Merge pull request #17056 from MicrosoftDocs/main

Publish main to live, 01/13, 11:00 AM IST
MicrosoftDocs · Jan 13, 2025 · 0293c63 · 0293c63
2 parents 088a1da + c62231b
commit 0293c63
Show file tree

Hide file tree

Showing 10 changed files with 37 additions and 46 deletions.
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Anyone who is interested can contribute to the topics. When you contribute, your
 
 ### Quickly update an article using GitHub.com
 
-Contributors who only make infrequent or small updates can edit the file directly on GitHub.com without having to install any additional software. This article shows you how. [This two-minute video](https://www.microsoft.com/videoplayer/embed/RE1XQTG) also covers how to contribute.
+Contributors who only make infrequent or small updates can edit the file directly on GitHub.com without having to install any additional software. This article shows you how. [This two-minute video](https://learn-video.azurefd.net/vod/player?id=b5167c5a-9c69-499b-99ac-e5467882bc92) also covers how to contribute.
 
 1. Make sure you're signed in to GitHub.com with your GitHub account.
 2. Browse to the page you want to edit on Microsoft Learn.

diff --git a/autopilot/overview.md b/autopilot/overview.md
@@ -35,7 +35,7 @@ Windows Autopilot simplifies the Windows device lifecycle, for both IT and end u
 
 See the following video:
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4C7G9?autoplay=false]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=af8941a0-1b9c-4bbd-8b75-9754d8badf56]
 
 > [!NOTE]
 >

diff --git a/autopilot/tutorial/user-driven/azure-ad-join-deploy-device.md b/autopilot/tutorial/user-driven/azure-ad-join-deploy-device.md
@@ -38,7 +38,7 @@ For an overview of the Windows Autopilot user-driven Microsoft Entra join workfl
 
 ## Deploy the device
 
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RW15DG8]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=eee1be56-784d-48f2-932a-2274774d6263]
 
 Once all of the configurations for the Windows Autopilot user-driven Microsoft Entra join deployment are completed in Intune and in Microsoft Entra ID, the next step is to start the Autopilot deployment process on the device. If desired, deploy any additional applications and policies that should run during the Autopilot deployment to a device group that the device is a member of.
 

diff --git a/autopilot/windows-autopilot-scenarios.md b/autopilot/windows-autopilot-scenarios.md
@@ -41,7 +41,7 @@ The following Windows Autopilot scenarios are described in this guide:
 
 These scenarios are summarized in the following video:
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4Ci1b?autoplay=false]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=7e47e04e-7f51-4eba-9a23-d65f3411b425]
 
 ## Windows Autopilot capabilities
 

diff --git a/memdocs/intune/apps/app-management.md b/memdocs/intune/apps/app-management.md
@@ -50,7 +50,7 @@ Examples of using app management with Microsoft Intune include:
 - Implementing Conditional Access policies to control access to apps based on factors like device compliance, location, and user risk
 - Automating app updates to keep employees up-to-date with the latest features and security patches
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4MRyj]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=54058b9c-868c-441e-aa55-09131997eaeb]
 
 ## Mobile Application Management (MAM) basics
 

diff --git a/memdocs/intune/fundamentals/intune-endpoints.md b/memdocs/intune/fundamentals/intune-endpoints.md
@@ -295,28 +295,28 @@ The following tables list the ports and services that the Intune client accesses
 
 If you are using Intune for scenarios that use the Intune management extension, like deploying [Win32 apps](../apps/apps-win32-app-management.md), [Powershell scripts](../apps/intune-management-extension.md), [Remediations](../fundamentals/remediations.md), [Endpoint analytics](../../analytics/overview.md), [Custom compliance policies](../protect/compliance-use-custom-settings.md) or [BIOS configuration profiles](../configuration/bios-configuration.md), you also need to grant access to endpoints in which your tenant currently resides.
 
-To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under **Tenant location** as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere.
+Different endpoints are used depending on your tenant location. To find your tenant location, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details** > **Tenant location** with a value of *North America 0501* or similar. Using the region in the location (North America in *North America 0501*), review the table below for the CDN endpoints and ports required:
 
 > [!NOTE]
 > **Allow HTTP Partial response** is required for Scripts & Win32 Apps endpoints.
 
