Merge branch 'main' into patch-24

windows/deployment/update/update-compliance-get-started.md

@@ -51,8 +51,9 @@ Before you begin the process to add Update Compliance to your Azure subscription
 
 ## Add Update Compliance to your Azure subscription
 
-Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
+Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.
 
+To configure this, follow these steps:
 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to login to your Azure subscription to access this.
 2. Select **Get it now**.
 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
@@ -60,6 +61,12 @@ Update Compliance is offered as an Azure Marketplace application which is linked
    - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance.
 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created.
 
+Once the solution is in place, you can leverage one of the following Azure roles with Update Compliance:
+
+- To edit and write queries we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role.
+
+- To read and only view data we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role.
+
 |Compatible Log Analytics regions |
 | ------------------------------- |
 |Australia Central |

windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md

@@ -88,7 +88,7 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C
     - [Prepare the app for Intune](#prepare-the-app-for-intune)
     - [Create app in Intune](#create-app-in-intune)
     - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-  - [Add Office 365](#add-office-365)
+  - [Add Office 365](#add-microsoft-365-apps)
     - [Create app in Intune](#create-app-in-intune)
     - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
 - [Glossary](#glossary)
@@ -508,7 +508,7 @@ Select **Next** to continue with the **Out-of-box experience (OOBE)** settings:
 | Privacy Settings | Hide |
 | Hide change account options | Hide |
 | User account type | Standard |
-| Allow White Glove OOBE | No |
+| Allow pre-provisioned deployment | No |
 | Language (Region) | Operating system default |
 | Automatically configure keyboard | Yes |
 | Apply device name template | No |
@@ -814,9 +814,9 @@ At this point, you have completed steps to add a Win32 app to Intune.
 
 For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](/intune/apps-win32-app-management).
 
-### Add Office 365
+### Add Microsoft 365 Apps
 
-#### Create app in Intune
+#### Create app in Microsoft Endpoint Manager
 
 Log in to the Azure portal and select **Intune**.
 
@@ -824,7 +824,7 @@ Go to **Intune > Clients apps > Apps**, and then select the **Add** button to cr
 
 ![Create app step 1.](images/app17.png)
 
-Under **App Type**, select **Office 365 Suite > Windows 10**:
+Under **App Type**, select **Microsoft 365 Apps > Windows 10 and later**:
 
 ![Create app step 2.](images/app18.png)
 

windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: dansimp
-ms.date: 09/23/2021
+ms.date: 03/22/2022
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -29,6 +29,9 @@ The credentials are placed in Credential Manager as a "\*Session" credential.
 A "\*Session" credential implies that it is valid for the current user session.
 The credentials are also cleaned up when the WiFi or VPN connection is disconnected.
 
+> [!NOTE]
+> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager.
+
 For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it.
 For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).
 
@@ -93,4 +96,4 @@ Domain controllers must have appropriate KDC certificates for the client to trus
 Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication.
 This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server.
 
-For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382).
+For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382).

windows/security/information-protection/tpm/trusted-platform-module-overview.md

@@ -16,6 +16,7 @@ ms.collection:
   - M365-security-compliance
   - highpri
 ms.topic: conceptual
+adobe-target: true
 ---
 
 # Trusted Platform Module Technology Overview

windows/security/information-protection/windows-information-protection/wip-learning.md

@@ -9,9 +9,9 @@ ms.mktglfcycl:
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: cabailey
-ms.author: cabailey
-manager: laurawi
+author: aczechowski
+ms.author: aaroncz
+manager: dougeby
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
@@ -33,7 +33,7 @@ In the **Website learning report**, you can view a summary of the devices that h
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-1. Click **Client apps** > **App protection status** > **Reports**.
+1. Select **Apps** > **Monitor** > **App protection status** > **Reports**.
 
    ![Image showing the UI path to the WIP report.](images/access-wip-learning-report.png) 
 

windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md

@@ -14,7 +14,7 @@ author: jgeurten
 ms.reviewer: jsuther1974
 ms.author: dansimp
 manager: dansimp
-ms.date: 11/29/2021
+ms.date: 03/22/2022
 ms.technology: windows-sec
 ---
 
@@ -26,7 +26,7 @@ In this article we explain:
 
 1. File Rule Precedence Order
 2. Adding Allow Rules
-3. Singe Policy Considerations
+3. Single Policy Considerations
 4. Multiple Policy Considerations
 5. Best Practices
 6. Tutorial