From e9055f030d26ff3fd7dfd54b33e005753d606825 Mon Sep 17 00:00:00 2001 From: umair0204 <37415795+umair0204@users.noreply.github.com> Date: Wed, 23 Nov 2022 10:26:01 -0600 Subject: [PATCH 01/17] Update to include the endpoint clients.config.office.net for M365 WsyncMgr fails to sync Office updates if the endpoint is not included in the Proxy/firewall settings. --- .../configmgr/core/plan-design/network/internet-endpoints.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/memdocs/configmgr/core/plan-design/network/internet-endpoints.md b/memdocs/configmgr/core/plan-design/network/internet-endpoints.md index af0052c8e5..9af356b639 100644 --- a/memdocs/configmgr/core/plan-design/network/internet-endpoints.md +++ b/memdocs/configmgr/core/plan-design/network/internet-endpoints.md @@ -182,6 +182,8 @@ If you use Configuration Manager to deploy and update Microsoft 365 Apps for ent - `contentstorage.osi.office.net` to support the evaluation of Office add-in readiness +- `clients.config.office.net` used to retrieve the names of the files needed for a particular Microsoft 365 Apps update. For more information, see [Using the Microsoft 365 Apps file list API](https://learn.microsoft.com/en-us/office/client-developer/shared/manageability-applications-with-the-office-365-click-to-run-installer#using-the-microsoft-365-apps-file-list-api). + Your top-level site server needs access to the following endpoint to download the Microsoft Apps 365 readiness file: - Starting March 2, 2021: `https://omex.cdn.office.net/mirrored/sccmreadiness/SOT_SCCM_AddinReadiness.CAB` From b3916d0b9f92d917fad1e922982d59f62439c8e6 Mon Sep 17 00:00:00 2001 From: Umair Khan <37415795+umair0204@users.noreply.github.com> Date: Thu, 8 Dec 2022 12:43:17 -0600 Subject: [PATCH 02/17] Suggestions looks good, committing Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../configmgr/core/plan-design/network/internet-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/configmgr/core/plan-design/network/internet-endpoints.md b/memdocs/configmgr/core/plan-design/network/internet-endpoints.md index 9af356b639..2dee41108a 100644 --- a/memdocs/configmgr/core/plan-design/network/internet-endpoints.md +++ b/memdocs/configmgr/core/plan-design/network/internet-endpoints.md @@ -182,7 +182,7 @@ If you use Configuration Manager to deploy and update Microsoft 365 Apps for ent - `contentstorage.osi.office.net` to support the evaluation of Office add-in readiness -- `clients.config.office.net` used to retrieve the names of the files needed for a particular Microsoft 365 Apps update. For more information, see [Using the Microsoft 365 Apps file list API](https://learn.microsoft.com/en-us/office/client-developer/shared/manageability-applications-with-the-office-365-click-to-run-installer#using-the-microsoft-365-apps-file-list-api). +- `clients.config.office.net` to retrieve the names of the files needed for a particular Microsoft 365 Apps update. For more information, see [Using the Microsoft 365 Apps file list API](/office/client-developer/shared/manageability-applications-with-the-office-365-click-to-run-installer#using-the-microsoft-365-apps-file-list-api). Your top-level site server needs access to the following endpoint to download the Microsoft Apps 365 readiness file: From 3dfaf5dc6eb8d10bcd4b06556be1666a991c1b72 Mon Sep 17 00:00:00 2001 From: CristianMarin10 <121154443+CristianMarin10@users.noreply.github.com> Date: Thu, 14 Dec 2023 09:11:50 +0200 Subject: [PATCH 03/17] WingetClientAppsUpdate workloads.md Added a little note in the Client Apps section about the new Store applications (winget). Confirmed with Karan Rustagi that indeed, if you wish to use the new Store feature, the workload would have to be switched to Intune. --- memdocs/configmgr/comanage/workloads.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/memdocs/configmgr/comanage/workloads.md b/memdocs/configmgr/comanage/workloads.md index 333d077b10..f9f4a6a2d2 100644 --- a/memdocs/configmgr/comanage/workloads.md +++ b/memdocs/configmgr/comanage/workloads.md @@ -152,6 +152,8 @@ For more information on the Intune feature, see [What is Microsoft Intune app ma When you enable Microsoft Connected Cache on your Configuration Manager distribution points, they can serve Microsoft Intune Win32 apps to co-managed clients. For more information, see [Microsoft Connected Cache in Configuration Manager](../core/plan-design/hierarchy/microsoft-connected-cache.md#support-for-intune-win32-apps). +For example, if you wish to deploy the new Store applications (winget) via Microsoft Intune, you will need to switch this workload. + ## Diagram for app workloads :::image type="content" source="media/co-management-apps.svg" alt-text="Diagram of co-management app workloads." lightbox="media/co-management-apps.svg"::: From e8ac5d8a5c11394fa2c937d6c221f9442f9cd18d Mon Sep 17 00:00:00 2001 From: CristianMarin10 <121154443+CristianMarin10@users.noreply.github.com> Date: Fri, 15 Dec 2023 10:31:22 +0200 Subject: [PATCH 04/17] Update memdocs/configmgr/comanage/workloads.md Committed, thank you for your input, Johan. Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- memdocs/configmgr/comanage/workloads.