Merge pull request #7885 from MicrosoftDocs/main

Publish 06/27/2022, 10:30 AM

Author: v-dihans

memdocs/configmgr/core/understand/introduction.md

@@ -5,6 +5,7 @@ description: Learn the basics of Microsoft Endpoint Configuration Manager.
 ms.date: 11/29/2019
 ms.prod: configuration-manager
 ms.technology: configmgr-core
+ms.custom: intro-overview
 ms.topic: overview
 author: aczechowski
 ms.author: aaroncz
@@ -106,4 +107,4 @@ When you're familiar with the basic concepts, use this documentation library to
 - [Features and capabilities of Configuration Manager](../plan-design/changes/features-and-capabilities.md)  
 - [Choose a device management solution](../plan-design/choose-a-device-management-solution.md)  
 - [Evaluate Configuration Manager by building your own lab environment](../get-started/set-up-your-lab.md)
-- [Find help for using Configuration Manager](find-help.md)
+- [Find help for using Configuration Manager](find-help.md)

memdocs/configmgr/index.yml

@@ -4,9 +4,11 @@ summary: "Official product documentation for the following components of Microso
 metadata:
    ms.topic: hub-page
    ms.prod: configuration-manager
+   ms.technology: configmgr-core
    ms.localizationpriority: high
    ms.date: 11/10/2021
    ms.collection: highpri
+   ms.custom: intro-overview
 
 highlightedContent: 
   items: 

memdocs/endpoint-manager-getting-started.md

@@ -23,7 +23,9 @@ ms.reviewer: dougeby
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
-ms.custom: get-started
+ms.custom: 
+  - get-started
+  - intro-get-started
 ms.collection:
   - M365-identity-device-management
   - highpri

memdocs/endpoint-manager-overview.md

@@ -12,7 +12,6 @@ ms.topic: overview
 ms.service: mem
 ms.subservice: fundamentals
 ms.localizationpriority: high
-ms.technology:
 ms.assetid: 
 
 # optional metadata
@@ -23,7 +22,9 @@ ms.reviewer: dougeby
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
-ms.custom: get-started
+ms.custom: 
+  - get-started
+  - intro-overview
 ms.collection:
   - M365-identity-device-management
   - highpri

memdocs/index.yml

@@ -12,6 +12,7 @@ metadata:
   ms.date: 05/24/2022
   ms.localizationpriority: high
   ms.collection: highpri
+  ms.custom: intro-hub-or-landing
 
 highlightedContent:
   items:

memdocs/intune/fundamentals/what-is-intune.md

@@ -12,7 +12,9 @@ ms.topic: overview
 ms.service: microsoft-intune
 ms.subservice: fundamentals
 ms.localizationpriority: high
-
+ms.custom: 
+  - intro-overview
+  - get-started
 # optional metadata
 
 #ROBOTS:
@@ -22,7 +24,6 @@ ms.reviewer: pmay
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
-ms.custom: get-started
 ms.collection: 
   - M365-identity-device-management
   - highpri

memdocs/intune/index.yml

@@ -11,6 +11,7 @@ metadata:
   manager: johmar
   ms.date: 11/10/2021
   ms.collection: highpri
+  ms.custom: intro-hub-or-landing
 
 highlightedContent:
   items:

memdocs/intune/protect/compliance-use-custom-settings.md

@@ -42,9 +42,9 @@ Before you can add custom settings to a policy, you’ll need to prepare the Pow
 
 - The PowerShell script runs on a device to discover and report on the settings defined in the JSON. You upload scripts to the Microsoft Endpoint Manager admin center before you create a policy, and then select a single script when configuring the policy. The policy assigns the script to the device at the time the policy is evaluated. Each compliance policy supports a single script, and each script can detect multiple settings.
 
-- The JSON file defines the settings you want to base your custom compliance on, and the acceptable values for those settings. You can also configure messages for device users for how to restore compliance for each setting. You’ll upload the file when you create a compliance policy that will include custom compliance settings.
+- The JSON file defines the settings you want to base your custom compliance on, and the acceptable values for those settings. You can also configure messages for users to tell them how to restore compliance for each setting. You will upload the file when you create a compliance policy that includes custom compliance settings.
 
-After you’ve deployed custom compliance settings and devices have reported back, you’ll be able to view the results alongside the built-in compliance setting details in the Microsoft Endpoint Manager admin center.  Custom compliance settings will be used for conditional access decisions, the same way built-in compliance settings are.  Together they form a compound rule set, equally affecting the device compliance state.
+After you’ve deployed custom compliance settings and devices have reported back, you will be able to view the results alongside the built-in compliance setting details in the Microsoft Endpoint Manager admin center.  Custom compliance settings can be used for conditional access decisions, the same way built-in compliance settings are.  Together they form a compound rule set, equally affecting the device compliance state.
 
