Merge branch 'main' into patch-134

Author: Erikre

memdocs/autopilot/autopilot-mbr.md

@@ -180,10 +180,6 @@ To reregister an Autopilot device from Intune, an IT Admin would:
 2. Navigate to Device enrollment > Windows enrollment > Devices > Import.
 3. Click the **Import** button to upload a csv file containing the device ID of the device to be reregistered. The device ID was the 4K HH captured by the PowerShell script or OA3 tool described previously in this document.
 
-The following video provides a good overview of how to (re)register devices via MSfB.<br>
-
-> [!VIDEO https://www.youtube.com/embed/IpLIZU_j7Z0]
-
 ### Reregister from MPC
 
 To reregister an Autopilot device from MPC, an OEM or CSP would:

memdocs/autopilot/enrollment-autopilot.md

@@ -52,13 +52,12 @@ ms.collection:
 
     - **Group type**: Select **Security**.
     - **Group name** and **Group description**: Enter a name and description for your group.
-    - **Azure AD roles can be assigned to the group**: **Yes** allows Azure AD roles to be assigned to the group you're creating. Once set, the group is permanently and always allowed to be assigned Azure AD roles. When set to **No**, Azure AD roles aren't assigned to this group.
+    - **Azure AD roles can be assigned to the group**: Select **No**, Azure AD roles aren't assigned to this group.
 
       For more information, see [Use cloud groups to manage role assignments in Azure AD](/azure/active-directory/roles/groups-concept).
 
-    - **Membership type**: Choose how devices become members of this group. Select **Assigned**, **Dynamic user**, or **Dynamic Device**. For more information, see [Add groups to organize users and devices](../intune/fundamentals/groups-add.md).
+    - **Membership type**: Choose how devices become members of this group. Select **Dynamic Device**. For more information, see [Add groups to organize users and devices](../intune/fundamentals/groups-add.md).
     - **Owners**: Select users that own the group. Owners can also delete this group.
-    - **Members**: Select Autopilot devices that belong to this group. Autopilot devices that aren't enrolled show the serial number for the device name.
     - **Dynamic device members**: Select **Add dynamic query** > **Add expression**.
 
       Create rules using Autopilot device attributes. Autopilot devices that meet these rules are automatically added to the group. Creating an expression using non-autopilot attributes doesn't guarantee that devices included in the group are registered to Autopilot.

memdocs/autopilot/existing-devices.md

@@ -85,7 +85,7 @@ If you want, you can set up an [enrollment status page](enrollment-status.md) (E
     Make sure the user account you specify has sufficient administrative rights.
 
     ```powershell
-    Connect-MSGraphApp
+    Connect-MSGraph
     ```
 
     Windows requests the user and password for your account with a standard Azure AD form. Type your username and password, and then select **Sign in**.

memdocs/autopilot/networking-requirements.md

@@ -13,7 +13,7 @@ author: aczechowski
 ms.author: aaroncz
 ms.reviewer: jubaptis
 manager: dougeby
-ms.date: 08/23/2021
+ms.date: 08/23/2022
 ms.collection:
   - M365-modern-desktop
   - highpri
@@ -132,7 +132,7 @@ Some of these services will also need to check certificate revocation lists (CRL
 
 The device can be hybrid Azure AD joined. The computer should be on the internal network for hybrid Azure AD join to work. For more information, see [Windows Autopilot user-driven mode](user-driven.md#user-driven-mode-for-hybrid-azure-ad-join).
 
-### <a name="tpm"></a> Autopilot self-Deploying mode and Autopilot pre-provisioning
+### <a name="tpm"></a> Autopilot self-deploying mode and Autopilot pre-provisioning
 
 The TPM attestation process requires access to a set of HTTPS URLs, which are unique for each TPM provider. Ensure access to this URL pattern: `*.microsoftaik.azure.net`.
 

memdocs/autopilot/self-deploying.md

@@ -71,7 +71,7 @@ Optionally, you can use a [device-only subscription](https://techcommunity.micro
 Self-deploying mode uses a device's TPM 2.0 hardware to authenticate the device into an organization's Azure AD tenant. Therefore, devices without TPM 2.0 can't be used with this mode. Devices must also support TPM device attestation. All new Windows devices should meet these requirements. The TPM attestation process also requires access to a set of HTTPS URLs that are unique for each TPM provider. For more information, see the entry for Autopilot self-Deploying mode and Autopilot pre-provisioning in [Networking requirements](networking-requirements.md#tpm). For Windows Autopilot software requirements, see [Windows Autopilot software requirements](./software-requirements.md).
 
