progresive save of work

Author: Brenduns

memdocs/intune/fundamentals/whats-new.md

@@ -66,13 +66,14 @@ You can use RSS to be notified when this page is updated. For more information,
 
 #### New profile templates and settings structure for endpoint security policies<!-- 13742640 -->
 
-We’ve begun to release new [endpoint security profile templates](../intune/protect/endpoint-security-policy.md) , while bringing the following improvements:
+We’ve begun to release new [endpoint security profile templates](../intune/protect/endpoint-security-policy.md) that use the settings format as found in the Settings Catalog. Each new profile template includes the same settings as the older profile it replaces, while bringing the following improvements:
 
-- **Setting names match the Windows CSP name**: Each setting name in the new profiles use the same name as the CSP that the setting configures. However, in the Intune UI we’ve added spaces to that name to make the setting name easier to read. For example, a setting in the Intune UI that’s named *Allow USB Connection* configures the CSP named [AllowUSBConnection](/windows/client-management/mdm/policy-csp-connectivity#connectivity-allowusbconnection).
+- **Setting names match the Windows CSP name**: In most cases, each setting name in the new profiles is a mtach to the name of the CSP that the setting configures. However, in the Intune UI we’ve added spaces to that name to make the setting name easier to read. For example, a setting in the Intune UI that’s named *Allow USB Connection* configures the CSP named [AllowUSBConnection](/windows/client-management/mdm/policy-csp-connectivity#connectivity-allowusbconnection).
 
 - **Setting options align to those of the Windows CSP**: Options for settings now align directly to those options as described and supported by the Windows CSP, with one addition. The addition is that we’ve included the option of Not configured. When a setting is set to Not configured, that Intune profile does not actively manage that setting. When a profiles is    changed to go from active configuration of  setting Not configured, Intune stops actively enforcing the configuration for that setting on the device.
 
 - **Setting guidance is taken from the Windows CSP**: The information about the setting found in the Intune UI is taken directly from the Windows CSP content, with Learn more links opening the documentation for the relevant CSP, or the content page that includes that CSP. The CSP defines and manages the settings behavior.
+
 When a new platform and profile template is available for a policy type, the older profile of the same name will no longer be available to create new profiles. Instead, new profiles must use the new profiles and settings format. Eventually, your old profiles will be supported for conversion to the new profile format.  Until that conversion is available, you can still use, edit, and deploy your existing profiles.  
 
 The following profile templates are now available in the new settings format:

memdocs/intune/protect/antivirus-microsoft-defender-settings-windows.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 07/20/2021
+ms.date: 04/04/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -30,9 +30,10 @@ ms.reviewer: laarrizz
 
 # Settings for Microsoft Defender Antivirus policy in Microsoft Intune for Windows devices
 
-View the Endpoint security antivirus policy settings you can configure for the Microsoft Defender Antivirus profile for Windows 10/11 in Microsoft Intune as part of an [Endpoint security policy](../protect/endpoint-security-policy.md).
+> [!NOTE]  
+> This article details the settings in the  Microsoft Defender Antivirus and Microsoft Defender Antivirus Exclusions profiles for the *Windows 10 and later* platform for endpoint security Antivirus policy. Beginning in April 2022, the *Windows 10 and later* platform was replaced by the *Windows 10, Windows 11, and Windows Server* platform. Although you can no longer create new instances of the original profile, you can continue to edit and use your existing profiles. The settings details in this article apply to those deprecated profiles. 
 
-## Cloud protection
+View details about the [endpoint security](../protect/endpoint-security-policy.md) antivirus policy settings you can configure for the Microsoft Defender Antivirus profile for Windows 10 and later in Microsoft Intune.  
 
 These settings are available in the following profiles:
 

memdocs/intune/protect/antivirus-security-experience-windows-settings.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 12/06/2021
+ms.date: 04/04/2022
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -30,7 +30,10 @@ ms.reviewer: mattsha
 
 # Settings for the Windows Security experience profile in Microsoft Intune
 
-View the Antivirus policy settings you can configure for the **Windows Security Experience** profile for Windows 10 and Windows 11 devices as part of a Microsoft Intune [Endpoint security policy](../protect/endpoint-security-policy.md).
+> [!NOTE]  
+> This article details the settings in the  Windows Security experience profile for the *Windows 10 and later* platform for endpoint security Antivirus policy. Beginning in April 2022, the *Windows 10 and later* platform was replaced by the *Windows 10, Windows 11, and Windows Server* platform. Although you can no longer create new instances of the original profile, you can continue to edit and use your existing profiles.
+
+View details about the [endpoint security](../protect/endpoint-security-policy.md) antivirus policy settings you can configure for the Windows Security Experience profile for Windows 10 and later in Microsoft Intune.
 