 ## Prerequisites
 
@@ -54,11 +54,11 @@ After you’ve deployed custom compliance settings and devices have reported bac
 
   Devices that are not Azure AD joined or are not hybrid Azure AD-joined are evaluated as not applicable.
 
-- **PowerShell discovery script** - This is a script that you create that runs on a device to discover the custom settings defined in your JSON file and returns the configuration value of those settings to Intune. You’ll upload your script to the Microsoft Endpoint Manager admin center before you create a compliance policy and then select the script you want to use when creating a policy.
+- **PowerShell discovery script** - This is a script that you create that runs on a device to discover the custom settings defined in your JSON file and returns the configuration value of those settings to Intune. You need to upload your script to the Microsoft Endpoint Manager admin center before you create a compliance policy and then select the script you want to use when creating a policy.
 
   To create a custom compliance script, see [Custom PowerShell scripts for discovery](../protect/compliance-custom-script.md).
 
-- **JSON file** - The  JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting. You’ll upload your JSON file while creating a compliance policy, just after you select a discovery script for that policy.
+- **JSON file** - The  JSON file defines the custom settings and the value that is to be considered as compliant and can contain messages for users on how to restore the device to compliance for the setting. You upload your JSON file while creating a compliance policy, just after you select a discovery script for that policy.
 
   To create a JSON file for compliance, see [Custom compliance JSON files](../protect/compliance-custom-json.md)
 
@@ -74,7 +74,7 @@ Before starting:
 
 ### Configure custom compliance settings
 
-During the workflow to create a compliance policy, on the *Compliance settings* page:
+During the workflow to create a compliance policy:
 
 1. On the *Compliance settings* page, expand the *Custom Compliance* category.
 
@@ -94,8 +94,8 @@ During the workflow to create a compliance policy, on the *Compliance settings*
 > - Checking for new or updated PowerShell scripts every eight hours.
 > - Running the discovery scripts every eight hours.
 > - Running scripts that download when a user selects Check Compliance on the device. However, there is no check for new or updated scripts when Check Compliance is run.
-> - Don't support push notifications to enable custom compliance to run on demand.
->
+> 
+> It is not possible to push notifications to a device to enable custom compliance to run on demand.
 
 ## Monitor custom compliance policy
 
@@ -122,7 +122,7 @@ Refresh the current view. If the issue persists, cancel the policy creation flow
 
 ### After fixing an issue on a device, subsequent syncs don’t identify the issue as resolved and compliant
 
-It can take up to eight hours before a noncompliant status for a device update to show compliance.
+It can take up to eight hours before a noncompliant status shows as compliant after a change to the device.
 
 ### Can a user manually check for compliance after fixing an issue on a device in order to identify if the issue is resolved and compliant? 
 

memdocs/intune/protect/microsoft-tunnel-monitor.md

@@ -5,7 +5,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 08/23/2021
+ms.date: 06/23/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -164,7 +164,7 @@ Microsoft Tunnel logs information to the Linux server logs in the *syslog* forma
 
 Command line examples for *journalctl*:
 
-- To view information for only the tunnel server, run `journalctl -t ocserv`. 
+- To view information for only the tunnel server, run `journalctl -t ocserv`.
 - To view information for all log options, you can run `journalctl -t ocserv -t ocserv-access -t mstunnel-agent -t mstunnel_monitor`.
 - Add `-f` to the command to display an active and continuing view of the log file. For example, to actively monitor ongoing processes for Microsoft Tunnel, run `journalctl -t mstunnel_monitor -f`.
 
@@ -173,8 +173,22 @@ More options for *journalctl*:
 - `journalctl -h` – Display command help for *journalctl*.
 - `man journalctl` – Display additional information.
 - `man journalctl.conf` Display information on configuration
-For more information about *journalctl*, see the documentation for the version of Linux that you use.  
-<!-- Pending ocserv-access -->
+For more information about *journalctl*, see the documentation for the version of Linux that you use.
+
+## Known issues
+
+The following are known issues for Microsoft Tunnel.
+
+### Devices fail to connect to the Tunnel server
+
+**Issue**: Devices fail to connect to the server, and the Tunnel server *ocserv* log file contains an entry similar to the following: `main: tun.c:655: Can't open /dev/net/tun: Operation not permitted`
+
+For guidance on viewing Tunnel logs, see [View Microsoft Tunnel logs](#view-microsoft-tunnel-logs) in this article.
+
+**Workaround**: Restart the server using `mst-cli server restart` after the Linux server reboots.
+
+If this issue persists, consider automating the restart command by using the cron scheduling utility. See [How to use cron on Linux](https://opensource.com/article/21/7/cron-linux) at *opensource.com*. 
+
 
 ## Next steps