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/configmgr/comanage/workloads.md b/memdocs/configmgr/comanage/workloads.md index f9f4a6a2d2..996b6a5fe8 100644 --- a/memdocs/configmgr/comanage/workloads.md +++ b/memdocs/configmgr/comanage/workloads.md @@ -152,7 +152,7 @@ For more information on the Intune feature, see [What is Microsoft Intune app ma When you enable Microsoft Connected Cache on your Configuration Manager distribution points, they can serve Microsoft Intune Win32 apps to co-managed clients. For more information, see [Microsoft Connected Cache in Configuration Manager](../core/plan-design/hierarchy/microsoft-connected-cache.md#support-for-intune-win32-apps). -For example, if you wish to deploy the new Store applications (winget) via Microsoft Intune, you will need to switch this workload. +For example, if you wish to deploy the new Store applications (winget) via Microsoft Intune, you need to switch this workload. ## Diagram for app workloads From e27ae01e1b51148a982686466824776a2a702517 Mon Sep 17 00:00:00 2001 From: Jonas Ohmsen <38567823+jonasatgit@users.noreply.github.com> Date: Tue, 7 May 2024 16:18:10 +0200 Subject: [PATCH 05/17] Update accounts.md The sentence: "Managing clients in untrusted domains and cross-forest scenarios allows for multiple network access accounts." does not make any sense under section: "The network access account is still required for the following actions (including eHTTP & PKI scenarios):". Because we also state the following: "If you configure the site for HTTPS or Enhanced HTTP, a workgroup or Microsoft Entra joined client can securely access content from distribution points without the need for a network access account. This behavior includes OS deployment scenarios with a task sequence running from boot media, PXE, or the Software Center." Thats why I copied the sentence to an appropriate place. --- memdocs/configmgr/core/plan-design/hierarchy/accounts.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/memdocs/configmgr/core/plan-design/hierarchy/accounts.md b/memdocs/configmgr/core/plan-design/hierarchy/accounts.md index fa93a8b624..3ec9244770 100644 --- a/memdocs/configmgr/core/plan-design/hierarchy/accounts.md +++ b/memdocs/configmgr/core/plan-design/hierarchy/accounts.md @@ -381,7 +381,11 @@ For more information, see [Use multicast to deploy Windows over the network](../ ### Network access account -Client computers use the **network access account** when they can't use their local computer account to access content on distribution points. It mostly applies to workgroup clients and computers from untrusted domains. This account is also used during OS deployment, when the computer that's installing the OS doesn't yet have a computer account on the domain. +Client computers use the **network access account** when they can't use their local computer account to access content on distribution points. It mostly applies to workgroup clients and computers from untrusted domains. +This account is also used during OS deployment, when the computer that's installing the OS doesn't yet have a computer account on the domain. + +> [!NOTE] +> Managing clients in untrusted domains and cross-forest scenarios allows for multiple network access accounts. > [!IMPORTANT] > The network access account is never used as the security context to run programs, install software updates, or run task sequences. It's used only for accessing resources on the network. @@ -429,7 +433,6 @@ The network access account is still required for the following actions (includin - Task Sequence properties setting to **Run another program first**. This setting runs a package and program from a network share before the task sequence starts. For more information, see [Task sequences properties: Advanced tab](../../../osd/deploy-use/manage-task-sequences-to-automate-tasks.md#advanced-tab). -- Managing clients in untrusted domains and cross-forest scenarios allows for multiple network access accounts. ### Package access account From 8ab399bbf0c718a971e15750aa37cde33a12d3bf Mon Sep 17 00:00:00 2001 From: Xiao Wang <159742628+wangxiaoms@users.noreply.github.com> Date: Wed, 21 Aug 2024 10:20:04 +1000 Subject: [PATCH 06/17] Update app-sdk-ios-phase3.md to clarify that app restart is not required for MAUI app. --- memdocs/intune/developer/app-sdk-ios-phase3.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/memdocs/intune/developer/app-sdk-ios-phase3.md b/memdocs/intune/developer/app-sdk-ios-phase3.md index 99cda664cb..56f2d223a1 100644 --- a/memdocs/intune/developer/app-sdk-ios-phase3.md +++ b/memdocs/intune/developer/app-sdk-ios-phase3.md @@ -413,6 +413,8 @@ The return value of this method tells the SDK if the application must handle the * If false is returned, the SDK will restart the application after this method returns. The SDK immediately shows a dialog box that tells the user to restart the application. +Note for .NET MAUI apps the restart is not required. + ## Exit Criteria After you've either configured the build plugin or integrated the command line tool into your build process, validate that it's running successfully: From 1e31cdbbfada1d951144e95b3b5b78d88f6511c3 Mon Sep 17 00:00:00 2001 From: Marius Dobrescu <80074629+mariusdo@users.noreply.github.com> Date: Wed, 21 Feb 2024 19:20:37 -0800 Subject: [PATCH 07/17] Updated description of security states defined by Security Center. --- .../deploy-use/endpoint-protection-client-faq.