diff --git a/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md b/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md
index 53e3bcbcc00..517b10c4a0f 100644
--- a/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md
+++ b/memdocs/intune/enrollment/device-enrollment-program-enroll-macos.md
@@ -128,7 +128,10 @@ At the end of this procedure, you can assign this profile to Microsoft Entra dev
1. Select an enrollment program token.
1. Select **Profiles** > **Create profile** > **macOS**.
- 
+ 
+
+ > [!IMPORTANT]
+ > You must assign an enrollment policy to your devices before the devices become active. We recommend that you set a default enrollment policy as soon as possible so that as devices sync from Apple Business Manager or Apple School Manager, and then turn on, they can enroll correctly through automated device enrollment. If a device you synced from Apple is not assigned an enrollment policy and someone turns it on to set it up, enrollment will fail.
1. For **Basics**, enter a name and description for the profile so that you can distinguish it from other enrollment profiles. These details aren't visible to device users.
diff --git a/memdocs/intune/enrollment/device-staging-overview.md b/memdocs/intune/enrollment/device-staging-overview.md
index 92eae35b8e7..86c1e0ac853 100644
--- a/memdocs/intune/enrollment/device-staging-overview.md
+++ b/memdocs/intune/enrollment/device-staging-overview.md
@@ -74,7 +74,7 @@ In the second stage, an Intune admin or third-party vendor completes the followi
1. With the device, scan the staging token's QR code or enter the token string.
-1. Complete the enrollment steps and setup wizard. When you get to the sign-in screen, stop. Don't sign in.
+1. Complete the enrollment steps and setup wizard. At the end of setup, you are on the device's home screen.
1. Turn off the device and distribute it to the end user.
diff --git a/memdocs/intune/includes/intune-notices.md b/memdocs/intune/includes/intune-notices.md
index 615a5ca2d36..d71c7a45f4a 100644
--- a/memdocs/intune/includes/intune-notices.md
+++ b/memdocs/intune/includes/intune-notices.md
@@ -4,7 +4,7 @@ description: include file
author: dougeby
ms.service: microsoft-intune
ms.topic: include
-ms.date: 10/30/2024
+ms.date: 11/13/2024
ms.author: dougeby
manager: dougeby
ms.custom: include file
@@ -12,7 +12,30 @@ ms.custom: include file
These notices provide important information that can help you prepare for future Intune changes and features.
+### Plan for Change: Implement strong mapping for SCEP and PKCS certificates
+
+With the May 10, 2022, Windows update ([KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16)), changes were made to the Active Directory Kerberos Key Distribution (KDC) behavior in Windows Server 2008 and later versions to mitigate elevation of privilege vulnerabilities associated with certificate spoofing. Windows will enforce these changes on **February 11, 2025**.
+
+To prepare for this change, Intune has released the ability to include the security identifier to strongly map SCEP and PKCS certificates. For more information, review the blog: [Support tip: Implementing strong mapping in Microsoft Intune certificates](https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-implementing-strong-mapping-in-microsoft-intune-certificates/4053376)
+
+#### How does this affect you or your users?
+
+These changes will impact SCEP and PKCS certificates delivered by Intune for Microsoft Entra hybrid joined users or devices. If a certificate can't be strongly mapped, authentication will be denied. To enable strong mapping:
+
+- SCEP certificates: Add the security identifier to your SCEP profile. We strongly recommend testing with a small group of devices and then slowly rollout updated certificates to minimize disruptions to your users.
+- PKCS certificates: Update to the latest version of the Certificate Connector, change the registry key to enable the security identifier, and then restart the connector service. **Important:** Before you modify the registry key, review how to change the registry key and how to back up and restore the registry.
+
+For detailed steps and additional guidance, review the blog: [Support tip: Implementing strong mapping in Microsoft Intune certificates](https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-implementing-strong-mapping-in-microsoft-intune-certificates/4053376)
+
+#### How can you prepare?
+
+If you use SCEP or PKCS certificates for Microsoft Entra Hybrid joined users or devices, you'll need to take action before February 11, 2025 to either:
+
+- **(Recommended)** Enable strong mapping by reviewing the steps described in the blog: [Support tip: Implementing strong mapping in Microsoft Intune certificates](https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-implementing-strong-mapping-in-microsoft-intune-certificates/4053376)
+- Alternatively, if all certificates cannot be renewed before February 11, 2025, with the SID included, enable Compatibility mode by adjusting the registry settings as described in [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16). Compatibility mode will remain valid until September 2025.
+
### Update to the latest Intune App SDK and Intune App Wrapper for Android 15 support
+
We've recently released new versions of the Intune App SDK and Intune App Wrapping Tool for Android to support Android 15. We recommend upgrading your app to the latest SDK or wrapper versions to ensure applications stay secure and run smoothly.
#### How does this affect you or your users?
diff --git a/memdocs/intune/index.yml b/memdocs/intune/index.yml
index 1341161f314..decac21d09f 100644
--- a/memdocs/intune/index.yml
+++ b/memdocs/intune/index.yml
@@ -247,9 +247,6 @@ conceptualContent:
- url: ./fundamentals/monitor-audit-logs.md
itemType: how-to-guide
text: Use audit logs to track and monitor events
- - url: /mem/analytics/
- itemType: concept
- text: Endpoint analytics docs
footerLink:
text: Browse all reporting and monitoring articles
url: ./fundamentals/reports.md
@@ -265,6 +262,18 @@ conceptualContent:
- url: ./protect/microsoft-tunnel-mam.md
itemType: how-to-guide
text: Microsoft Tunnel for Mobile Application Management
+
+ - title: Microsoft Endpoint analytics
+ links:
+ - url: ../analytics/overview.md
+ itemType: how-to-guide
+ text: Overview of Endpoint analytics
+ - url: ../analytics/scores.md
+ itemType: how-to-guide
+ text: Scores, baselines and insight
+ - url: ../analytics/startup-performance.md
+ itemType: how-to-guide
+ text: Reports in Endpoint analytics
- title: Developer guidance
links:
diff --git a/memdocs/intune/protect/epm-overview.md b/memdocs/intune/protect/epm-overview.md
index 00a6c37adbd..1e02f30f682 100644
--- a/memdocs/intune/protect/epm-overview.md
+++ b/memdocs/intune/protect/epm-overview.md
@@ -65,6 +65,7 @@ Endpoint Privilege Management has the following requirements:
Endpoint Privilege Management supports the following operating systems:
+- Windows 11, version 24H2
- Windows 11, version 23H2 (22631.2506 or later) with [KB5031455](https://support.microsoft.com/topic/october-31-2023-kb5031455-os-builds-22621-2506-and-22631-2506-preview-6513c5ec-c5a2-4aaf-97f5-44c13d29e0d4)
- Windows 11, version 22H2 (22621.2215 or later) with [KB5029351](https://support.microsoft.com/topic/august-22-2023-kb5029351-os-build-22621-2215-preview-9af25662-083a-43f5-b3a7-975fe25cc692)
- Windows 11, version 21H2 (22000.2713 or later) with [KB5034121](https://support.microsoft.com/topic/january-9-2024-kb5034121-os-build-22000-2713-f5847e32-0b71-4151-8190-54d3e36386f0)
diff --git a/memdocs/intune/protect/epm-policies.md b/memdocs/intune/protect/epm-policies.md
index 1753d2f5700..c878873eb3d 100644
--- a/memdocs/intune/protect/epm-policies.md
+++ b/memdocs/intune/protect/epm-policies.md
@@ -261,7 +261,10 @@ Use either of the following methods to create new elevation rules, which are add
1. For the rule, configure the elevation **Type** and **Child process behavior**, and then select **OK**. The policy is updated with the new rule.
