Merge branch 'main' into patch-3

Author: Smritib17

.openpublishing.redirection.json

@@ -1,5 +1,35 @@
 {
     "redirections": [
+        {
+            "source_path": "memdocs/intune/configuration/vpn-settings-windows-phone-8-1.md",
+            "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "memdocs/intune/configuration/email-settings-windows-phone-8-1.md",
+            "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "memdocs/intune/configuration/device-restrictions-windows-phone-8-1.md",
+            "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "memdocs/intune/configuration/custom-settings-windows-phone-8-1.md",
+            "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "memdocs/intune/apps/store-apps-windows-phone-8-1.md",
+            "redirect_url": "/mem/intune/apps/apps-add",
+            "redirect_document_id": false
+        },
+        {
+            "source_path": "memdocs/intune/apps/lob-apps-windows-phone.md",
+            "redirect_url": "/mem/intune/apps/apps-add",
+            "redirect_document_id": false
+        },      
         {
             "source_path": "memdocs/intune/user-help/set-or-change-your-password-windows.md",
             "redirect_url": "https://support.microsoft.com/windows/windows-sign-in-options-and-account-protection-7b34d4cf-794f-f6bd-ddcc-e73cdf1a6fbf",

memdocs/analytics/enroll-configmgr.md

@@ -2,7 +2,7 @@
 title: Quickstart - Enroll Configuration Manager devices
 titleSuffix: Microsoft Endpoint Manager
 description: In this quickstart, you enroll Configuration Manager devices into Endpoint analytics.
-ms.date: 11/15/2021
+ms.date: 05/03/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-analytics
 ms.topic: quickstart
@@ -33,7 +33,7 @@ Before you start this tutorial, make sure you have the following prerequisites:
 
 ### Licensing Prerequisites
 
-Devices enrolled in Endpoint analytics need a valid license for the use of Microsoft Endpoint Manager. For more information, see [Microsoft Intune licensing](../intune/fundamentals/licenses.md) or [Microsoft Endpoint Configuration Manager licensing](../configmgr/core/understand/learn-more-editions.md).
+Devices enrolled in Endpoint analytics need a valid license for the use of Microsoft Endpoint Manager. For more information, see [Microsoft Intune licensing](../intune/fundamentals/licenses.md) or [Microsoft Endpoint Configuration Manager licensing](../configmgr/core/understand/learn-more-editions.md). Proactive remediations has an additional licensing requirement, for more information see, the [Endpoint analytics licensing requirements overview](overview.md#licensing-prerequisites).
 
 ## Endpoint analytics permissions
 

memdocs/analytics/enroll-intune.md

@@ -2,7 +2,7 @@
 title: Quickstart - Enroll Intune devices
 titleSuffix: Microsoft Endpoint Manager
 description: In this quickstart, you enroll Intune devices into Endpoint analytics.
-ms.date: 10/05/2021
+ms.date: 05/03/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-analytics
 ms.topic: quickstart
@@ -43,7 +43,7 @@ To enroll devices to Endpoint analytics, they need to send required functional d
 
 ### Licensing Prerequisites
 
-Devices enrolled in Endpoint analytics need a valid license for the use of Microsoft Endpoint Manager. For more information, see [Microsoft Intune licensing](../intune/fundamentals/licenses.md) or [Microsoft Endpoint Configuration Manager licensing](../configmgr/core/understand/learn-more-editions.md).
+Devices enrolled in Endpoint analytics need a valid license for the use of Microsoft Endpoint Manager. For more information, see [Microsoft Intune licensing](../intune/fundamentals/licenses.md) or [Microsoft Endpoint Configuration Manager licensing](../configmgr/core/understand/learn-more-editions.md). Proactive remediations has an additional licensing requirement, for more information see, the [Endpoint analytics licensing requirements overview](overview.md#licensing-prerequisites).
 
 ### Endpoint analytics permissions
 

memdocs/analytics/proactive-remediations.md

@@ -62,11 +62,14 @@ Proactive remediations requires the [licensing for Endpoint analytics](enroll-in
 - You can have up to 200 script packages.
    - A script package can contain a detection script only or both a detection script and a remediation script.
 - Ensure the scripts are encoded in UTF-8.
+  - If the option **Enforce script signature check** is enabled in the [Settings](#bkmk_prs_deploy) page of creating a script package, then make sure that the scripts are encoded in UTF-8 not UTF-8 BOM.
 - The maximum allowed output size limit is 2048 characters.
 - If the option **Enforce script signature check** is enabled in the [Settings](#bkmk_prs_deploy) page of creating a script package, the script runs using the device's PowerShell execution policy. The default execution policy for Windows client computers is **Restricted**. The default execution for Windows Server devices is **RemoteSigned**. For more information, see [PowerShell execution policies](/powershell/module/microsoft.powershell.core/about/about_execution_policies#powershell-execution-policies).
    - Scripts built into Proactive remediations are signed and the certificate is added to the **Trusted Publishers** certificate store of the device.
    - When using third-party scripts that are signed, make sure the certificate is in the **Trusted Publishers** certificate store. As with any certificate, the certificate authority must be trusted by the device.
   - Scripts without **Enforce script signature check** use the **Bypass** execution policy.
+- Don't put secrets in scripts. Consider using parameters to handle secrets instead. <!--13957089-->
+- Don't put reboot commands in detection or remediations scripts. <!--13957089-->
 
