Merge pull request #6206 from MicrosoftDocs/main

Taojunshen · web-flow · commit f506516a4a5d · 2021-11-24T07:22:38.000+08:00
11/23/2021 PM Publish
diff --git a/memdocs/configmgr/core/clients/manage/collections/manage-collections.md b/memdocs/configmgr/core/clients/manage/collections/manage-collections.md
@@ -181,7 +181,7 @@ When you view properties for a collection, you can view and configure the follow
 
 - **Distribution Point Groups**: Associate one or more distribution point groups to members of the selected collection. For more information, see [Manage content and content infrastructure](../../../servers/deploy/configure/manage-content-and-content-infrastructure.md).
 
-- **Cloud Sync**: Synchronize collection membership results to Azure Active Directory groups. This synchronization is a [pre-release feature](../../../servers/manage/pre-release-features.md). For more information, see [Create collections](create-collections.md#bkmk_aadcollsync).
+- **Cloud Sync**: Synchronize collection membership results to Azure Active Directory groups. For more information, see [Create collections](create-collections.md#bkmk_aadcollsync).
 
     Starting in version 2006, you can also make this collection available to assign endpoint security policies when you tenant-attach the site. For more information, see [Tenant attach: Onboard Configuration Manager clients to Microsoft Defender for Endpoint from the admin center](../../../../tenant-attach/atp-onboard.md).
 
diff --git a/memdocs/intune/protect/advanced-threat-protection-configure.md b/memdocs/intune/protect/advanced-threat-protection-configure.md
@@ -57,7 +57,7 @@ You only need to enable Microsoft Defender for Endpoint a single time per tenant
    :::image type="content" source="./media/advanced-threat-protection-configure/atp-device-compliance-open-microsoft-defender.png" alt-text="Screen shot that shows the patch to open the Microsoft Defender Security Center.":::
 
 3. In **Microsoft Defender Security Center**:
-   1. Select **Settings** > **Advanced features**.
+   1. Select **Settings** > **Endpoints** >**Advanced features**.
    2. For **Microsoft Intune connection**, choose **On**:
 
       :::image type="content" source="./media/advanced-threat-protection-configure/atp-security-center-intune-toggle.png" alt-text="Screen shot of the Microsoft Intune connection setting.":::
diff --git a/memdocs/intune/protect/mde-security-integration.md b/memdocs/intune/protect/mde-security-integration.md
@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 11/18/2021
+ms.date: 11/22/2021
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -170,6 +170,9 @@ To support MDE security configuration management through the Microsoft Endpoint
 
 Microsoft Defender for Endpoint supports several options to onboard devices. For current guidance, see [Onboarding tools and methods for Windows devices](/microsoft-365/security/defender-endpoint/security-config-management?view=o365-worldwide&preserve-view=true) in the Defender for Endpoint documentation.
 
+> [!IMPORTANT]
+> After a device onboards with Microsoft Defender for Endpoint, it must and be tagged with **MDE-Management** before it can enroll with Security Management for Microsoft Defender for Endpoint. For more information on device tagging in MDE, see [*Create and manage device tags*](/microsoft-365/security/defender-endpoint/machine-tags?view=o365-worldwide&viewFallbackFrom=o365-worldwide).
+
 Devices that you manage with Intune are not supported for this scenario.
 
 ## Create Azure AD Groups
diff --git a/memdocs/intune/protect/microsoft-tunnel-prerequisites.md b/memdocs/intune/protect/microsoft-tunnel-prerequisites.md
@@ -5,7 +5,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 10/19/2021
+ms.date: 11/23/2021
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -235,6 +235,17 @@ The following details can help you configure an internal proxy when using RHEL 8
 
       In this example, port 3128 is now associated with both *http_port-t* and *squid_port_t*. That result is expected. If your proxy port isn't listed when running the *sudo semanage port -l | grep "your_proxy_port"* command, then run the command to modify the port again, but the **-m** in the *semanage* command with **-a**: `sudo semanage port -a -t http_port_t -p tcp “your proxy port”`
 
+### Update the proxy server in use by the tunnel server
+
+To change the proxy server configuration that is in use by the Linux host of the tunnel server, use the following procedure:
+
+1. On the tunnel server, edit */etc/mstunnel/env.sh* and specify the new proxy server.
+2. Run `mst-cli install`.
+
+   This command rebuilds the containers with the new proxy server details. During this process you’re asked to verify the contents of */etc/mstunnel/env.h* and to make sure that the certificate is installed. The certificate should already be present from the previous proxy server configuration.
+
+   To confirm both and complete the configuration, enter **yes**.
+
 ## Platforms
 
 Devices must be enrolled to Intune to be supported with Microsoft Tunnel. Only the following device platforms are supported:
