diff --git a/autopilot/includes/create-assigned-device-group.md b/autopilot/includes/create-assigned-device-group.md index 538e42512ea..f2cdadefcd4 100644 --- a/autopilot/includes/create-assigned-device-group.md +++ b/autopilot/includes/create-assigned-device-group.md @@ -51,7 +51,7 @@ Headings are driven by article context. --> > [!IMPORTANT] > - > Don't manually add any devices to the device group created in this step by selecting the **No members selected** link under **Members**. Devices are automatically added to this device group during the Windows Autopilot device preparation deployment. + > Devices are automatically added to this device group during the Windows Autopilot device preparation deployment. Manually adding devices as members of the device group created in this step isn't necessary, but doing so has no impact on the Windows Autopilot device preparation process. ### Adding the Intune Provisioning Client service principal diff --git a/memdocs/configmgr/hotfix/2409/30195272.md b/memdocs/configmgr/hotfix/2409/30195272.md index 74cb563d048..79b34f153cd 100644 --- a/memdocs/configmgr/hotfix/2409/30195272.md +++ b/memdocs/configmgr/hotfix/2409/30195272.md @@ -2,13 +2,13 @@ title: Summary of changes in Configuration Manager current branch, version 2409 titleSuffix: Configuration Manager description: Article listing changes in Configuration Manager current branch, version 2409 -ms.date: 12/03/2024 +ms.date: 12/06/2024 ms.subservice: core-infra ms.service: configuration-manager ms.topic: reference ms.assetid: 99172ed9-86d3-40e5-be24-941fe2a538b1 -author: bhuney -ms.author: brianhun +author: Baladelli +ms.author: baladell manager: apoorvseth ms.reviewer: mstewart,aaroncz ms.collection: tier3 @@ -69,6 +69,6 @@ The "Issues that are fixed" list isn't inclusive of all changes. Instead, it hig - KB [28458746](../../hotfix/2403/28458746.md): Software update management client fix for Microsoft Configuration Manager version 2403 - KB [29166583](../../hotfix/2403/29166583.md): Management point security update for Configuration Manager 2403 -## Dependency changes ## + -- The Visual C++ redistributable component is updated to version 1.1.0.239. \ No newline at end of file + diff --git a/memdocs/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10.md b/memdocs/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10.md index 7322ad9ed64..1fe4bbee870 100644 --- a/memdocs/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10.md +++ b/memdocs/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10.md @@ -35,7 +35,7 @@ Windows Update for Business (WUfB) allows you to keep Windows 10 or later device - Overall Endpoint Protection reporting for Defender based on update compliance status won't return accurate results because of the missing scan data. -- Configuration Manager won't be able to deploy Microsoft updates, such as Microsoft 365 Apps, IE, and Visual Studio to clients that are connected to WUfB to receive updates. +- Configuration Manager won't be able to deploy or report compliance on Microsoft app updates for clients configured to use WUfB to receive updates. This includes updates for Microsoft 365 Apps, Internet Explorer, Edge, and Visual Studio. - Configuration Manager can still deploy 3rd party updates that are published to WSUS and managed through Configuration Manager to clients that are connected to WUfB to receive updates. If you don't want any 3rd party updates to be installed on clients connecting to WUfB, then disable the client setting named [Enable software updates on clients](../../core/clients/deploy/about-client-settings.md#software-updates). diff --git a/memdocs/intune/enrollment/apple-account-driven-user-enrollment.md b/memdocs/intune/enrollment/apple-account-driven-user-enrollment.md index 90e0bf05376..f2255eb309f 100644 --- a/memdocs/intune/enrollment/apple-account-driven-user-enrollment.md +++ b/memdocs/intune/enrollment/apple-account-driven-user-enrollment.md @@ -8,7 +8,7 @@ keywords: author: Lenewsad ms.author: lanewsad manager: dougeby -ms.date: 09/09/2024 +ms.date: 12/06/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: enrollment @@ -32,7 +32,7 @@ ms.collection: # Set up account driven Apple User Enrollment -Set up account driven Apple User Enrollment for personal devices enrolling in Microsoft Intune. Account driven user enrollment provides a faster and more user-friendly enrollment experience than [user enrollment with Company Portal](apple-user-enrollment-with-company-portal.md). The device user initiates enrollment by signing into their work account in the Settings app. After the user approves device management, the enrollment profile silently installs and Intune policies are applied. Intune uses just-in-time registration and the Microsoft Authenticator app for authentication to reduce the number of times users have to sign in during enrollment and when accessing work apps. +Set up account driven Apple User Enrollment for personal devices enrolling in