Merge pull request #8355 from MicrosoftDocs/main

v-stsavell · web-flow · commit 031521776803 · 2022-08-31T12:34:48.000-05:00
Publish main to live on 8/31 @ 10:30 am
diff --git a/memdocs/configmgr/hotfix/2207/14840616.md b/memdocs/configmgr/hotfix/2207/14840616.md
@@ -0,0 +1,76 @@
+---
+title: Summary of changes in Configuration Manager current branch, version 2207
+titleSuffix: Configuration Manager
+description: Article listing changes in Configuration Manager current branch, version 2207
+ms.date: 08/30/2022
+ms.prod: configuration-manager
+ms.technology: configmgr-core
+ms.topic: reference
+ms.assetid: 9271169f-2ec2-415c-b3f3-a2293218ada5
+author: bhuney
+ms.author: brianhun
+manager: dougeby
+---
+
+# Summary of changes in Configuration Manager current branch, version 2207
+
+*Applies to: Configuration Manager (current branch, version 2207)*
+
+## Summary of KB14840616
+Release version 2207 of Microsoft Endpoint Configuration Manager current branch contains fixes and feature improvements.
+The "Issues that are fixed" list isn't inclusive of all changes. Instead, it highlights changes the product development team believes are most relevant to the broad Configuration Manager customer base. Many of these changes were made in response to customer feedback about product issues and improvements.
+
+##### Notes
+- Version 2207 is available as an in-console update that can be installed at the top-tier site in a hierarchy.
+- For installation information, see [Checklist for installing update 2207 for System Center Configuration Manager](../../core/servers/manage/checklist-for-installing-update-2207.md).
+- For more information about the changes that are included in version 2207, see [What's new in version 2207 of Configuration Manager current branch](../../core/plan-design/changes/whats-new-in-version-2207.md).
+- This globally available release contains all of the fixes summarized in the following article.
+
+   KB [14244456](../../hotfix/2203/14244456.md): Update rollup for Microsoft Endpoint Configuration Manager current branch, version 2203
+
+## Issues that are fixed
+
+<!-- 13923149 -->
+- The default timeout period for hardware inventory reports is reduced from eight weeks to one week. This reduces the length of time that messages from the client may queue if there is a temporary problem communicating with a management point.
+<!-- 2840033 -->
+- The **Format and Partition Disk** task sequence step incorrectly sets the *Type* value of a recovery partition to 0x7 instead of 0x27.
+<!-- 9421122 -->
+- The *IsVirtual* discovery property can incorrectly toggle from a value of 1 to a value of zero when system discovery runs after heartbeat discovery. The value is set back to a 1 after the next heartbeat discovery cycle. 
+<!-- 10898529 -->
+- Computers with updated BIOS may be duplicated in some collections. This happens because of duplicate information stored in the hardware inventory tables.
+<!-- 12554467 -->
+- Clients may generate excessive traffic to the Management point while downloading the WebView2 installation files. This happens after enabling the **Display custom tabs with Microsoft Edge WebView2 runtime** client setting. This update adds randomization to the WebView2 download process to reduce overall management point load.
+<!-- 1261946 -->
+- Discovery data for computers from untrusted domains may be marked as obsolete when they go through the client re-registration process. 
+<!-- 13177588 -->
+- The **New-CMFolder** PowerShell cmdlet allows invalid characters as input for folder names. This prevents later modification of the folder name in the Configuration Manager console.
+<!-- 13464778 -->
+- The **Get-CMObjectSecurityScope** PowerShell cmdlet doesn't work when run against a folder. The following error is logged by the cmdlet.
+   ```text
+   WARNING: Unrecognized object type 'SMS_ObjectContainerNode'. Could not retrieve object security scope.
+   ```
+<!-- 14022391 -->
+- The legend values in antimalware reports are displayed as placeholders such as "_1", "_2", instead of their correct localized names.
+<!-- 14563799 -->
+- Default hardware inventory classes may be disabled when installing a new Configuration Manager client.
+<!-- 14567825 -->
+- The task sequence *Install application* step now captures the correct executable name - smsappinstall.exe - in the smsts.log file.
+<!-- 14716643 -->
+- Logging for the SMS_Service_Connector component is enhanced for easier troubleshooting. 
+<!-- 14918873 -->
+- The data warehouse process (Microsoft.ConfigMgrDataWarehouse.exe) may terminate unexpectedly in large environments when SQL change tracking is enabled.
+<!-- 15037050 -->
+- Heartbeat discovery data records (DDR files) from Windows 365 Cloud PC clients are rejected. The following error is recorded in the ddm.log file on the site server.
+   ```text
+   CDiscoveryPropertyBase::Validate - Max width of property "CloudPCInfo" exceeds maximum 900 characters
+   ```
+<!-- 14916633 -->
+- If the **Upload to Microsoft Endpoint Manager admin center** option is disabled and re-enabled in Cloud Attach properties, the option for **Role-based Access Control** can't be enabled again. 
+<!-- 14727900 -->
+- The **Native client app** value is blank after completing the Azure Services wizard.
+<!-- 14960789 -->
+- The Search tab disappears from the Configuration Manager console after completing a search on a top level node, or after changing options from *Current Node* to *All Subfolders*.
+
+## Hotfixes that are included in this update
+- KB [14480034](../../hotfix/2203/14480034.md): Registration fails for PKI clients after updating to Configuration Manager current branch, version 2203
+- KB [14244456](../../hotfix/2203/14244456.md): Update rollup for Microsoft Endpoint Configuration Manager version 2203
diff --git a/memdocs/configmgr/hotfix/TOC.yml b/memdocs/configmgr/hotfix/TOC.yml
@@ -3,6 +3,8 @@ items:
   href: index.yml
 - name: Version 2207
   items:
+  - name: KB 14840616  Summary of changes in 2207
+    href: 2207/14840616.md
   - name: KB 14978429  Connected cache update for Microsoft Endpoint Configuration Manager version 2207
     href: 2207/14978429.md
 - name: Version 2203
diff --git a/memdocs/configmgr/hotfix/index.yml b/memdocs/configmgr/hotfix/index.yml
@@ -17,6 +17,12 @@ metadata:
   ms.localizationpriority: high
 
