Merge pull request #7933 from MicrosoftDocs/main

Publish 07/05/2022 3:30 PM PT

Author: Angela Fleischmann

memdocs/analytics/proactive-remediations.md

@@ -2,7 +2,7 @@
 title: Tutorial - Proactive remediations
 titleSuffix: Microsoft Endpoint Manager
 description: A tutorial on using Proactive remediations to enhance the user
-ms.date: 03/07/2022
+ms.date: 07/05/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-analytics
 ms.topic: tutorial
@@ -120,9 +120,24 @@ Proactive remediation scripts need to be encoded in UTF-8. Uploading these scrip
 
    For information about enforcing script signature checks, see [Script requirements](#bkmk_requirements).
 1. Click **Next** then assign any **Scope tags** you need.
-1. In the **Assignments** step, select the device groups to which you want to deploy the script package. When you're ready to deploy the packages to your users or devices, you can also use filters. For more information, see [Create filters in Microsoft Intune](../intune/fundamentals/filters.md).     
+1. In the **Assignments** step, select the device groups to which you want to deploy the script package. When you're ready to deploy the packages to your users or devices, you can also use filters. For more information, see [Create filters in Microsoft Intune](../intune/fundamentals/filters.md).
 1. Complete the **Review + Create** step for your deployment.
 
+## <a name="bkmk_prs_policy"></a> Client policy retrieval and client reporting
+
+The client retrieves policy for proactive remediations scripts at the following times:
+
+- After a restart of the device or Intune management extension service
+- After a user signs into the client
+- Once every 8 hours
+   - The 8 hour script retrieval schedule is fixed based on when the Intune management extension service starts. The schedule isn't altered by user sign ins.
+
+The client reports proactive remediation information at the following times:
+
+- When a script is set to run once, the results are reported after the script runs.
+- Recurring scripts follow a 7 day reporting cycle:
+  - Within the first 6 days, the client reports only if a change occurs. The first time the script runs would be considered a change.
+  - Every 7 days the client sends a report even if there wasn't a change.
 
 ## <a name="bkmk_prs_monitor"></a> Monitor your script packages
 

memdocs/analytics/startup-performance.md

@@ -29,7 +29,7 @@ For devices enrolled via Intune, Startup performance insights are only available
 For devices that do not meet the above criteria, you are able to [enroll via Configuration Manager](enroll-configmgr.md).
 
 > [!Important]
-> Client devices require a restart to fully enable all analytics. <!--7698085-->
+> Client devices require a restart to fully enable all analytics. <!--7698085--> The retention period for device boot and sign-in events is 29 days. If a device has not uploaded a boot or sign-in event in the past 29 days, it will not appear in the Startup performance report.
 ## <a name="bkmk_score"></a> Startup score
 
 [!INCLUDE [Endpoint analytics startup score](includes/startup-score.md)]
@@ -55,7 +55,7 @@ Startup performance provides an insight on the number of devices that have delay
 
 If you click through to a particular device, you can see its boot and sign-in history. The history helps you determine if the issue is a regression and when it might have occurred.
 
-While there are many articles on how to optimize Group Policies performance, you may choose to migrate to cloud-management instead. Migrating to cloud-management allows you to use [Intune security baselines](../intune/protect/security-baselines.md) and the soon-to-be-released Policy Analytics tool.
+While there are many articles on how to optimize Group Policies performance, you may choose to migrate to cloud-management instead. Migrating to cloud-management allows you to use [Intune security baselines](../intune/protect/security-baselines.md) and [Group Policy analytics](../intune/configuration/group-policy-analytics.md).
 
 ### <a name="bkmk_sb"></a> Slow boot and sign-in times
 

memdocs/configmgr/core/get-started/2022/includes/2204/12952905.md

@@ -13,9 +13,6 @@ ms.topic : include
 <!--12952905-->
 When configuring Azure Services, a new option called **Administration Service Management** is now added for enhanced security. Selecting this option allows administrators to segment their admin privileges between [cloud management gateway (CMG)](../../../../clients/manage/cmg/overview.md) and [administration service](../../../../../../configmgr/develop/adminservice/overview.md). By enabling this option, access is restricted to only administration service endpoints. Configuration Management clients will authenticate to the site using Azure Active Directory.
 