Microsoft Intune. Account driven user enrollment provides a faster and more user-friendly enrollment experience than [user enrollment with Company Portal](apple-user-enrollment-with-company-portal.md). The device user initiates enrollment by signing into their work account in the Settings app. After the user approves device management, the enrollment profile silently installs and Intune policies are applied. Intune uses just-in-time (JIT) registration and the Microsoft Authenticator app for authentication to reduce the number of times users have to sign in during enrollment and when accessing work apps. This article describes how to set up account driven Apple User Enrollment in Microsoft Intune. You will: @@ -41,7 +41,7 @@ This article describes how to set up account driven Apple User Enrollment in Mic * Prepare employees and students for enrollment. ## Prerequisites -Microsoft Intune supports account driven Apple User Enrollment on devices running iOS/iPadOS version 15 or later. If you assign an account driven user enrollment profile to device users running iOS/iPadOS 14.9 or earlier, Microsoft Intune will automatically enroll them via user enrollment with Company Portal. +Microsoft Intune supports account driven Apple User Enrollment on devices running iOS/iPadOS version 15 or later. If you assign an account driven user enrollment profile to device users running iOS/iPadOS 14.9 or earlier, Microsoft Intune automatically enrolls them via user enrollment with Company Portal. Before beginning setup, complete the following tasks: @@ -49,9 +49,9 @@ Before beginning setup, complete the following tasks: - [Get Apple MDM Push certificate](apple-mdm-push-certificate-get.md) - [Create Managed Apple IDs for device users](https://support.apple.com/en-us/HT210737) (Opens Apple Support website) -You also need to set up service discovery so that Apple can reach the Intune service and retrieve enrollment information. To do this, set up and publish an HTTP well-known resource file on the same domain that employees sign into. Apple retrieves the file via an HTTP GET request to `“https://contoso.com/.well-known/com.apple.remotemanagement”`, with your organization's domain in place of `contoso.com`. Publish the file on a domain that can handle HTTP GET requests. +You also need to set up service discovery so that Apple can reach the Intune service and retrieve enrollment information. To complete this prerequisite, set up and publish an HTTP well-known resource file on the same domain that employees sign into. Apple retrieves the file via an HTTP GET request to `“https://contoso.com/.well-known/com.apple.remotemanagement”`, with your organization's domain in place of `contoso.com`. Publish the file on a domain that can handle HTTP GET requests. -Create the file in JSON format, with the content type set to `application/json`. We've provided the following JSON samples that you can copy and paste into your file. Use the one that aligns with your environment. Replace the *YourAADTenantID* variable in the base URL with your organization's Microsoft Entra tenant ID. +Create the file in JSON format, with the content type set to `application/json`. We provide the following JSON samples that you can copy and paste into your file. Use the one that aligns with your environment. Replace the *YourAADTenantID* variable in the base URL with your organization's Microsoft Entra tenant ID. Microsoft Intune environments: ```json @@ -96,7 +96,18 @@ Create an enrollment profile for devices enrolling via account driven user enrol 1. Select **Create profile** > **iOS/iPadOS**. 1. On the **Basics** page, enter a name and description for the profile so that you can distinguish it from other profiles in the admin center. Device users don't see these details. 1. Select **Next**. -1. On the **Settings** page, for **Enrollment type**, select **Account driven user enrollment**. +1. On the **Settings** page, for **Enrollment type**, select how you want to enroll devices. You can choose the enrollment method or allow users to make their own choice. Their choice determines the enrollment process that Microsoft Intune carries out. It's also reflected in the device ownership attribute in Microsoft Intune. To learn more about the user's experience and what they see onscreen during enrollment, see [Set up personal iOS device for work or school](../user-help/enroll-your-device-in-intune-ios.md). + + Your options: + + - **Account driven user enrollment**: Assigned users who initiate enrollment are enrolled via account driven user enrollment. + + - **Determine based on user choice**: Assigned users who initiate enrollment can select how they want to enroll their device. Their options: + + - **I own this device:** More settings appear with this selection. The user has the option to secure their entire device or only secure work-related apps and data. + + - **(Company) owns this device:** The device enrolls via Apple Device Enrollment. For more information about this enrollment method, see [Device Enrollment and MDM](https://support.apple.com/guide/deployment/device-enrollment-and-mdm-depd1c27dfe6/web) on the Apple Support website. + 1. Select **Next**. 1. On the **Assignments** page, assign the profile to all users, or select specific groups. Device groups aren't supported in user enrollment scenarios because user enrollment requires user identities. 1. Select **Next**. @@ -112,7 +123,7 @@ This section describes the enrollment steps for device users. We recommend using 3. Select **VPN & Device Management**. 4. Sign in with your work or school account, or with the Apple ID provided to you by your organization. 5. Select **Sign In to iCloud**. -6. Enter the password for the username that's shown on screen. Then select **Continue**. +6. Enter the password for the username that appears onscreen. Then select **Continue**. 7. Select **Allow Remote Management**. 8. Wait a few minutes while your device is configured and the management profile is installed. 9. To confirm your device is ready to use for work, go to **VPN & Device Management**. Confirm that your work account is listed under **MANAGED ACCOUNT**. diff --git a/memdocs/intune/enrollment/apple-user-enrollment-with-company-portal.md b/memdocs/intune/enrollment/apple-user-enrollment-with-company-portal.md index 2ceb990673d..34a98972ef4 100644 --- a/memdocs/intune/enrollment/apple-user-enrollment-with-company-portal.md +++ b/memdocs/intune/enrollment/apple-user-enrollment-with-company-portal.md @@ -8,7 +8,7 @@ keywords: author: Lenewsad ms.author: lanewsad manager: dougeby -ms.date: 01/23/2024 +ms.date: 12/06/2024 ms.topic: how-to ms.service: microsoft-intune ms.subservice: enrollment @@ -72,14 +72,7 @@ Complete these steps to create an enrollment profile for devices enrolling via u 6. Select **Next**. -7. On the **Settings** page, select **User enrollment with Company Portal**. - - Alternatively, you can select **Determine based on user choice**, which lets assigned users select the enrollment type during enrollment. Their options: - - * **I own this device**: As a follow-up, the user must select whether they want to secure the entire device or only secure work-related apps and data. - * **(Company) owns this device**: The device enrolls via Apple Device Enrollment. For more information about this enrollment method, see [Device Enrollment and MDM](https://support.apple.com/guide/deployment/device-enrollment-and-mdm-depd1c27dfe6/web) on the Apple Support website. - - The device user's selection determines which enrollment process is carried out. Their choice is also reflected in the device ownership attribute shown in Intune. To learn more about the user experience and what they see onscreen during enrollment, see [Set up iOS/iPadOS device access to your company resources](../user-help/enroll-your-device-in-intune-ios.md). +7. On the **Settings** page, select **User enrollment with Company Portal**. 8. Select **Next**. diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 865be53774f..52cce39ff3c 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -7,7 +7,7 @@ keywords: author: brenduns ms.author: brenduns manager: dougeby -ms.date: 11/22/2024 +ms.date: 12/06/2024 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: fundamentals @@ -83,12 +83,12 @@ You can use RSS to be notified when this page is updated. For more information, Device inventory lets you collect and view additional hardware properties from your managed devices to help you better understand the state of your devices and make business decisions. -You can now choose what you want to collect from your devices, using the catalog of properties and then view the collected properties in the Resource Explorer view. +You can now choose what you want to collect from your devices, using the catalog of properties and then view the collected properties in the Resource Explorer view. For more information, see: -- [Properties catalog](../configuration/properties-catalog.md). -- [Data collection platform](../../analytics/data-platform-schema.md). +- [Properties catalog](../configuration/properties-catalog.md) +- [Data collection platform](../../analytics/data-platform-schema.md) Applies to: @@ -100,7 +100,8 @@ Applies to: #### Configuration values for specific managed applications on Intune enrolled iOS devices -Starting with Intune's September (2409) service release, the **IntuneMAMUPN**, **IntuneMAMOID**, and **IntuneMAMDeviceID** app configuration values will be automatically sent to managed applications on Intune enrolled iOS devices for the following apps: +Starting with Intune's September (2409) service release, the **IntuneMAMUPN**, **IntuneMAMOID**, and **IntuneMAMDeviceID** app configuration values are automatically sent to managed applications on Intune enrolled iOS devices for the following apps: + - Microsoft Excel - Microsoft Outlook - Microsoft PowerPoint @@ -111,25 +112,31 @@ For more information, see [Plan for