Merge pull request #6648 from MicrosoftDocs/main

Publish 01/28/2022, 10:30 AM

Author: v-dihans

memdocs/autopilot/autopilot-device-guidelines.md

@@ -36,6 +36,7 @@ The following best practices ensure that devices can easily be provisioned as pa
 - Before shipping devices to an Autopilot customer or channel partner, the OEM should upload 4K Hardware Hashes to Microsoft by using the CBR report. The hashes should be collected using the OA3 Tool RS3+ run in Audit mode on full OS.
 - Microsoft requires that OEM shipping drivers get published to Windows Update within 30 days of the CBR submission date. System firmware and driver updates are published to Windows Update within 14 days.
 - The OEM ensures that the PKID provisioned in the SMBIOS is passed on to the channel.
+- When using a VM for Autopilot testing, assign at least 2 processors and 4gb of memory. This will help to prevent application install issues in Windows 10 devices with the [May 11, 2021 cumulative update](https://support.microsoft.com/topic/may-11-2021-kb5003173-os-builds-19041-985-19042-985-and-19043-985-2824ace2-eabe-4c3c-8a49-06e249f52527) installed. *Note: The [minimum system requirements](/windows/whats-new/windows-11-requirements#virtual-machine-support) for Windows 11 are 2 processors and 4gb memory.
 
 ## Software best practice guidelines for Windows Autopilot
 
@@ -47,4 +48,4 @@ The following best practices ensure that devices can easily be provisioned as pa
 ## Next steps
 
 [Windows Autopilot customer consent](registration-auth.md)<br>
-[Motherboard replacement scenario guidance](autopilot-mbr.md)<br>
+[Motherboard replacement scenario guidance](autopilot-mbr.md)<br>

memdocs/configmgr/core/clients/manage/cmg/configure-clients.md

@@ -48,7 +48,7 @@ Get-WmiObject -Namespace Root\Ccm\LocationServices -Class SMS_ActiveMPCandidate
 This command displays any internet-based management points the client knows about. While the CMG isn't technically an internet-based management point, clients view it as one.
 
 > [!NOTE]
-> To troubleshoot CMG client traffic, use **CMGHttpHandler.log**, **CMGService.log**, and **SMS_Cloud_ProxyConnector.log**. For more information, see [Log files](../../../plan-design/hierarchy/log-files.md#cloud-management-gateway).
+> To troubleshoot CMG client traffic, use **CMGService.log** and **SMS_Cloud_ProxyConnector.log**. For more information, see [Log files](../../../plan-design/hierarchy/log-files.md#cloud-management-gateway).
 
 ## Install off-premises clients using a CMG
 

memdocs/configmgr/core/plan-design/hierarchy/includes/logs-cmg.md

@@ -4,7 +4,7 @@ ms.author: aaroncz
 ms.prod: configuration-manager
 ms.technology: configmgr-client
 ms.topic: include
-ms.date: 09/17/2020
+ms.date: 01/27/2022
 ms.localizationpriority: medium
 ---
 
@@ -20,7 +20,7 @@ The following table lists the log files that contain information related to the
 
 - For troubleshooting deployments, use **CloudMgr.log** and **CMGSetup.log**
 - For troubleshooting service health, use **CMGService.log** and **SMS_Cloud_ProxyConnector.log**.
-- For troubleshooting client traffic, use **CMGHttpHandler.log**, **CMGService.log**, and **SMS_Cloud_ProxyConnector.log**.
+- For troubleshooting client traffic, use **CMGService.log** and **SMS_Cloud_ProxyConnector.log**.
 
 #### <a name="bkmk_note1"></a> Note 1: Logs synchronized from Azure
 

memdocs/configmgr/tenant-attach/client-details.md

@@ -19,9 +19,6 @@ ms.localizationpriority: high
 
 Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune into a single console called **Microsoft Endpoint Manager admin center**. You can see ConfigMgr client details including collections, boundary group membership, and real-time client information for a specific device in the admin center.
 
-> [!Important]
-> The boundary groups tab functions only for stand alone sites. The tab will be empty in the admin center for anything other than a standalone primary site.
-
 ## Prerequisites
 
 - All of the prerequisites for [Microsoft Endpoint Manager tenant attach](device-sync-actions.md) and a tenant attached environment.

memdocs/intune/fundamentals/whats-new.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 01/07/2022
+ms.date: 01/28/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -60,9 +60,76 @@ You can use RSS to be notified when this page is updated. For more information,
 ### Scripts
 -->
 
-## Week of January 3, 2022 
+## Week of January 24, 2022 (Service release 2201)
 