-> [!NOTE]
-> Currently, the administration service management option can’t be used with CMG.
-
 :::image type="content" source="../../media/12952905-administration-service-management-azure-services.png" alt-text="Screenshot of administration service management option in the Azure Service Wizard.":::
 
 ### Try it out!

memdocs/configmgr/desktop-analytics/connect-configmgr.md

@@ -2,7 +2,7 @@
 title: Connect Configuration Manager
 titleSuffix: Configuration Manager
 description: A how-to guide for connecting Configuration Manager with Desktop Analytics.
-ms.date: 08/24/2021
+ms.date: 07/01/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-analytics
 ms.topic: how-to
@@ -126,7 +126,7 @@ Monitor the configuration of your devices for Desktop Analytics. In the Configur
 
 For more information, see [Monitor connection health](monitor-connection-health.md).
 
-Configuration Manager synchronizes your collections within 60 minutes of creating the connection. In the Desktop Analytics portal, go to**Global Pilot**, and see your Configuration Manager device collections.
+Configuration Manager synchronizes your collections within 60 minutes of creating the connection. In the Desktop Analytics portal, go to **Global Pilot**, and see your Configuration Manager device collections.
 
 > [!NOTE]
 > The Configuration Manager connection to Desktop Analytics relies upon the service connection point. Any changes to this site system role may impact synchronization with the cloud service. For more information, see [About the service connection point](../core/servers/deploy/configure/about-the-service-connection-point.md#bkmk_move).

memdocs/configmgr/tenant-attach/device-sync-actions.md

@@ -2,7 +2,7 @@
 title: Enable Microsoft Endpoint Manager tenant attach
 titleSuffix: Configuration Manager
 description: Upload your Configuration Manager devices to the cloud service and take actions from the admin center.
-ms.date: 03/21/2022
+ms.date: 07/01/2022
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-core
@@ -65,7 +65,7 @@ When co-management isn't enabled, use the instructions below to enable device up
      - Optionally, you can import a previously created Azure AD application during tenant attach onboarding (starting in version 2006). For more information, see the [Import a previously created Azure AD application](#bkmk_aad_app) section.
 1. On the **Configure upload** page, select the recommended device upload setting for **All my devices managed by Microsoft Endpoint Configuration Manager**. If needed, you can limit upload to a single device collection.
     - Starting in Configuration Manager version 2010, when a single collection is selected, its child collections are also uploaded. <!--8717629-->
-1. Check the option to **Enable Endpoint analytics for devices uploaded to Microsoft Endpoint Manager** if you also want to get insights to optimize the end-user experience in [Endpoint Analytics](../../analytics/overview.md)
+1. Check the option to **Enable Endpoint analytics for devices uploaded to Microsoft Endpoint Manager** if you also want to get insights to optimize the end-user experience in [Endpoint Analytics](../../analytics/overview.md).
 1. Select **Summary** to review your selection, then choose **Next**.
 1. When the wizard is complete, select **Close**.  
 

memdocs/configmgr/tenant-attach/includes/import-azure-app.md

@@ -5,7 +5,7 @@ ms.prod: configuration-manager
 ms.technology: configmgr-core
 ms.topic: include
 ms.localizationpriority: high
-ms.date: 01/06/2022
+ms.date: 07/01/2022
 ---
 <!-- This include file is currently used by device-sync-actions.md and cloud-attach/enable.md. Note H2/H3s for this include file may be context driven by article. -->
 
@@ -48,4 +48,4 @@ Using a previously created application during onboarding to tenant attach requir
 
 - The imported application needs to be configured as follows:
    - Registered for **Accounts in this organizational directory only**. For more information, see [Change who can access your application](/azure/active-directory/develop/quickstart-modify-supported-accounts#to-change-who-can-access-your-application).
-   -  Has a valid application ID URI and secret
+   -  Has a valid application ID URI and secret.

memdocs/intune/configuration/vpn-settings-configure.md

@@ -145,17 +145,14 @@ You can create VPN profiles using the following connection types:
   > [!Important]  
   > As of June 14, 2021, both the standalone tunnel app and standalone client connection type for Android are deprecated and drop from support after October 26, 2021.
 