Change: Specific app configuration values wi #### Additional installation error reporting for LOB apps on AOSP devices -Additional details are now provided for app installation reporting of Line of Business (LOB) apps on Android Open Source Project (AOSP) devices. You can view installation error codes and detailed error messages for LOB apps in Intune. For information about app installation error details, see [Monitor app information and assignments with Microsoft Intune](../apps/apps-monitor.md#app-installation-error-reporting). +Additional details are now provided for app installation reporting of Line of Business (LOB) apps on Android Open Source Project (AOSP) devices. You can view installation error codes and detailed error messages for LOB apps in Intune. + +For information about app installation error details, see [Monitor app information and assignments with Microsoft Intune](../apps/apps-monitor.md#app-installation-error-reporting). Applies to: - Android Open Source Project (AOSP) devices #### Microsoft Teams app protection on VisionOS devices (preview) -Microsoft Intune app protection policies (APP) are now supported on the Microsoft Teams app on VisionOS devices. To learn more about how to target policies to VisionOS devices, see [Managed app properties](../fundamentals/filters-device-properties.md#managed-app-properties) for more information about filters for managed app properties. + +Microsoft Intune app protection policies (APP) are now supported on the Microsoft Teams app on VisionOS devices. + +To learn more about how to target policies to VisionOS devices, see [Managed app properties](../fundamentals/filters-device-properties.md#managed-app-properties) for more information about filters for managed app properties. Applies to: + - Microsoft Teams for iOS on VisionOS devices ### Device configuration #### New settings available in the Windows settings catalog -The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. +The [Settings Catalog](../configuration/settings-catalog.md) lists all the settings you can configure in a device policy, and all in one place. -A new setting **Set Copilot Hardware Key** is now available in the Settings Catalog. To see this and other settings, in the Microsoft Intune admin center, go to **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy** > **Windows 10 and later for platform** > **Settings catalog** for profile type. +A new setting **Set Copilot Hardware Key** is now available in the Settings Catalog. To see this and other settings, in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy** > **Windows 10 and later for platform** > **Settings catalog** for profile type. Applies to: @@ -139,7 +146,9 @@ Applies to: You can now use DFCI profiles to manage UEFI (BIOS) settings for Samsung devices that run Windows 10 or Windows 11. Not all Samsung devices running Windows are enabled for DFCI. Contact your device vendor or device manufacturer for eligible devices. -You can manage DFCI profiles from within the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) by going to **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy** > **Windows 10 and later** for platform > **Templates** > **Device Firmware Configuration Interface** for profile type. For more information about DFCI profiles, see: +You can manage DFCI profiles from within the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) by going to **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy** > **Windows 10 and later** for platform > **Templates** > **Device Firmware Configuration Interface** for profile type. + +For more information about DFCI profiles, see: - [Configure Device Firmware Configuration Interface (DFCI) profiles on Windows devices in Microsoft Intune](../configuration/device-firmware-configuration-interface-windows.md) - [Device Firmware Configuration Interface (DFCI) management with Windows Autopilot](/autopilot/dfci-management) @@ -186,9 +195,9 @@ The following settings have been deprecated by Apple and will be marked as depre - Enable Logging - Logging Option -#### View profiles for your Endpoint Security policies in the Device Configuration node of the admin center +#### View profiles for your Endpoint Security policies in the Device Configuration node of the admin center -We’ve updated the [*Configuration* view](../configuration/device-profile-monitor.md) for *Devices* in the admin center to now display profiles for your endpoint security policies alongside your device configuration policies. This means you can view a combined list of your device configuration policies and the supported endpoint security policies in a single location where you can then select a policy to view and edit it. +We’ve updated the [*Configuration* view](../configuration/device-profile-monitor.md) for *Devices* in the Microsoft Intune admin center to now display profiles for your endpoint security policies alongside your device configuration policies. This means you can view a