Merge pull request #18938 from MicrosoftDocs/main

[AutoPublish] main to live - 10/14 10:29 PDT | 10/14 22:59 IST

Author: Ruchika-mittal01

.openpublishing.redirection.intune.json

@@ -1857,7 +1857,7 @@
     },
     {
       "source_path": "intune/intune/fundamentals/intune-legacy-pc-client.md",
-      "redirect_url": "/intune/intune-service/fundamentals/intune-legacy-pc-client",
+      "redirect_url": "/intune/intune-service/fundamentals/tutorial-walkthrough-endpoint-manager",
       "redirect_document_id": false
     },
     {

.openpublishing.redirection.json

@@ -1,7 +1,11 @@
 {
   "redirections": [
 
-
+    {
+      "source_path": "intune/intune-service/fundamentals/intune-legacy-pc-client.md",
+      "redirect_url": "/intune/intune-service/fundamentals/tutorial-walkthrough-endpoint-manager",
+      "redirect_document_id": false
+    },
     {
       "source_path": "intune/intune-service/copilot/security-copilot-surface-portal.md",
       "redirect_url": "/surface/security-copilot-surface-management-portal",

intune/intune-service/fundamentals/azure-virtual-desktop-multi-session.md

@@ -3,7 +3,7 @@ title: Using Azure Virtual Desktop single-session with Microsoft Intune
 description: Guidelines for using Azure Virtual Desktop single-session with Microsoft Intune.
 author: MandiOhlinger
 ms.author: mandia
-ms.date: 02/13/2025
+ms.date: 10/14/2025
 ms.topic: article
 ms.reviewer: madakeva
 ms.collection:
@@ -16,13 +16,9 @@ ms.collection:
 
 ## Prerequisites
 
-Currently, for single-session, Intune supports Azure Virtual Desktop VMs that are:
-
-- Running Windows 10 Enterprise, version 1809 or later, or running Windows 11.
-
-  > [!IMPORTANT]
-  > [!INCLUDE [windows-10-support](../includes/windows-10-support.md)]
+For single-session, Intune supports Azure Virtual Desktop VMs that are:
 
+- Running Windows Enterprise.
 - Set up as [personal remote desktops](/azure/virtual-desktop/configure-host-pool-personal-desktop-assignment-type) in Azure.
 - [Microsoft Entra hybrid joined](/azure/active-directory/devices/hybrid-azuread-join-plan) and enrolled in Intune in one of the following methods:
   - Configure [Active Directory group policy](/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy) to automatically enroll devices that are Microsoft Entra hybrid joined.
@@ -31,15 +27,15 @@ Currently, for single-session, Intune supports Azure Virtual Desktop VMs that ar
 - Microsoft Entra joined and enrolled in Intune by enabling [Enroll the VM with Intune](/azure/virtual-desktop/deploy-azure-ad-joined-vm#deploy-azure-ad-joined-vms) in the Azure portal.
 - Under the same tenant as Intune and in the same region.
 
-For more information on Azure Virtual Desktop licensing requirements, see [What is Azure Virtual Desktop?](/azure/virtual-desktop/overview#requirements).
+For more information on Azure Virtual Desktop licensing requirements, see [Licensing Azure Virtual Desktop](/azure/virtual-desktop/licensing).
 
-For information about working with multi-session remote desktops, see [Windows 10 or Windows 11 Enterprise multi-session remote desktops](azure-virtual-desktop-multi-session.md).
+For information about working with multi-session remote desktops, see [Windows Enterprise multi-session remote desktops](azure-virtual-desktop-multi-session.md).
 
-Intune treats Azure Virtual Desktop personal VMs the same as Windows 10 or Windows 11 Enterprise physical desktops. This treatment lets you use some of your existing configurations and secure the VMs with compliance policy and Conditional Access. Intune management doesn't depend on or interfere with Azure Virtual Desktop management of the same virtual machine.
+Intune treats Azure Virtual Desktop personal VMs the same as Windows Enterprise physical desktops. This treatment lets you use some of your existing configurations and secure the VMs with compliance policy and Conditional Access. Intune management doesn't depend on or interfere with Azure Virtual Desktop management of the same virtual machine.
 