-|Azure Scale Unit (ASU) | Storage name | CDN | Port |
-| --- | --- |------------- | --- |
-|AMSUA0601<br>AMSUA0602<br>AMSUA0101<br>AMSUA0102<br>AMSUA0201<br>AMSUA0202<br>AMSUA0401<br>AMSUA0402<br>AMSUA0501<br>AMSUA0502<br>AMSUA0601<br>AMSUA0701<br>AMSUA0702<br>AMSUA0801<br>AMSUA0901 | naprodimedatapri<br>naprodimedatasec<br>naprodimedatahotfix | naprodimedatapri.azureedge.net<br>naprodimedatasec.azureedge.net<br>naprodimedatahotfix.azureedge.net<br>imeswda-afd-primary.manage.microsoft.com<br>imeswda-afd-secondary.manage.microsoft.com<br>imeswda-afd-hotfix.manage.microsoft.com | **TCP:** 443 |
-| AMSUB0101<br>AMSUB0102<br>AMSUB0201<br>AMSUB0202<br>AMSUB0301<br>AMSUB0302<br>AMSUB0501<br>AMSUB0502<br>AMSUB0601<br>AMSUB0701 | euprodimedatapri<br>euprodimedatasec<br>euprodimedatahotfix | euprodimedatapri.azureedge.net<br>euprodimedatasec.azureedge.net<br>euprodimedatahotfix.azureedge.net<br>imeswdb-afd-primary.manage.microsoft.com<br>imeswdb-afd-secondary.manage.microsoft.com<br>imeswdb-afd-hotfix.manage.microsoft.com | **TCP:** 443 |
-| AMSUC0101<br>AMSUC0201<br>AMSUC0301<br>AMSUC0501<br>AMSUC0601<br>AMSUD0101| approdimedatapri<br>approdimedatasec<br>approdimedatahotifx | approdimedatapri.azureedge.net<br>approdimedatasec.azureedge.net<br>approdimedatahotfix.azureedge.net<br>imeswdc-afd-primary.manage.microsoft.com<br>imeswdc-afd-secondary.manage.microsoft.com<br>imeswdc-afd-hotfix.manage.microsoft.com |**TCP:** 443 |
+|Region | CDN | Port |
+| --- |------------- | --- |
+|North America | naprodimedatapri.azureedge.net<br>naprodimedatasec.azureedge.net<br>naprodimedatahotfix.azureedge.net<br>imeswda-afd-primary.manage.microsoft.com<br>imeswda-afd-secondary.manage.microsoft.com<br>imeswda-afd-hotfix.manage.microsoft.com | **TCP:** 443 |
+|Europe | euprodimedatapri.azureedge.net<br>euprodimedatasec.azureedge.net<br>euprodimedatahotfix.azureedge.net<br>imeswdb-afd-primary.manage.microsoft.com<br>imeswdb-afd-secondary.manage.microsoft.com<br>imeswdb-afd-hotfix.manage.microsoft.com | **TCP:** 443 |
+|Asia Pacific | approdimedatapri.azureedge.net<br>approdimedatasec.azureedge.net<br>approdimedatahotfix.azureedge.net<br>imeswdc-afd-primary.manage.microsoft.com<br>imeswdc-afd-secondary.manage.microsoft.com<br>imeswdc-afd-hotfix.manage.microsoft.com |**TCP:** 443 |
 
 ## Network requirements for macOS app and script deployments
 
 If you're using Intune to deploy apps or scripts on macOS, you also need to grant access to endpoints in which your tenant currently resides.
 
-To find your tenant location or Azure Scale Unit (ASU), sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details**. The location is under Tenant location as something like North America 0501 or Europe 0202. Look for the matching number in the following table. That row tells you which storage name and CDN endpoints to grant access to. The rows are differentiated by geographic region, as indicated by the first two letters in the names (na = North America, eu = Europe, ap = Asia Pacific). Your tenant location is one of these three regions although your organization's actual geographic location might be elsewhere.
+Different endpoints are used depending on your tenant location. To find your tenant location, sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Tenant administration** > **Tenant details** > **Tenant location** with a value of *North America 0501* or similar. Using the region in the location (North America in *North America 0501*), review the table below for the CDN endpoints and ports required:
 
