diff --git a/autopilot/device-preparation/overview.md b/autopilot/device-preparation/overview.md index 387220a75f..c2b9974a45 100644 --- a/autopilot/device-preparation/overview.md +++ b/autopilot/device-preparation/overview.md @@ -8,7 +8,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: overview ms.collection: - M365-modern-desktop @@ -134,7 +134,9 @@ For more information, see [Enrollment time grouping in Microsoft Intune](/mem/in ### Corporate identifiers for Windows -Windows Autopilot device preparation supports the Intune corporate identifier enrollment feature. Corporate identifiers in Intune allows pre-uploading of Windows device identifiers (serial number, manufacturer, model) and ensures only trusted devices go through Windows Autopilot device preparation. Corporate identifiers for Windows is optional for Windows Autopilot device preparation. Corporate identifiers for Windows isn't required for a Windows Autopilot device preparation deployment to work. For more information, see: +Windows Autopilot device preparation supports the Intune corporate identifier enrollment feature. Corporate identifiers in Intune allows pre-uploading of Windows device identifiers (serial number, manufacturer, model) and ensures only trusted devices go through Windows Autopilot device preparation. + +Windows Autopilot device preparation only requires corporate identifiers for Windows if Intune enrollment restrictions are being used to block personal device enrollments. For more information, see: - [Identify devices as corporate-owned](/mem/intune/enrollment/corporate-identifiers-add). - [What are enrollment restrictions?](/mem/intune/enrollment/enrollment-restrictions-set). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md index 05b23e1c34..6dc54bd8cb 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-allow-users-to-join.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 4: [Create a user group](entra-join-user-group.md) - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md index 311d3de172..cbb39fc108 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: > - **Step 5: Assign applications and PowerShell scripts to device group** - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md index 25c5aaa100..3706e673c3 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-automatic-enrollment.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -30,7 +30,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 4: [Create a user group](entra-join-user-group.md) - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md index 8f6d1e4393..6f555aecce 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/28/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: > > - **Step 6: Create Windows Autopilot device preparation policy** -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). @@ -172,11 +172,11 @@ In the **Configuration settings** page: If multiple Windows Autopilot device preparation polices are deployed to a user, the policy with the highest priority as displayed in the **Home** > **Enroll devices | Windows enrollment** > **Device preparation policies** screen gets priority. The policy with the highest priority is higher in the list and has the smallest number under the **Priority** column. To change a policy's priority, move it in the list by dragging the policy within the list. -## Next step: Add Windows corporate identifier to device (optional) +## Next step: Add Windows corporate identifier to device > [!div class="nextstepaction"] -> [Step 7: Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +> [Step 7: Add Windows corporate identifier to device](entra-join-corporate-identifier.md) > [!NOTE] > -> Adding a [corporate identifier](../../overview.md#corporate-identifiers-for-windows) to the device is an optional step. If corporate identifiers aren't being used, then the next step is to deploy the device. +> Windows Autopilot device preparation only requires [corporate identifiers for Windows](../../overview.md#corporate-identifiers-for-windows) if Intune enrollment restrictions are being used to block personal device enrollments. If Intune enrollment restrictions aren't being used to block personal device enrollments, then the next step is to deploy the device. diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md index 90e571ee07..6cb3d4883c 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-device-group.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 11/20/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 4: [Create a user group](entra-join-user-group.md) - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md index 8471217c2d..c252a0062e 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-user-group.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 06/03/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -31,7 +31,7 @@ Windows Autopilot device preparation user-driven Microsoft Entra join steps: - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -- Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +- Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) For an overview of the Windows Autopilot device preparation user-driven Microsoft Entra join workflow, see [Windows Autopilot device preparation user-driven Microsoft Entra join overview](entra-join-workflow.md#workflow). diff --git a/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md b/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md index 5a89517928..5c3b275fe7 100644 --- a/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md +++ b/autopilot/device-preparation/tutorial/user-driven/entra-join-workflow.md @@ -7,7 +7,7 @@ author: frankroj ms.author: frankroj ms.reviewer: jubaptis manager: aaroncz -ms.date: 09/13/2024 +ms.date: 01/14/2025 ms.topic: tutorial ms.collection: - tier1 @@ -83,7 +83,7 @@ The following steps are needed to configure and then perform a Windows Autopilot > - Step 4: [Create a user group](entra-join-user-group.md) > - Step 5: [Assign applications and PowerShell scripts to device group](entra-join-assign-apps-scripts.md) > - Step 6: [Create Windows Autopilot device preparation policy](entra-join-autopilot-policy.md) -> - Step 7: [Add Windows corporate identifier to device (optional)](entra-join-corporate-identifier.md) +> - Step 7: [Add Windows corporate identifier to device](entra-join-corporate-identifier.md) > [!NOTE] > diff --git a/autopilot/toc.yml b/autopilot/toc.yml index 9769e0f9cf..2c652f8e16 100644 --- a/autopilot/toc.yml +++ b/autopilot/toc.yml @@ -43,7 +43,7 @@ items: href: device-preparation/tutorial/user-driven/entra-join-assign-apps-scripts.md - name: Step 6 - Create Windows Autopilot device preparation policy href: device-preparation/tutorial/user-driven/entra-join-autopilot-policy.md - - name: Step 7 - Add Windows corporate identifier to device (optional) + - name: Step 7 - Add Windows corporate identifier to device href: device-preparation/tutorial/user-driven/entra-join-corporate-identifier.md - name: Windows Autopilot diff --git a/memdocs/intune/enrollment/ios-device-enrollment.md b/memdocs/intune/enrollment/ios-device-enrollment.md index ec69bf6aec..b4a5872ed0 100644 --- a/memdocs/intune/enrollment/ios-device-enrollment.md +++ b/memdocs/intune/enrollment/ios-device-enrollment.md @@ -8,7 +8,7 @@ keywords: author: Lenewsad ms.author: lanewsad manager: dougeby -ms.date: 07/16/2024 +ms.date: 01/14/2025 ms.topic: conceptual ms.service: microsoft-intune ms.subservice: enrollment @@ -85,12 +85,14 @@ For more information about how employees and students can access these actions i ## Certificates This enrollment type supports the Automated Certificate Management Environment (ACME) protocol. When new devices enroll, the management profile from Intune receives an ACME certificate. The ACME protocol provides better protection than the SCEP protocol against unauthorized certificate issuance through robust validation mechanisms and automated processes, which helps reduce errors in certificate management. -Devices that are already enrolled do not get an ACME certificate on unless they re-enroll into Microsoft Intune. ACME is supported on devices running: +Devices that are already enrolled do not get an ACME certificate unless they re-enroll into Microsoft Intune. Acme is supported on devices running: - iOS 16.0 or later - iPadOS 16.1 or later +This capability is also supported in [GCC High tenants](../fundamentals/intune-govt-service-description.md). + ## Known issues and limitations Intune enrollment with Apple device enrollment has the following known issues and limitations. diff --git a/memdocs/intune/fundamentals/groups-add.md b/memdocs/intune/fundamentals/groups-add.md index af73b7aedd..aff95a6f32 100644 --- a/memdocs/intune/fundamentals/groups-add.md +++ b/memdocs/intune/fundamentals/groups-add.md @@ -8,7 +8,7 @@ keywords: author: Smritib17 ms.author: smbhardwaj manager: dougeby -ms.date: 11/27/2024 +ms.date: 01/14/2025 ms.topic: how-to #customer intent: As an IT admin, I want to add groups, so that users and devices are organized. ms.service: microsoft-intune @@ -98,6 +98,29 @@ Consider some of the other dynamic user and device groups you can create, such a - Human Resources - All Charlotte employees +## Edit a group + +As an Intune admin, you can edit groups, such as changing the group members, owner, and properties. + +Use the following steps to edit an existing group: + +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Select **Groups** > **All groups** > *select the name of a group to edit*. +3. Under the **Manage** menu group, select an area of the group to edit, such as **Properties**, **Members**, or **Owners**. + +When you add new members, you can choose from **Users**, **Groups**, **Devices**, and **Enterprise applications**. + +## Delete a group + +As an Intune admin, you can delete groups that are no longer needed. + +Use the following steps to delete an existing group: + +1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +2. Select **Groups** > **All groups** > *select the name of a group to delete* > **Delete**. + +To view a list of recently deleted groups, select **Groups** > **Deleted groups**. Note that after deleting a group, the deleted groups list may may take time to update. + ## Device groups You can create **device groups** when you need to run administrative tasks based on the device identity, not the user identity. They're useful for managing devices that don't have dedicated users, such as kiosk devices, devices shared by shift workers, or devices assigned to a specific location. diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md index 415637b30f..3b586d8bc2 100644 --- a/memdocs/intune/fundamentals/whats-new.md +++ b/memdocs/intune/fundamentals/whats-new.md @@ -101,7 +101,7 @@ For more information about customizing the Company Portal and Intune apps, see [ > > *Rollout of this feature is delayed and now expected to be available on or around January 18th, 2025.* -You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you mange as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario. +You can now manage the Microsoft Defender for Endpoint CSP setting for [tamper protection](/windows/client-management/mdm/defender-csp) on unenrolled devices you manage as part of the [Defender for Endpoint security settings management](../protect/mde-security-integration.md#which-solution-should-i-use) scenario. With this support, tamper protection configurations from *Windows Security Experience* profiles for *Antivirus* policies now apply to all devices instead of only to those that are enrolled with Intune. @@ -1066,7 +1066,9 @@ ACME is supported for Apple Device Enrollment, Apple Configurator enrollment, an - iOS 16.0 or later - iPadOS 16.1 or later -- macOS 13.1 or later +- macOS 13.1 or later + +This capability is also supported in [GCC High tenants](../fundamentals/intune-govt-service-description.md). ## Week of July 22, 2024 (Service release 2407) diff --git a/memdocs/intune/includes/mdm-supported-devices.md b/memdocs/intune/includes/mdm-supported-devices.md index ba1c560daf..25600f2fe8 100644 --- a/memdocs/intune/includes/mdm-supported-devices.md +++ b/memdocs/intune/includes/mdm-supported-devices.md @@ -33,7 +33,7 @@ ms.localizationpriority: high - For user-based management methods: Android 10.0 and later - For userless management methods: Android 8.0 and later (including Samsung KNOX Standard 3.0 and higher: [requirements](https://www.samsungknox.com/en/knox-platform/supported-devices/2.4+)) -- Android enterprise +- Android Enterprise: Android 8.0 and later - Android open source project device: [See here for the list of supported devices](../fundamentals/android-os-project-supported-devices.md) [!INCLUDE [android-supported-os](android-supported-os.md)] diff --git a/memdocs/intune/remote-actions/device-locate.md b/memdocs/intune/remote-actions/device-locate.md index 4d7d081bce..e325a91e65 100644 --- a/memdocs/intune/remote-actions/device-locate.md +++ b/memdocs/intune/remote-actions/device-locate.md @@ -69,6 +69,9 @@ You need to enable Windows location services in Windows Out of Box Experience (O - Windows Holographic for Business - Windows Phone +> [!NOTE] +> The locate device capability (excluding the lost device sound alert) is not supported on GCC High environments. + ## Locate a lost or stolen device 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).