2. After the rule is added to the policy, you can edit the policy to gain access to the rule and then modify it to make additional configurations if needed.
-
+
+ **Require the same file path as this elevation:**
+ When you select this checkbox, the File Path field in the rule is set to the file path as seen in the report. If the checkbox isn’t selected, the path remains empty.
+
:::image type="content" source="./media/epm-policies/create-a-rule.png" alt-text="Image from the admin center UI of the create a rule pane." lightbox="./media/epm-policies/create-a-rule.png":::
### Manually configure elevation rules for Windows elevation rules policy
diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md
index 40b3923dadb..ad102136f1b 100644
--- a/memdocs/intune/protect/mde-security-integration.md
+++ b/memdocs/intune/protect/mde-security-integration.md
@@ -469,6 +469,8 @@ For the list of policy and profile combinations supported for security settings
## Monitor status
+**Intune:**
+
Status and reports for policies that target devices in this channel are available from the policy node under Endpoint security in the Microsoft Intune admin center.
Drill in to the policy type and then select the policy to view its status. You can view the list of platforms, policy types, and profiles that support security settings management in the table in [Which solution should I use](#which-solution-should-i-use), earlier in this article.
@@ -476,9 +478,20 @@ Drill in to the policy type and then select the policy to view its status. You c
When you select a policy, you can view information about the device check-in status, and can select:
- **View report** - View a list of devices that received the policy. You can select a device to drill in and see its per-setting status. You can then select a setting to view more information about it, including other policies that manage that same setting, which could be a source of conflict.
-
- **Per setting status** - View the settings that are managed by the policy, and a count of success, errors, or conflicts for each setting.
+**Defender Portal:**
+
+You can also monitor the Intune policies that are applied from within the [Microsoft Defender portal](https://security.microsoft.com/). Within the portal, go to **Endpoints**, expand configuration management and select *Endpoint security policies*. Select a policy to view its status, and then select:
+
+- **Overview** - View an overview of the groups the policy is applied to, the policy settings that are applied, and device check-in status.
+- **Policy Settings Values** - View the settings that are configured by the policy.
+- **Policy settings status** - View the settings that are managed by the policy, and a count of success, errors, or conflicts for each setting.
+- **Applied devices** - View the devices to which the policy is applied.
+- **Assigned Groups** - View the groups to which the policy is assigned.
+
+For additional information, see [Manage endpoint security policies in Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/manage-security-policies?toc=/mem/intune/toc.json&bc=/mem/breadcrumb/toc.json) in the Defender content.
+
## Frequently asked questions and considerations
### Device check-in frequency
diff --git a/memdocs/intune/toc.yml b/memdocs/intune/toc.yml
index cd552eeaf23..3f546229150 100644
--- a/memdocs/intune/toc.yml
+++ b/memdocs/intune/toc.yml
@@ -100,6 +100,7 @@ items:
href: ./copilot/copilot-intune-faq.md
- name: Intune plugin in Security Copilot
href: ./copilot/security-copilot.md
+
- name: Plan
items:
- name: Planning guide
@@ -189,6 +190,70 @@ items:
- name: Step 5 - Enroll devices
displayName: deployment, mdm, android, ios, ipados, macos, windows
href: ./fundamentals/deployment-guide-enroll.md
+ - name: Microsoft Copilot + Intune
+ items:
+ - name: Copilot in Intune
+ href: ./copilot/copilot-intune-overview.md
+ - name: Troubleshoot a device using Copilot
+ href: ./copilot/copilot-devices.md
+ - name: FAQ
+ href: ./copilot/copilot-intune-faq.md
+ - name: Intune plugin in Copilot for Security
+ href: ./copilot/security-copilot.md
+ - name: Endpoint analytics
+ items:
+ - name: Overview
+ items:
+ - name: What is Endpoint analytics?
+ href: ../analytics/overview.md
+ - name: Concepts
+ items:
+ - name: Scores, baselines, and insights
+ href: ../analytics/scores.md
+ - name: How to guides
+ items:
+ - name: Enroll Intune devices
+ href: ../analytics/enroll-intune.md
+ - name: Enroll Configuration Manager devices
+ href: ../analytics/enroll-configmgr.md
+ - name: Manage settings
+ href: ../analytics/settings.md
+ - name: Reports
+ items:
+ - name: Startup performance
+ href: ../analytics/startup-performance.md
+ - name: Restart frequency
+ href: ../analytics/restart-frequency.md
+ - name: Application reliability
+ href: ../analytics/app-reliability.md
+ - name: Work from anywhere
+ href: ../analytics/work-from-anywhere.md
+ - name: Endpoint analytics in Microsoft Adoption Score
+ href: ../analytics/adoption-score.md
+ - name: Intune Advanced Analytics
+ items:
+ - name: What is Advanced Analytics?
+ href: ../analytics/advanced-endpoint-analytics.md
+ - name: Anomaly detection
+ href: ../analytics/anomaly-detection.md
+ - name: Enhanced device timeline
+ href: ../analytics/enhanced-device-timeline.md
+ - name: Device scopes
+ href: ../analytics/device-scopes.md
+ - name: Device query
+ href: ../analytics/device-query.md
+ - name: Data platform schema
+ href: ../analytics/data-platform-schema.md
+ - name: Battery health
+ href: ../analytics/battery-health.md
+ - name: Resource Performance
+ href: ../analytics/resource-performance-report.md
+ - name: Get support
+ href: ../analytics/get-support.md
+ - name: Data collection
+ href: ../analytics/data-collection.md
+ - name: Troubleshoot
+ href: ../analytics/troubleshoot.md
- name: How-to guides
items:
@@ -1779,8 +1844,6 @@ items:
href: ./fundamentals/review-logs-using-azure-monitor.md
- name: Device configuration profile status
href: ./configuration/device-profile-monitor.md
- - name: Endpoint analytics
- href: ../analytics/
- name: Industry guides
items:
diff --git a/memdocs/intune/user-help/check-status-company-portal-website.md b/memdocs/intune/user-help/check-status-company-portal-website.md
index f2ccc185c4a..b164a65764e 100644
--- a/memdocs/intune/user-help/check-status-company-portal-website.md
+++ b/memdocs/intune/user-help/check-status-company-portal-website.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 11/29/2023
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
diff --git a/memdocs/intune/user-help/enroll-device-android-microsoft-intune-app.md b/memdocs/intune/user-help/enroll-device-android-microsoft-intune-app.md
index 4450ed089c9..96816b190d8 100644
--- a/memdocs/intune/user-help/enroll-device-android-microsoft-intune-app.md
+++ b/memdocs/intune/user-help/enroll-device-android-microsoft-intune-app.md
@@ -62,9 +62,7 @@ Complete these steps to set up and enroll your device.
1. Review the terms from Google. Then tap **ACCEPT & CONTINUE**.
-1. Review Chrome's Terms of Service. Then tap **ACCEPT & CONTINUE**.
-
- 
+1. Review Chrome's Terms of Service. Then tap **ACCEPT & CONTINUE**.
1. On the sign in screens, sign in with your work or school account.
@@ -81,8 +79,6 @@ Complete these steps to set up and enroll your device.
