Merge pull request #6998 from MicrosoftDocs/main

Publish 03/10/2022, 10:30 AM

Author: v-dihans

memdocs/configmgr/compliance/deploy-use/create-configuration-baselines.md

@@ -2,7 +2,7 @@
 title: Create configuration baselines
 titleSuffix: Configuration Manager
 description: Create configuration baselines in Configuration Manager that you can deploy to a collection.
-ms.date: 01/10/2022
+ms.date: 03/10/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-compliance
 ms.topic: conceptual
@@ -81,10 +81,11 @@ You can add evaluation of custom configuration baselines as a compliance policy
 
 To include custom configuration baselines as part of compliance policy assessment, do the following:
 
-- Create and deploy a compliance policy to a user collection with a rule to [**Include configured baselines in compliance policy assessment**](#bkmk_CA).
-- Select [**Evaluate this baseline as part of compliance policy assessment**](#bkmk_eval-baseline) in a configuration baseline deployed to a device collection.
+- Create and deploy a compliance policy to a *user* collection with a rule to [**Include configured baselines in compliance policy assessment**](#bkmk_CA).
+- Select [**Evaluate this baseline as part of compliance policy assessment**](#bkmk_eval-baseline) in a configuration baseline deployed to a *device* collection.
 
 > [!IMPORTANT]
+> - The configuration baseline must be deployed to a *device* collection. Baselines deployed to *user* collections aren't honored when these settings are used. <!--13139787,13783318 --> 
 > - When targeting devices that are co-managed, ensure you meet the [co-management prerequisites](../../comanage/overview.md#prerequisites). Co-managed clients ignore service windows for remediation when their compliance policies workload is managed by Intune. <!--12439085, 12412748-->
 > - For devices managed by Configuration Manager, the client honors the service window for compliance policy remediation. To ignore the service window and remediate immediately, select **Check compliance** in the **Software Center**. <!--12439085, 12412748-->
 

memdocs/configmgr/compliance/deploy-use/create-custom-configuration-items-for-windows-desktop-and-server-computers-managed-with-the-client.md

@@ -2,7 +2,7 @@
 title: Create custom configuration items
 titleSuffix: Configuration Manager
 description: Manage settings for Windows computers and servers with a custom configuration item for Windows desktops and servers
-ms.date: 01/04/2021
+ms.date: 03/10/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-compliance
 ms.topic: conceptual
@@ -220,7 +220,9 @@ The value returned by the script is used to assess the compliance of the global
 
 - **Discovery script**: Select **Add Script**, and enter or browse to a script. This script is used to find the value. You can use Windows PowerShell, VBScript, or Microsoft JScript scripts.  
 
-- **Remediation script (optional)**: Select **Add Script**, and enter or browse to a script. This script is used to remediate non-compliant setting values. You can use Windows PowerShell, VBScript, or Microsoft JScript scripts.  
+- **Remediation script (optional)**: Select **Add Script**, and enter or browse to a script. This script is used to remediate non-compliant setting values. You can use Windows PowerShell, VBScript, or Microsoft JScript scripts.
+    > [!IMPORTANT]  
+    > - To properly report a remediation failure, scripts need to throw exceptions rather than a nonzero exit code. <!--8760430-->
 
 - **Run scripts by using the logged on user credentials**: If you enable this option, the script runs on client computers that use the credentials of the signed-in user.  
 
@@ -319,7 +321,9 @@ Compliance rules specify the conditions that define the compliance of a configur
     - **WQL query**  
 
     > [!IMPORTANT]  
-    > You can only remediate noncompliant rules when the rule operator is set to **Equals**.  
+    > - To properly report a remediation failure, scripts need to throw exceptions rather than a nonzero exit code. <!--8760430-->
+    > - You can only remediate noncompliant rules when the rule operator is set to **Equals**. 
+
 
 - **Report noncompliance if this setting instance is not found**: If this setting isn't found on client computers, enable this option for the configuration item to report noncompliance.  
 

memdocs/intune/configuration/device-restrictions-android-for-work.md

@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 01/19/2022
+ms.date: 03/10/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -617,7 +617,7 @@ These settings apply to Android Enterprise personally owned devices with a work
 - **Add and remove accounts**: **Block** prevents users from manually adding or removing accounts in the work profile. For example, when you deploy the Gmail app into the work profile, you can prevent users from adding or removing accounts in this work profile. When set to **Not configured** (default), Intune doesn't change or update this setting. By default, the OS might allow adding accounts in the work profile.  
 
   > [!NOTE]
-  > Google accounts can't be added to personally owned devices with a work profile.
+  > On personally owned devices with a work profile (BYOD) and corporate owned devices with work profile (COPE), Google accounts can't be added to the **Settings** app > **Accounts** > **Work**.
 
 - **Contact sharing via Bluetooth**: **Enable** allows sharing and access to personally owned devices with a work profile contacts from another device, including a car, that's paired using Bluetooth. Enabling this setting may allow certain Bluetooth devices to cache work contacts upon first connection. Disabling this policy after an initial pairing/sync may not remove work contacts from a Bluetooth device.
 

memdocs/intune/protect/certificate-connector-overview.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 02/28/2022
+ms.date: 03/10/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -226,6 +226,12 @@ New updates for the connector can take a week or more to become available for ea
 > On [DATE], certificate connectors earlier than version [version] will no longer allow you to issue certificates to users and devices.
 -->
 
+### March 10, 2022
+
+Version **6.2202.38.0**. This update includes:
+
+- Changes to support TLS 1.2 for auto-update
+
 ### February 18, 2022
 
 Version **6.2201.7.0**. This update includes:

windows-365/enterprise/in-development.md

@@ -70,15 +70,15 @@ The upcoming Remote Help remote action (in the Microsoft Endpoint Manager admin
 
 ### Upload a custom image without an on-premises network connection<!--8341750-->
 
-Customers using Azure Active Directory (Azure AD) Join without additional Azure infrastructure will be able to upload custom images directly on the image tab in Microsoft Endpoint Manager. Previously, to upload an image, customers needed to create an OPNC for the destination Azure subscriptions.
+Customers using Azure Active Directory (Azure AD) Join without bringing an Azure virtual network will be able to upload custom images directly on the image tab in Microsoft Endpoint Manager. Previously, to upload an image, customers needed to create an OPNC for the destination Azure subscription which provides the image.
 
 ### windows365.microsoft.com will move to general availability<!--38195529-->
 
 The windows365.microsoft.com web client will be moving out of preview and into general availability.
 
 ### Nested virtualization<!--37800910-->
 
-In a future release, Windows 365 8vCPU/32GB licenses will support nested virtualizations for most currently supported regions. Southeast Asia and West US 2 will follow at a later date.
+In a future release, for most currently supported regions, Windows 365 8vCPU/32GB licenses will support nested virtualizations for different developer scenarios to use systems like WSL/Hyper-V. Southeast Asia and West US 2 will follow at a later date.
 
 ### Operating system end of support status for Cloud PCs<!--36852572 -->