Merge pull request #6551 from MicrosoftDocs/main

1/14/2021 PM Publish

Author: Taojunshen

memdocs/configmgr/protect/deploy-use/endpoint-protection-site-role.md

@@ -31,7 +31,9 @@ The endpoint protection point requires the following Windows Server features:
 
 - .NET Framework 3.5
 
-- Windows Defender features (Windows Server 2016 or later)<!-- SCCMDocs#2120 -->
+- Windows Defender feature (Windows Server 2016)<!-- SCCMDocs#2120 -->
+- Windows Defender Antivirus feature (Windows Server 2019)
+- Microsoft Defender Antivirus feature (Windows Server 2022 or later)
 
 For more information, see [Site and site system prerequisites](../../core/plan-design/configs/site-and-site-system-prerequisites.md).
 

memdocs/configmgr/sum/deploy-use/office-365-dashboard.md

@@ -214,6 +214,9 @@ After verifying you have the [prerequisites](#prerequisites), use the following
 
 Generate a pilot recommendation from a limiting collection at the click of a button. As soon as the action is launched, a background task starts calculating your pilot collection. Your limiting collection must contain at least one device with an Office version that isn't Office 365 Apps.
 
+> [!NOTE]
+> The **All Desktop and Server Clients (Office Pilot)** collection is managed by Configuration Manager. Manual changes aren't supported. If you delete or edit this collection, the pilot deployment won't work. <!--12610779-->
+
 ### Recommended pilot devices
 
 **Recommended pilot devices** are a minimal set of devices representing all installed add-ins across the limiting collection you used when generating the pilot. Drill down to get a list of these devices. Then use the details to exclude any devices from the pilot if needed. If all of your add-ins are already on Microsoft 365 Apps devices, then devices with those add-ins won't be included in the calculation. This also means it's possible that you won't get any results in your pilot collection since all of your add-ins have been seen on devices where Microsoft 365 Apps is installed.

memdocs/configmgr/sum/get-started/software-update-point-ssl.md

@@ -5,7 +5,7 @@ description: Tutorial - Configure Windows Server Update Services (WSUS) servers
 author: mestew
 ms.author: mstewart
 manager: dougeby
-ms.date: 04/05/2021
+ms.date: 01/14/2022
 ms.topic: tutorial
 ms.prod: configuration-manager
 ms.technology: configmgr-sum
@@ -289,11 +289,13 @@ Starting in Configuration Manager 2103, you can further increase the security of
 - Configuration Manager version 2103
 - Ensure your WSUS servers and software update points are configured to use TLS/SSL
 - Add the certificates for your WSUS servers to the new `WindowsServerUpdateServices` certificate store on your clients
+   - When using certificate pinning with a cloud management gateway (CMG), the `WindowsServerUpdateServices` store needs the CMG certificate. If clients switch from internet to VPN both the CMG and WSUS server certificates are needed in the `WindowsServerUpdateServices` store. <!--12590425-->
 
 > [!Note]
 > Software update scans for devices will continue to run successfully using the default value of **Yes** for the **Enforce TLS certificate pinning for Windows Update client for detecting updates** client setting. This includes scans over both HTTP and HTTPS. The certificate pinning doesn't take effect until a certificate is in the client's `WindowsServerUpdateServices` store and the WSUS server is configured to use TLS/SSL.
 
 
+
 ### Enable or disable TLS certificate pinning for devices scanning HTTPS-configured WSUS servers
 
 1. From the Configuration Manager console, go to **Administration** > **Client Settings**.
@@ -306,4 +308,4 @@ Starting in Configuration Manager 2103, you can further increase the security of
 
 ## Next steps
 
-[Deploy software updates](../deploy-use/deploy-software-updates.md)
+[Deploy software updates](../deploy-use/deploy-software-updates.md)

memdocs/intune/apps/apps-add-office365.md

@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 12/16/2021
+ms.date: 01/14/2021
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -47,6 +47,8 @@ Before you can assign, monitor, configure, or protect apps, you must add them to
 
 > [!IMPORTANT]
 > If there are .msi Office apps on the end-user device, you must use the **Remove MSI** feature to safely uninstall these apps. Otherwise, the Intune delivered Microsoft 365 apps will fail to install.
+> 
+> Multiple required or available app assignments are not additive. A later app assignment will overwrite pre-existing installed app assignments.
 
 - Devices to which you deploy these apps must be running the Windows 10 Creators Update or later.
 - Intune supports adding Office apps from the Microsoft 365 Apps suite only.

memdocs/intune/fundamentals/monitor-audit-logs.md

@@ -7,7 +7,7 @@ keywords:
 ms.author: dougeby
 author: dougeby
 manager: dougeby
-ms.date: 02/04/2021
+ms.date: 01/14/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -56,6 +56,8 @@ You can review audit logs in the monitoring group for each Intune workload:
 4. Select **Apply**.
 5. Select an item in the list to see the activity details.
 
+For related information about audit logs, see [Addition information](../fundamentals/monitor-audit-logs.md#additional-information).
+
 ## Route logs to Azure Monitor
 
 Audit logs and operational logs can also be routed to Azure Monitor. In **Tenant administration** > **Audit logs**, select **Export**:
@@ -76,6 +78,11 @@ For details on using the graph API to get up to one year of audit events, see [L
 
 ## Next steps
 
-[Send log data to storage, event hubs, or log analytics](review-logs-using-azure-monitor.md).
+- [Send log data to storage, event hubs, or log analytics](review-logs-using-azure-monitor.md)
+- [Review client app protection logs](../apps/app-protection-policy-settings-log.md)
+
+## Additional information
 
-[Review client app protection logs](../apps/app-protection-policy-settings-log.md).
+- [Data storage and processing in Intune](../protect/privacy-data-store-process.md)
+- [Use audit logs throughout Intune](../fundamentals/review-logs-using-azure-monitor.md#use-audit-logs-throughout-intune)
+- [Audit, export, or delete personal data in Intune](../protect/privacy-data-audit-export-delete.md)