-|Azure Scale Unit (ASU) | CDN | Port |
+|Region | CDN | Port |
 | --- |------------- | --- |
-|AMSUA0601<br>AMSUA0602<br>AMSUA0101<br>AMSUA0102<br>AMSUA0201<br>AMSUA0202<br>AMSUA0401<br>AMSUA0402<br>AMSUA0501<br>AMSUA0502<br>AMSUA0601<br>AMSUA0701<br>AMSUA0702<br>AMSUA0801<br>AMSUA0901 | macsidecar.manage.microsoft.com<br>macsidecarprod.azureedge.net (azureedge.net domains will be disabled after 3/31/2025) | **TCP:** 443 |
-| AMSUB0101<br>AMSUB0102<br>AMSUB0201<br>AMSUB0202<br>AMSUB0301<br>AMSUB0302<br>AMSUB0501<br>AMSUB0502<br>AMSUB0601<br>AMSUB0701 | macsidecareu.manage.microsoft.com<br>macsidecarprodeu.azureedge.net (azureedge.net domains will be disabled after 3/31/2025) | **TCP:** 443 |
-| AMSUC0101<br>AMSUC0201<br>AMSUC0301<br>AMSUC0501<br>AMSUC0601<br>AMSUD0101| macsidecarap.manage.microsoft.com<br>macsidecarprodap.azureedge.net (azureedge.net domains will be disabled after 3/31/2025) |**TCP:** 443 |
+|North America | macsidecar.manage.microsoft.com<br>macsidecarprod.azureedge.net<br>(azureedge.net domains will be disabled after 3/31/2025) | **TCP:** 443 |
+|Europe | macsidecareu.manage.microsoft.com<br>macsidecarprodeu.azureedge.net<br>(azureedge.net domains will be disabled after 3/31/2025) | **TCP:** 443 |
+|Asia Pacific| macsidecarap.manage.microsoft.com<br>macsidecarprodap.azureedge.net<br>(azureedge.net domains will be disabled after 3/31/2025) |**TCP:** 443 |
 
 ## Microsoft Store
 

diff --git a/memdocs/intune/fundamentals/what-is-intune.md b/memdocs/intune/fundamentals/what-is-intune.md
@@ -44,7 +44,7 @@ Microsoft Intune is a **cloud-based endpoint management solution**. It manages u
 
 You can protect access and data on organization-owned and users personal devices. And, Intune has compliance and reporting features that support the [Zero Trust security model](zero-trust-with-microsoft-intune.md).
 
-> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWAoF9]
+> [!VIDEO https://learn-video.azurefd.net/vod/player?id=dbd45acc-fa88-41aa-a9ac-7a751378d603]
 
 This article lists some features and benefits of Microsoft Intune.
 

diff --git a/memdocs/intune/includes/intune-notices.md b/memdocs/intune/includes/intune-notices.md
@@ -35,7 +35,7 @@ As a best practice, always update your iOS apps to the latest App SDK or App Wra
 
 #### How does this affect you or your users?
 
-If you have applications using the Intune App SDK or Intune App Wrapping Tool, you will need to update to the latest version to support iOS 18.2.
+If you have applications using the Intune App SDK or Intune App Wrapping Tool, you'll need to update to the latest version to support iOS 18.2.
 
 #### How can you prepare?
 
@@ -61,7 +61,7 @@ Starting with Intune's September (2409) service release, the **IntuneMAMUPN**, *
 
 #### How does this affect you or your users?
 
-If these values aren't configured correctly for iOS devices, there is a possibility of either the policy not getting delivered to the app or the wrong policy is delivered. For more information, see [Support tip: Intune MAM users on iOS/iPadOS userless devices may be blocked in rare cases](https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-intune-mam-users-on-iosipados-userless-devices-may-be-blocked-in-rar/4254335).
+If these values aren't configured correctly for iOS devices, there's a possibility of either the policy not getting delivered to the app or the wrong policy is delivered. For more information, see [Support tip: Intune MAM users on iOS/iPadOS userless devices may be blocked in rare cases](https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-intune-mam-users-on-iosipados-userless-devices-may-be-blocked-in-rar/4254335).
 
 #### How can you prepare?
 
@@ -87,7 +87,7 @@ For detailed steps and additional guidance, review the blog: [Support tip: Imple
 If you use SCEP or PKCS certificates for Microsoft Entra Hybrid joined users or devices, you'll need to take action before February 11, 2025 to either:
 
 - **(Recommended)** Enable strong mapping by reviewing the steps described in the blog: [Support tip: Implementing strong mapping in Microsoft Intune certificates](https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-implementing-strong-mapping-in-microsoft-intune-certificates/4053376)
-- Alternatively, if all certificates cannot be renewed before February 11, 2025, with the SID included, enable Compatibility mode by adjusting the registry settings as described in [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16). Compatibility mode will remain valid until September 2025.
+- Alternatively, if all certificates can't be renewed before February 11, 2025, with the SID included, enable Compatibility mode by adjusting the registry settings as described in [KB5014754](https://support.microsoft.com/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16). Compatibility mode will remain valid until September 2025.
 
