Merge pull request #6214 from MicrosoftDocs/main

11/24/2021 AM Publish

Author: Taojunshen

memdocs/cloud-native-windows-endpoints.md

@@ -297,20 +297,6 @@ Your cloud native endpoint will need some applications. To get started, we recom
 
   To deploy Microsoft 365 Apps, see [Add Microsoft 365 apps to Windows devices using Microsoft Intune](./intune/apps/apps-add-office365.md)
 
-- **Microsoft Edge**  
-  Microsoft Edge is the new browser from Microsoft built on Chromium open source. Edge can easily be deployed to devices using the built-in app profile in Intune.
-
-  To deploy Microsoft Edge, see [Add Microsoft Edge for Windows to Microsoft Intune](./intune/apps/apps-windows-edge.md).
-
-  > [!NOTE]
-  > Microsoft Edge is included on devices that run:
-  >
-  > - Windows 11
-  > - Windows 10 20H2 or later.
-  > - Windows 10 1803 or later, with the May 2021 or later cumulative monthly security update.
-
-  For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April’s Windows 10 Update Tuesday release](https://techcommunity.microsoft.com/t5/microsoft-365-blog/new-microsoft-edge-to-replace-microsoft-edge-legacy-with-april-s/ba-p/2114224).
-
 - **Company Portal**  
   Deploying the Intune *Company Portal* app to all devices as a required application is recommended. Company Portal is the self-service hub for users that they use to install applications from multiple sources, like Intune, Microsoft Store, and Configuration Manager. Users also use the portal to sync their device with Intune, check compliance status, and so on.
 
@@ -496,9 +482,6 @@ For more information, see:
 
 If you’d like more granular control for Windows Updates and you use Configuration Manager, consider [co-management](./configmgr/comanage/overview.md).
 
-> [!NOTE]
-> Known Issue: Applying a Windows Update ring will cause a reboot during the Enrollment Status Page phase and require the user to authenticate again.
-
 ## Phase 4 – Apply customizations and review your on-premises configuration
 
 :::image type="content" source="./media/cloud-native-windows-endpoints/phase-4.png" alt-text="Phase 4.":::
@@ -517,15 +500,28 @@ In this phase, you'll apply organization-specific settings, apps, and review you
 - [Applications](#applications)
 
 ### Microsoft Edge
+#### Microsoft Edge Deployment
+Microsoft Edge is included on devices that run:
+ - Windows 11.
+ - Windows 10 20H2 or later.
+ - Windows 10 1803 or later, with the May 2021 or later cumulative monthly security update.
 
+Microsoft Edge will update automatically post user logon. To trigger an update for Microsoft Edge during deployment you could run the following command:
+```powershell
+Start-Process -FilePath "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -argumentlist "/silent /install appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=True"
+```
+
+To deploy Microsoft Edge to previous versions of Windows, see [Add Microsoft Edge for Windows to Microsoft Intune](./intune/apps/apps-windows-edge.md).
+
+#### Microsoft Edge Configuration
 Two components of the Microsoft Edge experience, which apply when users sign in with their Microsoft 365 credentials, can be configured from the Microsoft 365 Admin Center.
 
 - The start page logo in Microsoft Edge can be customized by configuring the *Your organization* section within the Microsoft 365 admin center. For more information, see [Customize ‎Office 365‎ for your organization](/microsoft-365/admin/setup/customize-your-organization-theme).
 - The default new tab page experience in Edge includes Office 365 information and personalized news. How this page is displayed can be customized from the Microsoft 365 admin center under **Settings** > **Org settings** > **News** > **Microsoft Edge new tab page**.
 
 You can also set other settings for Microsoft Edge using settings catalog profiles. For example, you might want to configure specific sync settings for your organization.
 