1. When you see the message that your device is ready, tap **DONE**.
- 
-
If you have trouble accessing your organization's resources, you might need to update other settings on your device. Sign in to the Microsoft Intune app to check for required updates.
diff --git a/memdocs/intune/user-help/enroll-device-android-work-profile.md b/memdocs/intune/user-help/enroll-device-android-work-profile.md
index e4e10cd77bb..85f8c6e5b3c 100644
--- a/memdocs/intune/user-help/enroll-device-android-work-profile.md
+++ b/memdocs/intune/user-help/enroll-device-android-work-profile.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 07/01/2024
+ms.date: 11/13/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -46,7 +46,7 @@ This article describes how to enroll your device using the Intune Company Portal
[Install the Intune Company Portal app from Google Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal). The Company Portal app is used to enroll and manage your device, install work apps, and get IT support.
## Enroll device
-Make sure you're signed in to the primary user account on your device. Work profile enrollment is not supported on secondary user accounts.
+Make sure you're signed in to the primary user account on your device. Work profile enrollment isn't supported on secondary user accounts.
1. Open the Intune Company Portal app and sign in with your work or school account.
@@ -56,7 +56,7 @@ Make sure you're signed in to the primary user account on your device. Work prof
3. On the privacy information screen, review the list of items that your organization can and can't see on your device. Then tap **CONTINUE**.
- 
+ 
4. Review the Google terms for creating a work profile. Accept the terms to continue. The appearance of this screen varies based on OS version.
@@ -73,7 +73,7 @@ Make sure you're signed in to the primary user account on your device. Work prof
> [!div class="mx-imgBorder"]
> 
-7. On the **Company Access Setup** screen, confirm that the profile has been created. Then tap **CONTINUE** to proceed to the next enrollment task.
+7. On the **Company Access Setup** screen, confirm that you created the profile. Then tap **CONTINUE** to proceed to the next enrollment task.
> [!div class="mx-imgBorder"]
> 
@@ -84,22 +84,22 @@ Make sure you're signed in to the primary user account on your device. Work prof
> [!div class="mx-imgBorder"]
> 
-10. In the Company Portal app, review the list of settings your organization requires. Update the settings on your device if necessary. Tap **RESOLVE** to open the setting on your device. After you're done updating settings, tap **CONFIRM DEVICE SETTINGS**.
+10. In the Company Portal app, review the list of settings your organization requires. Update the settings on your device if necessary. Tap **RESOLVE** to open the setting on your device. After you're done updating settings, tap **CONFIRM DEVICE SETTINGS**.
> [!div class="mx-imgBorder"]
- > 
+ > 
-11. When setup and enrollment are complete, you are sent back to the setup list, where you should see a green checkmark next to each enrollment task. Tap **DONE**.
+11. When setup and enrollment are complete, you're sent back to the setup list, where you should see a green checkmark next to each enrollment task. Tap **DONE**.
- 
+ 
12. Optionally, when prompted to view suggested work apps in Google Play Store, tap **OPEN**. If you're not ready to install apps, you can do it later by going to the Play Store app in your work profile.
- 
+ 
You can also access available apps from the Company Portal menu > **Get Apps**.
- 
+ 
## Android Enterprise availability
diff --git a/memdocs/intune/user-help/enroll-your-device-in-intune-macos-cp.md b/memdocs/intune/user-help/enroll-your-device-in-intune-macos-cp.md
index b7a613e1222..34cf09a71bd 100644
--- a/memdocs/intune/user-help/enroll-your-device-in-intune-macos-cp.md
+++ b/memdocs/intune/user-help/enroll-your-device-in-intune-macos-cp.md
@@ -7,7 +7,7 @@ keywords: Mac OS X, macOS, OS X
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 11/20/2023
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -60,23 +60,25 @@ Your device must be running macOS 11 or later.
## Enroll your Mac
1. Sign in to the Company Portal app with your work or school account.
-2. On the **Set up access** page, select **Begin**.
-3. Review the privacy information. Then select **Continue**.
-4. On the **Install management profile** page, select **Download profile**.
-
- 
-5. Your macOS system settings open in a new window. The management profile you just downloaded is shown.
+1. On the **Set up access** page, select **Begin**.
+1. Review the privacy information. Then select **Continue**.
+1. On the **Install management profile** page, select **Download profile**.
+1. Your macOS system settings open in a new window. The management profile you downloaded is shown.
1. Select the profile to open it.
1. Select **Install...**
1. When asked to confirm installation, select **Install**.
1. Enter your device password to allow the profile to enroll your device. Then select **Enroll**.
-6. Wait while the management profile installs and then enrolls your device.
-7. Return to the Company Portal app and verify that there's a green checkmark next to **Install management profile**.
-8. Your organization may require you to update your device settings. On the **Checking device settings** page, review the list of settings you need to change. Select **How to resolve this** to view related help documentation in a web browser.
-9. After you make all changes, select **Retry**. Wait while Company Portal rechecks your device settings.
-
- 
-10. When setup is complete, select **Done**. Your device is ready to use for work. You can go to **Devices** in the Company Portal app to view and manage your enrolled Mac.
+1. Wait while the management profile installs and then enrolls your device.
+1. Return to the Company Portal app and verify that there's a green checkmark next to **Install management profile**.
+1. Your organization may require changes to the device settings. In Company Portal, select the device. Under **Status**, review the list of required changes. Select **Learn more** to read more about the requirements.
+
+ > [!TIP]
+ > Select **How to resolve this**, where applicable, to view related help documentation in a web browser.
+
+1. After you make all changes, select **Retry**. Wait while Company Portal rechecks your device settings and refreshes the status.
+1. When setup is complete, select **Done**.
+
+Your device is ready to use for work or school. Sign in to the Company Portal app or website anytime to view and manage it.
## Troubleshooting and feedback
diff --git a/memdocs/intune/user-help/get-recovery-key-cpweb.md b/memdocs/intune/user-help/get-recovery-key-cpweb.md
index 83c5d4bad84..11419d3d7aa 100644
--- a/memdocs/intune/user-help/get-recovery-key-cpweb.md
+++ b/memdocs/intune/user-help/get-recovery-key-cpweb.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 06/18/2024
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -38,15 +38,15 @@ Get the recovery key for your locked Mac. If you forget the password on the Mac
This option is available for Macs that were encrypted by your organization using FileVault. It's not available for Macs that you have personally encrypted.
1. On any device, sign in to the [Company Portal website](https://portal.manage.microsoft.com).
-2. Open the menu and go to **Devices**.
-2. Select the encrypted Mac.
-3. Select **Get recovery key**.
+1. Open the menu and go to **Devices**.
+1. Select the Mac you're locked out of.
+1. Select **Get recovery key**.
-4. Your recovery key appears. For security reasons, the key disappears after five minutes. To see the key again, select **Get recovery key**.
+1. Your recovery key appears. For security reasons, the key disappears after five minutes. To see the key again, select **Get recovery key**.
- 
+ 
## Get recovery key from Company Portal app
@@ -58,9 +58,8 @@ This option isn't available for Macs that you have personally encrypted. The per
- Company Portal for macOS
1. Go to **Devices** and select the Mac you're locked out of.
-1. On the device details page, select **Get recovery key**. The Company Portal website opens in Safari and shows the key. After 5 minutes of inactivity, Company Portal returns you to the device details page on the Company Portal website. You can view the key again from there.
-
- 
+1. On the device's page, select **Get recovery key**.
+1. The Company Portal website opens and shows the key. Write down or copy the key. For security reasons, the key disappears after five minutes.