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml index 4d7bab8ed4..1d6b9d1314 100644 --- a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml +++ b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml @@ -236,7 +236,18 @@ sections: - Yellow indicates that your computer's status is "potentially unprotected." - Red indicates that your computer's status is "at risk." - + - question: | + Can you describe a little bit what protected, potentially protected or at risk means ? + answer: | + + Depending whether Defender or another antivirus product is being used as primary provider, the general states above represented by a color show the overall asessment of the security state of the device. + In case of security level being satisfactory, a green label will be provided. + + The "potentially unprotected" state is mostly due to settings - not directly impacting detection - not being set to the recommended security level. For example, in Defender case, a quick scan didn't run in a while, or cloud protection is turned off. + In the case of another antivirus, those states are reported via Security Center and could be in basically the following categories - a scan is recommended, settings change is recommended or an update is recomended. + + The "at risk" status represents serious security issues, such as a malware detection, software out of date or antivirus not running at all. In the case of another Antivirus that could mean license has expired. + - question: | How to set up Windows Defender or Endpoint Protection alerts? answer: | From 75a09940783df3ab9430533b5f2aeed6fe5dd2ee Mon Sep 17 00:00:00 2001 From: Larry Mosley <38725311+lamosley@users.noreply.github.com> Date: Mon, 7 Oct 2024 06:23:33 -0400 Subject: [PATCH 08/17] Remove note about CM 2006 CM 2006 and earlier has been out of support for more than 3 years; TP updates are enabled by default now, so we should remove this note. --- .../configmgr/sum/deploy-use/third-party-software-updates.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md b/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md index e04703b5ea..9b1abeef8e 100644 --- a/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md +++ b/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md @@ -20,9 +20,6 @@ ms.collection: tier3 The **Third-Party Software Update Catalogs** node in the Configuration Manager console allows you to subscribe to third-party catalogs, publish their updates to your software update point (SUP), and then deploy them to clients. -> [!Note] -> In version 2006 and earlier, Configuration Manager doesn't enable this feature by default. Before using it, enable the optional feature **Enable third party update support on clients**. For more information, see [Enable optional features from updates](../../core/servers/manage/optional-features.md). - ## Prerequisites - Sufficient disk space on the top-level software update point's `WSUSContent` directory to store the source binary content for third-party software updates. From f88a496eb9f2d6bb16bfd1f7e8c2188bd62b5168 Mon Sep 17 00:00:00 2001 From: Larry Mosley <38725311+lamosley@users.noreply.github.com> Date: Thu, 17 Oct 2024 07:32:29 -0400 Subject: [PATCH 09/17] Correct a small type (Tt -> It) which is confusing to non-native English speakers --- .../core/servers/manage/modify-your-infrastructure.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md b/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md index 28fdf95334..1237771cac 100644 --- a/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md +++ b/memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md @@ -79,7 +79,7 @@ For example, you install the Configuration Manager console from a site server th Each time the Configuration Manager console opens: -- Tt determines the configured language settings for the computer +- It determines the configured language settings for the computer - Verifies whether an associated language pack is available for the Configuration Manager console - Opens the console by using the appropriate language pack @@ -381,4 +381,4 @@ You can modify these values or disable alerts for each site: You may need to uninstall a Configuration Manager site system role, site, or hierarchy. For more information, see [Uninstall roles, sites, and hierarchies](../deploy/install/uninstall-sites-and-hierarchies.md). -Starting in version 2002, you can also remove the CAS from a hierarchy, but keep the primary site. For more information, see [Remove the CAS](../deploy/install/remove-central-administration-site.md). \ No newline at end of file +Starting in version 2002, you can also remove the CAS from a hierarchy, but keep the primary site. For more information, see [Remove the CAS](../deploy/install/remove-central-administration-site.md). From fd9d0799bac0fe47c8d0693d19bfcb4da9b43b76 Mon Sep 17 00:00:00 2001 From: Larry Mosley <38725311+lamosley@users.noreply.github.com> Date: Wed, 23 Oct 2024 16:36:14 -0400 Subject: [PATCH 10/17] Update supported-operating-systems-for-clients-and-devices.md Windows Server IoT 2019 for Storage and Windows Server IoT 2022 for Storage are vendor-specific versions of Windows IoT, and can't be tested. I'm adding explicit entries that they are not supported, but if there is a better way to call this out in the documentation, please suggest. --- .../supported-operating-systems-for-clients-and-devices.