 ## Limitations
 
-There are some limitations to keep in mind when managing Windows 10 Enterprise remote desktops:
+There are some limitations to keep in mind when managing Windows Enterprise remote desktops:
 
 ### Enrollment
 
@@ -58,15 +54,15 @@ Make sure that the [RemoteDesktopServices/AllowUsersToConnectRemotely policy](/w
 
 ### Cloning physical and virtual devices
 
-Intune doesn't support using a cloned image of a computer that is already enrolled. This includes both physical and virtual devices such as Azure Virtual Desktop (AVD). When device enrollment or identity tokens are replicated between devices, Intune device enrollment or synchronization failures will occur.
+Intune doesn't support using a cloned image of a computer that is already enrolled. This includes both physical and virtual devices such as Azure Virtual Desktop (AVD). When device enrollment or identity tokens are replicated between devices, Intune device enrollment or synchronization failures occur.
 
 - For more information, see [Mobile device enrollment - Windows Client Management](/windows/client-management/mobile-device-enrollment) and [Certificate authentication device enrollment - Windows Client Management](/windows/client-management/certificate-authentication-device-enrollment).
 - For information on disabling token roaming in AVD, see [Using Azure Virtual Desktop multi-session with Microsoft Intune](azure-virtual-desktop-multi-session.md#prerequisites).
 - For information on troubleshooting issues related to image cloning, see [Error hr 0x8007064c: The machine is already enrolled](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors#error-hr-0x8007064c-the-machine-is-already-enrolled).
 
 ### Remote actions
 
-The following Windows 10 desktop device remote actions aren't supported/recommended for Azure Virtual Desktop VMs:
+The following Windows desktop device remote actions aren't supported/recommended for Azure Virtual Desktop VMs:
 
 - Windows Autopilot reset
 - BitLocker key rotation

intune/intune-service/fundamentals/azure-virtual-desktop.md

@@ -23,7 +23,7 @@ You can modify proxy server settings on individual client computers. You can als
 
 Managed devices require configurations that let **All Users** access services through firewalls.
 
-For more information about Windows 10 auto-enrollment and device registration for U.S. customers, see [Windows auto enrollment and device registration ](../enrollment/windows-enrollment-create-cname.md#windows-auto-enrollment-and-device-registration).
+For more information about Windows auto-enrollment and device registration for U.S. customers, see [Windows auto enrollment and device registration ](../enrollment/windows-enrollment-create-cname.md#windows-auto-enrollment-and-device-registration).
 
 The following tables list the ports and services that the Intune client accesses:
 

intune/intune-service/fundamentals/china-endpoints.md

@@ -27,12 +27,12 @@ Because the China services are operated by a partner from inside China, there ar
 - Migrations from public clouds to sovereign clouds aren't supported. Customers interested in moving to Intune operated by 21Vianet must migrate manually.
 - The tenant attach feature (syncing devices to Intune without enrollment to support cloud console scenarios) isn't currently supported.
 - Derived Credentials aren't supported with Intune operated by 21Vianet.
-- Management of Windows 10 is supported by using the modern MDM channel.
+- Management of Windows is supported by using the modern MDM channel.
 - Intune operated by 21Vianet doesn't support on-premises Exchange Connector.
 - Windows Autopilot and Business Store features aren't currently available. As part of the 2409 Intune service release, we announced support for Windows Autopilot Device Preparation policy in Intune operated by 21Vianet in China cloud. For  more information, see [(What's new in Windows Autopilot device preparation | Microsoft Learn](/autopilot/device-preparation/whats-new#windows-autopilot-device-preparation-deployment-status-report-available-in-the-monitor-tab-under-enrollment)
 - Intune operated by 21Vianet supports the Company Portal for Windows app. Use WinGet to download the Company portal package and dependencies and then deploy as a Line-of-Business app via Intune. [Use the WinGet tool to install and manage applications](/windows/package-manager/winget/).
 - Microsoft Intune Endpoint Analytics and Log Analytics features aren't currently available.
-- Azure Virtual Desktop Windows 10 and Windows 11 multi-session isn't currently supported for 21Vianet.
+- Azure Virtual Desktop Windows multi-session isn't currently supported for 21Vianet.
 - Because Google Mobile Services isn't available in China, customers in Intune operated by 21Vianet can't use features that require Google Mobile Services. These features include:
   - Google Play Protect capabilities such as Play integrity verdict.
   - Managing apps from the Google Play Store.

