Merge pull request #6501 from MicrosoftDocs/main

Taojunshen · web-flow · commit 2c0e5678c94f · 2022-01-11T02:33:26.000+08:00
1/10/2021 AM Publish
diff --git a/memdocs/autopilot/existing-devices.md b/memdocs/autopilot/existing-devices.md
@@ -34,7 +34,7 @@ This topic describes how to convert Windows 7 or Windows 8.1 domain-joined compu
 Converting all targeted devices to Autopilot isn't supported for transforming a hybrid Azure AD device into a Azure AD Autopilot device.
 
 > [!NOTE]
-> Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying profiles are not supported.
+> Windows Autopilot for existing devices only supports user-driven Azure Active Directory and Hybrid Azure AD profiles. Self-deploying and pre-provisioning profiles are not supported.
 
 ## Prerequisites
 
diff --git a/memdocs/autopilot/known-issues.md b/memdocs/autopilot/known-issues.md
@@ -28,6 +28,10 @@ This article describes known issues that can often be resolved by configuration
 
 ## Known issues
 
+### Duplicate device objects with hybrid Azure AD deployments 
+
+A device object is pre-created in Azure AD once a device is registered in Autopilot. If a device goes through a hybrid Azure AD deployment, by design, another device object is created resulting in duplicate entries. 
+
 ### TPM attestation failure on Windows 11 error code 0x81039024
 
 Some devices may fail TPM attestation on Windows 11 during the pre-provisioning technician flow or self-deployment mode with the error code 0x81039024. This error code indicates that there are known vulnerabilities detected with the TPM and as a result will fail attestation. If you receive this error, please visit your PC manufacturer’s website to update the TPM firmware.
diff --git a/memdocs/autopilot/windows-autopilot-hybrid.md b/memdocs/autopilot/windows-autopilot-hybrid.md
@@ -190,6 +190,7 @@ After your Autopilot devices are *enrolled*, they're displayed in four places:
 - The **All Devices** pane in the Intune in the Azure portal. Select **Devices** > **All Devices**.
 
 After your Autopilot devices are enrolled, their names become the hostname of the device. By default, the hostname begins with *DESKTOP-*.
+A device object is pre-created in Azure AD once a device is registered in Autopilot. When a device goes through a hybrid Azure AD deployment, by design, another device object is created resulting in duplicate entries. 
 
 ## Supported BYO VPNs 
 
diff --git a/memdocs/configmgr/core/plan-design/hierarchy/ports.md b/memdocs/configmgr/core/plan-design/hierarchy/ports.md
@@ -2,7 +2,7 @@
 title: Ports used for connections
 titleSuffix: Configuration Manager
 description: Learn about the required and customizable network ports that Configuration Manager uses for connections.
-ms.date: 12/01/2021
+ms.date: 12/21/2021
 ms.prod: configuration-manager
 ms.technology: configmgr-core
 ms.topic: reference
@@ -239,8 +239,8 @@ The Configuration Manager console uses internet access for the following actions
 
 - Downloading software updates from Microsoft Update for deployment packages.
 - The Feedback item in the ribbon.
-- Links to documentation within the console.
-<!--506823-->
+- Links to documentation within the console.  <!--506823-->
+- Downloading items from Community hub
 
 ### <a name="BKMK_PortsConsole-RSP"></a> Configuration Manager console `-->` Reporting services point
 
@@ -489,6 +489,7 @@ For more information, see [Ports and data flow](use-a-cloud-based-distribution-p
 |Description|UDP|TCP|
 |-----------------|---------|---------|
 |HTTP|--|80 <sup>[Note 1](#bkmk_note1)</sup>|
+|HTTPS|--|443|
 
 ### <a name="BKMK_PortsIssuingCA_SiteServer"></a> Site server `<-->` Issuing certification authority (CA)
 
diff --git a/memdocs/configmgr/core/servers/manage/admin-console-extensions.md b/memdocs/configmgr/core/servers/manage/admin-console-extensions.md
@@ -2,7 +2,7 @@
 title: Console extensions for Configuration Manager
 titleSuffix: Configuration Manager
 description: Learn about managing Configuration Manager console extensions
-ms.date: 12/01/2021
+ms.date: 12/21/2021
 ms.prod: configuration-manager
 ms.technology: configmgr-core
 ms.topic: conceptual
@@ -33,6 +33,9 @@ The old style of console extensions will start being phased out in favor of the
    > [!Important]
    > If this setting is used, your old style extensions that aren't approved through the **Console Extensions** node will no longer be able to be used. The setting, **Only allow console extensions that are approved for the hierarchy**, is `enabled` by default if you installed from the [2103 baseline image](updates.md#bkmk_Baselines). The setting remains `disabled` by default, if you upgraded from a version prior to 2103. If the setting was enabled in error, disabling the setting allows the old style extensions to be used again.
 