-- Microsoft Edge
+- **Microsoft Edge**
   - Configure the list of types that are excluded from synchronization - **passwords**
 
 ### Start and Taskbar layout
@@ -577,10 +573,22 @@ Following are some settings available in the settings catalog that might be rele
 
 - **Block Gaming**  
   Organizations might prefer that corporate endpoints cannot be used to play games. The Gaming page within the Settings app can be hidden entirely using the following setting.
-  For additional information on the settings page visibility, refer to the CSP documentation [here](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) and the ms-settings URI scheme reference [here](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
+  For additional information on the settings page visibility, refer to the [CSP documentation](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) and the ms-settings [URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference).
   - Settings
     - Page Visibility List – **hide:gaming-gamebar;gaming-gamedvr;gaming-broadcasting;gaming-gamemode;gaming-trueplay;gaming-xboxnetworking;quietmomentsgame**
 
+- **Control Chat Icon Visbility in Taskbar**
+  The visiblity of the Chat icon in the Windows 11 taskbar can be controlled using the [Policy CSP](/windows/client-management/mdm/policy-csp-Experience#experience-configurechaticonvisibilityonthetaskbar).
+  
+  - Experience
+    - Configure Chat Icon - **Disabled**
+
+- **Control which tenants the Teams desktop client can sign in to**
+  When this policy is configured on a device, users can only sign in with accounts homed in an Azure AD tenant that is included in the "Tenant Allow List" defined in this policy. The "Tenant Allow List" is a comma seperated list of Azure AD tenant IDs. By specifing this policy and defining an Azure AD tenant you also block sign in to Teams for personal use. For more information see [How to restrict sign in on desktop devices](/microsoftteams/sign-in-teams#how-to-restrict-sign-in-on-desktop-devices).
+  
+  - Administrative Templates \ Microsoft Teams
+    - Restrict sign in to Teams to accounts in specific tenants (User) - **Enabled**
+
 ### Device Restrictions
 
 Windows Device restrictions templates contain many of the settings required to secure and manage a Windows endpoint using Windows Configuration Service Providers (CSPs). More of these settings will be made available in the settings catalog over time. For more information, see [Device Restrictions](./intune/configuration/device-restrictions-configure.md).

memdocs/configmgr/core/clients/manage/collections/collection-evaluation.md

@@ -106,4 +106,3 @@ In the following example, installing DNS on the existing server makes it a membe
 - [Best practices for collections](best-practices-for-collections.md)
 - [View collection evaluation (starting in version 2010)](collection-evaluation-view.md)
 - [Collection Evaluation Viewer](../../../support/ceviewer.md)
-- [ConfigMgrDogs Troubleshoot ConfigMgr 2012](https://channel9.msdn.com/Events/TechEd/Australia/2014/DCI411) session at TechEd Australia

memdocs/configmgr/develop/core/understand/getting-started-with-configuration-manager-programming.md

@@ -35,8 +35,6 @@ To successfully automate or extend Configuration Manager, it is incredibly impor
 
 #### Videos
 
-- [Channel 9: Microsoft System Center 2012 Configuration Manager Overview](https://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/MGT309)  
-
 - [YouTube: Technical Deep Dive: Configuration Manager 2012 Technical Overview](https://www.youtube.com/watch?v=qLACm3910_A)  
 
 #### Forums

memdocs/intune/fundamentals/whats-new.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/16/2021
+ms.date: 11/23/2021
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -58,6 +58,28 @@ You can use RSS to be notified when this page is updated. For more information,
 ### Scripts
 -->
 
+## Week of November 22, 2021
+
+<!-- vvvvvvvvvvvvvvvvvvvvvv -->
+
+### Monitor and troubleshoot
+
+#### Remote help app is available as a public preview<!-- 9843480 -->
+
+As a public preview, you can use of the remote help app with your Intune tenant. With remote help, users who authenticate to your Azure Active directly can remotely assist others by connecting a remote help session between devices.
+
+With permissions in remote help managed by Intune role-based access controls, you control who has permissions to help others and the actions they can take while assisting. The capabilities of remote help include:
+
+- **Enable remote help for your tenant** –If you choose to turn on remote help, its use is enabled tenant-wide.
+- **Requires Organization login** - To use remote help, both the helper and the sharer must sign in with an Azure Active Directory (Azure AD) account from your organization.
+- **Use remote help with unenrolled devices** – You can choose to allow help to devices that aren't enrolled with Intune.
+- **Compliance Warnings** - Before connecting to device, a helper will see a non-compliance warning about that device if it’s not compliant to its assigned policies. This warning doesn’t block access but provides transparency about the risk of using sensitive data like administrative credentials during the session.
+- **Role-based access control** – Admins can set RBAC rules that determine the scope of a helper’s access and what the actions they can take while providing assistance.
+- **Elevation of privilege** - When needed, a helper with the correct RBAC permissions can interact with the UAC prompt on the sharer's machine to enter credentials.
+- **Monitor active remote help sessions, and view details about past sessions** – In the Microsoft Endpoint Manager admin center you can view reports that include details about who helped who, on what device, and for how long. You’ll also find details about active sessions.
+
+This feature is rolling out over the next week and should soon be available for your tenant. For more information, see [Use remote help](../remote-actions/remote-help.md).
+
 ## Week of November 15, 2021 (Service release 2111)
 
 <!-- vvvvvvvvvvvvvvvvvvvvvv -->

memdocs/intune/protect/encrypt-devices.md

@@ -180,7 +180,7 @@ All BitLocker recovery key accesses are audited. For more information on Audit L
 
 When you’ve configured the tenant attach scenario, Microsoft Endpoint Manager can display recovery key data for tenant attached devices.
 
-- To support the display of recovery keys for tenant attached devices, your Configuration Manager sites must run version 2107 or later. For sites that run 2107, you must install an update rollup to support Azure AD joined devices:. See [KB11121541](/configmgr/hotfix/2107/11121541).
+- To support the display of recovery keys for tenant attached devices, your Configuration Manager sites must run version 2107 or later. For sites that run 2107, you must install an update rollup to support Azure AD joined devices:. See [KB11121541](/mem/configmgr/hotfix/2107/11121541).
 
 - To view the recovery keys, your Intune account must have the Intune RBAC permissions to view BitLocker keys, and must be associated with an on-premises user that has the related permissions for Configuration Manager of Collection Role, with Read Permission > Read BitLocker Recovery Key Permission. For more information see [Configure role-based administration for Configuration Manager](/configmgr/core/servers/deploy/configure/configure-role-based-administration).
 

memdocs/intune/protect/mde-security-integration.md

@@ -265,7 +265,7 @@ When you select a policy, you'll see information about the device check-in statu
 ## Known limitations and considerations
 
 ### Co-existence with Microsoft Endpoint Configuration Manager
-When using Configuration Manager, the best path for management of security policy is using the [Configuration Manager tenant attach](/memdocs/configmgr/tenant-attach/endpoint-security-get-started). In some environments it may be desired to use Security Management for Microsoft Defender. When using Security Management for Microsoft Defender with Configuration Manager, endpoint security policy should be isolated to a single control plane. Controlling policy through both channels will create the opportunity for conflicts and undesired results.
+When using Configuration Manager, the best path for management of security policy is using the [Configuration Manager tenant attach](/mem/configmgr/tenant-attach/endpoint-security-get-started). In some environments it may be desired to use Security Management for Microsoft Defender. When using Security Management for Microsoft Defender with Configuration Manager, endpoint security policy should be isolated to a single control plane. Controlling policy through both channels will create the opportunity for conflicts and undesired results.
 
 ### Active Directory joined devices
 

memdocs/intune/protect/security-baseline-settings-windows-365.md

@@ -125,7 +125,7 @@ For general information, see [Learn about attack surface reduction rules](/micro
 
 - **Enable network protection**:  
   Baseline default: *Enable*  
-  CSP: [Defender/EnableNetworkProtection](/windows/client-management/mdm/policy-csp-defender&preserve-view=true#defender-enablenetworkprotection)
+  CSP: [Defender/EnableNetworkProtection](/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection)
 
 - **Block untrusted and unsigned processes that run from USB**:  
   Baseline default: *Block*  
@@ -1261,4 +1261,4 @@ Audit settings configure the events that are generated for the conditions of the
   Baseline default: *Enable*  
   [Reference for Tamper Protection](https://support.microsoft.com/windows/prevent-changes-to-security-settings-with-tamper-protection-31d51aaa-645d-408e-6ce7-8d7f8e593f87)
 
-::: zone-end
+::: zone-end