Merge pull request #6526 from MicrosoftDocs/main

1/12/2021 AM Publish

Author: Taojunshen

memdocs/configmgr/apps/deploy-use/share-applications.md

@@ -2,7 +2,7 @@
 title: Share applications in the Software Center
 titleSuffix: Configuration Manager
 description: Share a link to an application in the Software Center in Configuration Manager.
-ms.date: 07/31/2017
+ms.date: 01/11/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-app
 ms.topic: conceptual
@@ -19,11 +19,9 @@ ms.localizationpriority: medium
 You can copy a hyperlink to an application in Software Center using the  ![Share](media/share15.png)  **Share** button in the Application Details view. You can only share hyperlinks for applications. If the application becomes unavailable, the hyperlink opens a window with an application unavailable message.
 
 1. Choose **Applications**, and then choose the application.
-2. Click the ![Share](media/share15.png) **Share** button.
-3. Click **Copy** in the window.
-4. Paste the URL into an email to share the application.  
+2. Select the ![Share](media/share15.png) **Share** button.
+3. Select **Copy** in the window.
+4. Paste the URL into an email to share the application.
 
-> [!TIP]  
->  To create a link in an Outlook email, press **CTRL** + **K** and then paste the URL.  
->  
-> By default, Outlook shows a security alert for the Software Center protocol when the recipient clicks the link. Prevent this in your environment by adding a trusted protocol key to the registry. For example, `HKCU\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\softwarecenter:`  
+> [!TIP]
+> To create a link in an Outlook email, press **CTRL** + **K** and then paste the URL.

memdocs/configmgr/core/misc/doc-test.md

@@ -16,8 +16,7 @@ manager: dougeby
 
 # Doc team test
 
-This article is for testing purposes only. This is for the team only. 
-
+This article is for testing purposes only. This is for the team only. Editing done by IDC Team testing only 1/12/2022
 
 ## Basic Markdown and GFM
 

memdocs/configmgr/core/servers/deploy/configure/configure-role-based-administration.md

@@ -299,7 +299,7 @@ Manage roles and scopes on users:
 - [Add-CMSecurityRoleToAdministrativeUser](/powershell/module/configurationmanager/Add-CMSecurityRoleToAdministrativeUser): Add a security role to a user or group.
 - [Remove-CMSecurityRoleFromAdministrativeUser](/powershell/module/configurationmanager/Remove-CMSecurityRoleFromAdministrativeUser): Remove the association between a security role and an administrative user.
 - [Add-CMSecurityScopeToAdministrativeUser](/powershell/module/configurationmanager/Add-CMSecurityScopeToAdministrativeUser): Add a security scope to a user or group.
-- [Remove-CMSecurityScopeFromAdministrativeUser](/powershell/module/configurationmanager/Remove-CMSecurityScopeToAdministrativeUser): Remove the association between a security scope and an administrative user.
+- [Remove-CMSecurityScopeFromAdministrativeUser](/powershell/module/configurationmanager/remove-cmsecurityscopefromadministrativeuser): Remove the association between a security scope and an administrative user.
 
 Manage security roles:
 

memdocs/intune/fundamentals/deployment-guide-platform-android.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 10/19/2021
+ms.date: 01/12/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -130,6 +130,13 @@ When you enable this action:
 
   - When multiple compliance policies include the same compliance conditions, and include the push notification action with the same schedule, Intune sends multiple notifications to the same device on the same day.
 
+> [!NOTE]
+> The following actions for noncompliance are not supported for devices that are managed by a [device compliance management partner](../protect/device-compliance-partners.md):  
+> - Send push notification to end user
+> - Remotely lock the noncompliant device
+> - Retire the noncompliant device
+> - Send push notification to end user
+
 ## Before you begin
 
 You can [add actions for noncompliance](#add-actions-for-noncompliance) when you configure device compliance policy, or later by editing the policy. You can add additional actions to each policy to meet your needs. Keep in mind that each compliance policy automatically includes the default action for noncompliance that marks devices as noncompliant,  with a schedule set to zero days.

memdocs/intune/protect/actions-for-noncompliance.md

@@ -43,6 +43,9 @@ Devices must have access to the following endpoints:
 - `login.microsoftonline.com` - For Azure AD registration.
 - `*.dm.microsoft.com` - The use of a wildcard supports the cloud-service endpoints that are used for enrollment, check-in, and reporting, and which can change as the service scales.
 
