Merge pull request #8189 from MicrosoftDocs/main

Publish 08/03/2022 3:30 PM PT

Author: Angela Fleischmann

memdocs/autopilot/windows-autopilot-hybrid.md

@@ -8,7 +8,7 @@ author: aczechowski
 ms.author: aaroncz
 manager: dougeby
 ms.reviewer: jubaptis
-ms.date: 05/18/2022
+ms.date: 08/02/2022
 ms.collection:
   - M365-modern-desktop
   - highpri
@@ -17,14 +17,14 @@ ms.topic: article
 
 # Windows Autopilot: What's new
 
-_Applies to_
+## Update Intune Connector for Active Directory for Hybrid Azure AD joined devices
+<!-- 2209 -->
 
-- Windows 11
-- Windows 10
-- Windows Holographic, version 2004
+Starting in September 2022, the Intune Connector for Active Directory (ODJ connector) will require .NET Framework version 4.7.2 or later. If you're not already using .NET 4.7.2 or later, the Intune Connector may not work for Autopilot hybrid Azure AD deployments and will result in failures. When you install a new Intune Connector, don't use the connector installation package that was previously downloaded. Download a new version from the **Intune Connector for Active Directory** section of the Microsoft Endpoint Manager admin center. If you're not using the latest version, it may continue to work, but the auto-upgrade feature to provide updates to the Intune Connector won't work.
 
 ## Enroll to co-management from Windows Autopilot
 <!-- 11300628 -->
+<!-- 2205 -->
 
 With the Intune 2205 release, you can configure device enrollment in Intune to enable [co-management](../configmgr/comanage/overview.md), which happens during the Autopilot process. This behavior directs the workload authority in an orchestrated manner between Configuration Manager and Intune.
 
@@ -33,6 +33,7 @@ If the device is targeted with an [Autopilot enrollment status page (ESP) policy
 For more information, see [How to enroll to co-management with Autopilot](../configmgr/comanage/autopilot-enrollment.md).
 
 ## Improvements to the enrollment status page
+<!-- 2202 -->
 
 With the Intune 2202 release, the [enrollment status page](enrollment-status.md) has improved functionality. The application picker for selecting blocking apps has the following improvements:
 
@@ -47,18 +48,21 @@ With the Intune 2202 release, the [enrollment status page](enrollment-status.md)
 Autopilot agility is a new feature that allows updates and bug fixes to the OOBE experience. These updates occur before device enrollment, and after the Azure Active Directory (Azure AD) sign in page. It may result in another reboot and authentication prompt to the user. This feature is rolling out to Windows 10 1909 and 2004/20H2 with August cumulative update and isn't yet available for Windows 11.
 
 ## One-time self-deployment and pre-provisioning
+<!-- 2110 -->
 
 We made a change to the Windows Autopilot self-deployment mode and pre-provisioning mode experience, adding in a step to delete the device record as part of the device reuse process. This change impacts all Windows Autopilot deployments where the Autopilot profile is set to self-deployment or pre-provisioning mode. This change only affects a device when it's reused or reset, and it attempts to redeploy.
 
 For more information, see [Updates to the Windows Autopilot sign-in and deployment experience](https://techcommunity.microsoft.com/t5/intune-customer-success/updates-to-the-windows-autopilot-sign-in-and-deployment/ba-p/2848452)
 
 ## Update to the Windows Autopilot sign-in experience
+<!-- 2110 -->
 
 Users must enter their credentials at initial sign-in during enrollment. We no longer allow pre-population of the Azure Active Directory (Azure AD) user principal name (UPN).
 
 For more information, see [Updates to the Windows Autopilot sign-in and deployment experience](https://techcommunity.microsoft.com/t5/intune-customer-success/updates-to-the-windows-autopilot-sign-in-and-deployment/ba-p/2848452)
 
 ## MFA changes to Windows Autopilot enrollment flow
+<!-- 2109 -->
 
 To improve the baseline security for Azure Active Directory (Azure AD), we changed Azure AD behavior for multi-factor authentication (MFA) during device registration. Previously, if a user completed MFA as part of their device registration, the MFA claim was carried over to the user state after registration was complete.
 
@@ -78,10 +82,6 @@ To enable the diagnostics page, go to the [ESP profile](../intune/enrollment/win
 
 The diagnostics page is currently supported for commercial OOBE, and Autopilot user-driven mode. It's currently available on Windows 11. Windows 10 users can still collect and export diagnostic logs when this setting is enabled in Intune.
 
-## Windows Autopilot for HoloLens 2
-
-Windows Autopilot now enables you to configure HoloLens 2 devices. For more information, see [Windows Autopilot for HoloLens 2](/hololens/hololens2-autopilot).
-
 ## Next steps
 
 [What's new in Microsoft Intune](../intune/fundamentals/whats-new.md)

memdocs/autopilot/windows-autopilot-whats-new.md

@@ -90,17 +90,15 @@
       "feedback_product_url": {
         "configmgr/**/*.md": "https://feedbackportal.microsoft.com/feedback/forum/4669adfc-ee1b-ec11-b6e7-0022481f8472",
         "configmgr/**/*.yml": "https://feedbackportal.microsoft.com/feedback/forum/4669adfc-ee1b-ec11-b6e7-0022481f8472",
-        "intune/**/*.md": "https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472"
-      },
-      "ms.date": {
-        "autopilot/**/*.md": "12/16/2020"
+        "intune/**/*.md": "https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472",
+        "autopilot/**/*.*": "https://feedbackportal.microsoft.com/feedback/forum/ef1d6d38-fd1b-ec11-b6e7-0022481f8472"
       }, 
       "searchScope": {
         "configmgr/**/*.md": ["ConfigMgr"],
         "configmgr/**/*.yml": ["ConfigMgr"],
         "configmgr/core/**/*.md": ["ConfigMgr"],
         "analytics/**/*.md": ["Analytics"],
-        "autopilot/**/*.md": ["Autopilot"]
+        "autopilot/**/*.*": ["Autopilot"]
       },
       "featureFlags": {
         "*.md" : [

memdocs/docfx.json

@@ -88,6 +88,9 @@ During the workflow to create a compliance policy:
 
 5. Complete the compliance policy creation task and assign the policy to devices.
 
+> [!NOTE]  
+> Assignment filters are not currently supported when assigning compliance policies with custom compliance settings.
+
 > [!NOTE]  
 > When a Windows device receives a compliance policy with custom settings, it checks for the presence of [Intune Management Extensions](../apps/intune-management-extension.md). If not found, the device runs an MSI that installs the extensions, enabling the client to download and run PowerShell scripts that are part of a compliance policy, and to upload compliance results. Actions managed by the services include:
 >

memdocs/intune/protect/compliance-use-custom-settings.md

@@ -6,7 +6,7 @@ keywords:
 author: Smritib17
 ms.author: smbhardwaj
 manager: dougeby
-ms.date: 04/14/2021
+ms.date: 08/03/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: remote-actions
@@ -36,15 +36,10 @@ Custom notification messages include a short title and a message body of 500 cha
 
 ### What the notification looks like on an iOS/iPadOS device
 
-If you have the Company Portal app open on an iOS/iPadOS device, the notification resembles the following screenshot:
+If you have the Company Portal app open on an iOS/iPadOS device, and the device is locked, then the  notification resembles the following screenshot:
 
 > [!div class="mx-imgBorder"]
-> ![Company Portal iOS/iPadOS Test notification](./media/custom-notifications/105046-1.png)
-
-If the device is locked, the notification resembles the following screenshot:
-
-> [!div class="mx-imgBorder"]
-> ![Locked Device iOS/iPadOS Test notification](./media/custom-notifications/105046-2.png)
+> ![Locked Device iOS/iPadOS Custom notification](./media/custom-notifications/locked-device-custom-notif.png)
 
 ### What the notification looks like on an Android device
 

memdocs/intune/remote-actions/custom-notifications.md

@@ -51,6 +51,9 @@ Install apps on your device from the Company Portal app for Windows.
     * **App categories**: Select this page in the navigation pane to choose apps based on type or function. Apps are sorted under categories such as **Featured**, **Education**, and **Productivity**.  
     * **Search for apps**: A static search bar sits in the app's navigation pane. To find your available apps, search by app name or publisher.  
 
+   >[!NOTE]
+   >You can select and install multiple apps in bulk. From the **Apps** tab of the Company Portal for Windows, select the multi-select view button on the top right corner of the page. Then, select the checkbox next to each app and select the **Install Selected** button to start installation. All selected apps will install at the same time without requiring you to right-click each app or navigate to each app's page.
+
 3. Select an app.   
 4. On the apps details page, click **Install**. After installation is done, you'll see an **Installed** status.  
 

memdocs/intune/remote-actions/media/custom-notifications/105046-1.png

@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 08/24/2021
+ms.date: 08/03/2022
 ms.topic: conceptual
 ms.service: cloudpc
 ms.subservice:
@@ -60,7 +60,7 @@ For more information on where your data is located, see:
 
 Windows 365 treats both the Cloud PC disk and the data on the VM itself as customer content.
 
-When a user is removed from Windows 365, Windows 365 keeps non-alert personal data for a maximum of 90 days. In passive scenarios, data is kept for a minimum of 90 days and a maximum of 180 days. For security purposes, alert data collected by Microsoft Defender for Endpoint is stored for [180 days if the customer uses Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/data-storage-privacy#what-data-does-microsoft-defender-atp-collect).
+When a user is removed from Windows 365, Windows 365 keeps non-alert personal data for a maximum of 90 days. In passive scenarios, data is kept for a minimum of 90 days and a maximum of 180 days. To access customer data saved in a passive scenario, contact support. For security purposes, alert data collected by Microsoft Defender for Endpoint is stored for [180 days if the customer uses Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/data-storage-privacy#what-data-does-microsoft-defender-atp-collect).
 
 For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview).