Merge branch 'release-intune-2207' into 13158881-common-criteria-via-device-restrictions

Author: Brenduns

memdocs/autopilot/existing-devices.md

@@ -258,7 +258,7 @@ After you save the file, move it to a location for a Microsoft Endpoint Configur
     - _Limiting collection_: **All Systems**
 
       > [!NOTE]
-      > You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the Configuration Manaber client in the collection that you select.
+      > You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the Configuration Manager client in the collection that you select.
 
 1. On the **Membership Rules** page, select **Add Rule**. Specify either a direct or query-based collection rule to add the target Windows 8.1 devices to the new collection.
 

memdocs/autopilot/oem-registration.md

@@ -1,13 +1,8 @@
 ---
 title: Windows Autopilot OEM registration process
 description: How OEMs add devices to Windows Autopilot
-keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.prod: w10
-ms.mktglfcycl: deploy
 ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: deploy
-audience: itpro
 author: aczechowski
 ms.author: aaroncz
 ms.reviewer: jubaptis
@@ -36,6 +31,10 @@ When you purchase devices from an OEM, that OEM can automatically register the d
 
 OEMs must follow [device guidelines](autopilot-device-guidelines.md) for Windows Autopilot devices.
 
+### Service data
+
+Windows Autopilot is managed and maintained by Microsoft. This service provides the backend database that associates hardware hashes with customer tenants. When an OEM registers devices for a customer, they are writing that data to this database and not directly to the customer's tenant. No permissions to the customer's tenant are granted or required for OEMs to register devices on the customer's behalf.
+
 ### Customer consent
 
 Before an OEM can register devices for an organization, the organization must grant the OEM permission to do so. The OEM begins this process with approval granted by an Azure AD global administrator from your organization. For more information see [OEM authorization](registration-auth.md#oem-authorization).

memdocs/azure-ad-joined-hybrid-azure-ad-joined.md

@@ -9,7 +9,7 @@ author: MandiOhlinger
 
 ms.author: mandia
 manager: dougeby
-ms.date: 06/01/2022
+ms.date: 07/13/2022
 ms.topic: conceptual
 ms.service: mem
 ms.subservice: fundamentals
@@ -38,7 +38,7 @@ Many critical and valuable services, including [Conditional Access](/azure/activ
 
 When moving to cloud-native endpoints, you need to understand the differences between Azure AD joined and hybrid Azure AD joined devices:
 
-- **Azure AD joined** (AADJ): Devices are joined to an Azure Active Directory (Azure AD). They're not joined to on-premises Azure AD.
+- **Azure AD joined** (AADJ): Devices are joined to an Azure Active Directory (Azure AD). They're not joined to on-premises AD.
 
   For more specific information, go to [Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join) (opens another Microsoft website).
 
@@ -112,10 +112,7 @@ If your organization is ready and wants to be cloud-native, then [Azure AD joine
 
 ### Hybrid Azure AD joined resources
 
-For information on how to register your existing domain joined devices to Azure AD, go to:
-
-- [Configure hybrid Azure AD join for managed domains](/azure/active-directory/devices/hybrid-azuread-join-managed-domains)
-- [Configure hybrid Azure AD join for federated domains](/azure/active-directory/devices/hybrid-azuread-join-federated-domains)
+For information on how to register your existing domain joined devices to Azure AD, go to [Configure hybrid Azure AD join](/azure/active-directory/devices/howto-hybrid-azure-ad-join). [Configure hybrid Azure AD join](/azure/active-directory/devices/howto-hybrid-azure-ad-join) includes information for managed domains and federated domains.
 
 ## Which option is right for your organization
 
@@ -141,4 +138,4 @@ Consider the following scenarios:
 3. 🡺 **Concept: Azure AD joined vs. Hybrid Azure AD joined** (*You are here*)
 4. [Concept: Cloud-native endpoints and on-premises resources](cloud-native-endpoints-on-premises.md)
 5. [High level planning guide](cloud-native-endpoints-planning-guide.md)
-6. [Known issues and important information](cloud-native-endpoints-known-issues.md)
+6. [Known issues and important information](cloud-native-endpoints-known-issues.md)

memdocs/configmgr/core/clients/manage/cmg/plan-cloud-management-gateway.md

@@ -157,6 +157,8 @@ With a few exceptions, the configuration, operation, and functionality of the CM
 
 - A [**server authentication certificate**](server-auth-cert.md) for the CMG.
 
+- CMG names need to be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens. <!--13222041-->
+
 - **Other certificates** may be required, depending upon your client OS version and authentication model. For more information, see [Configure client authentication](configure-authentication.md).
 
 - Clients must use **IPv4**.

memdocs/configmgr/core/clients/manage/cmg/supported-configurations.md

@@ -2,7 +2,7 @@
 title: Supported configurations for CMG
 titleSuffix: Configuration Manager
 description: A list of the features and configurations that the Configuration Manager cloud management gateway supports.
-ms.date: 04/08/2022
+ms.date: 07/12/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-client
 ms.topic: reference
@@ -30,6 +30,8 @@ Use this article as a reference for the features and configurations that are sup
 
 - Starting in version 2203, the option to deploy a CMG as a **cloud service (classic)** is removed.<!-- 13235079 --> All CMG deployments should use a [virtual machine scale set](plan-cloud-management-gateway.md#virtual-machine-scale-sets).<!--10966586--> For more information, see [Removed and deprecated features](../../../plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md).
 
+- CMG names need to be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens. <!--13222041-->
+
 ## Support for Configuration Manager features
 
 The following table lists CMG support for Configuration Manager features:

memdocs/configmgr/core/get-started/2022/includes/2207/10928371.md

@@ -65,14 +65,14 @@ Use this cmdlet to monitor the distribution point migration status.
 Get-CMDistributionPointMigrationStatus -SourceDistributionPointName <FQDN for source distribution point> -DestinationDistributionPointName <FQDN for destination distribution point> 
 ```
 
-### Get-CMDistributionPointContentMigrationStatus 
+### Get-CMDistributionPointMigrationContentStatus 
 
 Use this cmdlet to monitor the distribution point content migration status.
 
 #### Syntax
 
 ```powershell
-Get-CMDistributionPointContentMigrationStatus -SourceDistributionPointName <FQDN for source distribution point> -DestinationDistributionPointName <FQDN for destination distribution point>
+Get-CMDistributionPointMigrationContentStatus -SourceDistributionPointName <FQDN for source distribution point> -DestinationDistributionPointName <FQDN for destination distribution point>
 ```
 
 ### Stop-CMDistributionPointMigration 

memdocs/configmgr/core/servers/manage/updates.md

@@ -59,7 +59,6 @@ The following supported versions of Configuration Manager are currently availabl
 | [**2111**](../../plan-design/changes/whats-new-in-version-2111.md)<br /> (5.00.9068) | December 1, 2021 | June 1, 2023 | No | Yes |
 | [**2107**](../../plan-design/changes/whats-new-in-version-2107.md)<br /> (5.00.9058) | August 2, 2021 | February 2, 2023 | No | Yes |
 | [**2103**](../../plan-design/changes/whats-new-in-version-2103.md)<br /> (5.00.9049) | April 5, 2021 | October 5, 2022 | Yes<sup>[Note 1](#bkmk_note1)</sup> | Yes |
-| [**2010**](../../plan-design/changes/whats-new-in-version-2010.md)<br /> (5.00.9040) | November 30, 2020 | May 30, 2022 | No | Yes |
 
 
 > [!NOTE]
@@ -84,6 +83,7 @@ The following table lists historical versions of Configuration Manager current b
 
 | Version                          | Availability date | Support end date   | Baseline | In-console update |
 |----------------------------------|-------------------|--------------------|----------|-------------------|
+| **2010** <br /> (5.00.9040)      | November 30, 2020     | May 30, 2022    | No      | Yes               |
 | **2006** <br /> (5.00.9012)      | August 11, 2020     | February 11, 2022    | No      | Yes               |
 | **2002** <br /> (5.00.8968)      | April 1, 2020     | October 1, 2021    | Yes      | Yes               |
 | **1910** <br /> (5.00.8913)      | November 29, 2019 | May 29, 2021       | No       | Yes               |

memdocs/configmgr/hotfix/2203/14244456.md

@@ -67,6 +67,10 @@ For more information on changes in Configuration Manager version 2203, see:
    ~RDC:Failed to set access security on \\<SiteServerFQDN>\SMSSIG$\<PkgID>.1.tar for package <PkgID> signature file
    ```
 
+<!-- 14628373 -->
+- The issue described in the following Knowledge Base article is resolved with the 2203 update rollup.
+[Mismatch certificate subject name error when running client action for Configuration Manager device](/troubleshoot/mem/configmgr/tenant-attach-component-not-connect-to-gateway)
+
 ## Hotfixes that are included in this update
 - KB [13953025](../../hotfix/2203/13953025.md)Update for Microsoft Endpoint Configuration Manager version 2203, early update ring
 - KB [14480034](../../hotfix/2203/14480034.md)Registration fails for PKI clients after updating to Configuration Manager current branch, version 2203

memdocs/configmgr/protect/deploy-use/defender-advanced-threat-protection.md

@@ -32,7 +32,7 @@ Microsoft Defender for Endpoint's cloud-based portal is [Microsoft Defender Secu
 You can onboard the following operating systems:
 
 - Windows 8.1
-- Windows 10, version 1607 or later
+- Windows 10, version  1709 or later
 - Windows 11
 - Windows Server 2012 R2
 - Windows Server 2016

memdocs/configmgr/sum/deploy-use/add-software-updates-to-an-update-group.md

@@ -2,7 +2,7 @@
 title: Add updates to an update group
 titleSuffix: Configuration Manager
 description: Manually or automatically add software updates to a software update group in your environment.
-ms.date: 04/08/2022
+ms.date: 07/12/2022
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-sum
@@ -19,7 +19,8 @@ ms.localizationpriority: medium
  Software update groups provide you with an effective method to organize software updates in your environment. You can manually add software updates to a software update group or automatically add software updates to a software update group by using an ADR. You can also deploy a software update group manually or deploy the group automatically by using an ADR. After you deploy a software update group, you can add new software updates to the group and Configuration Manager will automatically deploy them. Use the following procedures to add software updates to a new or existing software update group.  
 
 > [!TIP]
-> Starting in version 2203, you can organize software update groups and packages by using folders. This change allows for better categorization and management of software updates. For more information, see [Deploy software updates](deploy-software-updates.md#bkmk_folder).<!-- 3601129 -->
+> - Starting in version 2203, you can organize software update groups and packages by using folders. This change allows for better categorization and management of software updates. For more information, see [Deploy software updates](deploy-software-updates.md#bkmk_folder).<!-- 3601129 -->
+> - Devices running an unsupported operating systems will display as compliant since there aren't applicable updates to the operating system any longer. <!--13952160-->
 
 ## Add software updates to a new software update group