 **Windows Security**
 

memdocs/intune/protect/encrypt-devices.md

@@ -35,8 +35,6 @@ Use one of the following policy types to configure BitLocker on your managed dev
 
 - **[Endpoint security disk encryption policy for BitLocker](#create-an-endpoint-security-policy-for-bitlocker)**. The BitLocker profile in *Endpoint security* is a focused group of settings that is dedicated to configuring BitLocker.
 
-  View the BitLocker settings that are available in [BitLocker profiles from disk encryption policy](../protect/endpoint-security-disk-encryption-profile-settings.md#bitlocker).
-
 - **[Device configuration profile for endpoint protection for BitLocker](#create-an-endpoint-security-policy-for-bitlocker)**. BitLocker settings are one of the available settings categories for Windows 10/11 endpoint protection.
 
   View the BitLocker settings that are available for [BitLocker in endpoint protection profiles from device configuration policy](../protect/endpoint-protection-windows-10.md#windows-settings).
@@ -134,7 +132,7 @@ A device must meet the following conditions to be eligible for silently enabling
 Depending on the type of policy that you use to silently enable BitLocker, configure the following settings.
 
 **Endpoint security disk encryption policy** - Configure the following settings in the BitLocker profile:
-
+<!-- the following two settings are part of the original BitLocker profile, now deprecated by DCv2 settings. The correct settings from the new profile are pending identification from the PM team -->
 - **Hide prompt about third-party encryption** = *Yes*
 - **Alow standard users to enable encryption during Autopilot** = *Yes*
 

memdocs/intune/protect/endpoint-security-antivirus-policy.md

@@ -76,9 +76,16 @@ Prerequisites to support tamper protection for devices managed by Intune:
 
 Profiles for *Antivirus* policy that support tamper protection for [devices managed by Microsoft Endpoint Manager](#devices-managed-by-microsoft-endpoint-manager):
 
-- Platform: **Windows 10 later**
+- Platform: **Windows 10, Windows 11, and Windows Server**
   - Profile: **Windows Security experience**  
 
+> [!NOTE]  
+> Beginning in April 2022, the *Windows 10 and later* platform was replaced by the *Windows 10, Windows 11, and Windows Server* platform.
+>
+> The *Windows 10, Windows 11, and Windows Server* platform supports devices communicating with Endpoint Manager through Microsoft Intune or Microsoft Defender for Endpoint. These profiles also add support for the Windows Server platform which is not supported through Microsoft Intune natively.
+>
+>Profiles for this new platform use the settings format as found in the Settings Catalog. Each new profile template for this new platform includes the same settings as the older profile template it replaces. With this change you can no longer create new versions of the old profiles. Your existing instances of the old profile remain available to use and edit.
+
 You can also use the [Endpoint protection](../protect/endpoint-protection-configure.md) profile for *Device configuration* policy to configure tamper protection for devices managed by Intune.
 
 #### Configuration Manager clients managed through the tenant attach scenario
@@ -108,25 +115,29 @@ The following profiles are supported for devices you manage with Intune:
 
     When you use [Microsoft Defender for Endpoint for Mac](/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac), you can configure and deploy Antivirus settings to your managed macOS devices through Intune instead of configuring those settings by use of `.plist` files.
 
-**Windows 10, 11, and Windows Server**:
+**Windows**:
 
 > [!NOTE]  
-> Beginning in April 2022, the *Windows 10 and later* platform is replaced by the *Windows 10, Windows 11, and Windows Server* platform. Profiles for this new platform use the settings format as found in the Settings Catalog. Each new profile template for this new platform includes the same settings as the older profile template it replaces. With this change you can no longer create new versions of the old profiles. Your existing instances of the old profile remain available to use and edit.
+> Beginning in April 2022, the *Windows 10 and later* platform was replaced by the *Windows 10, Windows 11, and Windows Server* platform. 
+>
+> The *Windows 10, Windows 11, and Windows Server* platform supports devices communicating with Endpoint Manager through Microsoft Intune or Microsoft Defender for Endpoint. These profiles also add support for the Windows Server platform which is not supported through Microsoft Intune natively.
+>
+> Profiles for this new platform use the settings format as found in the Settings Catalog. Each new profile template for this new platform includes the same settings as the older profile template it replaces. With this change you can no longer create new versions of the old profiles. Your existing instances of the old profile remain available to use and edit.
 
 - Platform: **Windows 10, Windows 11, and Windows Server**  
   Profiles for this platform can be used with devices enrolled with Intune, and devices managed through [Security Management for Microsoft Defender for Endpoint](../protect/mde-security-integration.md).
 
 
 
-  - Profile: **Microsoft Defender Antivirus** - Manage [Antivirus policy settings](../protect/antivirus-microsoft-defender-settings-windows.md) for Windows 10/11.
+  - Profile: **Microsoft Defender Antivirus** - Manage Antivirus policy settings for Windows devices.
 
     Defender Antivirus is the next-generation protection component of Microsoft Defender for Endpoint. Next-generation protection brings together technologies like machine learning and cloud infrastructure to protect devices in your enterprise organization.
 
     The *Microsoft Defender Antivirus* profile is a separate instance of the antivirus settings that are found in the *Device Restriction profile* for Device Configuration policy.
 
-    Unlike the antivirus settings in a *Device Restriction profile*, you can use these settings to with devices that are co-managed. To use these settings, the [co-management workload slider](/configmgr/comanage/how-to-switch-workloads) for Endpoint Protection must be set to Intune.
+    Unlike the antivirus settings in a *Device Restriction profile*, you can use these settings with devices that are co-managed. To use these settings, the [co-management workload slider](/configmgr/comanage/how-to-switch-workloads) for Endpoint Protection must be set to Intune.
 
-  - Profile: **Microsoft Defender Antivirus exclusions** - Manage policy settings for only [Antivirus exclusions](../protect/antivirus-microsoft-defender-settings-windows.md#microsoft-defender-antivirus-exclusions).
+  - Profile: **Microsoft Defender Antivirus exclusions** - Manage policy settings for only Antivirus exclusion.
 
     With this policy, you can manage settings for the following Microsoft Defender Antivirus configuration service providers (CSPs) that define Antivirus exclusions:
 
@@ -136,7 +147,7 @@ The following profiles are supported for devices you manage with Intune:
 
     These CSPs for antivirus exclusion are also managed by *Microsoft Defender Antivirus* policy, which includes identical settings for exclusions. Settings from both policy types  (*Antivirus* and *Antivirus exclusions*) are subject to [policy merge](#policy-merge-for-settings), and create a super set of exclusions for applicable devices and users.
 
-  - Profile: **Windows Security experience**-  Manage the [Windows Security app settings](../protect/antivirus-security-experience-windows-settings.md) that end users can view in the Microsoft Defender Security center and the notifications they receive.
+  - Profile: **Windows Security experience**-  Manage the Windows Security app settings that end users can view in the Microsoft Defender Security center and the notifications they receive.
 
     The Windows security app is used by a number of Windows security features to provide notifications about the health and security of the machine. Security app notifications include firewalls, antivirus products, Windows Defender SmartScreen, and others.
 
@@ -162,8 +173,6 @@ When processed separately, policy conflicts are resolved as follows:
 
 The following settings support policy merge:
 
-[Microsoft Defender Antivirus policies](../protect/antivirus-microsoft-defender-settings-windows.md)
-
 - **Excluded Processes** - CSP: [Defender/ExcludedProcesses](/windows/client-management/mdm/policy-csp-defender#defender-excludedprocesses)
 - **Excluded Extensions** - CSP: [Defender/ExcludedExtensions](/windows/client-management/mdm/policy-csp-defender#defender-excludedextensions)
 - **Excluded Paths** - CSP: [Defender/ExcludedPaths](/windows/client-management/mdm/policy-csp-defender#defender-excludedpaths)
@@ -205,3 +214,9 @@ The information for this report is based on details available from the following
 ## Next steps
 
 [Configure Endpoint security policies](../protect/endpoint-security-policy.md#create-an-endpoint-security-policy)
+
+View details for the Windows settings in the deprecated profiles for the *Windows 10 and later* platform:
+
+- [Antivirus policy settings](../protect/antivirus-microsoft-defender-settings-windows.md)
+- [Antivirus exclusions](../protect/antivirus-microsoft-defender-settings-windows.md#microsoft-defender-antivirus-exclusions)
+- [Windows Security app settings](../protect/antivirus-security-experience-windows-settings.md)

memdocs/intune/protect/endpoint-security-disk-encryption-policy.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 05/15/2020
+ms.date: 04/04/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -53,9 +53,11 @@ Find the endpoint security policies for disk encryption under *Manage* in the **
 
 **Windows profiles**:
 
+> [!NOTE]  
+> Beginning in April 2022, the *BitLocker* profile for the *Windows 10 and later* platform was replaced by by a new profile instance. This new profile use the settings format as found in the Settings Catalog. The new profile template includes the same settings as the older profile template it replaces. With this change you can no longer create new versions of the old profile. Your existing instances of the old profile remain available to use and edit.
+
 - **BitLocker** - BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers
 
-  Manage [BitLocker settings](../protect/endpoint-security-disk-encryption-profile-settings.md#bitlocker) for Windows 10.
 
   To create a BitLocker profile, see [Use BitLocker disk encryption for Windows](../protect/encrypt-devices.md).
 
@@ -71,3 +73,7 @@ After you deploy policy to encrypt a device disk, see the following articles for
 
 - [To create a FileVault profile](../protect/encrypt-devices-filevault.md#create-endpoint-security-policy-for-filevault)
 - [To create a BitLocker profile](../protect/encrypt-devices.md#create-an-endpoint-security-policy-for-bitlocker)
+
+View details for the Windows settings in the deprecated profile for Windows BitLocker:
+
+- [BitLocker settings](../protect/endpoint-security-disk-encryption-profile-settings.md#bitlocker)