## IT pro support
diff --git a/memdocs/intune/user-help/get-recovery-key-windows.md b/memdocs/intune/user-help/get-recovery-key-windows.md
index 0ca3294ca21..8366e849df9 100644
--- a/memdocs/intune/user-help/get-recovery-key-windows.md
+++ b/memdocs/intune/user-help/get-recovery-key-windows.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 06/18/2024
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -31,13 +31,6 @@ ms.collection:
# Get recovery key for Windows
-**Applies to**:
-
- - Windows 10
- - Windows 11
- - iOS/iPadOS
- - macOS
-
Access the BitLocker recovery key for a work or school device on the Intune Company Portal website or in the Intune Company Portal app. If you forget the sign-in password and get locked out of an Intune-enrolled PC, you can unlock it with a stored recovery key. This article describes how to retrieve the key from Company Portal.
>[!NOTE]
@@ -60,10 +53,11 @@ Retrieve a personal BitLocker recovery key on the Company Portal website.
> 
1. On any device, sign in to the [Company Portal website](https://portal.manage.microsoft.com).
-2. Go to **Devices**.
-2. Select the PC you're locked out of.
-3. Select **Show recovery key**.
-4. Your recovery key appears. For security reasons, the key disappears after five minutes. To see the key again, select **Show recovery key**.
+1. Go to **Devices**.
+1. Select the PC you're locked out of.
+1. Select **Get recovery key**.
+1. Select **Show recovery key**.
+1. Your recovery key appears. Write down or copy the code, and then enter it in the BitLocker recovery screen on your computer. For security reasons, the key disappears after five minutes. To see the key again, select **Show recovery key**.
If a key isn't found, but your device is properly encrypted, contact your IT support person for help. Check the Company Portal website for your organization's helpdesk details.
@@ -79,8 +73,8 @@ Retrieve a personal BitLocker recovery key in the Company Portal app. The recove
2. Go to **Devices**, and then select your Windows device.
3. On the device details page, select **Get recovery key**. The Company Portal website opens in Safari and shows the key.
- After 5 minutes of inactivity, Company Portal returns you to the Windows device details page in the web portal. You can view the key again from there.
+ After 5 minutes of inactivity, Company Portal returns you to the device page in your web browser. You can view the key again from there.
## IT pro support
-If you're an IT support person and want to configure and manage encryption, see [Manage policy for Windows devices with Microsoft Intune](../protect/encrypt-devices.md).
+If you're an IT support person and want to configure and manage encryption, see [Manage policy for Windows devices with Microsoft Intune](../protect/encrypt-devices.md).
diff --git a/memdocs/intune/user-help/microsoft-intune-app-verbose-logging.md b/memdocs/intune/user-help/microsoft-intune-app-verbose-logging.md
index 5d6d41bcd04..b0f60539a43 100644
--- a/memdocs/intune/user-help/microsoft-intune-app-verbose-logging.md
+++ b/memdocs/intune/user-help/microsoft-intune-app-verbose-logging.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 03/04/2024
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
diff --git a/memdocs/intune/user-help/password-does-not-meet-it-administrator-requirements.md b/memdocs/intune/user-help/password-does-not-meet-it-administrator-requirements.md
index 214f623773c..41f7eed5713 100644
--- a/memdocs/intune/user-help/password-does-not-meet-it-administrator-requirements.md
+++ b/memdocs/intune/user-help/password-does-not-meet-it-administrator-requirements.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 07/02/2024
+ms.date: 11/09/2024
ms.topic: end-user-help
ms.localizationpriority: high
ms.service: microsoft-intune
@@ -39,13 +39,15 @@ ms.collection:
* iOS/iPadOS
* macOS
-Intune Company Portal notifies you when the sign-in password, PIN, or passcode on your enrolled device conflicts with your organization's security requirements. Device sign-in requirements are put in place to prevent unauthorized individuals from gaining access to the work or school data on your device. Until you choose a more secure sign-in method, you may be blocked from accessing your organization's network.
+When you enroll your device for work or school use, you might need to adjust the lock screen and startup settings you use to unlock your device so that they align with your organization's password and biometric requirements. Password and biometric requirements are put in place to prevent unauthorized individuals from gaining access to the work or school data on your device. Until you choose a more secure authentication method for your device's lock screen, you might be blocked from accessing your organization's network.
-Company Portal sends one message per passcode requirement. For example, if your passcode is too short and too simple, you'll receive one message about the length and one message about the complexity. For a list of all passcode-related messages in Company Portal, see [Reference: device passcode messages in Company Portal](intune-company-portal-password-message-reference.md).
+## List of Company Portal messages
-## Change password, passcode, PIN
+For a list of all passcode-related messages in Company Portal, see [Reference: device passcode messages in Company Portal](intune-company-portal-password-message-reference.md). Company Portal sends you one message per password requirement. For example, if your passcode is too short and too simple, you receive one message about the length and one message about the complexity. Your workplace chooses the password and biometric requirements for your device. If the Company Portal messages appear too vague, contact your IT support person directly for the exact password and biometric requirements for your device.
-To secure your device with a sign-in passcode, password, or lock screen, see the following resources.
+## Change password and biometrics
+
+The following resources are available for Apple, Android, and Windows devices, and describe how to set up lock screens and startup passwords. For the most up-to-date information about how to secure your specific device model, refer to the device manufacturer's help documentation.
- [Windows sign-in options and account protection](https://support.microsoft.com/windows/windows-sign-in-options-and-account-protection-7b34d4cf-794f-f6bd-ddcc-e73cdf1a6fbf)
@@ -55,13 +57,11 @@ To secure your device with a sign-in passcode, password, or lock screen, see the
- [Set screen lock on Android device](https://support.google.com/android/answer/9079129) (opens Android Help docs)
-- [Set up or change your Android work profile lock](https://support.google.com/work/android/answer/7029958) (opens Android Enterprise Help docs)
-
-For information about how to secure your specific device model, refer to the device manufacturer's help documentation.
+- [Set up or change your Android work profile lock](https://support.google.com/work/android/answer/7029958) (opens Android Enterprise Help docs)
## Next steps
Still need help?
-* If you still receive passcode-related messages after updating the passcode, try restarting your device.
+* If you still receive password and authentication-related messages after updating your settings, try restarting your device.
-* Sign-in and passcode requirements are determined by your organization's policies. For questions about specific messages, contact your IT support person. Check the Company Portal app or [Company Portal website](https://go.microsoft.com/fwlink/?linkid=2010980) for your organization's helpdesk information.
+* Password and biometric requirements are determined by your organization's policies. For questions about specific messages, contact your IT support person. Check the Company Portal app or [Company Portal website](https://go.microsoft.com/fwlink/?linkid=2010980) for your organization's helpdesk information.
diff --git a/memdocs/intune/user-help/remote-lock-your-device-cp-app.md b/memdocs/intune/user-help/remote-lock-your-device-cp-app.md
index 246723d8ea4..ec3c74a2f51 100644
--- a/memdocs/intune/user-help/remote-lock-your-device-cp-app.md
+++ b/memdocs/intune/user-help/remote-lock-your-device-cp-app.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 11/29/2023
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -34,22 +34,18 @@ Remotely lock a lost or stolen device from the Company Portal app for Windows. T
Remote lock is supported on devices running:
-* Android
-* iOS
-* macOS
+* Android
+* iOS
## Remote lock device
Complete the following steps to lock a missing device from the Company Portal app.
