Merge branch 'release-cm2201-tp' of https://github.com/MicrosoftDocs/memdocs-pr into cz-release-cm2201-tp

Author: aczechowski

memdocs/analytics/enroll-configmgr.md

@@ -33,10 +33,7 @@ Before you start this tutorial, make sure you have the following prerequisites:
 
 ### Licensing Prerequisites
 
-Endpoint analytics is included in the following plans:
-
-- [Enterprise Mobility + Security E3](https://www.microsoftvolumelicensing.com/ProductResults.aspx?doc=Product%20Terms,OST&fid=51) or higher
-- [Microsoft 365 Enterprise E3](https://www.microsoft.com/en-us/microsoft-365/enterprise?rtc=1) or higher.
+Devices enrolled in Endpoint analytics need a valid license for the use of Microsoft Endpoint Manager. For more information, see [Microsoft Intune licensing](../intune/fundamentals/licenses.md) or [Microsoft Endpoint Configuration Manager licensing](../configmgr/core/understand/learn-more-editions.md).
 
 ## Endpoint analytics permissions
 

memdocs/analytics/enroll-intune.md

@@ -43,10 +43,7 @@ To enroll devices to Endpoint analytics, they need to send required functional d
 
 ### Licensing Prerequisites
 
-Endpoint analytics is included in the following plans:
-
-- [Enterprise Mobility + Security E3](https://www.microsoftvolumelicensing.com/ProductResults.aspx?doc=Product%20Terms,OST&fid=51) or higher
-- [Microsoft 365 Enterprise E3](https://www.microsoft.com/en-us/microsoft-365/enterprise?rtc=1) or higher.
+Devices enrolled in Endpoint analytics need a valid license for the use of Microsoft Endpoint Manager. For more information, see [Microsoft Intune licensing](../intune/fundamentals/licenses.md) or [Microsoft Endpoint Configuration Manager licensing](../configmgr/core/understand/learn-more-editions.md).
 
 ### Endpoint analytics permissions
 

memdocs/configmgr/core/get-started/2022/technical-preview-2201.md

@@ -34,6 +34,14 @@ The following sections describe the new features to try out in this version:
 [!INCLUDE [9070525](includes/2201/9070525.md)]
 [!INCLUDE [9495651](includes/2201/9495651.md)]
 [!INCLUDE [10024154](includes/2201/10024154.md)]
+[!INCLUDE [10454717](includes/2201/10454717.md)]
+[!INCLUDE [11754191](includes/2201/11754191.md)]
+[!INCLUDE [12451634](includes/2201/12451634.md)]
+[!INCLUDE [12486335](includes/2201/12486335.md)]
+[!INCLUDE [12487076](includes/2201/12487076.md)]
+[!INCLUDE [12558856](includes/2201/12558856.md)]
+[!INCLUDE [12707738](includes/2201/12707738.md)]
+[!INCLUDE [12769623](includes/2201/12769623.md)]
 
 <!-- ## General known issues  -->
 

memdocs/configmgr/core/get-started/technical-preview.md

@@ -121,7 +121,7 @@ bullet format:
 
 The following features are available with the most recent Configuration Manager technical preview version:
 
-### Technical preview version 2112
+### Technical preview version 2201
 <!-- all items are in 2111 CB -->
 
 - [3601042](2022/technical-preview-2201.md) <!--3601042-->

memdocs/configmgr/hotfix/2010/5001600.md

@@ -16,6 +16,12 @@ ms.localizationpriority: medium
 *Applies to: Configuration Manager (current branch, versions 1910 - 2010)*
 
 ## Summary of KB5001600
+> [!NOTE]
+> This update is replaced by the following newer version effective January 21, 2022
+>
+> [KB 12819689 Connected cache update for Microsoft Endpoint Configuration Manager version 2111](../../hotfix/2111/12819689.md)
+>
+
 Due to content delivery network changes, the Microsoft Connected Cache (MCC) server component installation fails when enabled for distribution points *after* **March 5, 2021**.
 This component is enabled by selecting the **Enable this distribution point to be used as Microsoft Connected Cache server** option in a distribution point's properties. 
 After March 5, 2021, once enabled, the component will retry installation three times before stopping. 