intune/intune-service/fundamentals/china.md

@@ -109,7 +109,7 @@ Using Microsoft Intune, you can use a guided scenario to deploy a cloud configur
 Open the guided scenario:
 
 1. Open the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Troubleshooting + support** > **Guided scenarios** > **Deploy Windows 10 and later in cloud configuration** > **Start**.
+2. Select **Troubleshooting + support** > **Guided scenarios** > **Deploy Windows in cloud configuration** > **Start**.
 3. In **Introduction**, select **Next**.
 
 ## Step 2 - Basics

intune/intune-service/fundamentals/cloud-configuration.md

@@ -221,7 +221,7 @@ The following permissions are available when creating custom roles.
 | Remote Help app/View screen   | View screen allows the helper to view the sharer's device when Remote Help is enabled.    |
 | Remote tasks/Bypass activation lock | Remove the Activation Lock from supervised devices without requiring the user's Apple ID and password. This may be required if a user leaves the company and returns the device; without the user's Apple ID and password, there's no way to reactivate the device. Or, you need to reassign some devices to a different department during a device refresh in your organization. You can only reassign devices that don't have Activation Lock enabled. You must also have the Managed Device Read permission to view devices in the Azure portal before initiating this remote task. |
 | Remote tasks/Change organizational unit   | Move a Chrome Enterprise device to an existing organizational unit in your Google Workspace domain.  |
-| Remote tasks/Clean PC| Initiate a Fresh start device action. This action removes any apps that are installed on a Windows 10 PC that is running the Creators Update. Then, it automatically updates the PC to the latest version of Windows.|
+| Remote tasks/Clean PC| Initiate a Fresh start device action. This action removes any apps that are installed on a Windows device. |
 | Remote tasks/Collect diagnostics    | Collect device diagnostics    |
 | Remote tasks/Disable lost mode| Turn off the lost mode for an iOS device. |
 | Remote tasks/Enable lost mode | Initiate lost mode on lost or stolen iOS devices. This mode lets you enter a message and a phone number that appears on the lock screen of the device. To use lost mode, the device must be a corporate-owned iOS device that is in supervised mode.  |