 landingContent:
+  - title: Configuration Manager 2207
+    linkLists:
+      - linkListType: overview
+        links:
+          - text: KB 14840616 Summary of changes in 2207
+            url: 2207/14840616.md
   - title: Configuration Manager 2203
     linkLists:
       - linkListType: overview
diff --git a/memdocs/intune/configuration/delivery-optimization-settings.md b/memdocs/intune/configuration/delivery-optimization-settings.md
@@ -66,7 +66,7 @@ To configure Intune to use these settings, see [Deliver updates](delivery-optimi
 ## Bandwidth  
 
 > [!NOTE]
-> **DOMaxDownloadBandwidth** and **DOMaxUploadBandwidth** are [deprecated](/windows/deployment/deploy-whats-new#delivery-optimization) with the Windows 10, version 2004 release. Instead, use **DO Max Foreground Download Bandwidth** and **DO Max Background Download Bandwidth** that can be configured through the Intune [settings catalog](/configuration/settings-catalog.md).
+> **DOMaxDownloadBandwidth** and **DOMaxUploadBandwidth** are [deprecated](/windows/deployment/deploy-whats-new#delivery-optimization) with the Windows 10, version 2004 release. Instead, use **DO Max Foreground Download Bandwidth** and **DO Max Background Download Bandwidth** that can be configured through the Intune [settings catalog](settings-catalog.md).
 
 |Setting  |Windows version  |Details  |
 |---------|---------|---------|
diff --git a/memdocs/intune/enrollment/enrollment-restrictions-set.md b/memdocs/intune/enrollment/enrollment-restrictions-set.md
@@ -163,8 +163,8 @@ Intune also blocks personal devices using these enrollment methods:
 ## Next steps  
 
 Use the table-of-contents to step through each article in the enrollment restrictions how-to guide, or jump to an article using the following links:  
-  * [Create device platform enrollment restrictions](create-device-limit-restrictions.md)  
-  * [Create device limit enrollment restrictions](create-device-platform-restrictions.md)  
+  * [Create device platform enrollment restrictions](create-device-platform-restrictions.md) 
+  * [Create device limit enrollment restrictions](create-device-limit-restrictions.md)  
   * [View enrollment reports](view-enrollment-reports.md)  
 
 
diff --git a/memdocs/intune/fundamentals/licenses.md b/memdocs/intune/fundamentals/licenses.md
@@ -45,6 +45,9 @@ Intune is included in the following licenses:
 - Microsoft 365 Government G3
 - Intune for Education
 
+> [!NOTE]
+> For additonal licensing information about Intune for Education, see [Microsoft 365 Education](/office365/servicedescriptions/office-365-platform-service-description/microsoft-365-education).
+
 ## Microsoft Intune for Education
 
 Intune for Education is included in the following licenses:
@@ -130,4 +133,4 @@ If you don't have a license for Azure AD Premium, see [Sign up for Azure Active
 
 For the latest information about product editions, product licensing updates, volume licensing plans, and other information related to your specific use cases, see the [Microsoft Licensing](https://www.microsoft.com/licensing/default) page.  
 
-For information about how user and device licenses affect access to services, as well as how to assign a license to a user, see the [Assign Intune licenses to your user accounts article](licenses-assign.md).
+For information about how user and device licenses affect access to services, as well as how to assign a license to a user, see the [Assign Intune licenses to your user accounts article](licenses-assign.md).
diff --git a/memdocs/intune/fundamentals/monitor-audit-logs.md b/memdocs/intune/fundamentals/monitor-audit-logs.md
@@ -56,7 +56,7 @@ You can review audit logs in the monitoring group for each Intune workload:
 4. Select **Apply**.
 5. Select an item in the list to see the activity details.
 
-For related information about audit logs, see [Addition information](../fundamentals/monitor-audit-logs.md#additional-information).
+For related information about audit logs, see [Additional information](../fundamentals/monitor-audit-logs.md#additional-information).
 
 ## Route logs to Azure Monitor
 
diff --git a/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md b/memdocs/intune/protect/endpoint-security-firewall-rule-tool.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 07/14/2020
+ms.date: 08/31/2022
 ms.topic: overview
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -31,7 +31,7 @@ ms.reviewer: laarrizz
 
 Many organizations are moving their security configuration to Microsoft Endpoint Manager to make use of modern, cloud-based management. Endpoint security in Endpoint Manager offers rich management experiences of Windows Firewall configuration and granular firewall rule management.
 
-Because it can be challenging to move large numbers of existing Group Policies for Windows Firewall rules to Endpoint security policies in Endpoint Manager, we've created the **Endpoint security firewall rule migration tool**.
+Because it can be challenging to move large numbers of existing Group Policies for Windows Firewall rules to Endpoint security policies in Endpoint Manager, we've created the **Endpoint security firewall rule migration tool**, which is a PowerShell script.
 
 When you run the **Endpoint security firewall rule migration tool** on a reference Windows 10/11 client that has firewall rules based on Group Policy applied, the tool can automatically create Endpoint security firewall rule policies in Endpoint Manager. After the endpoint security rules are created, administrators can target the rules to Azure AD groups to configure MDM and co-managed clients.
 
@@ -41,6 +41,9 @@ Download the [Endpoint security firewall rule migration tool](https://aka.ms/End
 
 ## Tool usage
 
+> [!TIP]
+> The tool's PowerShell script looks for endpoint security policies that target **MDM**. When there are no policies that target **MDM**, the script can loop and fail to exit. To work around this condition, either add a policy that targets MDM before running the script, or edit the line 46 of the script to the following: `while(($profileNameExist) -and ($profiles.Count -gt 0))`
+
 Run the tool on a reference machine to migrate that machines current Windows Firewall rule configuration. When run, the tool exports all enabled firewall rules that are present on the device, and automatically creates new Intune policies with the collected rules.
 
 1. Sign in to the reference machine with local administrator privileges.
diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md
@@ -60,7 +60,7 @@ The **Azure network connection** tab has a new health check: **Localization lang
 
 #### Review Cloud PC connectivity health checks and errors in Microsoft Endpoint Manager admin center<!--38469622 -->
 
-You can now review connectivity health checks and errors in the Microsoft Endpoint Manager admin center to help you understand if your users are experiencing connectivity issues. You’ll also get a troubleshooting tool to help resolve connectivity issues. To see the checks, select **Devices** > **Windows 365** > **Azure network connections** > select a connection in the list > **Overview**.
+You can now review connectivity health checks and errors in the Microsoft Endpoint Manager admin center to help you understand if your users are experiencing connectivity issues. You’ll also get a troubleshooting tool to help resolve connectivity issues. To see the checks, select **Devices** > **Windows 365** > **Azure network connections** > select a connection in the list > **Overview**. This feature is rolling out to all customers over the next few weeks.
 
 <!-- vvvvvvvvvvvvvvvvvvvvvv -->
 ### Provisioning