+> [!Note]
+> If your organization users Secure Socket Layer (SSL) inspection, the endpoints should be excluded from inspection.
+
 ### Supported platforms
 
 Policies for Microsoft Defender for Endpoint security management are supported for the following device platforms:

memdocs/intune/protect/includes/security-config-mgt-prerequisites.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 11/22/2021
+ms.date: 01/12/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -28,10 +28,7 @@ ms.reviewer: mattcall
 
 ---
 
-# Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager
-
->[!Note]
-> ***This feature is in public preview*** *and will roll out to tenants gradually over the next few weeks. You can confirm your tenant has received this capability when the relevant toggles show in both the Microsoft Endpoint Manager admin center and Microsoft Defender for Endpoint.*
+# Manage Microsoft Defender for Endpoint on devices with Microsoft Endpoint Manager (Preview)
 
 With Microsoft Defender for Endpoint (MDE), you can now deploy security configurations from Microsoft Endpoint Manager directly to your onboarded devices without requiring a full Microsoft Endpoint Manager device enrollment. This capability is known as *Security Management for Microsoft Defender for Endpoint*. With this capability, devices that aren’t managed by a Microsoft Endpoint Manager service can receive security configurations for Microsoft Defender directly from Endpoint Manager.
 

memdocs/intune/protect/mde-security-integration.md

@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 12/16/2021
+ms.date: 01/12/2022
 ms.topic: quickstart
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -33,6 +33,9 @@ ms.collection: M365-identity-device-management
 
 In this quickstart, you'll use Microsoft Intune to send an email notification to the members of your workforce that have noncompliant devices.
 
+> [!NOTE]
+> The remote action to send an email notification is not supported on devices that are managed by a [device compliance partner](../protect/device-compliance-partners.md).
+
 By default, when Intune detects a device that isn't compliant, Intune immediately marks the device as noncompliant. Azure Active Directory (Azure AD) [Conditional Access](/azure/active-directory/active-directory-conditional-access-azure-portal) then blocks the device. When a device isn't compliant, Intune allows you to add actions for noncompliance, which gives you flexibility to decide what to do. For example, you can give users a grace period to be compliant before blocking noncompliant devices.
 
 One action to take when a device doesn't meet compliance is to send email to the devices user. You can also customize an email notification before sending it. Specifically, you can customize the recipients, subject, and message body, including company logo, and contact information. Intune also includes details about the noncompliant device in the email notification.
@@ -43,6 +46,7 @@ If you don't have an Intune subscription, [sign up for a free trial account](../
 
 When using device compliance policies to block devices from corporate resources, Azure AD Conditional Access must be set up. If you've completed the [Create a device compliance policy](quickstart-set-password-length-android.md) quickstart, you're using Azure Active Directory. For more information about Azure AD, see [Conditional Access in Azure Active Directory](/azure/active-directory/active-directory-conditional-access-azure-portal) and [common ways to use Conditional Access with Intune](../protect/conditional-access-intune-common-ways-use.md).
 
+
 ## Sign in to Intune
 
 Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) as a [Global administrator](../fundamentals/users-add.md#types-of-administrators) or an Intune [Service administrator](../fundamentals/users-add.md#types-of-administrators). If you've created an Intune Trial subscription, the account you created the subscription with is the Global administrator.

memdocs/intune/protect/quickstart-send-notification.md

@@ -113,7 +113,7 @@ items:
         href: advanced-threat-protection-manage-android.md
       - name: Monitor Defender for Endpoint
         href: advanced-threat-protection-monitor.md
-      - name: MDE Security Configuration Management
+      - name: MDE Security Configuration Management (Preview)
         href: mde-security-integration.md
     - name: Firewall rule migration
       href: endpoint-security-firewall-rule-tool.md