Merge branch 'main' into aljupudi-5825705-Windows11update

2025-05-14 14:27:22 +00:00 · 2022-03-25 09:49:53 +05:30 · 2022-03-25 09:49:53 +05:30 · 20dda7b9dc
commit 20dda7b9dc
parent 29efe5f795 a9d07277ed
6 changed files with 25 additions and 14 deletions
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@ -51,8 +51,9 @@ Before you begin the process to add Update Compliance to your Azure subscription

 ## Add Update Compliance to your Azure subscription

-Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
+Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.

+To configure this, follow these steps:
 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to login to your Azure subscription to access this.
 2. Select **Get it now**.
 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
@ -60,6 +61,12 @@ Update Compliance is offered as an Azure Marketplace application which is linked
   - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance.
 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created.

+Once the solution is in place, you can leverage one of the following Azure roles with Update Compliance:
+
+- To edit and write queries we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role.
+
+- To read and only view data we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role.
+
 |Compatible Log Analytics regions |
 | ------------------------------- |
 |Australia Central |
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@ -88,7 +88,7 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C
    - [Prepare the app for Intune](#prepare-the-app-for-intune)
    - [Create app in Intune](#create-app-in-intune)
    - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-  - [Add Office 365](#add-office-365)
+  - [Add Office 365](#add-microsoft-365-apps)
    - [Create app in Intune](#create-app-in-intune)
    - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
 - [Glossary](#glossary)
@ -508,7 +508,7 @@ Select **Next** to continue with the **Out-of-box experience (OOBE)** settings:
 | Privacy Settings | Hide |
 | Hide change account options | Hide |
 | User account type | Standard |
-| Allow White Glove OOBE | No |
+| Allow pre-provisioned deployment | No |
 | Language (Region) | Operating system default |
 | Automatically configure keyboard | Yes |
 | Apply device name template | No |
@ -814,9 +814,9 @@ At this point, you have completed steps to add a Win32 app to Intune.

 For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](/intune/apps-win32-app-management).

-### Add Office 365
+### Add Microsoft 365 Apps

-#### Create app in Intune
+#### Create app in Microsoft Endpoint Manager

 Log in to the Azure portal and select **Intune**.

@ -824,7 +824,7 @@ Go to **Intune > Clients apps > Apps**, and then select the **Add** button to cr

 ![Create app step 1.](images/app17.png)

-Under **App Type**, select **Office 365 Suite > Windows 10**:
+Under **App Type**, select **Microsoft 365 Apps > Windows 10 and later**:

 ![Create app step 2.](images/app18.png)

--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
-ms.date: 09/23/2021
+ms.date: 03/22/2022
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@ -29,6 +29,9 @@ The credentials are placed in Credential Manager as a "\*Session" credential.
 A "\*Session" credential implies that it is valid for the current user session.
 The credentials are also cleaned up when the WiFi or VPN connection is disconnected.

+> [!NOTE]
+> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager.
+
 For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it.
 For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).

--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@ -16,6 +16,7 @@ ms.collection:
  - M365-security-compliance
  - highpri
 ms.topic: conceptual
+adobe-target: true
 ---

 # Trusted Platform Module Technology Overview
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ b/windows/security/information-protection/windows-information-protection/wip-learning.md
@ -9,9 +9,9 @@ ms.mktglfcycl:
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: cabailey
-ms.author: cabailey
-manager: laurawi
+author: aczechowski
+ms.author: aaroncz
+manager: dougeby
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
@ -33,7 +33,7 @@ In the **Website learning report**, you can view a summary of the devices that h

 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).

-1. Click **Client apps** > **App protection status** > **Reports**.
+1. Select **Apps** > **Monitor** > **App protection status** > **Reports**.

   ![Image showing the UI path to the WIP report.](images/access-wip-learning-report.png) 

--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
@ -14,7 +14,7 @@ author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: dansimp
 manager: dansimp
-ms.date: 11/29/2021
+ms.date: 03/22/2022
 ms.technology: windows-sec
 ---

@ -26,7 +26,7 @@ In this article we explain:

 1. File Rule Precedence Order
 2. Adding Allow Rules
-3. Singe Policy Considerations
+3. Single Policy Considerations
 4. Multiple Policy Considerations
 5. Best Practices
 6. Tutorial