Merge pull request #19198 from MicrosoftDocs/main

[AutoPublish] main to live - 11/21 13:30 PST | 11/22 03:00 IST

Author: Ruchika-mittal01

intune/agents/change-review-agent.md

@@ -73,10 +73,10 @@ The agent analyzes these signals to assess the potential risk associated with ea
 :::row-end:::
 <!-- end plugin -->
 
-<!-- start platform ../../media/icons/admin-center/devices.svg  -->
+<!-- start platform ../../media/icons/16/devices.svg  -->
 :::row:::
 :::column span="1":::
-:::image type="icon" source="../media/icons/admin-center/devices.svg" border="false"::: **Platform requirements and scenarios**
+:::image type="icon" source="../media/icons/16/devices.svg" border="false"::: **Platform requirements and scenarios**
 :::column-end:::
 :::column span="3":::
 > The agent supports evaluation and recommendations for the following platforms and scenarios:
@@ -99,12 +99,12 @@ The agent analyzes these signals to assess the potential risk associated with ea
 >
 > To **enable and configure** the Change Review Agent, use an account with the following roles:
 >
-> :::image type="icon" source="../media/icons/admin-center/entra.svg" border="false"::: Entra roles:
+> :::image type="icon" source="../media/icons/16/entra.svg" border="false"::: Entra roles:
 > - [*Intune Administrator*](/entra/identity/role-based-access-control/permissions-reference#intune-administrator)
 > - [*Security Reader*](/entra/identity/role-based-access-control/permissions-reference#security-reader)
 > - *Entra/Identity risky user (read)* - This permission maps to the Unified RBAC permission *Security posture / Identity risk / Risky users (read)*.
 >
-> :::image type="icon" source="../media/icons/admin-center/defender.svg" border="false"::: Defender roles - Defender role-based access control (RBAC) roles depend on your Defender XDR implementation:
+> :::image type="icon" source="../media/icons/16/defender.svg" border="false"::: Defender roles - Defender role-based access control (RBAC) roles depend on your Defender XDR implementation:
 > - [*Unified RBAC*](/defender-xdr/manage-rbac): Assign the Microsoft Entra ID Security Reader to the agent's identity account. This role provides read-only access to Defender Vulnerability Management data and automatically enforces device group scoping.
 > - [*Granular RBAC*](/defender-endpoint/rbac): Assign a custom RBAC role with permissions equivalent to the Unified RBAC Security Reader role. For example: 
 >   - *View data – Defender Vulnerability Management* - This permission maps to the Unified RBAC permission *Security posture / Posture management / Vulnerability management (read)*.
@@ -113,23 +113,23 @@ The agent analyzes these signals to assess the potential risk associated with ea
 >
 >    Ensure the agent's identity is scoped in Microsoft Defender to include all relevant device groups. The agent can't access or report on devices outside its assigned scope.
 >
-> :::image type="icon" source="../media/icons/admin-center/copilot.svg" border="false"::: Security Copilot roles:
+> :::image type="icon" source="../media/icons/16/copilot.svg" border="false"::: Security Copilot roles:
 > - [Copilot owner](/copilot/security/authentication#security-copilot-roles) 
 >
 > ---
 >
 > To **use** the agent and perform offboarding actions, use an account with the following roles:
 >
-> :::image type="icon" source="../media/icons/admin-center/intune.svg" border="false"::: Intune roles:
+> :::image type="icon" source="../media/icons/16/intune.svg" border="false"::: Intune roles:
 > - [Read Only Operator](/intune/intune-service/fundamentals/role-based-access-control#built-in-roles) or [custom role](/intune/intune-service/fundamentals/role-based-access-control#custom-roles) with equivalent permissions.
 >
-> :::image type="icon" source="../media/icons/admin-center/entra.svg" border="false"::: Entra roles:
+> :::image type="icon" source="../media/icons/16/entra.svg" border="false"::: Entra roles:
 > - [Security Reader](/entra/identity/role-based-access-control/permissions-reference#security-reader)
 > 
-> :::image type="icon" source="../media/icons/admin-center/defender.svg" border="false"::: Defender roles
+> :::image type="icon" source="../media/icons/16/defender.svg" border="false"::: Defender roles
 > - Use of the agent requires the same access as *enabling and configuring* the agent.
 >
-> :::image type="icon" source="../media/icons/admin-center/copilot.svg" border="false"::: Security Copilot roles:
+> :::image type="icon" source="../media/icons/16/copilot.svg" border="false"::: Security Copilot roles:
 > - [Copilot contributor](/copilot/security/authentication#security-copilot-roles)
 
