Merge branch 'main' into main

.openpublishing.redirection.json

@@ -2774,6 +2774,11 @@
       "source_path": "memdocs/intune/protect/endpoint-security-firewall-rule-tool.md",
       "redirect_url": "/mem/intune/protect/endpoint-security-firewall-policy",
       "redirect_document_id": false
-    }
+    },
+    {
+      "source_path": "windows-365/link/conditional-access-policies-synchronize.md",
+      "redirect_url": "/windows-365/link/conditional-access-policies",
+      "redirect_document_id": false
+    } 
   ]
 }

autopilot/device-preparation/known-issues.md

@@ -8,7 +8,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: jubaptis
 manager: aaroncz
-ms.date: 11/15/2024
+ms.date: 01/06/2025
 ms.collection:
   - M365-modern-desktop
   - highpri
@@ -40,7 +40,21 @@ This article describes known issues that can often be resolved with:
 
 ## Known issues
 
-## Deployments fail when Managed installer policy is enabled for the tenant
+## Exporting logs during the out-of-box experience (OOBE) doesn't show result
+
+Date added: *January 6, 2025*
+
+When a failure occurs during the provisioning process, an **Export logs** option is displayed to the user. When selected, it saves the file to the first USB drive on the device without displaying the browse dialog. The browse dialog isn't displayed for security reasons. Currently, users don't see failure or success messages to indicate the logs were saved. This issue will be fixed in the future.
+
+## Apps and scripts tabs don't display properly when editing the Windows Autopilot device preparation profile
+
+Date added: *December 18, 2024*
+
+During the editing flow of the Windows Autopilot device preparation policy, there's a known issue when displaying the **Applications** and **Scripts** tabs where the tabs might display incorrect information. For example, under the **Scripts** tab, a list of applications might be shown instead of a list of scripts. The issue is impacting only the view in Microsoft Intune and not the configuration being applied to the device. The issue is being investigated.
+
+As a workaround, select the table header **Allowed Applications** or **Allowed Scripts** to reload the table's contents.
+
+## Win32 and WinGet applications are skipped when Managed installer policy is enabled for the tenant
 
 Date added: *October 10, 2024*<br>
 Date updated: *November 15, 2024*

autopilot/self-deploying.md

@@ -61,7 +61,7 @@ Optionally, a [device-only subscription](https://techcommunity.microsoft.com/t5/
 
 > [!NOTE]
 >
-> Intune doesn't automatically configure a primary user when using self-deploying mode in Autopilot to provision a Windows device. Some Intune capabilities rely on a primary user being set on a device. These features include user self-service BitLocker recovery key retrieval and using the Company Portal to install software. Using self-provisioning mode for Autopilot doesn't preclude a licensed user from logging into the device and using features entitled to that user such as conditional access. For more information, see [Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md).
+> Intune doesn't automatically configure a primary user when using self-deploying mode in Autopilot to provision a Windows device. Some Intune capabilities rely on a primary user being set on a device. These features include user self-service BitLocker recovery key retrieval and using the Company Portal to install software. Using self-provisioning mode for Autopilot doesn't preclude a licensed user from logging into the device and using features entitled to that user such as Conditional Access. For more information, see [Windows Autopilot scenarios and capabilities](windows-autopilot-scenarios.md).
 >
 > If desired, a primary user can be manually set after device provisioning via the Intune admin center. For more information, see [Change a devices primary user](/mem/intune/remote-actions/find-primary-user#change-a-devices-primary-user).
 

autopilot/whats-new.md

@@ -8,7 +8,7 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.reviewer: jubaptis
-ms.date: 06/28/2024
+ms.date: 01/06/2024
 ms.collection:
   - M365-modern-desktop
   - tier2
@@ -85,7 +85,7 @@ The 2310 release of Intune adds more clarity to the manual hardware hash upload
 
 Date added: *October 10, 2023*
 
-Starting in 2310, we're making an update to the self-deployment and pre-provisioning modes for manufacturers that have not opted-in to attesting to removal of Autopilot refurbished devices. Customers using these manufacturers were still subjected to the one-time device-based enrollment block in the self-deployment and pre-provisioning modes. This block means that the device could go through self-deployment or pre-provisioning mode once and then get blocked from doing it again. This behavior could cause problems if the device needed to be reset or redeployed. This change in 2310 enables a button in the Autopilot devices section in Intune to manually unblock those devices. This update only works for OEMs that aren't within the [OEM list](https://techcommunity.microsoft.com/t5/intune-customer-success/return-of-key-functionality-for-windows-autopilot-sign-in-and/ba-p/3583130) and doesn't work on the **Fix pending** status.
+Starting in 2310, we're making an update to the self-deployment and pre-provisioning modes for manufacturers that have not opted-in to attesting to removal of Autopilot refurbished devices. Customers using these manufacturers were still subjected to the one-time device-based enrollment block in the self-deployment and pre-provisioning modes. This block means that the device could go through self-deployment or pre-provisioning mode once and then get blocked from doing it again. This behavior could cause problems if the device needed to be reset or redeployed. This change in 2310 enables a button in the Autopilot devices section in Intune to manually unblock those devices. This update only works for certain OEMs and doesn't work on the **Fix pending** status. Reach out to your respective OEM to confirm whether this functionality is enabled for your device.
 