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md index c6e78ae976..b70a466efa 100644 --- a/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md +++ b/memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md @@ -67,8 +67,10 @@ For more information, see the following articles: ### Supported server OS versions - **Windows Server 2022**: IoT, Standard, Datacenter (_starting in Configuration Manager version 2107_) + - *Windows Server IoT 2022 for Storage* is not supported -- **Windows Server 2019**: IoT, Standard, Datacenter +- **Windows Server 2019**: IoT, Standard, Datacenter + - *Windows Server IoT 2019 for Storage* is not supported - **Windows Server 2016**: Standard, Datacenter From 086db5787750c6fa4eade40705843e8ab3c3377b Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Mon, 11 Nov 2024 20:31:43 -0800 Subject: [PATCH 11/17] Update endpoint-protection-client-faq.yml removed extra space --- .../protect/deploy-use/endpoint-protection-client-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml index 1d6b9d1314..3ddf66d307 100644 --- a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml +++ b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml @@ -237,7 +237,7 @@ sections: - Red indicates that your computer's status is "at risk." - question: | - Can you describe a little bit what protected, potentially protected or at risk means ? + Can you describe a little bit what protected, potentially protected or at risk means? answer: | Depending whether Defender or another antivirus product is being used as primary provider, the general states above represented by a color show the overall asessment of the security state of the device. From 9014e4a9bd637002d4ebf6261535c99bd8f7e0d9 Mon Sep 17 00:00:00 2001 From: Doug Eby <17034284+dougeby@users.noreply.github.com> Date: Mon, 11 Nov 2024 20:45:28 -0800 Subject: [PATCH 12/17] Update app-sdk-ios-phase3.md --- memdocs/intune/developer/app-sdk-ios-phase3.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/memdocs/intune/developer/app-sdk-ios-phase3.md b/memdocs/intune/developer/app-sdk-ios-phase3.md index 56f2d223a1..ef4b749776 100644 --- a/memdocs/intune/developer/app-sdk-ios-phase3.md +++ b/memdocs/intune/developer/app-sdk-ios-phase3.md @@ -413,7 +413,8 @@ The return value of this method tells the SDK if the application must handle the * If false is returned, the SDK will restart the application after this method returns. The SDK immediately shows a dialog box that tells the user to restart the application. -Note for .NET MAUI apps the restart is not required. +>[!NOTE] +>.NET MAUI apps not note require a restart. ## Exit Criteria From 92a4e382e1f537ba3c8dc98846bb7a3ae414e4ce Mon Sep 17 00:00:00 2001 From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Date: Tue, 12 Nov 2024 10:55:37 +0530 Subject: [PATCH 13/17] Pencil edit --- memdocs/configmgr/core/plan-design/hierarchy/accounts.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/memdocs/configmgr/core/plan-design/hierarchy/accounts.md b/memdocs/configmgr/core/plan-design/hierarchy/accounts.md index b76b4ee52a..9262ede744 100644 --- a/memdocs/configmgr/core/plan-design/hierarchy/accounts.md +++ b/memdocs/configmgr/core/plan-design/hierarchy/accounts.md @@ -364,7 +364,7 @@ The site server uses the **Exchange Server connection account** to connect to th ### Management point connection account -The management point uses the **Management point connection account** to connect to the Configuration Manager site database. It uses this connection to send and retrieve information for clients. The management point uses its computer account by default, but you can configure an alternate service account instead. When the management point is in an untrusted domain from the site server, you must specify a alternate service account. +The management point uses the **Management point connection account** to connect to the Configuration Manager site database. It uses this connection to send and retrieve information for clients. The management point uses its computer account by default, but you can configure an alternate service account instead. When the management point is in an untrusted domain from the site server, you must specify an alternate service account. > [!NOTE] > For enhanced security posture it is recommended to leverage alternate service account rather than Computer account for ‘Management point connection account’. @@ -749,7 +749,7 @@ Configuration Manager grants access to the account used for the reporting servic ## Elevated permissions -Configuration Manager requires some accounts to have elevated permissions for on-going operations. For example, see [Prerequisites for installing a primary site](../../servers/deploy/install/prerequisites-for-installing-sites.md#bkmk_PrereqPri). The following list summarizes these permissions and the reasons why they're needed. +Configuration Manager requires some accounts to have elevated permissions for ongoing operations. For example, see [Prerequisites for installing a primary site](../../servers/deploy/install/prerequisites-for-installing-sites.md#bkmk_PrereqPri). The following list summarizes these permissions and the reasons why they're needed. - The computer account of the primary site server and central administration site server requires: From 7c36d146d164246c7cae8d4bbe6644b92074de13 Mon Sep 17 00:00:00 2001 From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:00:40 +0530 Subject: [PATCH 14/17] Pencil edit --- .../deploy-use/endpoint-protection-client-faq.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml index 3ddf66d307..ce43afab84 100644 --- a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml +++ b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml @@ -24,11 +24,11 @@ sections: - question: | Why do I need antivirus and antispyware software? answer: | - It is critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer any time you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software, can also be programmed to run at unexpected times, not just when it is installed. + It is critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer anytime you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software can also be programmed to run at unexpected times, not just when it is installed. Windows Defender or Endpoint Protection offers three ways to help keep malicious software from infecting your computer: - - **Using real-time protection** - Real-time protection enables Windows Defender to monitor your computer all the time and alert you when malicious software, including viruses, spyware, or other potentially unwanted software attempts to install itself or run on your computer. Windows Defender then suspends the software and enables you to you to follow its recommendation on the software or take an alternative action. + - **Using real-time protection** - Real-time protection enables Windows Defender to monitor your computer all the time and alert you when malicious software, including viruses, spyware, or other potentially unwanted software attempts to install itself or run on your computer. Windows Defender then suspends the software and enables you to follow its recommendation on the software or take an alternative action. - **Scanning options** - You can use Windows Defender to scan for potential threats, such as viruses, spyware, and other malicious software that might put your computer at risk. You can also use it to schedule scans on a regular basis and to remove malicious software that is detected during a scan. @@ -65,7 +65,7 @@ sections: answer: | If Windows Defender detects malicious software or potentially unwanted software on your computer (either when monitoring your computer using real-time protection or after running a scan), it notifies you about the detected item by displaying a notification message in the bottom right-hand corner of your screen. - The notification message includes a **Clean computer** button and a **Show details** link that lets you view additional information about the detected item. Click the **Show details** link to open the **Potential threat details** window to get additional information about the detected item. You can now choose which action to apply to the item, or click **Clean computer**. If you need help determining which action to apply to the detected item, use the alert level that Windows Defender assigned to the item as your guide (for more information see, Understanding alert levels). + The notification message includes a **Clean computer** button and a **Show details** link that lets you view additional information about the detected item. Click the **Show details** link to open the **Potential threat details** window to get additional information about the detected item. You can now choose which action to apply to the item, or click **Clean computer**. If you need help with determining which action to apply to the detected item, use the alert level that Windows Defender assigned to the item as your guide (for more information see, Understanding alert levels). Alert levels help you choose how to respond to viruses, spyware, and other potentially unwanted software. While Windows Defender will recommend that you remove all viruses and spyware, not all software that is flagged is malicious or unwanted. The following information can help you decide what to do if Windows Defender detects potentially unwanted software on your computer. @@ -110,7 +110,7 @@ sections: answer: | Both viruses and spyware are installed on your computer without your knowledge and both have the potential to be intrusive and destructive. They also have the ability to capture information on your computer and damage or delete that information. They both can negatively affect your computer's performance. - The main differences between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it is there. + The main difference between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it is there. - question: | Where do viruses, spyware, and other potentially unwanted software come from? @@ -240,11 +240,11 @@ sections: Can you describe a little bit what protected, potentially protected or at risk means? answer: | - Depending whether Defender or another antivirus product is being used as primary provider, the general states above represented by a color show the overall asessment of the security state of the