MicrosoftDocs
diff --git a/‎memdocs/configmgr/apps/deploy-use/create-app-groups.md‎
Lines changed: 3 additions & 3 deletions b/‎memdocs/configmgr/apps/deploy-use/create-app-groups.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎memdocs/configmgr/core/clients/manage/cmg/manually-register-azure-ad-apps.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/configmgr/core/clients/manage/cmg/manually-register-azure-ad-apps.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎memdocs/configmgr/core/get-started/2019/includes/1906/4575930.md‎
Lines changed: 4 additions & 2 deletions b/‎memdocs/configmgr/core/get-started/2019/includes/1906/4575930.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎memdocs/configmgr/core/get-started/2020/includes/2009/4575930.md‎
Lines changed: 4 additions & 1 deletion b/‎memdocs/configmgr/core/get-started/2020/includes/2009/4575930.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎memdocs/configmgr/core/plan-design/changes/whats-new-in-version-2107.md‎
Lines changed: 1 addition & 1 deletion b/‎memdocs/configmgr/core/plan-design/changes/whats-new-in-version-2107.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎memdocs/configmgr/core/plan-design/security/certificates-overview.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/configmgr/core/plan-design/security/certificates-overview.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎memdocs/intune/protect/certificate-connector-overview.md‎
Lines changed: 3 additions & 1 deletion b/‎memdocs/intune/protect/certificate-connector-overview.md‎
Lines changed: 3 additions & 1 deletion
@@ -2,7 +2,7 @@
 title: Create application groups
 titleSuffix: Configuration Manager
 description: Create a group of applications that you can send to a user or device collection as a single deployment in Configuration Manager.
-ms.date: 12/01/2021
+ms.date: 03/11/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-app
 ms.topic: how-to
@@ -78,8 +78,8 @@ Starting in version 2111, you can use the following [app approval](app-approval.
 - The following deployment options may not work: alerts, phased deployment, repair.
 - You can't use application groups with the **Install Application** task sequence step.
 - You can't export or import app groups.
-- Don't include in the group any apps that require restart, or the group deployment may fail.
-- In 2107 and earlier, if you delete an app that's a part of an app group, you'll see the following warning when you next view the properties of the app group: "Unable to load information about all applications in the group." Make a small change to the app group and save it. For example, add a space to the **Administrator comments**. When you save the change, it removes the deleted app from the group.<!-- 7099542 --> Starting in version 2111, you can't delete an app that's part of an app group.
+- In version 2103 and earlier, don't include in the group any apps that require restart, or the group deployment may fail.
+- In version 2107 and earlier, if you delete an app that's a part of an app group, you'll see the following warning when you next view the properties of the app group: "Unable to load information about all applications in the group." Make a small change to the app group and save it. For example, add a space to the **Administrator comments**. When you save the change, it removes the deleted app from the group.<!-- 7099542 --> Starting in version 2111, you can't delete an app that's part of an app group.
 - In most scenarios, user categories on the app group don't display as filters in Software Center. If the app group is deployed as available to a user collection, the categories display.<!-- 12425254 -->
 
 ## PowerShell
 
@@ -2,7 +2,7 @@
 title: Manually register Azure AD apps
 titleSuffix: Configuration Manager
 description: Manually create the required apps in Azure Active Directory (Azure AD) to integrate the Configuration Manager site to support the cloud management gateway (CMG).
-ms.date: 08/24/2021
+ms.date: 03/11/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-client
 ms.topic: how-to
@@ -147,7 +147,7 @@ The web (server) app for CMG is now registered in Azure AD.
 
     1. Under Advanced settings, set **Allow public client flows** to **Yes**. Select **Save**.
 
-1. If you're going to use Azure AD User Discovery in Configuration Manager, you need to adjust the permissions on this app. In the menu of the app properties, select **API permissions**. By default it should have the **User.Read** delegated permission for the **Microsoft Graph** API.
+1. Adjust the permissions on this app. In the menu of the app properties, select **API permissions**. By default it should have the **User.Read** delegated permission for the **Microsoft Graph** API.
 
     1. On the API permissions pane, select **Add a permission**.
 
 
@@ -5,12 +5,14 @@ ms.prod: configuration-manager
 ms.technology: configmgr-core
 ms.topic: include
 ms.date: 06/12/2019
-
-
 ---
 
 ## Remote control anywhere using Cloud Management Gateway
 <!--4575930-->
+
+> [!IMPORTANT]
+> This feature was removed in Configuration Manager technical preview branch version 2112. For more information, see [A new remote assistance tool](../../../2021/technical-preview-2112.md#bkmk_cmgrc).
+
 An admin or helpdesk operator can now connect to a client via remote control over the Internet via cloud management gateway.
 
 ### Prerequisites
 
@@ -11,7 +11,7 @@ ms.date: 09/14/2010
 
 <!--4575930-->
 
-This release continues to improve the functionality of remote control as first introduced in [technical preview version 1906](../../../2019/technical-preview-1906.md#remote-control-anywhere-using-cloud-management-gateway). You can now connect to any Configuration Manager client with an online status.
+This release continues to improve the functionality of remote control as first introduced in technical preview version 1906. You can now connect to any Configuration Manager client with an online status.
 
 The following prerequisites now apply:
 
@@ -31,6 +31,9 @@ The following prerequisites now apply:
 
   - If the client is internet-based, use a [cloud management gateway (CMG)](../../../../clients/manage/cmg/overview.md).
 
+    > [!IMPORTANT]
+    > This feature was removed in Configuration Manager technical preview branch version 2112. For more information, see [A new remote assistance tool](../../../2021/technical-preview-2112.md#bkmk_cmgrc).
+
   > [!NOTE]
   > Remote control now supports all available client authentication methods. For example, internet-based clients might authenticate using one of the following methods:
   >
 
@@ -229,7 +229,7 @@ For more information, see [Cryptographic controls technical reference](../securi
 
 <!--9217033-->
 
-Configuration Manager uses self-signed certificates for client identity and to help protect communication between the client and site systems. When you update the site and clients to version 2107, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM). The certificate is also marked non-exportable.
+Configuration Manager uses self-signed certificates for client identity and to help protect communication between the client and site systems. When you update the site and clients to version 2107, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM) at least version 2.0. The certificate is also marked non-exportable.
 
 If the client also has a PKI-based certificate, it continues to use that certificate for TLS HTTPS communication. It uses its self-signed certificate for signing messages with the site.
 
 
@@ -77,7 +77,7 @@ For more information on how to install clients with a copy of the site server si
 
 <!--9217033-->
 
-Configuration Manager uses self-signed certificates for client identity and to help protect communication between the client and site systems. When you update the site and clients to version 2107 or later, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM). The certificate is also marked non-exportable.
+Configuration Manager uses self-signed certificates for client identity and to help protect communication between the client and site systems. When you update the site and clients to version 2107 or later, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM) at least version 2.0. The certificate is also marked non-exportable.
 
 If the client also has a PKI-based certificate, it continues to use that certificate for TLS HTTPS communication. It uses its self-signed certificate for signing messages with the site. For more information, see [PKI certificate requirements](../network/pki-certificate-requirements.md).
 
@@ -86,7 +86,7 @@ If the client also has a PKI-based certificate, it continues to use that certifi
 
 When you update to version 2107 or later, clients with PKI certificates will recreate self-signed certificates, but don't reregister with the site. Clients without a PKI certificate will reregister with the site, which can cause extra processing at the site. Make sure that your process to update clients allows for randomization. If you simultaneously update lots of clients, it may cause a backlog on the site server.
 
-Configuration Manager doesn't use TPMs that are known vulnerable. If a device has a vulnerable TPM, the client falls back to using a software-based KSP. The certificate is still not exportable.
+Configuration Manager doesn't use TPMs that are known vulnerable. For example, the TPM version is earlier than 2.0. If a device has a vulnerable TPM, the client falls back to using a software-based KSP. The certificate is still not exportable.
 
 OS deployment media doesn't use hardware-bound certificates, it continues to use self-signed certificates from the site. You create the media on a device that has the console, but then it can run on any client.
 
 
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 03/10/2022
+ms.date: 03/14/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -160,6 +160,7 @@ All events are tagged with a Task Category to aid in filtering.  Task categories
   - *PkcsRequestSuccess* - Successfully fulfilled and uploaded a PKCS Request to Intune.
   - *PkcsRequestFailure* - Failed to fulfill or upload a PKCS Request to Intune.
 - **Operational**
+  - *PkcsDigiCertRequest* - Successfully downloaded PKCS request for DigiCert CA from Intune
   - *PkcsDownloadSuccess* - Successfully downloaded PKCS requests from Intune
   - *PkcsDownloadFailure* - A failure occurred when downloading PKCS requests from Intune
   - *PkcsDownloadedRequest* - Details of a single downloaded request from Intune
@@ -189,6 +190,7 @@ All events are tagged with a Task Category to aid in filtering.  Task categories
   - *RevokeRequestSuccess* - Successfully downloaded Revocation requests from Intune
   - *RevokeRequestFailure* - A failure occurred when downloading Revocation requests from Intune
 - **Operational**
+  - *RevokeDigicertRequest* - Received revoke request from Intune and forwarding request to Digicert for fulfillment of request.
   - *RevokeDownloadSuccess* - Successfully downloaded Revocation requests from Intune
   - *RevokeDownloadFailure* - A failure occurred when downloading Revocation requests from Intune
   - *RevokeDownloadedRequest* - Details of a single downloaded request from Intune