combined list of your device configuration policies and the supported endpoint security policies in a single location where you can then select a policy to view and edit it. The combined view supports the endpoint security profiles you create for the *macOS* and *Windows* platforms for the following endpoint security policy types: @@ -203,19 +212,19 @@ The combined view supports the endpoint security profiles you create for the *ma When viewing the list of policies, endpoint security policies are identified by their template type, like *Microsoft Defender Antivirus*, in the *Policy type* column. -To view the combined list profiles for all device types, in the admin center go to **Devices** > *All devices* and below *Manage devices*, select **Configuration**. +To view the combined list profiles for all device types, in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) go to **Devices** > *All devices* and below *Manage devices*, select **Configuration**. -While you can view endpoint security policies in the device configuration node, you must still create new endpoint security policies in the endpoint security node. Additionally, the combined view does not display endpoint security profiles for the *Windows (ConfigMgr)* platform or for *Linux*. +While you can view endpoint security policies in the device configuration node, you must still create new endpoint security policies in the endpoint security node. Additionally, the combined view does not display endpoint security profiles for the *Windows (ConfigMgr)* platform or for *Linux*. -#### Windows 365 Link is now available in public preview +#### Intune support for Windows 365 Link is now available in public preview Windows 365 Link is the first Cloud PC device built by Microsoft to connect securely to Windows 365 in seconds, providing a responsive, high-fidelity Windows desktop experience in the Microsoft Cloud. -Windows 365 Link runs a small Windows based OS called Windows CPC, and shows up in Intune alongside other managed Windows devices and Cloud PCs. +Windows 365 Link runs a small Windows based OS called Windows CPC, and shows up in Intune alongside other managed Windows devices and Cloud PCs. -Also, Device actions, such as **Wipe**, **Restart**, and **Collect diagnostics** work similarly to other Windows devices. As the OS is purpose built to directly connect to Windows 365, this results in only a fraction of Windows configuration policies being applicable, minimizing decision points. +Also, Device actions, such as **Wipe**, **Restart**, and **Collect diagnostics** work similarly to other Windows devices. As the OS is purpose built to directly connect to Windows 365, this results in only a fraction of Windows configuration policies being applicable, minimizing decision points. -The process to configure and apply those applicable policies is simple and familiar because the process is the same as your other Windows devices. Secondly, Windows 365 Link has no ability to store data locally, no local apps, no local admin users, and automatically keeps itself up to date. +The process to configure and apply those applicable policies is simple and familiar because the process is the same as your other Windows devices. Secondly, Windows 365 Link has no ability to store data locally, no local apps, no local admin users, and automatically keeps itself up to date. This means several Intune features are not applicable including application and update management, along with scripts and remediations. @@ -223,7 +232,9 @@ Windows 365 Link is now available in public preview. For more information, see [ #### Store macOS certificates in user keychain -A new *deployment channel* setting in Microsoft Intune enables you to store macOS authentication certificates in the user keychain. This enhancement strengthens system security and improves the user experience by reducing certificate prompts. Prior to this change, Microsoft Intune automatically stored user and device certificates in the system keychain. The deployment channel setting is available in SCEP and PKCS certificate profiles for macOS, and in VPN, Wi-Fi, and wired network settings configuration profiles for macOS. For more information about the profiles and their new setting, see: +A new *deployment channel* setting in Microsoft Intune enables you to store macOS authentication certificates in the user keychain. This enhancement strengthens system security and improves the user experience by reducing certificate prompts. Prior to this change, Microsoft Intune automatically stored user and device certificates in the system keychain. The deployment channel setting is available in Simple Certificate Enrollment Protocol (SCEP) and Public Key Cryptography Standards (PKCS) certificate profiles for macOS, and in VPN, Wi-Fi, and wired network settings configuration profiles for macOS. + +For more information about the profiles and their new setting, see: - [Add VPN settings on macOS devices in Microsoft