 > [!IMPORTANT]
-> If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported). Also note that Windows 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. Since Windows 10 Enterprise 2019 LTSC is based on Windows 10 version 1809, self-deploying mode is also not supported on Windows 10 Enterprise 2019 LTSC.
+> If you attempt a self-deploying mode deployment on a device that does not have support TPM 2.0 or on a virtual machine, the process will fail when verifying the device with an 0x800705B4 timeout error (Hyper-V virtual TPMs are not supported). Also note that Windows 10, version 1903 or later is required to use self-deploying mode due to issues with TPM device attestation in Windows 10, version 1809. 
 >
 > See [Windows Autopilot known issues](known-issues.md) and [Troubleshoot Autopilot device import and enrollment](troubleshoot-device-enrollment.md) to review other known errors and solutions.
 

memdocs/autopilot/windows-autopilot-whats-new.md

@@ -17,10 +17,14 @@ ms.topic: article
 
 # Windows Autopilot: What's new
 
+## Updates to Autopilot device targeting infrastructure
+
+With Intune 2208 we are updating the Autopilot infrastructure to ensure that the profiles and applications assigned are consistently ready when the devices are deployed. This change reduces the amount of data that needs to be synchronized per-Autopilot device and leverages device lifecycle change events to reduce the amount of time that it takes to recover from device resets for Azure AD and Hybrid Azure AD joined devices. No action is needed to enable this change, it will be rolling out to all clients starting August 2022.
+
 ## Update Intune Connector for Active Directory for Hybrid Azure AD joined devices
 <!-- 2209 -->
 
-Starting in September 2022, the Intune Connector for Active Directory (ODJ connector) will require .NET Framework version 4.7.2 or later. If you're not already using .NET 4.7.2 or later, the Intune Connector may not work for Autopilot hybrid Azure AD deployments and will result in failures. When you install a new Intune Connector, don't use the connector installation package that was previously downloaded. Download a new version from the **Intune Connector for Active Directory** section of the Microsoft Endpoint Manager admin center. If you're not using the latest version, it may continue to work, but the auto-upgrade feature to provide updates to the Intune Connector won't work.
+Starting in September 2022, the Intune Connector for Active Directory (ODJ connector) will require .NET Framework version 4.7.2 or later. If you're not already using .NET 4.7.2 or later, the Intune Connector may not work for Autopilot hybrid Azure AD deployments and will result in failures. When you install a new Intune Connector, don't use the connector installation package that was previously downloaded. Before you install a new connector, update the .NET Framework to version 4.7.2 or later. Download a new version from the **Intune Connector for Active Directory** section of the Microsoft Endpoint Manager admin center. If you're not using the latest version, it may continue to work, but the auto-upgrade feature to provide updates to the Intune Connector won't work.
 
 ## Enroll to co-management from Windows Autopilot
 <!-- 11300628 -->

memdocs/cloud-native-windows-endpoints.md

@@ -274,7 +274,6 @@ Your cloud-native endpoint will need some applications. To get started, we recom
 
   - Select **configuration designer** for the settings format, as opposed to XML.
   - Select **Current Channel** for the update channel.
-  - Ensure that you de-select (uncheck) the option for **OneDrive (Groove)** as this app is the legacy OneDrive. Because OneDrive is included with Windows, it isn't mandatory to install it. Remove other applications you don't want installed by unchecking them.
 
   To deploy Microsoft 365 Apps, go to [Add Microsoft 365 apps to Windows devices using Microsoft Intune](./intune/apps/apps-add-office365.md)
 

memdocs/configmgr/apps/deploy-use/app-approval.md

@@ -2,13 +2,13 @@
 title: Approve applications
 titleSuffix: Configuration Manager
 description: Learn about the settings and behaviors for application approval in Configuration Manager.
-ms.date: 12/01/2021
+ms.date: 08/12/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-app
 ms.topic: conceptual
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: baladelli
+ms.author: baladell
+manager: apoorvseth
 ms.localizationpriority: medium
 ---
 
@@ -125,8 +125,8 @@ With these additional optional prerequisites, recipients can approve or deny the
 
 - Set up a [cloud management gateway](../../core/clients/manage/cmg/overview.md).
 