+## Prerequisites
+
+The Configuration Manager console needs to be able to connect to the [administration service](../../../develop/adminservice/set-up.md) and the administration service needs to be functional. <!--1104776-->
 
 [!INCLUDE [console extensions node](includes/console-extensions-node.md)]
 
diff --git a/memdocs/configmgr/develop/adminservice/overview.md b/memdocs/configmgr/develop/adminservice/overview.md
@@ -2,7 +2,7 @@
 title: What is the administration service
 titleSuffix: Configuration Manager
 description: Use the Configuration Manager administration service REST API to interact with the site over an HTTPS OData connection.
-ms.date: 12/07/2021
+ms.date: 12/21/2021
 ms.prod: configuration-manager
 ms.technology: configmgr-sdk
 ms.topic: overview
@@ -43,7 +43,9 @@ Configuration Manager natively uses the administration service for the following
 
 - Microsoft Endpoint Manager [tenant attach](../../tenant-attach/device-sync-actions.md)
 
-- [Community hub](../../core/servers/manage/community-hub.md) (version 2006 and later)
+- [Community hub](../../core/servers/manage/community-hub.md)
+
+- [Managing console extensions](../../core/servers/manage/admin-console-extensions.md)<!--1104776-->
 
 In addition, you can develop custom solutions with the administration service, for example:
 
diff --git a/memdocs/configmgr/tenant-attach/device-sync-actions.md b/memdocs/configmgr/tenant-attach/device-sync-actions.md
@@ -2,7 +2,7 @@
 title: Microsoft Endpoint Manager tenant attach
 titleSuffix: Configuration Manager
 description: Upload your Configuration Manager devices to the cloud service and take actions from the admin center.
-ms.date: 12/01/2021
+ms.date: 12/21/2021
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-core
@@ -38,6 +38,8 @@ Microsoft Endpoint Manager is an integrated solution for managing all of your de
 
 - At least one Intune license for you as the administrator to access the Microsoft Endpoint Manager admin center. <!--10254915-->
 
+- The [administration service](../develop/adminservice/overview.md) in Configuration Manager needs to be set up and functional. <!--1104776-->
+
 - The user accounts triggering device actions have the following prerequisites:
    - The user account needs to be a synced user object in Azure AD (hybrid identity). This means that the user is synced to Azure Active Directory from Active Directory.
      - For Configuration Manager version 2103, and later: </br>
diff --git a/memdocs/intune/protect/compliance-use-custom-settings.md b/memdocs/intune/protect/compliance-use-custom-settings.md
@@ -48,7 +48,11 @@ After you’ve deployed custom compliance settings and devices have reported bac
 
 ## Prerequisites
 
-- **Azure Active Directory (Azure AD) joined** – Devices that are not Azure AD joined are evaluated as not applicable.
+- **Azure Active Directory (Azure AD) joined** devices, *including* hybrid Azure AD-joined devices. 
+
+  Hybrid Azure AD-joined devices are devices that are joined to Azure AD and also joined to on-premises Active Directory. For more information, see [Plan your hybrid Azure AD join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan).
+  
+  Devices that are not Azure AD joined or hybrid Azure AD-joined are evaluated as not applicable.
 
 - **PowerShell discovery script** - This is a script that you create that runs on a device to discover the custom settings defined in your JSON file and returns the configuration value of those settings to Intune. You’ll upload your script to the Microsoft Endpoint Manager admin center before you create a compliance policy and then select the script you want to use when creating a policy.
 
@@ -133,4 +137,4 @@ Policies support the use of a single PowerShell script. However, each script sup
 
 - [Create a JSON for custom compliance](../protect/compliance-custom-json.md)
 - [Create a PowerShell script for discovery of custom compliance settings](../protect/compliance-custom-script.md)
-- [Create a compliance policy](../protect/create-compliance-policy.md)
+- [Create a compliance policy](../protect/create-compliance-policy.md)
diff --git a/memdocs/intune/remote-actions/device-inventory.md b/memdocs/intune/remote-actions/device-inventory.md
@@ -118,7 +118,7 @@ Depending on the carrier used by the devices, not all details might be collected
 
 > [!Note]  
 > For Windows 10 devices that are registered with [Windows Autopilot service](../../autopilot/add-devices.md), Enrolled date might display the time when devices were registered with Autopilot instead of the time when they were enrolled.
-> For Android Enterprise corporate-owned work profile and fully managed devices, reporting for Phone number is not supported.
+> For Android Enterprise corporate-owned work profile devices, reporting for phone number is not supported. For Android Enterprise fully managed and dedicated devices, reporting for phone number is supported; however, certain SIM cards will not write the data and therefore the phone number won't get reported in those cases.
 
 ## Next steps
 