1. Sign into the Intune Company Portal app for Windows.
-2. Go to **Devices**.
-3. Select the device that you want to lock.
-4. Choose **Actions**, and then select **Remote lock**.
-5. Select **Lock** to confirm that you want to lock the device. The app will try to lock your device and redirect you to **Home**.
-
- 
-
-4. Should you find your device, enter your passcode to unlock it.
+1. Go to **Devices**.
+1. Select the device that you want to lock.
+1. Choose **Actions**, and then select **Remote lock**.
+1. Select **Lock** to confirm that you want to lock the device. The app tries to lock your device, and then redirects you to **Home**.
+1. Should you find your device, enter your passcode to unlock it.
## Next steps
diff --git a/memdocs/intune/user-help/remote-lock-your-device-cpwebsite.md b/memdocs/intune/user-help/remote-lock-your-device-cpwebsite.md
index f95732c5e41..d9e2745d59f 100644
--- a/memdocs/intune/user-help/remote-lock-your-device-cpwebsite.md
+++ b/memdocs/intune/user-help/remote-lock-your-device-cpwebsite.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 03/03/2023
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -42,7 +42,7 @@ Remotely lock the screen of a lost or stolen enrolled device. The *remote lock*
1. On any device, sign in to the [Company Portal website](https://portal.manage.microsoft.com) with your work or school account.
1. Go to __Devices__.
1. Select the device you want to lock.
-1. Select **Remote lock**. If the lock option isn't visible at the top of your page, select the **More (…)** menu to see all overflow actions. Then select **Remote lock**.
+1. Select **Remote lock**. If the lock option isn't visible at the top of your page, select the **More (…)** menu to check all overflow actions.
1. A message appears to warn you that you are about to lock your device. Tap **Remote lock** to confirm.
## Check remote lock status
diff --git a/memdocs/intune/user-help/remove-your-device-cpwebsite.md b/memdocs/intune/user-help/remove-your-device-cpwebsite.md
index b588244bf2d..8fb4a75a2bc 100644
--- a/memdocs/intune/user-help/remove-your-device-cpwebsite.md
+++ b/memdocs/intune/user-help/remove-your-device-cpwebsite.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 10/08/2024
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -29,11 +29,11 @@ ms.collection:
---
# Remove device on Intune Company Portal website
-*Applies to*:
-* *Android*
-* *iOS/iPadOS*
-* *macOS*
-* *Windows 10/11*
+**Applies to**:
+* Android
+* iOS/iPadOS
+* macOS
+* Windows 10/11
Use the Company Portal website to remotely unenroll and unregister a personal device from work or school. Once you remove a device, your organization no longer manages the device and it is removed from the Company Portal app and website. You might lose access to protected work data, such as files, apps, and email, on the device after you unenroll.
diff --git a/memdocs/intune/user-help/rename-your-device-cpwebsite.md b/memdocs/intune/user-help/rename-your-device-cpwebsite.md
index c99faa675f3..2b04ecf699b 100644
--- a/memdocs/intune/user-help/rename-your-device-cpwebsite.md
+++ b/memdocs/intune/user-help/rename-your-device-cpwebsite.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 11/29/2023
+ms.date: 11/09/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -51,4 +51,4 @@ Need additional help? Contact your IT support person. For contact details, go to
>The rename action on the Company Portal website gives employees and students the chance to rename enrolled devices to something that's easy to recognize. This change only applies to the name in Company Portal, and not to the device name or management name that appears in the Microsoft Intune admin center. If you're an IT administrator and need more information about managing device details in the admin center, see:
>
>- [Rename a device with Microsoft Intune](../remote-actions/device-rename.md).
->- [View device details with Microsoft Intune](../remote-actions/device-inventory.md#hardware-device-details).
\ No newline at end of file
+>- [View device details with Microsoft Intune](../remote-actions/device-inventory.md#hardware-device-details).
diff --git a/memdocs/intune/user-help/send-logs-to-microsoft-iOS.md b/memdocs/intune/user-help/send-logs-to-microsoft-iOS.md
index 36cbcde05b5..5dac4ae9691 100644
--- a/memdocs/intune/user-help/send-logs-to-microsoft-iOS.md
+++ b/memdocs/intune/user-help/send-logs-to-microsoft-iOS.md
@@ -42,7 +42,7 @@ You can access the reporting feature in Company Portal using any of these method
* When you receive an error message or alert, tap **Report**.
* Under the **More** tab of the Company Portal app, tap **Send Logs**.
-* In the Company Portal app, shake your device, then tap **Send Diagnostic Report**. If the =diagnostics report prompt doesn't appear when you shake the device, open **Settings** > **Company Portal**, and turn on **Shake Gesture**.
+* In the Company Portal app, shake your device, then tap **Send Diagnostic Report**. If the diagnostics report prompt doesn't appear when you shake the device, open **Settings** > **Company Portal**, and turn on **Shake Gesture**.
## Share diagnostic logs
diff --git a/memdocs/intune/user-help/send-logs-to-your-it-admin-by-email-android.md b/memdocs/intune/user-help/send-logs-to-your-it-admin-by-email-android.md
index 3a43f7032a5..bbcc7568704 100644
--- a/memdocs/intune/user-help/send-logs-to-your-it-admin-by-email-android.md
+++ b/memdocs/intune/user-help/send-logs-to-your-it-admin-by-email-android.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 01/23/2023
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -48,13 +48,14 @@ The send logs option in the Company Portal is unavailable for sovereign cloud en
1. There are two ways to share logs and initiate email support in the app:
- * From the home screen, tap **Menu** > **Help** > **Send logs**.
- * From an error message, tap **HELP** or **SEND INFO**, if available.
-
- We recommend sending the email as described in this procedure because it gives you the opportunity to explain the problem you encountered to your support person. If you're already in contact with your support person, an email may not be necessary. To send logs only, with no email support, go to **Help** > **Email Support**, and tap **Upload Logs Only**.
-2. Tap **SEND LOGS, THEN EMAIL**.
-3. The app sends your logs. Open your email app when prompted.
-4. An email message opens with the incident ID pre-populated in the subject field.
+ * In the app, open the **Menu** and go to **Help** > **Send logs**.
+ * When you receive an error message, tap **HELP** or **SEND INFO**, if available.
+
+1. Tap **SEND LOGS, THEN EMAIL**.
+ > [!NOTE]
+ > We recommend sending the email as described in this procedure because it gives you the opportunity to explain the problem you encountered to your support person. If you're already in contact with your support person, an email may not be necessary. To send logs only, with no email support, tap **Upload Logs Only**.
+1. The app sends your logs. Open your email app when prompted.
+1. An email message opens with the incident ID pre-populated in the subject field.
1. Enter your support person's email address.
2. Describe the problem that you came across.
3. Send the email and follow-up with your support person later if needed.
@@ -62,16 +63,16 @@ The send logs option in the Company Portal is unavailable for sovereign cloud en
## Send logs from Microsoft Intune app
1. In the Microsoft Intune app, there are two ways to initiate email support.
- * From the home screen: Tap **Menu** > **Help** > **Get Support**.
- * From an error message: Tap **HELP** or **SEND INFO**, if available.
+ * In the app, open the **Menu** and go to **Help** > **Get Support**.
+ * When you receive an error message, tap **HELP** or **SEND INFO**, if available.
> [!NOTE]
- > **Menu** could be a software button or a hardware button, depending on which Android device you have.