 ### How to unblock devices
 

memdocs/analytics/data-platform-schema.md

@@ -43,7 +43,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -58,7 +58,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -83,7 +83,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -107,7 +107,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -129,7 +129,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -147,7 +147,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 > [!NOTE]
 > This is a parameterized entity where you must pass in the path of the File you want to query. For example, pass in `FileInfo('c:\windows\system32\drivers\etc\hosts') | take 10`. If a directory is passed, it will return info on the files in the directory and sub-directories.
@@ -174,7 +174,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -188,7 +188,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -204,7 +204,7 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -221,8 +221,8 @@ Each table (entity) in this page lists the types of queries that are supported.
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
-Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only supported for Device query, single device on-demand. 
+**Supported for**: single device query on-demand, Inventory.
+Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only supported for single device query on-demand. 
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -237,7 +237,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -256,7 +256,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -287,7 +287,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -311,7 +311,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -329,7 +329,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -349,7 +349,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | ReportId(Key) | string (max 256 characters) | Report ID of the App crash |
 | --- | --- | --- |
@@ -365,7 +365,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |
@@ -386,7 +386,7 @@ Note that PhysicalMemoryFreeBytes and VirtualMemoryFreeBytes properties are only
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 > [!NOTE]
 > When constructing the query, you must specify the log name and look back time, for example: `WindowsEvent(Application, 1d) | take 1`.
@@ -408,7 +408,7 @@ possible value:CRITICAL\_ERROR,ERROR,WARNING,INFORMATION,VERBOSE |
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand, Inventory.
+**Supported for**: single device query on-demand, Inventory.
 
 | Property | Type | Description |
 | --- | --- | --- |
@@ -426,7 +426,7 @@ possible value:CRITICAL\_ERROR,ERROR,WARNING,INFORMATION,VERBOSE |
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 > [!NOTE]
 > You must pass in the registry key you are trying to query. For example, `WindowsRegistry('HKEY_LOCAL_MACHINE\\ServiceLastKnownStatus')`.
@@ -444,7 +444,7 @@ possible value:CRITICAL\_ERROR,ERROR,WARNING,INFORMATION,VERBOSE |
 
 **Supported platforms**: Windows
 
-**Supported for**: Device query, single device on-demand.
+**Supported for**: single device query on-demand.
 
 | **Property** | **Type** | **Description** |
 | --- | --- | --- |

memdocs/analytics/work-from-anywhere.md

@@ -60,7 +60,7 @@ Benefits of each cloud management type:<!--IN7207657-->
 | Manage your clients anywhere | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: | :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
 | View and take action on all Windows PCs from Microsoft Intune admin center| |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
 | Modernize your directory approach with Microsoft Entra ID | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
-|Enhance Zero Trust with conditional access| | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
+|Enhance Zero Trust with Conditional Access| | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
 | Make device provisioning easier by enabling Windows Autopilot |  | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
 | Gain more remote access with Intune | | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| :::image type="content" source="media/green-check.png" border="false" alt-text="Yes."::: |
 | Split PC management workloads between cloud and on-premises | | |:::image type="content" source="media/green-check.png" border="false" alt-text="Yes.":::| |

memdocs/configmgr/apps/deploy-use/create-deploy-scripts.md

@@ -2,7 +2,7 @@
 title: Create and run scripts
 titleSuffix: Configuration Manager
 description: Create and run PowerShell scripts on client devices.
-ms.date: 09/18/2023
+ms.date: 12/16/2024
 ms.subservice: app-mgt
 ms.service: configuration-manager
 ms.topic: conceptual

memdocs/configmgr/apps/deploy-use/deploy-applications.md

@@ -2,7 +2,7 @@
 title: Deploy applications
 titleSuffix: Configuration Manager
 description: Create or simulate a deployment of an application to a device or user collection
-ms.date: 08/02/2021
+ms.date: 12/16/2024
 ms.subservice: app-mgt
 ms.service: configuration-manager
 ms.topic: how-to

memdocs/configmgr/apps/plan-design/plan-for-software-center.md

@@ -31,7 +31,7 @@ Use client settings to configure the appearance and behaviors of Software Center
 
 - Configure which default tabs are visible, and add up to five custom tabs to Software Center.<!--4063773-->
 
-  In Configuration Manager 2103 and earlier, when single sign on with multifactor authentication is used, you may not be able to sign into custom tabs that load a website that's subject to conditional access policies. <!--10436429-->
+  In Configuration Manager 2103 and earlier, when single sign on with multifactor authentication is used, you may not be able to sign into custom tabs that load a website that's subject to Conditional Access policies. <!--10436429-->
 
 - You can configure co-managed devices to use the Company Portal for both Intune and Configuration Manager apps. For more information, see [Use the Company Portal app on co-managed devices](../../comanage/company-portal.md).<!--CMADO-3601237,INADO-4297660-->
 

memdocs/configmgr/cloud-attach/toc.yml

@@ -137,7 +137,7 @@ items:
       href: ../comanage/workloads.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json
     - name: Switch workloads to Intune
       href: ../comanage/how-to-switch-workloads.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json
-    - name: Conditional access
+    - name: Conditional Access
       href: ../comanage/quickstart-conditional-access.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json
     - name: Remote actions from Intune
       href: ../comanage/quickstart-remote-actions.md?toc=/mem/configmgr/cloud-attach/toc.json&bc=/mem/configmgr/cloud-attach/breadcrumb/toc.json

memdocs/configmgr/comanage/coexistence.md

@@ -33,7 +33,7 @@ When the Configuration Manager client detects that a third-party MDM service is
 - Application management, including legacy packages
 - Software update scanning and installation
 - Endpoint protection, the Windows Defender suite of antimalware protection features
-- Compliance policy for conditional access
+- Compliance policy for Conditional Access
 - Device configuration
 - Office Click-to-Run management