memdocs/configmgr/hotfix/2111/12709700.md

@@ -69,7 +69,7 @@ The following major components are updated to the versions specified:
 
 |Component |Version |
 |---|---|
-| Site | 5.00.9060.1000 |
+| Full Version | 5.00.9068.1008 |
 | Configuration Manager console | 5.2111.1052.1700 |
 | Client | 5.00.9068.1008 |
 

memdocs/configmgr/hotfix/2111/12819689.md

@@ -0,0 +1,63 @@
+---
+title: Connected cache update for Microsoft Endpoint Configuration Manager version 2111
+titleSuffix: Configuration Manager
+description: Console update for 2111
+ms.date: 1/21/2022
+ms.prod: configuration-manager
+ms.technology: configmgr-core
+ms.topic: reference
+ms.assetid: 41afa274-7561-4c0e-80af-2d0fe01699ef
+author: bhuney
+ms.author: brianhun
+manager: dougeby
+---
+
+# Connected cache update for Microsoft Endpoint Configuration Manager version 2111
+
+*Applies to: Configuration Manager (current branch, version 2111)*
+## Summary of KB12819689
+
+An update is available to resolve the following issue with Configuration Manager current branch, version 2111.
+
+- The Microsoft Connected Cache (MCC) feature is not used as expected for Win32 apps deployed through Microsoft Intune in a co-managed environment.
+Review of the IntuneManagementExtension.log file shows an internet-based **DownloadURL** value. 
+The MCC component is enabled by selecting the **Enable this distribution point to be used as Microsoft Connected Cache server** option in a distribution point's properties.
+ 
+
+## Update information for Microsoft Endpoint Configuration Manager, version 2111
+The following hotfix to resolve this problem is available for download from the Microsoft Download Center:
+
+[Download this hotfix now](https://download.microsoft.com/download/a/3/a/a3af1ea3-79ba-4600-8953-c2a4b6b8b970/DoincInstall.exe).
+
+After you download this hotfix, refer to the following installation instructions.
+
+## Installation instructions
+1. Confirm there is not currently an installation of the MCC component in progress. This is done by checking for status message **9522**, generated by the `SMS_DISTRIBUTION_MANAGER` component. The 9522 message indicates that installation is no longer being retried.
+2. Copy the new version of `DoincInstall.exe`, version **1.5.5.9002**, to the `{SMSInstallDir}\bin\x64` folder on all site servers, including the Central Administration Site (CAS) if present, and any passive sites.
+3. Uncheck the **Enable this distribution point to be used as Microsoft Connected Cache server** option in the affected distribution point’s properties.
+4. Wait for the uninstall of MCC to complete on the distribution point. This can be confirmed by looking for a **9152** success status message, combined with the following entry in `distmgr.log`.
+   ```text
+   Finished waiting for DoincInstall. InvocationState: UninstallCompleted. InvocationExitCode: 0. InvocationMessage: .
+   ```
+5. Recheck the **Enable this distribution point to be used as Microsoft Connected Cache server** option for the affected distribution point.
+
+   > [!TIP]
+   > For sites with a large number of distribution points, replace steps 4 - 5 above with the following.
+   > - Create an empty file named `resetdps.trn` and place it in the `{SMSInstallDir}\inboxes\distmgr.box` folder. This will reinstall all distribution points for that site using the latest version of `DoincInstall.exe` copied in step 3. above. 
+
+## Prerequisites
+To apply this hotfix, you must be using Microsoft Endpoint Configuration Manager, versions 1910 through versions 2111.
+
+## Restart information
+You don't have to restart the computer after you apply this hotfix. 
+
+## Hotfix replacement information
+This hotfix replaces the following previously released hotfix.
+
+[KB5001600 Microsoft Connected Cache component fails to install on Configuration Manager current branch](../../hotfix/2010/5001600.md)
+
+## File information
+File information is available in the downloadable [KB12819689_FileList.txt](https://aka.ms/KB12819689_FileList) text file.
+
+## Release history
+- January 21, 2022: Initial hotfix release