device. + Depending whether Defender or another antivirus product is being used as primary provider, the general states above represented by a color show the overall assessment of the security state of the device. In case of security level being satisfactory, a green label will be provided. The "potentially unprotected" state is mostly due to settings - not directly impacting detection - not being set to the recommended security level. For example, in Defender case, a quick scan didn't run in a while, or cloud protection is turned off. - In the case of another antivirus, those states are reported via Security Center and could be in basically the following categories - a scan is recommended, settings change is recommended or an update is recomended. + In the case of another antivirus, those states are reported via Security Center and could be in basically the following categories - a scan is recommended, settings change is recommended or an update is recommended. The "at risk" status represents serious security issues, such as a malware detection, software out of date or antivirus not running at all. In the case of another Antivirus that could mean license has expired. From 916821a178af704d3cd000a33b7d6a5244580490 Mon Sep 17 00:00:00 2001 From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:11:05 +0530 Subject: [PATCH 15/17] Pencil edit --- .../endpoint-protection-client-faq.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml index ce43afab84..090f03a43d 100644 --- a/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml +++ b/memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml @@ -24,7 +24,7 @@ sections: - question: | Why do I need antivirus and antispyware software? answer: | - It is critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer anytime you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software can also be programmed to run at unexpected times, not just when it is installed. + It's critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer anytime you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software can also be programmed to run at unexpected times, not just when it's installed. Windows Defender or Endpoint Protection offers three ways to help keep malicious software from infecting your computer: @@ -32,18 +32,18 @@ sections: - **Scanning options** - You can use Windows Defender to scan for potential threats, such as viruses, spyware, and other malicious software that might put your computer at risk. You can also use it to schedule scans on a regular basis and to remove malicious software that is detected during a scan. - - **Microsoft Active Protection Service community** - The online Microsoft Active Protection Service community helps you see how other people respond to software that has not yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do. + - **Microsoft Active Protection Service community** - The online Microsoft Active Protection Service community helps you see how other people respond to software that hasn't yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do. - question: | How can I tell if my computer is infected with malicious software? answer: | You might have some form of malicious software, including viruses, spyware, or other potentially unwanted software, on your computer if: - - You notice new toolbars, links, or favorites that you did not intentionally add to your Web browser. + - You notice new toolbars, links, or favorites that you didn't intentionally add to your Web browser. - Your home page, mouse pointer, or search program changes unexpectedly. - - You type the address for a specific site, such as a search engine, but you are taken to a different Web site without notice. + - You type the address for a specific site, such as a search engine, but you're taken to a different Web site without notice. - Files are automatically deleted from your computer. @@ -110,7 +110,7 @@ sections: answer: | Both viruses and spyware are installed on your computer without your knowledge and both have the potential to be intrusive and destructive. They also have the ability to capture information on your computer and damage or delete that information. They both can negatively affect your computer's performance. - The main difference between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it is there. + The main difference between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it's there. - question: | Where do viruses, spyware, and other potentially unwanted software come from? @@ -125,7 +125,7 @@ sections: - question: | Why is it important to review license agreements before installing software? answer: | - When you visit websites, do not automatically agree to download anything the site offers. If you download free software, such as file sharing programs or screen savers, read the license agreement carefully. Look for clauses that say that you must accept advertising and pop-ups from the company, or that the software will send certain information back to the software publisher. + When you visit websites, don't automatically agree to download anything the site offers. If you download free software, such as file sharing programs or screen savers, read the license agreement carefully. Look for clauses that say