 ## <a name="bkmk_prs_deploy"></a> Deploy built-in script packages
 

memdocs/configmgr/core/TOC.yml

@@ -285,14 +285,14 @@ items:
     items:
     - name: Technical Preview overview
       href: get-started/technical-preview.md
+    - name: 2204 features
+      href: get-started/2022/technical-preview-2204.md       
     - name: 2203 features
       href: get-started/2022/technical-preview-2203.md 
     - name: 2202 features
       href: get-started/2022/technical-preview-2202.md 
     - name: 2201 features
-      href: get-started/2022/technical-preview-2201.md       
-    - name: 2112 features
-      href: get-started/2021/technical-preview-2112.md      
+      href: get-started/2022/technical-preview-2201.md   
   - name: Migrate data between hierarchies
     items:
     - name: Migration overview

memdocs/configmgr/core/get-started/2019/includes/1909/3556022.md

@@ -92,7 +92,7 @@ The tool doesn't currently have any tasks to migrate the database from on-premis
 
 - [Backup and restore the database](../../../../servers/manage/backup-and-recovery.md)
 - [Configure a SQL Server Always On availability group and allow the data to replicate](../../../../servers/deploy/configure/sql-server-alwayson-for-a-highly-available-site-database.md#changes-for-site-backup)
-- [Migrate a SQL Server database to an Azure SQL Server VM](/azure/virtual-machines/windows/sql/virtual-machines-windows-migrate-sql)
+- [Migrate a SQL Server database to an Azure SQL Server VM](/azure/azure-sql/virtual-machines/windows/migrate-to-vm-from-sql-server)
 
 #### Site system roles
 

memdocs/configmgr/core/get-started/2022/includes/2204/12952905.md

@@ -0,0 +1,25 @@
+---
+title: [Administrative Management option added in Azure Service]
+titleSuffix: Configuration Manager
+description: Configure Administrative Management to enhance security of the Administrative Service Azure AD endpoints.
+ms.date: 04/29/2022
+ms.prod: configuration-manager
+author: banreet
+ms.author: banreetkaur
+ms.manager: apoorvseth
+ms.topic : include
+---
+## <a name="bkmk_administration"></a> Administration Service Management option
+<!--12952905-->
+When configuring Azure Services, a new option called **Administration Service Management** is now added for enhanced security. Selecting this option allows administrators to segment their admin privileges between [cloud management gateway (CMG)](../../../../clients/manage/cmg/overview.md) and [administration service](../../../../../../configmgr/develop/adminservice/overview.md). By enabling this option, access is restricted to only administration service endpoints. Configuration Management clients will authenticate to the site using Azure Active Directory.
+
+> [!NOTE]
+> Currently, the administration service management option can’t be used with CMG.
+
+:::image type="content" source="../../media/12952905-administration-service-management-azure-services.png" alt-text="Screenshot of administration service management option in the Azure Service Wizard.":::
+
+### Try it out!
+
+Try to complete the tasks. Then send [Feedback](../../../../understand/product-feedback.md) with your thoughts on the feature.
+
+Generate an Azure Active Directory (Azure AD) token and call the administration service by using a PowerShell script. The sample script and details can be found in the [Microsoft/configmgr-hub GitHub repository](https://aka.ms/cmadminservicetokensample).

memdocs/configmgr/core/get-started/2022/includes/2204/13507410.md

@@ -0,0 +1,28 @@
+---
+author: Baladelli
+ms.author: Baladell
+ms.prod: configuration-manager
+ms.technology: configmgr-core
+ms.topic: include
+ms.date: 04/29/2022
+ms.localizationpriority: medium
+---
+
+## <a name="bkmk_folder"></a> Folders for automatic deployment rules (ADRs)
+<!--13507410-->
+
+Admins can now organize ADRs by using folders. This change allows for better categorization and management of ADRs. Folder management for ADRs is also supported with PowerShell cmdlets.
+
+:::image type="content" source="../../media/13507410-sum-adrdeployment.png" alt-text="Screenshot of right-click menu displaying folder options for the automatic deployment rules node." lightbox="../../media/13507410-sum-adrdeployment.png":::
+
+### Try it out!
+
+Try to complete the tasks. Then send [Feedback](../../../../understand/product-feedback.md) with your thoughts on the feature.
+
+1. Open the Configuration Manager console, go to the **Software Library** workspace, and then go to **Automatic Deployment Rules**.
+2. From the ribbon or right-click menu, and in the **Automatic Deployment Rules** select from the following options:
+   - **Create Folder**
+   - **Delete Folder**
+   - **Rename Folder**
+   - **Move Folders**
+   - **Set Security Scopes**