Intune](../configuration/vpn-settings-macos.md) - [Add Wi-Fi settings for macOS devices in Microsoft Intune](../configuration/wi-fi-settings-macos.md) @@ -235,11 +246,12 @@ A new *deployment channel* setting in Microsoft Intune enables you to store macO Now generally available, Microsoft Intune supports compliance checks for instances of Windows Subsystem for Linux (WSL) running on a Windows host device. You can create a Windows 10/11 compliance policy that contains the allowed Linux distribution names and versions evaluated on WSL. Microsoft Intune includes the WSL compliance results in the overall compliance state of the host device. -For more information about WSL compliance, see [Evaluate compliance for Windows Subsystem for Linux](../protect/compliance-wsl.md). +For more information about WSL compliance, see [Evaluate compliance for Windows Subsystem for Linux](../protect/compliance-wsl.md). ### Intune Apps #### Newly available protected apps for Intune + The following protected app is now available for Microsoft Intune: - Microsoft Designer by Microsoft Corporation @@ -248,9 +260,9 @@ For more information about protected apps, see [Microsoft Intune protected apps] ### Monitor and troubleshoot -#### ICCID will be inventoried for Android Enterprise Dedicated and Fully Managed +#### ICCID is inventoried for Android Enterprise Dedicated and Fully Managed -We've added the ability to view a device's ICCID number for devices enrolled as Android Enterprise Dedicated or Android Fully Managed. Admins can view ICCID numbers in their device inventory. +We've added the ability to view a device's ICCID number for devices enrolled as Android Enterprise Dedicated or Android Fully Managed. Admins can view ICCID numbers in their [device inventory](../remote-actions/device-inventory.md#hardware-device-details). You can now find the ICCID number for Android devices by navigating to **Devices** > **Android**. Select a device of interest. In the side panel, under **Monitor** select **Hardware**. The ICCID number will be in the **Network details** group. The ICCID number isn't supported for Android Corporate-Owned Work Profile devices. @@ -260,7 +272,7 @@ Applies to: #### New device actions for single device query -We're adding the Intune remote device actions to Single device query to help you manage your devices remotely. From the device query interface, you'll be able to run device actions based on query results for faster and more efficient troubleshooting. +We've added the Intune remote device actions to Single device query to help you manage your devices remotely. From the device query interface, you'll be able to run device actions based on query results for faster and more efficient troubleshooting. Applies to: @@ -313,7 +325,7 @@ For information about this Autopilot support, see the following in the Autopilot #### Minimum OS version for Android devices is Android 10 and later for user-based management methods -Beginning in October 2024, Android 10 and later is the minimum Android OS version that is supported for user-based management methods, which includes: +Beginning in October 2024, Android 10 and later is the [minimum Android OS version that is supported for user-based management methods](../fundamentals/supported-devices-browsers.md#android), which includes: - Android Enterprise personally-owned work profile - Android Enterprise corporate owned work profile @@ -335,7 +347,7 @@ Userless methods of Android device management (Dedicated and AOSP userless) and #### Collection of additional device inventory details -Intune now collects additional files and registry keys to assist in troubleshooting the Device Hardware Inventory feature. +Intune now collects additional files and registry keys to assist in troubleshooting the [Device Hardware Inventory](../remote-actions/collect-diagnostics.md) feature. Applies to: @@ -398,6 +410,12 @@ For more information, see: Working time settings allow you to enforce policies that limit access to apps and mute message notifications received from apps during non-working time. The limit access setting is now available for the Microsoft Teams and Microsoft Edge apps. You can limit access by using App Protection Policies (APP) to block or warn end users from using the iOS/iPadOS or Android Teams and Microsoft Edge apps during non-working time by setting the **Non-working time** conditional launch setting. Also, you can create a non-working time policy to mute notifications from the Teams app to end users during non-working time. +For more information, see: + +- [Android app protection policy settings](../apps/app-protection-policy-settings-android.md#conditional-launch) +- [iOS app protection policy settings](../apps/app-protection-policy-settings-ios.md#conditional-launch) +- [Quiet time policies for iOS/iPadOS and Android apps](../apps/apps-quiet-time-policies.md#quiet-time-policy-types) + Applies to: - Android @@ -405,7 +423,7 @@ Applies to: #### Streamlined