that you must accept advertising and pop-ups from the company, or that the software will send certain information back to the software publisher. - question: | Why doesn't Windows Defender detect cookies? @@ -145,12 +145,12 @@ sections: - If you receive an e-mail with an attachment and you're unsure of the source, then you should delete it immediately. Don't download any applications or files from unknown sources, and be careful when trading files with other users. - - Install and use a firewall. It is recommended that you enable Windows Firewall. + - Install and use a firewall. It's recommended that you enable Windows Firewall. - question: | What are virus and spyware definitions? answer: | - When you use Windows Defender or Endpoint Protection, it is important to have up-to-date virus and spyware definitions. Definitions are files that act like an ever-growing encyclopedia of potential software threats. Windows Defender or Endpoint Protection uses definitions to determine if software that it detects is a virus, spyware, or other potentially unwanted software, and then to alert you to potential risks. To help keep your definitions up to date, Windows Defender or Endpoint Protection works with Microsoft Update to install new definitions automatically as they are released. You can also set Windows Defender or Endpoint Protection to check online for updated definitions before scanning. + When you use Windows Defender or Endpoint Protection, it's important to have up-to-date virus and spyware definitions. Definitions are files that act like an ever-growing encyclopedia of potential software threats. Windows Defender or Endpoint Protection uses definitions to determine if software that it detects is a virus, spyware, or other potentially unwanted software, and then to alert you to potential risks. To help keep your definitions up to date, Windows Defender or Endpoint Protection works with Microsoft Update to install new definitions automatically as they're released. You can also set Windows Defender or Endpoint Protection to check online for updated definitions before scanning. - question: | How do I keep virus and spyware definitions up to date? @@ -252,7 +252,7 @@ sections: How to set up Windows Defender or Endpoint Protection alerts? answer: | - When Windows Defender is running on your computer, it automatically alerts you if it detects viruses, spyware, or other potentially unwanted software. You can also set Windows Defender to alert you if you run software that has not yet been analyzed, and you can choose to be alerted when software makes changes to your computer. + When Windows Defender is running on your computer, it automatically alerts you if it detects viruses, spyware, or other potentially unwanted software. You can also set Windows Defender to alert you if you run software that hasn't yet been analyzed, and you can choose to be alerted when software makes changes to your computer. ### To set up alerts From 9bef1dca23bf5a17ff0a6ad7ed2353c6e93ac89c Mon Sep 17 00:00:00 2001 From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:12:43 +0530 Subject: [PATCH 16/17] Pencil edit --- .../configmgr/sum/deploy-use/third-party-software-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md b/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md index fec44d9b94..14a7e2fd71 100644 --- a/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md +++ b/memdocs/configmgr/sum/deploy-use/third-party-software-updates.md @@ -189,7 +189,7 @@ You can edit an existing subscription by selecting **Properties** from the ribbo > Some options are only available for v3 third-party update catalogs, which support categories for updates. These options are disabled for catalogs that aren't published in the v3 format. 1. In the **Third-Party Software Update Catalogs** node, right-click on the catalog and select **Properties** or select **Properties** from the ribbon. -1. You can view the following information from the **General tab**, but not edit the information.: +1. You can view the following information from the **General tab**, but not edit the information: > [!NOTE] > If you need to change any of the information here, you have to add a new custom catalog. > Provided the download URL is unchanged, the existing catalog must be removed before one with the same download URL can be added. From 119a60adb5d9f38bb18d6c4d24337a8ab05b9a3e Mon Sep 17 00:00:00 2001 From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com> Date: Tue, 12 Nov 2024 11:15:01 +0530 Subject: [PATCH 17/17] Pencil edit --- memdocs/intune/developer/app-sdk-ios-phase3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/memdocs/intune/developer/app-sdk-ios-phase3.md b/memdocs/intune/developer/app-sdk-ios-phase3.md index 650ce24d89..6ce79464ba 100644 --- a/memdocs/intune/developer/app-sdk-ios-phase3.md +++ b/memdocs/intune/developer/app-sdk-ios-phase3.md @@ -414,7 +414,7 @@ The return value of this method tells the SDK if the application must handle the * If false is returned, the SDK will restart the application after this method returns. The SDK immediately shows a dialog box that tells the user to restart the application. >[!NOTE] ->.NET MAUI apps not note require a restart. +>.NET MAUI apps do not require a restart. ## Exit Criteria