intune/intune-service/fundamentals/create-custom-role.md

@@ -58,7 +58,7 @@ You can use this enrollment option to:
 | --- | --- |
 | You use Windows client. | ✅ <br/><br/> Configuration Manager supports Windows Server. |
 | You have Microsoft Entra ID P1 or P2 | ✅ |
-| You'll use Conditional Access (CA) on devices enrolled using [bulk enrollment](../enrollment/windows-bulk-enroll.md) with a provisioning package. | ✅ On Windows 11 and Windows 10 1803+, CA is available for Windows devices enrolled using bulk enrollment. <br/><br/> ❌ On Windows 10 1709 and older, CA isn't available for Windows devices enrolled using bulk enrollment. |
+| You'll use Conditional Access (CA) on devices enrolled using [bulk enrollment](../enrollment/windows-bulk-enroll.md) with a provisioning package. | ✅ On Windows, CA is available for Windows devices enrolled using bulk enrollment. |
 | You have remote workers. | ✅ |
 | Devices are personal or BYOD. | ✅ <br/><br/> ❌ If you use Group Policy, then bulk enrollment and automatic enrollment are for corporate-owned devices, not personal or BYOD. |
 | Devices are owned by the organization or school. | ✅  |
@@ -176,7 +176,7 @@ For more information about Windows Autopilot, go to [Windows Autopilot overview]
 | Devices are Microsoft Entra hybrid joined. | ✅ <br/><br/> Microsoft Entra hybrid joined devices are joined to your on-premises Active Directory, and registered with your Microsoft Entra ID. Devices in Microsoft Entra ID are available to Intune. Devices that aren't registered in Microsoft Entra ID aren't available to Intune. <br/><br/>A full Microsoft Entra joined solution might be better for your organization. For more information, go to the [Success with remote Windows Autopilot and Microsoft Entra hybrid join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353) blog.|
 | You have remote workers. | ✅ <br/><br/> The OEM or partner can send devices directly to your users.|
 | Devices are owned by the organization or school. | ✅ |
-| You have new or existing devices. | ✅ <br/><br/> You can update existing desktops running older Windows versions, like Windows 7, to Windows 10. This option also uses Microsoft Configuration Manager. |
+| You have new or existing devices. | ✅ <br/><br/> You can update existing desktops running older Windows versions. This option also uses Microsoft Configuration Manager. |
 | Need to enroll a few devices, or a large number of devices (bulk enrollment). | ✅ |
 | You have Microsoft Entra ID P1 or P2. | ✅ <br/><br/> Windows Autopilot uses Automatic enrollment. Automatic enrollment requires Microsoft Entra ID P1 or P2. |
 | Devices are associated with a single user. | ✅ |

intune/intune-service/fundamentals/deployment-guide-enrollment-windows.md

@@ -78,7 +78,7 @@ Use Microsoft Intune to enable or disable Windows settings and features on devic
 |[Configure Wi-Fi profile](../configuration/wi-fi-settings-configure.md)|This profile enables people to find and connect to your organization's Wi-Fi network. For a description of the settings in this area, see the [Wi-Fi settings reference for Windows](../configuration/wi-fi-settings-windows.md).|
 |[Configure VPN profile](../configuration/vpn-settings-configure.md)|Set up a secure VPN option, such as Microsoft Tunnel, for people connecting to your organization's network.  For a description of the settings in this area, see the [VPN settings reference](../configuration/vpn-settings-windows-10.md). |
 |[Configure email profile](../configuration/email-settings-configure.md)|Configure email settings so that people can connect to a mail server and access their work or school email. For a description of the settings in this area, see the [email settings reference](../configuration/email-settings-windows-10.md).|
-|[Restrict device features](../configuration/device-restrictions-configure.md)|Protect users from unauthorized access and distractions by limiting the device features they can use at work or school. For a description of the settings in this area, see the [device restrictions reference for Windows](../configuration/device-restrictions-windows-10.md) and [Windows 10 Teams](../configuration/device-restrictions-windows-10-teams.md). |
+|[Restrict device features](../configuration/device-restrictions-configure.md)|Protect users from unauthorized access and distractions by limiting the device features they can use at work or school. For a description of the settings in this area, see the [device restrictions reference for Windows](../configuration/device-restrictions-windows-10.md). |
 |[Configure custom profile](../configuration/custom-settings-configure.md)|Add and assign device settings and features that aren't built into Intune. For a description of the settings in this area, see the [custom settings reference](../configuration/custom-settings-windows-10.md).|
 |[Configure BIOS settings](../configuration/device-firmware-configuration-interface-windows.md)|Set up Intune so that you can control UEFI (BIOS) settings on enrolled devices, using the Device Firmware Configuration Interface (DFCI)|
 |[Configure Domain Join](../configuration/domain-join-configure.md)|If you're planning to enroll Microsoft Entra joined devices, be sure to create a domain join profile so that Intune knows which on-premises domain to join.|