app creation experience for apps from Enterprise App Catalog -We've streamlined the way apps from Enterprise App Catalog are added to Intune. We now provide a direct app link rather than duplicating the app binaries and metadata. App contents now download from a `*.manage.microsoft.com` subdomain. This update helps to improve the latency when adding an app to Intune. When you add an app from Enterprise App Catalog, it syncs immediately and is ready for additional action from within Intune. +We've streamlined the way apps from [Enterprise App Catalog](../apps/apps-add-enterprise-app.md) are added to Intune. We now provide a direct app link rather than duplicating the app binaries and metadata. App contents now download from a `*.manage.microsoft.com` subdomain. This update helps to improve the latency when adding an app to Intune. When you add an app from Enterprise App Catalog, it syncs immediately and is ready for additional action from within Intune. #### Update Enterprise App Catalog apps @@ -874,7 +892,7 @@ Applies to: You can specify the time that OS updates are enforced on devices in their local time zone. For example, configuring an OS update to be enforced at 5pm schedules the update for 5pm in the device's local time zone. Previously, this setting used the time zone of the browser where the policy was configured. -This change only applies to new policies that are created in the August 2408 release and later. The **Target Date Time** setting is in the settings catalog at **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy** > **iOS/iPadOS** or **macOS** for platform > **Settings catalog** for profile type > **Declarative Device Management** > Software Update. +This change only applies to new policies that are created in the August 2408 release and later. The **Target Date Time** setting is in the [settings catalog](../configuration/settings-catalog.md) at **Devices** > **Manage devices** > **Configuration** > **Create** > **New policy** > **iOS/iPadOS** or **macOS** for platform > **Settings catalog** for profile type > **Declarative Device Management** > Software Update. In a future release, the **UTC** text will be removed from the **Target Date Time** setting. @@ -1061,7 +1079,7 @@ You can now configure just-in-time (JIT) registration and JIT compliance remedia We have consolidated the Intune profiles that were related to identity and account protection, into a single new profile named *Account protection*. This new profile is found in the [account protection policy node of endpoint security](../protect/endpoint-security-account-protection-policy.md), and is now the only profile template that remains available when creating new policy instances for identity and account protection. The new profile includes Windows Hello for Business settings for both users and devices, and settings for Windows Credential Guard. -Because this new profile uses Intune’s unified settings format for device management, the profiles settings are also available through the settings catalog, and help to improve the reporting experience in the Intune admin center. +Because this new profile uses Intune’s unified settings format for device management, the profiles settings are also available through the [settings catalog](../configuration/settings-catalog.md), and help to improve the reporting experience in the Intune admin center. You can continue to use any instances of the following profile templates that you already have in place, but Intune no longer supports creating new instances of these profiles: diff --git a/memdocs/intune/industry/education/tutorial-school-deployment/configure-devices-overview.md b/memdocs/intune/industry/education/tutorial-school-deployment/configure-devices-overview.md index 1f145e0e916..ffedcf0698f 100644 --- a/memdocs/intune/industry/education/tutorial-school-deployment/configure-devices-overview.md +++ b/memdocs/intune/industry/education/tutorial-school-deployment/configure-devices-overview.md @@ -3,7 +3,6 @@ title: Configure devices with Microsoft Intune description: Learn how to configure policies and applications in preparation for device deployment. ms.date: 5/2/2024 ms.topic: tutorial -ms.collection: essentials-manage author: scottbreenmsft ms.author: scbree ms.manager: dougeby diff --git a/memdocs/intune/industry/education/tutorial-school-deployment/introduction.md b/memdocs/intune/industry/education/tutorial-school-deployment/introduction.md index 992b6e2bb31..200b5d873dc 100644 --- a/memdocs/intune/industry/education/tutorial-school-deployment/introduction.md +++ b/memdocs/intune/industry/education/tutorial-school-deployment/introduction.md @@ -3,7 +3,6 @@ title: Introduction to the tutorial for deploying and managing devices in a scho description: Introduction to deployment and management of devices in education environments. ms.date: 5/2/2024 ms.topic: tutorial -ms.collection: essentials-get-started ms.author: scbree author: scottbreenmsft ms.manager: dougeby