MicrosoftDocs
diff --git a/‎memdocs/intune/configuration/device-firmware-configuration-interface-windows.md‎
Lines changed: 6 additions & 5 deletions b/‎memdocs/intune/configuration/device-firmware-configuration-interface-windows.md‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎memdocs/intune/configuration/device-profile-assign.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/intune/configuration/device-profile-assign.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎memdocs/intune/configuration/device-profile-create.md‎
Lines changed: 11 additions & 10 deletions b/‎memdocs/intune/configuration/device-profile-create.md‎
Lines changed: 11 additions & 10 deletions
diff --git a/‎memdocs/intune/configuration/device-profile-troubleshoot.md‎
Lines changed: 6 additions & 6 deletions b/‎memdocs/intune/configuration/device-profile-troubleshoot.md‎
Lines changed: 6 additions & 6 deletions
@@ -2,12 +2,12 @@
 # required metadata
 
 title: Update Windows BIOS features using MDM policies in Microsoft Intune
-description: Add a Device Firmware Configuration Interface (DFCI) profile to manage UEFI settings, such as the CPU, built-in hardware, and boot options on Windows 10 devices in Microsoft Intune.
+description: Add a Device Firmware Configuration Interface (DFCI) profile to manage UEFI settings, such as the CPU, built-in hardware, and boot options on Windows 10/11 client devices in Microsoft Intune.
 keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 01/29/2021
+ms.date: 01/18/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -19,7 +19,7 @@ ms.technology:
 #ROBOTS:
 #audience:
 
-ms.reviewer: dagerrit
+ms.reviewer: mikedano
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
@@ -37,9 +37,10 @@ In Intune, use this feature to control BIOS settings. Typically, firmware is mor
 
 This feature applies to:
 
+- Windows 11 on supported UEFI
 - Windows 10 RS5 (1809) and later on supported UEFI
 
-For example, you use Windows 10 devices in a secure environment, and want to disable the camera. You can disable the camera at the firmware-layer, so it doesn't matter what the end user does. Reinstalling the OS or wiping the computer won't turn the camera back on. In another example, lock down the boot options to prevent users from booting up another OS, or an older version of Windows that doesn't have the same security features.
+For example, you use Windows client devices in a secure environment, and want to disable the camera. You can disable the camera at the firmware-layer, so it doesn't matter what the end user does. Reinstalling the OS or wiping the computer won't turn the camera back on. In another example, lock down the boot options to prevent users from booting up another OS, or an older version of Windows that doesn't have the same security features.
 
 When you reinstall an older Windows version, install a separate OS, or format the hard drive, you can't override DFCI management. This feature can prevent malware from communicating with OS processes, including elevated OS processes. DFCI's trust chain uses public key cryptography, and doesn't depend on local UEFI (BIOS) password security. This layer of security blocks local users from accessing managed settings from the device's UEFI (BIOS) menus.
 
@@ -60,7 +61,7 @@ When you reinstall an older Windows version, install a separate OS, or format th
 Autopilot deployment profiles are assigned to Azure AD security groups. Be sure to create groups that include your DFCI-supported devices. For DFCI devices, most organization may create device groups, instead of user groups. Consider the following scenarios:
 
 - Human Resources (HR) has different Windows devices. For security reasons, you don't want anyone in this group to use the camera on the devices. In this scenario, you can create an HR security users group so the policy applies to users in the HR group, whatever the device type.
-- On the manufacturing floor, you have 10 devices. On all devices, you want to prevent booting the devices from a USB device. In this scenario, you can create a security devices group, and add these 10 devices to the group.
+- On the manufacturing floor, you have ten devices. On all devices, you want to prevent booting the devices from a USB device. In this scenario, you can create a security devices group, and add these ten devices to the group.
 
 For more information on creating groups in Intune, see [Add groups to organize users and devices](../fundamentals/groups-add.md).
 
 
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 07/07/2021
+ms.date: 01/18/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -68,7 +68,7 @@ When you create or update a profile, you can also add scope tags and applicabili
 
 **Scope tags** are a great way to filter profiles to specific groups, such as `US-NC IT Team` or `JohnGlenn_ITDepartment`. [Use RBAC and scope tags for distributed IT](../fundamentals/scope-tags.md) has more information.
 
-On Windows 10 devices, you can add **applicability rules** so the profile only applies to a specific OS version or a specific Windows edition. [Applicability rules](device-profile-create.md#applicability-rules) has more information.
+On Windows 10/11 devices, you can add **applicability rules** so the profile only applies to a specific OS version or a specific Windows edition. [Applicability rules](device-profile-create.md#applicability-rules) has more information.
 
 ## User groups vs. device groups
 
 
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 02/17/2021
+ms.date: 01/18/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -34,15 +34,15 @@ ms.collection:
 
 Device profiles allow you to add and configure settings, and then push these settings to devices in your organization. You have some options when creating policies:
 
-- **Administrative templates**: On Windows 10 and later devices, these templates are ADMX settings that you configure. If you're familiar with ADMX policies or group policy objects (GPO), then using administrative templates is a natural step to Microsoft Intune and Endpoint Manager.
+- **Administrative templates**: On Windows 10/11 devices, these templates are ADMX settings that you configure. If you're familiar with ADMX policies or group policy objects (GPO), then using administrative templates is a natural step to Microsoft Intune and Endpoint Manager.
 