-### Device management  
+### App management
+
+#### Deploy DMG-type applications to managed macOS devices<!-- 1171356 -->
+You can upload and deploy DMG-type applications to managed Macs from Microsoft Endpoint Manager using the **required** assignment type. DMG is the file extension for Apple disk image files. DMG-type apps are deployed using the [Microsoft Intune MDM agent for macOS](..\apps\lob-apps-macos-agent.md). You can add a DMG app from [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) by selecting **Apps** > **macOS** > **Add** > **macOS app (DMG)**.  For more information, see [Add a macOS DMG app to Microsoft Intune](../apps/lob-apps-macos-dmg.md).
+
+### Device management
+
+#### Choose either user or device scope when creating Windows VPN profiles<!-- 10685553 -->
+You can create a VPN profile for Windows devices that configures VPN settings (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **VPN** for profile).
+
+When you create a profile, use the **Use this VPN profile with a user/device scope** setting to apply the profile to the user scope or the device scope:
+- **User scope**: The VPN profile is installed within the user's account on the device.
+- **Device scope**: The VPN profile is installed in the device context and applies to all users on the device.
+
+Existing VPN profiles will apply to their existing scope, and aren't impacted by this change. All VPN profiles are installed in the user scope *except* for the profiles with device tunnel enabled, which requires device scope.
+
+For more information on VPN settings you can currently configure, see [Windows device settings to add VPN connections using Intune](../configuration/vpn-settings-windows-10.md).
+
+Applies to:
+- Windows 11
+- Windows 10
+
+#### Filters are Generally Available (GA)<!-- 12466893 -->
+You can use filters to include or exclude devices in workload assignments (like policies and apps) based on different device properties. Filters is now generally available (GA).
+
+For more information on filters, see [Use filters when assigning your apps, policies, and profiles](../fundamentals/filters.md).
+
+#### Automatic device clean-up rules support for Android Enterprise devices<!-- 9797532 -->
+Intune supports the creation of rules to automatically remove devices that appear to be inactive, stale, or unresponsive. You can now use these clean-up rules with Android Enterprise devices that previously did not support them. These rules are now supported for:
+- Android Enterprise Fully Managed
+- Android Enterprise Dedicated
+- Android Enterprise Corporate-Owned with Work Profile
+
+To learn more about clean-up rules, see [Automatically delete devices with cleanup rules](../remote-actions/devices-wipe.md#automatically-delete-devices-with-cleanup-rules).
+
+#### Use Collect diagnostics to collect additional details from Windows 365 devices through Intune remote actions<!-- 12636207 -->
+Intune’s remote action to [*Collect diagnostics*](../remote-actions/collect-diagnostics.md) now collects additional details from Windows 365 (Coud-PC) devices. The new details for Windows 365 devices include the following registry data: 
+- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\WebRTC Redirector 
+- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams\
+
+For information about remote actions supported for Windows 365 devices, see [Remotely manage Windows 365 devices](/windows-365/enterprise/remotely-manage-cloud-pc).
+
+#### Tenant attach features are Generally Available (GA)<!--12976713 -->
+The following [tenant attach](../../configmgr/tenant-attach/index.yml) features are now generally available:
+- Client details
+- Applications
+- Device timeline
+- Resource explorer
+- CMPivot
+- Scripts
+- BitLocker Recovery Keys
+- Collections
+
+### Device security
+
+#### New Account protection policy to configure users in local groups on devices in public preview<!--5663034 -->
+In public preview, you can use a new profile for Intune Account protection policies to manage the membership of the built-in local groups on Windows 10 and 11 devices. 
+
+Each Windows device comes with a set of built-in local groups. Each local group contains a set of users that have rights within that group. With the new Local user group membership (preview) profile for endpoint security Account protection policies, you can manage which users are members of those local groups.  
+
+To configure local group memberships, you select the built-in local account to modify and then choose the users to add, remove, or replace in the group with other users. Each device that receives the policy the updates the membership of those local groups. Modification of the group membership on each device is done by using the [Policy CSP - LocalUsersAndGroups](/windows/client-management/mdm/policy-csp-localusersandgroups?WT.mc_id=Portal-fx).
+
+To learn more, see [Manage local groups on Windows devices](../protect/endpoint-security-account-protection-policy.md#manage-local-groups-on-windows-devices). 
+
+## Week of January 3, 2022
+
+### Device management
+ 
 #### Preview filtered device list before deployment <!-- 7541587 -->
 Now as you create or edit a filter in Microsoft Intune, you can preview the list of filtered devices. The new view eliminates the need to apply test filters, because you can immediately preview the impact a filter has on devices and adjust filter rules to achieve your desired outcome. For more information about using filters in Microsoft Intune, see [Create a filter](../fundamentals/filters.md).  
 

windows-365/business-enterprise-comparison.md

@@ -44,7 +44,7 @@ Windows 365 is available in two editions: [Windows 365 Business](./business/inde
 | --- | --- | --- |
 | Purchase channels | Web direct, self-service, Cloud Solution Provider (CSP). | Web direct, Enterprise Agreements (EA), CSP. |
 | License assignment | Microsoft 365 Admin Center or the Azure AD portal. | Microsoft 365 Admin Center. |
-| Licensing requirements | No licensing pre-requirements to buy and deploy Windows 365 Business. Other features (like device management) can be used if users are licensed for Microsoft Endpoint Management.| Each user must be licensed for Windows 10 or 11 Enterprise (when available), Microsoft Endpoint Manager, and Azure AD P1. |
+| Licensing requirements | No licensing pre-requirements to buy and deploy Windows 365 Business. Other features (like device management) can be used if users are licensed for Microsoft Endpoint Management.| Each user must be licensed for Windows 10 or 11 Enterprise, Microsoft Endpoint Manager, and Azure AD P1. |
 | Networking costs | Outbound data/month is based on the RAM of the Cloud PC:<br>- 2 GB RAM = 12 GB outbound data<br>- 4 or 8 GB RAM = 20 GB outbound data<br>- 16 GB RAM = 40 GB outbound data<br>- 32 GB RAM = 70 GB outbound data<br>Data bandwidth may be restricted when these levels are exceeded. | Networking goes through the customer's Azure VNet and isn't included in the license. [Azure bandwidth pricing](https://azure.microsoft.com/pricing/details/bandwidth/) applies for these network usage costs.
 | Seat limits | Capped to 300 seats per tenant. [Commercial Licensing Terms](https://www.microsoft.com/licensing/terms/productoffering/Windows365/MOSA) | No seat cap per tenant. [Commercial Licensing Terms](https://www.microsoft.com/licensing/terms/productoffering/Windows365/MOSA) |