-- Microsoft Tunnel (preview)
+- Microsoft Tunnel
   - iOS/iPadOS
-  
-  > [!Important]
-  > On April 29, 2022, this connection type became generally available and supports Microsoft Defender for Endpoint as a tunnel client app. However, the connection type continues to reflect *preview*.
 
 - Microsoft Tunnel (standalone client)(preview)
   - iOS/iPadOS
 
   > [!Important]
-  > **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel (preview)* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.  
+  > **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.  
   > - On July 29, 2022, the  standalone tunnel client app will no longer be available for download. Only the generally available version of *Microsoft Defender for Endpoint* will be available as the tunnel client app.  
   > - On August 1, 2022, the *Microsoft Tunnel (standalone client) (preview)* connection type will cease to connect to Microsoft Tunnel.  
   >

memdocs/intune/configuration/vpn-settings-ios.md

@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 05/12/2022
+ms.date: 07/05/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -87,13 +87,13 @@ Select the VPN connection type from the following list of vendors:
   Applies to the Microsoft Tunnel client app.
 
   > [!Important]
-  > **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel (preview)* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.  
+  > **Plan for change**. On April 29, 2022 both the *Microsoft Tunnel* connection type and *Microsoft Defender for Endpoint* as the tunnel client app became generally available. With this general availability, the use of the *Microsoft Tunnel (standalone client)(preview)* connection type and the standalone tunnel client app are deprecated and soon will drop from support.  
   > - On July 29, 2022, the  standalone tunnel client app will no longer be available for download. Only the generally available version of *Microsoft Defender for Endpoint* will be available as the tunnel client app.  
   > - On August 1, 2022, the *Microsoft Tunnel (standalone client) (preview)* connection type will cease to connect to Microsoft Tunnel.  
   >
   > To avoid a disruption in service for Microsoft Tunnel, plan to migrate your use of the deprecated tunnel client app and connection type to those that are now generally available.
 
-- **Microsoft Tunnel (preview)**
+- **Microsoft Tunnel**
 
   Applies to the Microsoft Defender for Endpoint app that includes Tunnel client functionality.
 
@@ -385,7 +385,7 @@ These settings apply when you choose **Connection type** > **IKEv2**.
 These settings apply to the following VPN connection types:
 
 - **Microsoft Tunnel (standalone client) (preview)**
-- **Microsoft Tunnel (preview)**
+- **Microsoft Tunnel**
 
 **Settings**:
 

memdocs/intune/fundamentals/scope-tags.md

@@ -53,6 +53,10 @@ The default scope tag feature is similar to the security scopes feature in Micro
 3. On the **Assignments** page, choose the groups containing the devices that you want to assign this scope tag. Choose **Next**.
 4. On the **Review + create** page, choose **Create**.
 
+    > [!IMPORTANT]
+    > Auto scope tags assignments will overwrite mannually assigned scope tags.
+    > You can assign multiple scope tags to a role.
+
 ## To assign a scope tag to a role
 
 1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Roles** > **All roles** > choose a role > **Assignments** > **Assign**.

memdocs/intune/fundamentals/whats-new.md

@@ -906,7 +906,7 @@ We've added two new Setup Assistant settings that you can use with Apple Automat
 
 Use of Microsoft Defender for Endpoint that supports [Microsoft Tunnel](../protect/microsoft-tunnel-overview.md) on iOS/iPadOS is now out of preview and is generally available. With general availability, a new version of the Defender for Endpoint app for iOS is available from the App store to download and deploy. If you’ve been using the preview version as your Tunnel client app for iOS, we recommend you upgrade to the latest Defender for Endpoint app for iOS soon to gain the benefits of the latest updates and fixes.
 
-For now, even with the general availability of Defender as the tunnel client app, the VPN profile connection type you'll use remains named **Microsoft Tunnel (preview)**.  The connection type will be renamed in a future update to **Microsoft Tunnel**.
+As of August 30, 2022, the connection type is named **Microsoft Tunnel**.
 
 With this release, by the end of June both the standalone Tunnel client app and the preview version of Defender for Endpoint as the Tunnel client app for iOS will be deprecated and be dropped from support. Soon after that deprecation, the standalone Tunnel client app will no longer function and will no longer support opening connections to Microsoft Tunnel.