Merge pull request #6296 from MicrosoftDocs/main

Taojunshen · web-flow · commit bab5560b4f43 · 2021-12-07T02:25:36.000+08:00
12/6/2021 AM Publish
diff --git a/memdocs/autopilot/software-requirements.md b/memdocs/autopilot/software-requirements.md
@@ -50,7 +50,7 @@ The following editions are supported: Pro, Pro Education, Pro for Workstations,
 
 ### Windows 10
 
-- A [supported version](/windows/release-health/) of Windows 10 Semi-Annual Channel is required. 
+- A [supported version](/windows/release-health/) of Windows 10 Semi-Annual Channel or Windows 10 General Availability Channel is required. 
 - The following editions are supported:
   - Windows 10 Pro
   - Windows 10 Pro Education
diff --git a/memdocs/intune/fundamentals/in-development.md b/memdocs/intune/fundamentals/in-development.md
@@ -153,7 +153,7 @@ Applies to:
 - Android Enterprise corporate owned fully managed (COBO)
 - Android Enterprise dedicated devices (COSU)
 
-### New Administrative Templates settings for Microsoft Edge 96 and Microsoft Edge updater on Windows devices<!-- 12426698 -->
+### New Administrative Templates settings for Microsoft Edge 96 and Microsoft Edge updater on Windows devices<!-- 12442597 -->
 In Intune, you can use Administrative Templates to configure Microsoft Edge settings (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **Administrative Templates** for profile type).
 
 There are new Administrative Templates settings for Microsoft Edge 96 and the Microsoft  Edge updater, including **Target Channel override** support. Use **Target Channel override** so users get the **Extended Stable** release cycle option, which can be set using Group Policy or through Intune.
diff --git a/memdocs/intune/protect/antivirus-security-experience-windows-settings.md b/memdocs/intune/protect/antivirus-security-experience-windows-settings.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 05/11/2021
+ms.date: 12/06/2021
 ms.topic: reference
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -106,7 +106,7 @@ View the Antivirus policy settings you can configure for the **Windows Security
 
   Use this setting to block Windows Security notifications to your users for all of the preceding feature settings. Alternatively, you can manage the Windows Security app notifications per feature by using the proceeding settings.
 
-  - **Not configured** (*default*) - All Windows Security app notifications that are not controlled by another setting are allowed.
+  - **Not configured** (*default*) - This setting doesn't enforce a block of any settings and all Windows Security app notifications that are not controlled by another setting are allowed.
   - **Block non-critical notification** - Notifications such as scan completions are blocked.
   - **Block all notifications** - Critical and non-critical notifications are blocked for all Windows Security features.
 
diff --git a/memdocs/intune/protect/encrypt-devices.md b/memdocs/intune/protect/encrypt-devices.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 11/16/2021
+ms.date: 12/06/2021
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -73,7 +73,8 @@ Use one of the following procedures to create the policy type you prefer.
 
 4. On the **Configuration settings** page, configure settings for BitLocker to meet your business needs.  
 
-   If you want to enable BitLocker silently, see [Silently enable BitLocker on devices](#silently-enable-bitlocker-on-devices), in this article for additional prerequisites and the specific setting configurations you must use.
+   > [!TIP]
+   > If you want to enable BitLocker silently, you must use a Endpoint protection template as part of a device configuration profile and not an Endpoint security policy. See [Silently enable BitLocker on devices](#silently-enable-bitlocker-on-devices) in this article for additional prerequisites and the specific setting configurations you must use.
 
    Select **Next**.
 
@@ -117,26 +118,26 @@ To view information about devices that receive BitLocker policy, see [Monitor di
 
 ### Silently enable BitLocker on devices
 
-You can configure a BitLocker policy that automatically and silently enables BitLocker on a device. That means that BitLocker enables successfully without presenting any UI to the end user, even when that user isn't a local Administrator on the device.
+You can use an *Endpoint protection* template as part of a *device configuration* profile to configure a BitLocker policy that automatically and silently enables BitLocker on a device. That means that BitLocker enables successfully without presenting any UI to the end user, even when that user isn't a local Administrator on the device.
 
 **Device Prerequisites**:
 
 A device must meet the following conditions to be eligible for silently enabling BitLocker:
 
 - If end users log in to the devices as Administrators, the device must run Windows 10 version 1803 or later, or Windows 11.
-- If end users log in to the the devices as Standard Users, the device must run Windows 10 version 1809 or later, or Windows 11.
+- If end users log in to the devices as Standard Users, the device must run Windows 10 version 1809 or later, or Windows 11.
 - The device must be Azure AD Joined or Hybrid Azure AD Joined.
 - Device must contain at least TPM (Trusted Platform Module) 1.2.
 - The BIOS mode must be set to Native UEFI only. 
 
 **BitLocker policy configuration**:
 
-The following two settings for *BitLocker base settings* must be configured in the BitLocker policy:
+The following two settings for *BitLocker base settings* must be configured in the BitLocker policy of a device configuration profile:
 
 - **Warning for other disk encryption** = *Block*.
 - **Allow standard users to enable encryption during Azure AD Join** = *Allow*
 
-The BitLocker policy **must not require** use of a startup PIN or startup key. When a TPM startup PIN or startup key is *required*, BitLocker can not silently enable and requires interaction from the end user.  This requirement is met through the following four *BitLocker OS drive settings* in the same policy:
+The BitLocker policy **must not require** use of a startup PIN or startup key. When a TPM startup PIN or startup key is *required*, BitLocker can't silently enable and requires interaction from the end user.  This requirement is met through the following four *BitLocker OS drive settings* in the same policy:
 
 - **Compatible TPM startup** must be set to *Allowed* or *Required*
 - **Compatible TPM startup PIN** must not be set to *Require startup PIN with TPM*
@@ -182,7 +183,7 @@ When you’ve configured the tenant attach scenario, Microsoft Endpoint Manager
 
 - To support the display of recovery keys for tenant attached devices, your Configuration Manager sites must run version 2107 or later. For sites that run 2107, you must install an update rollup to support Azure AD joined devices:. See [KB11121541](/mem/configmgr/hotfix/2107/11121541).
 
-- To view the recovery keys, your Intune account must have the Intune RBAC permissions to view BitLocker keys, and must be associated with an on-premises user that has the related permissions for Configuration Manager of Collection Role, with Read Permission > Read BitLocker Recovery Key Permission. For more information see [Configure role-based administration for Configuration Manager](/configmgr/core/servers/deploy/configure/configure-role-based-administration).
+- To view the recovery keys, your Intune account must have the Intune RBAC permissions to view BitLocker keys, and must be associated with an on-premises user that has the related permissions for Configuration Manager of Collection Role, with Read Permission > Read BitLocker Recovery Key Permission. For more information, see [Configure role-based administration for Configuration Manager](/configmgr/core/servers/deploy/configure/configure-role-based-administration).
 
 
 ### Rotate BitLocker recovery keys