+ > The app's menu could be a software button or a hardware button, depending on which Android device you have.
-3. Tap **UPLOAD LOGS**.
-4. After the upload is complete, tap **EMAIL** and select your email app.
-5. An email message will open with the incident ID pre-populated in the subject field. In the body of the email, describe the problem that you came across.
-6. Send the email and follow-up with your support person later if needed.
+1. Tap **UPLOAD LOGS**.
+1. After the upload is complete, tap **EMAIL** and select your email app.
+1. An email message opens with the incident ID pre-populated in the subject field. In the body of the email, describe the problem that you came across.
+1. Send the email and follow-up with your support person later if needed.
## Save logs to share with your support person
You must have a file viewing app to save and share Company Portal logs. If you're on a device with a work profile, the file viewing app needs to be in the work profile.
diff --git a/memdocs/intune/user-help/send-logs-to-your-it-admin-cp-windows.md b/memdocs/intune/user-help/send-logs-to-your-it-admin-cp-windows.md
index 572c7ec44be..5a1d2980370 100644
--- a/memdocs/intune/user-help/send-logs-to-your-it-admin-cp-windows.md
+++ b/memdocs/intune/user-help/send-logs-to-your-it-admin-cp-windows.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 11/04/2020
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -28,28 +28,39 @@ ms.collection:
- tier2
---
-# Report a problem in Company Portal for Windows
-*Applies to Intune Company Portal for Windows*
+# Report a problem in Company Portal for Windows
+
+**Applies to Intune Company Portal for Windows**
Report a problem or error that occurs in the Intune Company Portal app for Windows. This article describes how to share app diagnostic logs with your support person.
> [!NOTE]
> App logs are also shared with Microsoft Support in case the problem requires additional help. Your support person will reach out to Microsoft Support with your incident ID to work with them.
-## How to report problem
-Complete the following steps to report a problem you're experiencing in-app or during device enrollment.
+## Report problem to support person
+Complete the following steps to upload Company Portal app logs.
1. Open the **Company Portal** app.
-2. Select **Help & support** > **Upload logs & contact support**.
+1. Go to **Help & support**.
+1. Select **Upload logs**.
> [!Note]
- > After you click **Upload logs & contact support**, the Company Portal will send your logs to Microsoft's support team. This step is a proactive one that makes it easier to troubleshoot and resolve problems that are escalated to Microsoft support.
+ > After you select **Upload logs**, the Company Portal sends your logs to Microsoft's support team. This step is a proactive one that makes it easier to troubleshoot and resolve problems that are escalated to Microsoft support.
-3. When prompted to choose a program, select the Mail app or another preferred email app.
+1. When prompted to choose a program, select the Mail app or another preferred email app.
-4. The email app will open an email template for you to fill in. Describe the problem and the steps you took leading up to the problem. Then send the email to your support person so that they can follow up on the issue.
+1. The email app opens an email template for you to fill in. Describe the problem and the steps you took leading up to the problem. Then send the email to your IT support person so that they can follow up on the issue.
+
+1. Follow up with your support person as needed.
+
+## Report problem to Microsoft
-5. Follow up with your support person as needed.
+Complete the following steps to report a problem directly to Microsoft in the Feedback Hub app. Microsoft doesn't respond to this type of report but uses it to improve upon the products. You can include screenshots and diagnostic details, but the report should remain anonymous, so don't include information like name, email address, or phone number.
+
+1. Open the **Company Portal** app.
+1. Go to **Help & support**.
+1. Select **Report problem to Microsoft**.
+1. Select **Report problem**. Alternatively, you can send a suggestion or leave a review of the app.
## What is a diagnostic log?
@@ -60,6 +71,4 @@ Events and errors that occur in the Company Portal app are saved on your device
## Next steps
-* If your company needs additional information about app or device activity, you might need to resend [logs from the Settings app](send-logs-to-your-it-admin-settings-windows.md).
-
-* Still need help? Contact your support person. For contact information, check the [Company Portal website](https://go.microsoft.com/fwlink/?linkid=2010980).
+If your workplace or school needs additional information about app or device activity, you might need to resend [logs from the Settings app](send-logs-to-your-it-admin-settings-windows.md).
diff --git a/memdocs/intune/user-help/store-recovery-key.md b/memdocs/intune/user-help/store-recovery-key.md
index 305255c9631..7082cc2beb8 100644
--- a/memdocs/intune/user-help/store-recovery-key.md
+++ b/memdocs/intune/user-help/store-recovery-key.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 07/17/2020
+ms.date: 11/18/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -48,11 +48,11 @@ If you get locked out of your device, you can retrieve your key from the followi
- Company Portal app for Android
- Intune app
- IT support people with administrator access to Intune can rotate your personal recovery key for you if you get locked out of your device.They can also view keys, but only the ones that belong to corporate-owned devices. IT support people can't view recovery keys that belong to personal devices.
+ IT support people with administrator access to Intune can rotate your personal recovery key for you if you get locked out of your device. They can also view keys, but only the ones that belong to corporate-owned devices. IT support people can't view recovery keys that belong to personal devices.
## Do I need to store my key?
-An IT support person will let you know if you're required to upload a personal recovery key. You may receive a notification from the Company Portal apps for iOS/iPadOS or Android if that's how your organization's IT department normally communicates with you.
+An IT support person will let you know if you're required to upload a personal recovery key. You may receive a notification from the Company Portal apps for iOS/iPadOS or Android if that's how your organization's IT department normally communicates with you.
We only recommend uploading a recovery key if you fall into one of the following categories:
* You encrypted your device before you enrolled it with your organization.
@@ -66,22 +66,21 @@ Complete these steps to save the personal FileVault key for your encrypted Mac d
1. Go to the [Company Portal website](https://portal.manage.microsoft.com) and sign in with your school or work account.
2. Select your encrypted device.
-3. Select **Store recovery key**.
+3. Select **Store Recovery Key**.
4. Enter your 24-character, alphanumeric FileVault key.
5. Enter the key again. Then select **Save**.
-6. Company Portal will attempt to verify, rotate, and save your personal recovery key. No further action is needed once the key has been saved. If you leave the website before the upload is complete, you can view its status on the device details page the next time you sign in.
+6. Wait while Company Portal attempts to verify, rotate, and save your personal recovery key. No further action is needed once the key has been saved. If you leave the website before the upload is complete, you can follow up on the status the next time you sign in.
-For more information about the messages you may see during this process, see [Company Portal messages](store-recovery-key.md#company-portal-messages).
## Company Portal messages
+This section describes the messages you might see as you store a recovery key.
|Message |Meaning |
|---------|---------|
-|Keys must match. Check keys and try again. | Appears under **Confirm recovery key** box to let you know that your keys don't match each other. Retype the keys in both fields and then try saving again. |
-|Couldn't update recovery key for device.| Appears as a toast notification at the top of the screen to let you know that Company Portal couldn't store a recovery key for you. For more details, select your encrypted device. Then read the message at the top of the page for next steps. |
-|We were unable to upload your recovery key. Check that you entered the correct key and try again. If the problem persists, try to manually rotate your key. Tap to learn more. | Appears on the device details page and could mean a couple things: First, Company Portal couldn't rotate and save your key because the key you entered is incorrect. Verify that you have the right key and try again. The second possibility is that your device hasn't checked in with your organization in a while. To sync the latest updates from your organization, select your device > **Status** > **Check access**. Then try to store the recovery key again. Finally, if the problem persists, it might mean that your organization hasn't enabled FileVault on their side. Contact your IT support person and let them know that you synced your device but are still unable to store your FileVault key. |
-|Your recovery key has been updated. If you ever get locked out of your device and need to retrieve your key, sign in to Company Portal and select **Get recovery key**. | Appears on the device details page. The key you saved was successfully rotated and your new personal recovery key is stored. |
-
+|Keys must match. Check keys and try again. | Appears under the **Confirm Recovey Key** box to let you know that your keys don't match each other. Retype the keys in both fields. |
+|Couldn't update recovery key for device.| Appears as a toast notification at the top of the screen to let you know that Company Portal couldn't store your recovery key. For more details, select your encrypted device. Then read the message at the top of the page for next steps. |
+|We were unable to upload your recovery key. Check that you entered the correct key and try again. If the problem persists, try to manually rotate your key. Tap to learn more. | Appears on the device's page and could mean a couple things: first, Company Portal couldn't rotate and save your key because the key you entered is incorrect. Verify that you have the right key and try again. Or second, your device hasn't checked in with your organization in a while. To sync the latest updates from your organization, select your device in Company Portal, and then select **Check status**. Then try to store the recovery key again. Finally, if the problem persists, it might mean that your organization hasn't enabled FileVault on their side. Contact your IT support person and let them know that you synced your device but are still unable to store your FileVault key. |
+|Your recovery key has been updated. If you ever get locked out of your device and need to retrieve your key, sign in to Company Portal and select **Get recovery key**. | Appears on the device's page. The key you saved was successfully rotated and your new personal recovery key is stored. |
## IT pro support
@@ -90,7 +89,7 @@ If you're an IT support person and want to configure and manage FileVault encryp
## Next steps
-You can always retrieve your key from the Company Portal website, the Intune app, and the Company Portal apps for iOS and Android, and use it to access your Mac device. To learn how to retrieve your recovery key, see [Get recovery key](get-recovery-key-cpweb.md).
+You can always retrieve your key from the Company Portal website, the Intune app, and the Company Portal apps for iOS and Android, and use it to access your Mac device. To learn how to retrieve your recovery key, see [Get recovery key](get-recovery-key-cpweb.md).
Find out what else you can do in the Company Portal website. See [Using the Intune Company Portal website](using-the-intune-company-portal-website.md) for a list of actions.
diff --git a/memdocs/intune/user-help/sync-your-device-manually-macos.md b/memdocs/intune/user-help/sync-your-device-manually-macos.md
index adca231654c..f2ea536fdad 100644
--- a/memdocs/intune/user-help/sync-your-device-manually-macos.md
+++ b/memdocs/intune/user-help/sync-your-device-manually-macos.md
@@ -1,13 +1,13 @@
---
# required metadata
-title: Manually sync your macOS device with Intune Company Portal
-description: Sync your personal Mac from the Intune Company Portal to get the latest updates and requirements from your organization.
+title: Check status of work or school device in Company Portal app for macOS
+description: Check status of work or school devices in Company Portal app for macOS.
keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 02/02/2022
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
@@ -29,36 +29,27 @@ ms.collection:
---
-# Manually sync macOS device with Intune
+# Check status in Company Portal for macOS
-You can force your enrolled Mac to sync with Intune for the latest updates, requirements, and communications from your organization. The Intune Company Portal app regularly syncs devices when they're connected to Wi-Fi. However, if you ever need to disconnect for an extended period of time, you can use the Company Portal *sync* action to reconnect and bring your device up-to-date.
-
-Syncing can also help resolve work-related downloads or other processes that are in progress or stalled. If you're experiencing slow or unusual behavior while installing or using a work app, try syncing your device to see if an update or requirement is missing.
+The Intune Company Portal app regularly checks the settings on work or school devices to ensure they're meeting access requirements. However, if you ever need to disconnect from Wi-Fi for an extended period of time, or if you're in a hurry to resolve a current access issue, you can use the Company Portal *check status* action to reconnect without waiting.
->[!TIP]
-> The Intune Company Portal app is required for this feature. If you're trying to sync a Mac that's owned by your organization, and it doesn't have the Company Portal app, contact your support person for help. They will need to facilitate the sync on their end.
+> [!TIP]
+> The Intune Company Portal app is required for this feature. If you're trying to sync a Mac that's owned by your organization, and it doesn't have the Company Portal app, contact your support person for help. They must facilitate the status check on their end.
-## Sync personal Mac
+## Check status
- To force a sync on your personal Mac:
+Complete these steps to check the status of the Mac you use for work or school.
-1. Open the Company Portal app.
+1. Open the Company Portal app on your Mac.
-2. Select **Devices**.
-3. If you only have one device, you'll go directly to the device details screen and can skip to step 4. If you have multiple devices, you'll see all devices inline at the top of the page. Select the device that you're currently using.
+1. Select **Devices**.
+
+1. If you only have one device, skip to step 4. If you have multiple devices, select the device you're currently using.
- 
+1. Select **Check Status**.
-4. Select **More [...]** and then choose **Check Status** to sync your device.
-
- 
-
-5. Wait while Company Portal confirms your device status. The status will update onscreen to tell you whether or not you meet your organization's security requirements.
-
- 
+1. Wait while Company Portal confirms the status of your access. The status appears onscreen and tells you that you meet your organization's security requirements, or tells you what is needed to get access.
## Next steps
-Once you've completed these steps, check to see if your initial problem is resolved. If it's not, it may help to restart the stalled installation or task.
-
Still need help? Contact your support person. Sign in to the [Company Portal website](https://go.microsoft.com/fwlink/?linkid=2010980) for your organization's contact information.
diff --git a/memdocs/intune/user-help/turn-off-battery-optimization-android.md b/memdocs/intune/user-help/turn-off-battery-optimization-android.md
index 545bcdddbdb..1125dccca40 100644
--- a/memdocs/intune/user-help/turn-off-battery-optimization-android.md
+++ b/memdocs/intune/user-help/turn-off-battery-optimization-android.md
@@ -1,17 +1,17 @@
---
# required metadata
-title: Turn off battery optimization in Company Portal app | Microsoft Intune
+title: Turn off battery optimization in Company Portal app for Android | Microsoft Intune
description: Turn off battery optimization in the Company Portal app for Android.
keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 07/01/2024
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
-ms.assetid: d
+ms.assetid:
searchScope:
- User help
@@ -34,11 +34,11 @@ ms.collection:
Turn off battery optimization in the Company Portal app. On some devices, battery optimization prevents Company Portal from running in the background and receiving necessary updates.
-To ensure that your work or school device stays up-to-date and connected, turn off battery optimization in the Company Portal app for Android:
+To ensure that your work or school device stays up-to-date and connected, turn off battery optimization in the Company Portal app for Android.
1. Sign in to the Company Portal app with your work or school account.
2. Open the menu and tap **Settings**.
-3. Scroll to **Battery Optimization** and tap **Turn Off**.
+3. Scroll to **Battery Optimization** and tap **TURN OFF**.