 ### Update to the latest Intune App SDK and Intune App Wrapper for Android 15 support
 
@@ -102,7 +102,7 @@ If you have applications using the Intune App SDK or Intune App Wrapping Tool fo
 If you choose to build apps targeting Android API 35, you'll need to adopt the new version of the Intune App SDK for Android (v11.0.0). If you’ve wrapped your app and are targeting API 35 you'll need to use the new version of the App wrapper (v1.0.4549.6).
 
 > [!NOTE]
-> As a reminder, while apps must update to the latest SDK if targeting Android 15, apps do not need to update the SDK to simply run on Android 15.
+> As a reminder, while apps must update to the latest SDK if targeting Android 15, apps don't need to update the SDK to run on Android 15.
 
 You should also plan to update your documentation or developer guidance if applicable to include this change in support for the SDK.
 
@@ -162,7 +162,7 @@ Later this year, we expect macOS 15 Sequoia to be released by Apple. Microsoft I
 This change only affects you if you currently manage, or plan to manage, macOS devices with Intune. This change might not affect you because your users have likely already upgraded their macOS devices. For a list of supported devices, see [macOS Ventura is compatible with these computers](https://support.apple.com/102861).
 
 > [!NOTE]
-> Devices that are currently enrolled on macOS 12.x or below will continue to remain enrolled even when those versions are no longer supported. New devices will be unable to enroll if they are running macOS 12.x or below.
+> Devices that are currently enrolled on macOS 12.x or below will continue to remain enrolled even when those versions are no longer supported. New devices will be unable to enroll if they're running macOS 12.x or below.
 
 #### How can you prepare?
 
@@ -214,7 +214,7 @@ Today, when creating iOS/iPadOS enrollment profiles, “Device enrollment with C
 
 #### How does this affect you or your users?
 
-This is an update to the user interface when creating new iOS/iPadOS enrollment profiles to display “Web based device enrollment” as the default method, existing profiles are not impacted. For *new* tenants, if no enrollment profile is created, the user will enroll using web-based device enrollment.
+This is an update to the user interface when creating new iOS/iPadOS enrollment profiles to display “Web based device enrollment” as the default method, existing profiles aren't impacted. For *new* tenants, if no enrollment profile is created, the user will enroll using web-based device enrollment.
 
 #### How can you prepare?
 
@@ -229,7 +229,7 @@ Update your documentation and user guidance as needed. If you currently use devi
 
 We've been working with Jamf on a migration plan to help customers transition macOS devices from Jamf Pro’s Conditional Access integration to their Device Compliance integration. The Device Compliance integration uses the newer Intune partner compliance management API, which involves a simpler setup than the partner device management API and brings macOS devices onto the same API as iOS devices managed by Jamf Pro. The platform Jamf Pro’s Conditional Access feature is built on will no longer be supported after January 31, 2025.
 
-Note that customers in some environments cannot be transitioned initially, for more details and updates read the blog: [Support tip: Transitioning Jamf macOS devices from Conditional Access to Device Compliance](https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-transitioning-jamf-macos-devices-from-conditional/ba-p/3913059).
+Note that customers in some environments can't be transitioned initially, for more details and updates read the blog: [Support tip: Transitioning Jamf macOS devices from Conditional Access to Device Compliance](https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-transitioning-jamf-macos-devices-from-conditional/ba-p/3913059).
 
 #### How does this affect you or your users?
 

diff --git a/memdocs/intune/protect/windows-10-expedite-updates.md b/memdocs/intune/protect/windows-10-expedite-updates.md
@@ -111,7 +111,11 @@ Only update builds that are generally available are supported. Preview builds, i
 
 - Be configured to get Quality Updates directly from the Windows Update service.
 
-- Have the *Update Health Tools* installed, which are installed with [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a). To confirm the presence of the Update Health Tools on a device:
+- Have the *Update Health Tools* installed, which are installed with [KB 4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a).
+> [!NOTE]
+> Windows 11, version 23H2 and above do not require *Update Health Tools*, this is applicable only to Windows 11, version 22H2 and below.
+
+To confirm the presence of the Update Health Tools on a device:
   - Look for the folder **C:\Program Files\Microsoft Update Health Tools** or review *Add Remove Programs* for **Microsoft Update Health Tools**.
   - As an Admin, run the following PowerShell script: