Merge pull request #16877 from MicrosoftDocs/main

Publish main to live, 10:30AM PST, 12/06

autopilot/includes/create-assigned-device-group.md

@@ -51,7 +51,7 @@ Headings are driven by article context. -->
 
     > [!IMPORTANT]
     >
-    > Don't manually add any devices to the device group created in this step by selecting the **No members selected** link under **Members**. Devices are automatically added to this device group during the Windows Autopilot device preparation deployment.
+    > Devices are automatically added to this device group during the Windows Autopilot device preparation deployment. Manually adding devices as members of the device group created in this step isn't necessary, but doing so has no impact on the Windows Autopilot device preparation process.
 
 ### Adding the Intune Provisioning Client service principal
 

memdocs/configmgr/hotfix/2409/30195272.md

@@ -2,13 +2,13 @@
 title: Summary of changes in Configuration Manager current branch, version 2409
 titleSuffix: Configuration Manager
 description: Article listing changes in Configuration Manager current branch, version 2409
-ms.date: 12/03/2024
+ms.date: 12/06/2024
 ms.subservice: core-infra
 ms.service: configuration-manager
 ms.topic: reference
 ms.assetid: 99172ed9-86d3-40e5-be24-941fe2a538b1
-author: bhuney
-ms.author: brianhun
+author: Baladelli
+ms.author: baladell
 manager: apoorvseth
 ms.reviewer: mstewart,aaroncz 
 ms.collection: tier3
@@ -69,6 +69,6 @@ The "Issues that are fixed" list isn't inclusive of all changes. Instead, it hig
 - KB [28458746](../../hotfix/2403/28458746.md): Software update management client fix for Microsoft Configuration Manager version 2403
 - KB [29166583](../../hotfix/2403/29166583.md): Management point security update for Configuration Manager 2403
 
-## Dependency changes ##
+<!-- ## Dependency changes ## -->
 <!-- 29926810 -->
-- The Visual C++ redistributable component is updated to version 1.1.0.239. 
+<!-- The Visual C++ redistributable component is updated to version 1.1.0.239. -->

memdocs/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10.md

@@ -35,7 +35,7 @@ Windows Update for Business (WUfB) allows you to keep Windows 10 or later device
 
 - Overall Endpoint Protection reporting for Defender based on update compliance status won't return accurate results because of the missing scan data.  
 
-- Configuration Manager won't be able to deploy Microsoft updates, such as Microsoft 365 Apps, IE, and Visual Studio to clients that are connected to WUfB to receive updates.  
+- Configuration Manager won't be able to deploy or report compliance on Microsoft app updates for clients configured to use WUfB to receive updates. This includes updates for Microsoft 365 Apps, Internet Explorer, Edge, and Visual Studio.
 
 - Configuration Manager can still deploy 3rd party updates that are published to WSUS and managed through Configuration Manager to clients that are connected to WUfB to receive updates. If you don't want any 3rd party updates to be installed on clients connecting to WUfB, then disable the client setting named [Enable software updates on clients](../../core/clients/deploy/about-client-settings.md#software-updates).
 

memdocs/intune/enrollment/apple-account-driven-user-enrollment.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 09/09/2024
+ms.date: 12/06/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -32,7 +32,7 @@ ms.collection:
 
 # Set up account driven Apple User Enrollment  
 
-Set up account driven Apple User Enrollment for personal devices enrolling in Microsoft Intune. Account driven user enrollment provides a faster and more user-friendly enrollment experience than [user enrollment with Company Portal](apple-user-enrollment-with-company-portal.md). The device user initiates enrollment by signing into their work account in the Settings app. After the user approves device management, the enrollment profile silently installs and Intune policies are applied. Intune uses just-in-time registration and the Microsoft Authenticator app for authentication to reduce the number of times users have to sign in during enrollment and when accessing work apps.      
+Set up account driven Apple User Enrollment for personal devices enrolling in Microsoft Intune. Account driven user enrollment provides a faster and more user-friendly enrollment experience than [user enrollment with Company Portal](apple-user-enrollment-with-company-portal.md). The device user initiates enrollment by signing into their work account in the Settings app. After the user approves device management, the enrollment profile silently installs and Intune policies are applied. Intune uses just-in-time (JIT) registration and the Microsoft Authenticator app for authentication to reduce the number of times users have to sign in during enrollment and when accessing work apps.      
 
 This article describes how to set up account driven Apple User Enrollment in Microsoft Intune. You will:   
 
@@ -41,17 +41,17 @@ This article describes how to set up account driven Apple User Enrollment in Mic
 * Prepare employees and students for enrollment.     
 
 ## Prerequisites
-Microsoft Intune supports account driven Apple User Enrollment on devices running iOS/iPadOS version 15 or later. If you assign an account driven user enrollment profile to device users running iOS/iPadOS 14.9 or earlier, Microsoft Intune will automatically enroll them via user enrollment with Company Portal.   
+Microsoft Intune supports account driven Apple User Enrollment on devices running iOS/iPadOS version 15 or later. If you assign an account driven user enrollment profile to device users running iOS/iPadOS 14.9 or earlier, Microsoft Intune automatically enrolls them via user enrollment with Company Portal.   
 
 Before beginning setup, complete the following tasks:    
 
 - [Set mobile device management (MDM) authority](../fundamentals/mdm-authority-set.md)
 - [Get Apple MDM Push certificate](apple-mdm-push-certificate-get.md)
 - [Create Managed Apple IDs for device users](https://support.apple.com/en-us/HT210737) (Opens Apple Support website)  
 
-You also need to set up service discovery so that Apple can reach the Intune service and retrieve enrollment information. To do this, set up and publish an HTTP well-known resource file on the same domain that employees sign into. Apple retrieves the file via an HTTP GET request to `“https://contoso.com/.well-known/com.apple.remotemanagement”`, with your organization's domain in place of `contoso.com`. Publish the file on a domain that can handle HTTP GET requests.    
+You also need to set up service discovery so that Apple can reach the Intune service and retrieve enrollment information. To complete this prerequisite, set up and publish an HTTP well-known resource file on the same domain that employees sign into. Apple retrieves the file via an HTTP GET request to `“https://contoso.com/.well-known/com.apple.remotemanagement”`, with your organization's domain in place of `contoso.com`. Publish the file on a domain that can handle HTTP GET requests.    
 
-Create the file in JSON format, with the content type set to `application/json`.  We've provided the following JSON samples that you can copy and paste into your file. Use the one that aligns with your environment. Replace the *YourAADTenantID* variable in the base URL with your organization's Microsoft Entra tenant ID.   
+Create the file in JSON format, with the content type set to `application/json`. We provide the following JSON samples that you can copy and paste into your file. Use the one that aligns with your environment. Replace the *YourAADTenantID* variable in the base URL with your organization's Microsoft Entra tenant ID.   
 
    Microsoft Intune environments:  
    ```json
@@ -96,7 +96,18 @@ Create an enrollment profile for devices enrolling via account driven user enrol
 1. Select **Create profile** > **iOS/iPadOS**.  
 1. On the **Basics** page, enter a name and description for the profile so that you can distinguish it from other profiles in the admin center. Device users don't see these details.  
 1. Select **Next**.  
-1. On the **Settings** page, for **Enrollment type**, select **Account driven user enrollment**.  
+1. On the **Settings** page, for **Enrollment type**, select how you want to enroll devices. You can choose the enrollment method or allow users to make their own choice. Their choice determines the enrollment process that Microsoft Intune carries out. It's also reflected in the device ownership attribute in Microsoft Intune. To learn more about the user's experience and what they see onscreen during enrollment, see [Set up personal iOS device for work or school](../user-help/enroll-your-device-in-intune-ios.md).  
+
+    Your options:  
+
+   - **Account driven user enrollment**: Assigned users who initiate enrollment are enrolled via account driven user enrollment.
+
+   - **Determine based on user choice**: Assigned users who initiate enrollment can select how they want to enroll their device. Their options:  
+
+       - **I own this device:** More settings appear with this selection. The user has the option to secure their entire device or only secure work-related apps and data.  
+
+       - **(Company) owns this device:** The device enrolls via Apple Device Enrollment. For more information about this enrollment method, see [Device Enrollment and MDM](https://support.apple.com/guide/deployment/device-enrollment-and-mdm-depd1c27dfe6/web) on the Apple Support website.  
+
 1. Select **Next**.  
 1. On the **Assignments** page, assign the profile to all users, or select specific groups. Device groups aren't supported in user enrollment scenarios because user enrollment requires user identities.  
 1. Select **Next**.  
@@ -112,7 +123,7 @@ This section describes the enrollment steps for device users. We recommend using
 3. Select **VPN & Device Management**. 
 4. Sign in with your work or school account, or with the Apple ID provided to you by your organization.   
 5. Select **Sign In to iCloud**.  
-6. Enter the password for the username that's shown on screen. Then select **Continue**.   
+6. Enter the password for the username that appears onscreen. Then select **Continue**.   
 7. Select **Allow Remote Management**.  
 8. Wait a few minutes while your device is configured and the management profile is installed.  
 9. To confirm your device is ready to use for work, go to **VPN & Device Management**. Confirm that your work account is listed under **MANAGED ACCOUNT**.  

memdocs/intune/enrollment/apple-user-enrollment-with-company-portal.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 01/23/2024
+ms.date: 12/06/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -72,14 +72,7 @@ Complete these steps to create an enrollment profile for devices enrolling via u
 
 6. Select **Next**.
 
-7. On the **Settings** page, select **User enrollment with Company Portal**. 
-
-   Alternatively, you can select **Determine based on user choice**, which lets assigned users select the enrollment type during enrollment. Their options:   
-
-   * **I own this device**: As a follow-up, the user must select whether they want to secure the entire device or only secure work-related apps and data. 
-   * **(Company) owns this device**: The device enrolls via Apple Device Enrollment. For more information about this enrollment method, see [Device Enrollment and MDM](https://support.apple.com/guide/deployment/device-enrollment-and-mdm-depd1c27dfe6/web) on the Apple Support website.   
-
-   The device user's selection determines which enrollment process is carried out. Their choice is also reflected in the device ownership attribute shown in Intune. To learn more about the user experience and what they see onscreen during enrollment, see [Set up iOS/iPadOS device access to your company resources](../user-help/enroll-your-device-in-intune-ios.md).  
+7. On the **Settings** page, select **User enrollment with Company Portal**.  
 
 8. Select **Next**.