   For more information, see [Administrative Templates](administrative-templates-windows.md)
 
-- **Baselines**: On Windows 10 and later devices, these baselines include preconfigured security settings. If you want to create security policy using recommendations by Microsoft security teams, then security baselines are for you.
+- **Baselines**: On Windows 10/11 devices, these baselines include preconfigured security settings. If you want to create security policy using recommendations by Microsoft security teams, then security baselines are for you.
 
   For more information, see [Security baselines](../protect/security-baselines.md).
 
-- **Settings catalog**: On Windows 10 and later devices, use the settings catalog to see all the available settings, and in one location. For example, you can see all the settings that apply to BitLocker, and create a policy that just focuses on BitLocker. On macOS devices, use the settings catalog to configure Microsoft Edge version 77 and settings. 
+- **Settings catalog**: On Windows 10/11 devices, use the settings catalog to see all the available settings, and in one location. For example, you can see all the settings that apply to BitLocker, and create a policy that just focuses on BitLocker. On macOS devices, use the settings catalog to configure Microsoft Edge version 77 and settings. 
 
   For more information, see [Settings catalog](settings-catalog.md).
 
@@ -59,7 +59,7 @@ This article:
 
 - Lists the steps to create a profile.
 - Shows you how to add a scope tag to "filter" your policies.
-- Describes applicability rules on Windows 10 devices, and shows you how to create a rule.
+- Describes applicability rules on Windows client devices, and shows you how to create a rule.
 - Lists the check-in refresh cycle times when devices receive profiles and any profile updates.
 
 ## Create the profile
@@ -134,9 +134,10 @@ For more information about scope tags, and what you can do, see [Use RBAC and sc
 
 Applies to:
 
-- Windows 10 and later
+- Windows 11
+- Windows 10
 
-Applicability rules allow administrators to target devices in a group that meet specific criteria. For example, you create a device restrictions profile that applies to the **All Windows 10 devices** group. And, you only want the profile assigned to devices running Windows 10 Enterprise.
+Applicability rules allow administrators to target devices in a group that meet specific criteria. For example, you create a device restrictions profile that applies to the **All Windows 10/11 devices** group. And, you only want the profile assigned to devices running Windows Enterprise.
 
 To do this task, create an **applicability rule**. These rules are great for the following scenarios:
 
@@ -174,12 +175,12 @@ When you assign the profile to the groups, the applicability rules act as a filt
 
 3. In **Property**, choose your filter. Your options: 
 
-    - **OS edition**: In the list, check the Windows 10 editions you want to include (or exclude) in your rule.
-    - **OS version**: Enter the **min** and **max** Windows 10 version numbers of you want to include (or exclude) in your rule. Both values are required.
+    - **OS edition**: In the list, check the Windows client editions you want to include (or exclude) in your rule.
+    - **OS version**: Enter the **min** and **max** Windows client version numbers of you want to include (or exclude) in your rule. Both values are required.
 
       For example, you can enter `10.0.16299.0` (RS3 or 1709) for minimum version and `10.0.17134.0` (RS4 or 1803) for maximum version. Or, you can be more granular and enter `10.0.16299.001` for minimum version and `10.0.17134.319` for maximum version.
 
-      For more version numbers, see [Windows 10 release information](/windows/release-health/release-information).
+      For more version numbers, see [Windows client release information](/windows/release-health/release-information).
 
 4. Select **Add** to save your changes.
 
 
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 11/29/2021
+ms.date: 01/18/2022
 ms.topic: troubleshooting
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -45,7 +45,7 @@ If a device doesn't check in to get the policy or profile after the first notifi
 | iOS/iPadOS | About every 8 hours |
 | macOS | About every 8 hours |
 | Android | About every 8 hours |
-| Windows 10 PCs enrolled as devices | About every 8 hours |
+| Windows 10/11 PCs enrolled as devices | About every 8 hours |
 | Windows Phone | About every 8 hours |
 | Windows 8.1 | About every 8 hours |
 
@@ -56,7 +56,7 @@ If devices recently enroll, then the compliance, non-compliance, and configurati
 | iOS/iPadOS | Every 15 minutes for 1 hour, and then around every 8 hours |  
 | macOS | Every 15 minutes for 1 hour, and then around every 8 hours | 
 | Android | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours | 
-| Windows 10 PCs enrolled as devices | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours | 
+| Windows 10/11 PCs enrolled as devices | Every 3 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours | 
 | Windows Phone | Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours | 
 | Windows 8.1 | Every 5 minutes for 15 minutes, then every 15 minutes for 2 hours, and then around every 8 hours | 
 
@@ -118,11 +118,11 @@ When you delete a profile, or remove a device from a group that's assigned the p
 
 ## I changed a device restriction profile, but the changes haven't taken effect
 
-To apply a less restrictive profile, some devices, such as Android, iOS/iPadOS, and Windows 10, may need to be retired and re-enrolled in to Intune.
+To apply a less restrictive profile, some devices, such as Android, iOS/iPadOS, and Windows client, may need to be retired and re-enrolled in to Intune.
 
-## Some settings in a Windows 10 profile return "Not Applicable"
+## Some settings in a Windows 10/11 profile return "Not Applicable"
 
-Some settings on Windows 10 devices may show as "Not Applicable". When this situation happens, that specific setting isn't supported on the Windows version or edition running on the device. This message can occur for the following reasons:
+Some settings on Windows client devices may show as "Not Applicable". When this situation happens, that specific setting isn't supported on the Windows version or edition running on the device. This message can occur for the following reasons:
 
 - The setting is only available for newer versions of Windows, and not the current operating system (OS) version on the device.
 - The setting is only available for specific Windows editions or specific SKUs, such as Home, Professional, Enterprise, and Education.