-    > [!NOTE]
-    > This scenario currently doesn't support CMG deployments with a virtual machine scale set.
+  > [!NOTE]
+  > This scenario doesn't support CMG deployments with a virtual machine scale set until Configuration Manager version 2207 or later is installed.
 
 - Onboard the site to [Azure services](../../core/servers/deploy/configure/azure-services-wizard.md) for **Cloud Management**.
 

memdocs/configmgr/compliance/deploy-use/create-custom-configuration-items-for-windows-desktop-and-server-computers-managed-with-the-client.md

@@ -2,7 +2,7 @@
 title: Create custom configuration items
 titleSuffix: Configuration Manager
 description: Manage settings for Windows computers and servers with a custom configuration item for Windows desktops and servers
-ms.date: 03/10/2022
+ms.date: 08/12/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-compliance
 ms.topic: conceptual
@@ -227,8 +227,8 @@ The value returned by the script is used to assess the compliance of the global
 - **Run scripts by using the logged on user credentials**: If you enable this option, the script runs on client computers that use the credentials of the signed-in user.  
 
 > [!IMPORTANT]
-> When using a signed PowerShell script, ensure you select **Open**.  You can't use copy and paste for a signed script. <!--8538617-->
-
+> - When using a signed PowerShell script, ensure you select **Open**.  You can't use copy and paste for a signed script. <!--8538617-->
+> - Starting in 2207, you can define a **Script Execution Timeout (seconds)** when configuring [client settings](../../core/clients/deploy/about-client-settings.md#compliance-settings) for compliance settings. <!--14120481-->
 
 ### <a name="bkmk_sql"></a> SQL query
 

memdocs/configmgr/core/TOC.yml

@@ -87,6 +87,8 @@ items:
       href: plan-design/changes/features-and-capabilities.md
     - name: What's new in incremental versions
       href: plan-design/changes/whats-new-incremental-versions.md
+    - name: What's new in version 2207
+      href: plan-design/changes/whats-new-in-version-2207.md
     - name: What's new in version 2203
       href: plan-design/changes/whats-new-in-version-2203.md
     - name: What's new in version 2111
@@ -95,8 +97,6 @@ items:
       href: plan-design/changes/whats-new-in-version-2107.md
     - name: What's new in version 2103
       href: plan-design/changes/whats-new-in-version-2103.md
-    - name: What's new in version 2010
-      href: plan-design/changes/whats-new-in-version-2010.md
     - name: What's changed from Configuration Manager 2012
       href: plan-design/changes/what-has-changed-from-configuration-manager-2012.md
     - name: Removed and deprecated
@@ -225,6 +225,8 @@ items:
       items:
         - name: Overview of levels
           href: plan-design/diagnostics/levels-overview.md
+        - name: Data for version 2207
+          href: plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2207.md
         - name: Data for version 2203
           href: plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2203.md          
         - name: Data for version 2111
@@ -233,9 +235,7 @@ items:
           href: plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2107.md
         - name: Data for version 2103
           href: plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2103.md
-        - name: Data for version 2010
-          href: plan-design/diagnostics/levels-of-diagnostic-usage-data-collection-2010.md
-    - name: Configuration Manager tools
+        - name: Configuration Manager tools
       href: plan-design/diagnostics/tools.md
     - name: Frequently asked questions (FAQ)
       href: plan-design/diagnostics/frequently-asked-questions.yml
@@ -573,6 +573,8 @@ items:
       href: servers/manage/use-the-update-registration-tool-to-import-hotfixes.md
     - name: Use the hotfix installer
       href: servers/manage/use-the-hotfix-installer-to-install-updates.md
+    - name: Checklist for installing update 2207
+      href: servers/manage/checklist-for-installing-update-2207.md
     - name: Checklist for installing update 2203
       href: servers/manage/checklist-for-installing-update-2203.md
     - name: Checklist for installing update 2111
@@ -581,8 +583,6 @@ items:
       href: servers/manage/checklist-for-installing-update-2107.md
     - name: Checklist for installing update 2103
       href: servers/manage/checklist-for-installing-update-2103.md
-    - name: Checklist for installing update 2010
-      href: servers/manage/checklist-for-installing-update-2010.md
     - name: Support for current branch versions
       href: servers/manage/current-branch-versions-supported.md
   - name: Backup and recovery