Merge pull request #6513 from MicrosoftDocs/main

Taojunshen · web-flow · commit 0dca78088516 · 2022-01-12T02:38:43.000+08:00
1/11/2021 AM Publish
diff --git a/memdocs/configmgr/compliance/deploy-use/create-configuration-baselines.md b/memdocs/configmgr/compliance/deploy-use/create-configuration-baselines.md
@@ -2,7 +2,7 @@
 title: Create configuration baselines
 titleSuffix: Configuration Manager
 description: Create configuration baselines in Configuration Manager that you can deploy to a collection.
-ms.date: 11/29/2019
+ms.date: 01/10/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-compliance
 ms.topic: conceptual
@@ -76,17 +76,17 @@ To create a configuration baseline by using the **Create Configuration Baseline*
 
 ## <a name="bkmk_CAbaselines"></a> Include custom configuration baselines as part of compliance policy assessment
 <!--3608345-->
-*(Introduced in version 1910)*
 
-Starting in version 1910, you can add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you have an option to **Evaluate this baseline as part of compliance policy assessment**. When adding or editing a compliance policy rule, you have a condition called **Include configured baselines in compliance policy assessment**. For co-managed devices, and when you configure Intune to take Configuration Manager compliance assessment results as part of the overall compliance status, this information is sent to Azure AD. You can then use it for conditional access to your Microsoft 365 Apps resources. For more information, see [Conditional access with co-management](../../comanage/quickstart-conditional-access.md).
+You can add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you have an option to **Evaluate this baseline as part of compliance policy assessment**. When adding or editing a compliance policy rule, you have a condition called **Include configured baselines in compliance policy assessment**. For co-managed devices, and when you configure Intune to take Configuration Manager compliance assessment results as part of the overall compliance status, this information is sent to Azure AD. You can then use it for conditional access to your Microsoft 365 Apps resources. For more information, see [Conditional access with co-management](../../comanage/quickstart-conditional-access.md).
 
 To include custom configuration baselines as part of compliance policy assessment, do the following:
 
 - Create and deploy a compliance policy to a user collection with a rule to [**Include configured baselines in compliance policy assessment**](#bkmk_CA).
 - Select [**Evaluate this baseline as part of compliance policy assessment**](#bkmk_eval-baseline) in a configuration baseline deployed to a device collection.
 
 > [!IMPORTANT]
-> When targeting devices that are co-managed, ensure you meet the [co-management prerequisites](../../comanage/overview.md#prerequisites).
+> - When targeting devices that are co-managed, ensure you meet the [co-management prerequisites](../../comanage/overview.md#prerequisites). Co-managed clients ignore service windows for remediation when their compliance policies workload is managed by Intune. <!--12439085, 12412748-->
+> - For devices managed by Configuration Manager, the client honors the service window for compliance policy remediation. To ignore the service window and remediate immediately, select **Check compliance** in the **Software Center**. <!--12439085, 12412748-->
 
 ### Example evaluation scenario
 
diff --git a/memdocs/configmgr/protect/deploy-use/endpoint-protection-group-policies.md b/memdocs/configmgr/protect/deploy-use/endpoint-protection-group-policies.md
@@ -36,7 +36,7 @@ You can manage Endpoint Protection in such devices using Group Policy settings,
     - [Local device](#load-endpoint-protection-group-policy-settings-into-your-local-device)
 
 > [!NOTE]
-> For information on how to use Group Policy settings to manage Microsoft Defender Antivirus in Windows 10, Windows Server 2019, Windows Server 2016, or later see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
+> For information on how to use Group Policy settings to manage Microsoft Defender Antivirus in Windows 10, Windows Server 2019, Windows Server 2016, or later as well as [on Windows Server 2012 R2 after installing Microsoft Defender for Endpoint using the modern, unified solution](/microsoft-365/security/defender-endpoint/configure-server-endpoints#windows-server-2012-r2-and-windows-server-2016) see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
 
 ## Copy Endpoint Protection policy definitions
 
@@ -100,4 +100,4 @@ Instead of using Central Store for loading Endpoint Protection policy definition
 
 ## Next steps
 - For an overview on Endpoint Protection, see [Endpoint Protection](endpoint-protection.md).
-- For information on configuring Endpoint Protection on a standalone client manually, see [Configure Endpoint Protection on a standalone client](endpoint-protection-configure-standalone-client.md).
+- For information on configuring Endpoint Protection on a standalone client manually, see [Configure Endpoint Protection on a standalone client](endpoint-protection-configure-standalone-client.md).