 :::column-end:::

intune/agents/device-offboarding-agent.md

@@ -86,31 +86,31 @@ The *Device Offboarding Agent* identifies stale or misaligned devices across Int
 >
 > To **enable**, **configure**, and **delete** the Device Offboarding Agent, use an account with the following roles:
 >
-> :::image type="icon" source="../media/icons/admin-center/intune.svg" border="false"::: Intune roles, either:
+> :::image type="icon" source="../media/icons/16/intune.svg" border="false"::: Intune roles, either:
 > - [Read Only Operator](/intune/intune-service/fundamentals/role-based-access-control#built-in-roles) 
 > - [Custom role](/intune/intune-service/fundamentals/role-based-access-control#custom-roles) with **Audit data/Read** and **Organization/Read** permissions
 >
-> :::image type="icon" source="../media/icons/admin-center/entra.svg" border="false"::: Entra roles, either:
+> :::image type="icon" source="../media/icons/16/entra.svg" border="false"::: Entra roles, either:
 > - [Security Reader](/entra/identity/role-based-access-control/permissions-reference#security-reader)
 > - [Custom role](/entra/identity/role-based-access-control/custom-create) with **Microsoft.Directory/Devices/Standard/Read** permissions
 >
-> :::image type="icon" source="../media/icons/admin-center/copilot.svg" border="false"::: Security Copilot roles:
+> :::image type="icon" source="../media/icons/16/copilot.svg" border="false"::: Security Copilot roles:
 > - [Security Copilot owner](/copilot/security/authentication#security-copilot-roles) 
 >
 > ---
 >
 > To **use** the agent and perform offboarding actions, use an account with at least the following roles:
 >
-> :::image type="icon" source="../media/icons/admin-center/intune.svg" border="false"::: Intune roles, either:
+> :::image type="icon" source="../media/icons/16/intune.svg" border="false"::: Intune roles, either:
 > - [Read Only Operator](/intune/intune-service/fundamentals/role-based-access-control#built-in-roles) 
 > - [Custom role](/intune/intune-service/fundamentals/role-based-access-control#custom-roles) with **Audit data/Read** and **Organization/Read** permissions
 >
-> :::image type="icon" source="../media/icons/admin-center/entra.svg" border="false"::: Entra roles, either:
+> :::image type="icon" source="../media/icons/16/entra.svg" border="false"::: Entra roles, either:
 > - [Security Reader](/entra/identity/role-based-access-control/permissions-reference#security-reader)
 > - [Custom role](/entra/identity/role-based-access-control/custom-create) with **Microsoft.Directory/Devices/Standard/Read** permissions\
 >     To take action from within the agent, such as to [disable devices in Entra](/entra/identity/devices/manage-stale-devices#disable-devices), you must have the **[Disable devices](/entra/identity/role-based-access-control/custom-device-permissions#enable-or-disable-devices)** permission. You don't need this permission to run or view results from the agent.
 >
-> :::image type="icon" source="../media/icons/admin-center/copilot.svg" border="false"::: Security Copilot roles:
+> :::image type="icon" source="../media/icons/16/copilot.svg" border="false"::: Security Copilot roles:
 > - [Security Copilot contributor](/copilot/security/authentication#security-copilot-roles)
 
 :::column-end:::