memdocs/configmgr/hotfix/TOC.yml

@@ -9,6 +9,8 @@ items:
     href: 2111/12709700.md
   - name: KB 12959506 Client update for Configuration Manager 2111
     href: 2111/12959506.md
+  - name: KB 12819689 Connected cache update for Microsoft Endpoint Configuration Manager version 2111
+    href: 2111/12819689.md
 - name: Version 2107
   items:
   - name: KB 10096997 Summary of changes in 2107

memdocs/intune/apps/app-configuration-policies-outlook.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 01/10/2022
+ms.date: 01/12/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -35,16 +35,18 @@ The Outlook for iOS and Android app is designed to enable users in your organiza
 The richest and broadest protection capabilities for Microsoft 365 data are available when you subscribe to the Enterprise Mobility + Security suite, which includes Microsoft Intune and Azure Active Directory Premium features, such as conditional access. At a minimum, you will want to deploy a conditional access policy that allows connectivity to Outlook for iOS and Android from mobile devices and an Intune app protection policy that ensures the collaboration experience is protected.
 
 ## Apply Conditional Access
-Organizations can use use Azure AD Conditional Access policies to ensure that users can only access work or school content using Outlook for iOS and Android. To do this, you will need a conditional access policy that targets all potential users.
+Organizations can use use Azure AD Conditional Access policies to ensure that users can only access work or school content using Outlook for iOS and Android. To do this, you will need a conditional access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
 
-1. Follow the steps in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection). This policy allows Outlook for iOS and Android, but blocks OAuth and basic authentication capable Exchange ActiveSync clients from connecting to Exchange Online.
+1. Follow the steps in [Require approved client apps or app protection policy with mobile devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices). This policy allows Outlook for iOS and Android, but blocks OAuth and basic authentication capable Exchange ActiveSync mobile clients from connecting to Exchange Online.
 
     > [!NOTE]
     > This policy ensures mobile users can access all Microsoft 365 endpoints using the applicable apps.
 
-   The above policy leverages the grant access control [Require app protection policy](/azure/active-directory/active-directory-conditional-access-technical-reference), which ensures that an Intune App Protection Policy is applied to the associated account within Outlook for iOS and Android prior to granting access. If the user isn't assigned to an Intune App Protection Policy, isn't licensed for Intune, or the app isn't included in the Intune App Protection Policy, then the policy prevents the user from obtaining an access token and gaining access to messaging data.
+2. Follow the steps in [Block Exchange ActiveSync on all devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#block-exchange-activesync-on-all-devices), which prevents Exchange ActiveSync clients using basic authentication on non-mobile devices from connecting to Exchange Online.
 
-2. Follow the steps in [How to: Block legacy authentication to Azure AD with Conditional Access](/azure/active-directory/conditional-access/block-legacy-authentication) to block legacy authentication for other Exchange protocols on iOS and Android devices; this policy should target only Microsoft Exchange Online cloud app and iOS and Android device platforms. This ensures mobile apps using Exchange Web Services, IMAP4, or POP3 protocols with basic authentication cannot connect to Exchange Online.
+   The above policies leverage the grant access control [Require app protection policy](/azure/active-directory/active-directory-conditional-access-technical-reference), which ensures that an Intune App Protection Policy is applied to the associated account within Outlook for iOS and Android prior to granting access. If the user isn't assigned to an Intune App Protection Policy, isn't licensed for Intune, or the app isn't included in the Intune App Protection Policy, then the policy prevents the user from obtaining an access token and gaining access to messaging data.
+
+3. Follow the steps in [How to: Block legacy authentication to Azure AD with Conditional Access](/azure/active-directory/conditional-access/block-legacy-authentication) to block legacy authentication for other Exchange protocols on iOS and Android devices; this policy should target only Microsoft Exchange Online cloud app and iOS and Android device platforms. This ensures mobile apps using Exchange Web Services, IMAP4, or POP3 protocols with basic authentication cannot connect to Exchange Online.
 
 > [!NOTE]
 > To leverage app-based conditional access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).