4. Tap **Allow** to confirm that you want to turn battery optimization off.
Need additional help? Contact your IT support person. For contact information, sign in to the [Company Portal website](https://go.microsoft.com/fwlink/?linkid=2010980) with your work or school account, and then go to **Helpdesk**.
diff --git a/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-android.md b/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-android.md
index 96013d8cfd6..ab064bd925b 100644
--- a/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-android.md
+++ b/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-android.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 07/01/2024
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
diff --git a/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-ios.md b/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-ios.md
index 618ebf76bd6..b6e4c710a17 100644
--- a/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-ios.md
+++ b/memdocs/intune/user-help/turn-off-microsoft-usage-data-collection-ios.md
@@ -56,7 +56,7 @@ The **Enable Advanced Logging** setting is available in the Intune Company Porta
To modify this setting on an iOS/iPadOS device:
1. Open the **Settings** app.
-2. Find **Comp Portal**.
+2. Find **Company Portal**.
3. Under **Diagnostics**, turn on or off the **Enable Advanced Logging** toggle.
## Next steps
diff --git a/memdocs/intune/user-help/unenroll-your-device-from-intune-ios.md b/memdocs/intune/user-help/unenroll-your-device-from-intune-ios.md
index accce16272b..fd64806be04 100644
--- a/memdocs/intune/user-help/unenroll-your-device-from-intune-ios.md
+++ b/memdocs/intune/user-help/unenroll-your-device-from-intune-ios.md
@@ -21,7 +21,7 @@ searchScope:
ROBOTS:
#audience:
-ms.reviewer: esmich
+ms.reviewer: andycerat
ms.suite: ems
#ms.tgt_pltfrm:
ms.custom: intune-enduser
@@ -46,10 +46,9 @@ You can use the Company Portal app for iOS to remove an Intune-enrolled device s
Follow these steps to remove a device you no longer need for work or school from Intune.
-
1. Sign in to the Company Portal app and select **Devices**.
-2. Select the device you want to remove. If you only have one device, you won't need to select a device so skip to step 3.
+2. Select the device you want to remove. If you only have one device, skip to step 3.
3. Next to **RENAME**, select the ellipses menu > **Remove Device** > **Remove**.
@@ -60,13 +59,13 @@ Follow these steps to remove a device you no longer need for work or school from
## Remove data collected by the Company Portal app
-There are three places the Company Portal stores local data on your device.
+There are three places the Company Portal app stores local data on your device.
-- **Information logs**: standard app activity data that Microsoft collects, like how long the app was open or if it's crashed, is automatically erased when you remove the device from the Company Portal.
+- **Information logs**: Standard app activity data that Microsoft collects, such as how long the app was open or if it crashed, is automatically erased when you remove the device from the Company Portal.
-- **Apple analytics**: standard app crash activity data that Apple collects. This information can only be removed by resetting your device back to factory settings. This will erase all personal information on your device. To do this, open **Settings** > **General** > **Reset** > **Erase All Content and Settings**.
+- **Apple analytics**: Standard app crash activity data that Apple collects. This information can only be removed by resetting your device back to factory settings. This will erase all personal information on your device. To do this, open **Settings** > **General** > **Reset** > **Erase All Content and Settings**.
-- **Keychain**: your device stores your passwords and other information used for sign-ins in your Keychain. Microsoft apps share your sign-in information across any Microsoft-developed apps that you have on your device, including Microsoft Outlook and Microsoft Authenticator. Like Apple analytics, this information can only be removed by resetting your device back to factory settings. This will erase all personal information on your device. To do this, open **Settings** > **General** > **Reset** > **Erase All Content and Settings**.
+- **Keychain**: Your device stores your passwords and other information used for sign-ins in your Keychain. Microsoft apps share your sign-in information across any Microsoft-developed apps that you have on your device, including Microsoft Outlook and Microsoft Authenticator. Like Apple analytics, this information can only be removed by resetting your device back to factory settings. This will erase all personal information on your device. To do this, open **Settings** > **General** > **Reset** > **Erase All Content and Settings**.
## Next steps
diff --git a/memdocs/intune/user-help/use-verbose-logging-to-help-your-it-administrator-fix-device-issues-android.md b/memdocs/intune/user-help/use-verbose-logging-to-help-your-it-administrator-fix-device-issues-android.md
index e747bd3ef9f..26d4e5db1f7 100644
--- a/memdocs/intune/user-help/use-verbose-logging-to-help-your-it-administrator-fix-device-issues-android.md
+++ b/memdocs/intune/user-help/use-verbose-logging-to-help-your-it-administrator-fix-device-issues-android.md
@@ -7,7 +7,7 @@ keywords:
author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 07/01/2024
+ms.date: 11/08/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
diff --git a/memdocs/intune/user-help/what-happens-if-you-install-the-Company-Portal-app-and-enroll-your-device-in-intune-macos.md b/memdocs/intune/user-help/what-happens-if-you-install-the-Company-Portal-app-and-enroll-your-device-in-intune-macos.md
index ca90cdd378b..8d60f56d523 100644
--- a/memdocs/intune/user-help/what-happens-if-you-install-the-Company-Portal-app-and-enroll-your-device-in-intune-macos.md
+++ b/memdocs/intune/user-help/what-happens-if-you-install-the-Company-Portal-app-and-enroll-your-device-in-intune-macos.md
@@ -8,7 +8,7 @@ author: lenewsad
ms.author: lanewsad
manager: dougeby
-ms.date: 11/06/2017
+ms.date: 11/09/2024
ms.topic: end-user-help
ms.service: microsoft-intune
ms.subservice: end-user
diff --git a/windows-365/enterprise/introduction-windows-365-government.md b/windows-365/enterprise/introduction-windows-365-government.md
index b68851734ca..6f9e0e46fb1 100644
--- a/windows-365/enterprise/introduction-windows-365-government.md
+++ b/windows-365/enterprise/introduction-windows-365-government.md
@@ -69,6 +69,7 @@ The following features aren't yet supported for Windows 365 GCC or GCC High.
- [Microsoft Purview Customer Key](purview-customer-key.md)
- [HP Anyware for Windows 365](hp-anyware-set-up.md)
- Bulk Troubleshoot action
+- RDP Shortpath for public networks via TURN
## Next steps
diff --git a/windows-365/enterprise/provisioning-errors.md b/windows-365/enterprise/provisioning-errors.md
index cdd3421b403..e2453e87bac 100644
--- a/windows-365/enterprise/provisioning-errors.md
+++ b/windows-365/enterprise/provisioning-errors.md
@@ -186,7 +186,7 @@ If you are seeing this error, some factors to consider are:
## Other provisioning failures
-If you encounter other provisioning errors not covered above, make sure all the required endpoints are allowed on the VNet used for your ANC and any gateway device.
+If you encounter other provisioning errors not covered above, make sure all the [required endpoints](requirements-network.md?tabs=enterprise%2Cent#allow-network-connectivity) are allowed on the VNet used for your ANC and any gateway device.
## Next steps
diff --git a/windows-365/enterprise/troubleshoot-windows-365-boot.md b/windows-365/enterprise/troubleshoot-windows-365-boot.md
index 48e7ac9b159..b801339994b 100644
--- a/windows-365/enterprise/troubleshoot-windows-365-boot.md
+++ b/windows-365/enterprise/troubleshoot-windows-365-boot.md
@@ -70,7 +70,7 @@ Get-AppxPackage –AllUsers -name *MicrosoftCorporationII*
This command shows all the Microsoft-maintained apps (like QuickAssist, Microsoft Family, and so on) on the physical device. In order for Windows 365 Boot to work correctly, confirm the following versions:
-- Windows App version 1.1.162.0 or later.
+- Windows App version 2.0.285 or later.
- Azure Virtual Desktop (HostApp) app version 1.2.4159. or later.
Windows 365 Boot also requires the latest version of Windows 11.