Merge pull request #8464 from dougeby/ebyignite

Updates to hub page for Ignite

Author: dougeby

memdocs/configmgr/comanage/workloads.md

@@ -15,9 +15,9 @@ ms.collection: highpri
 
 # Co-management workloads
 
-You don't have to switch the workloads, or you can do them individually when you're ready. Configuration Manager continues to manage all other workloads, including those workloads that you don't switch to Intune, and all other features of Configuration Manager that co-management doesn't support.
+You don't have to switch any of the workloads. When you're ready, you can switch them individually, several at once, or all at the same time. However, until you switch the workloads over to Intune, Configuration Manager continues to manage the workloads that you don't switch to Intune, along with all other features of Configuration Manager that co-management doesn't support.
 
-If you switch a workload to Intune, but later change your mind, you can switch it back to Configuration Manager.
+If you switch a workload to Intune, but later change your mind, you can switch it back to Configuration Manager, although there might be an impact. For example, Windows and Office versions will remain at a later version if installed by Intune.
 
 Co-management supports the following workloads:
 
@@ -45,6 +45,9 @@ For more information on the Intune feature, see [Use compliance policies to set
 
 Windows Update for Business policies let you configure deferral policies for Windows 10 or later feature updates or quality updates for Windows 10 or later devices managed directly by Windows Update for Business.
 
+> [!NOTE]
+> To use Windows Autopatch with these devices, this workload needs to be managed by Intune. For more information, see [Prerequisites for Windows Autopatch](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites).
+
 For more information on the Intune feature, see [Manage Windows software updates in Intune](../../intune/protect/windows-update-for-business-configure.md).
 
 ## Resource access policies
@@ -96,6 +99,8 @@ The device configuration workload includes settings that you manage for devices
 
 You can still deploy settings from Configuration Manager to co-managed devices even though Intune is the device configuration authority. This exception might be used to configure settings that your organization requires but aren't yet available in Intune. Specify this exception on a [Configuration Manager configuration baseline](../compliance/deploy-use/create-configuration-baselines.md). Enable the option to **Always apply this baseline even for co-managed clients** when creating the baseline. You can change it later on the **General** tab of the properties of an existing baseline.
 
+To use Windows Autopatch with these devices, this workload needs to be managed by Intune. For more information, see [Prerequisites for Windows Autopatch](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites).
+
 For more information on the Intune feature, see [Create a device profile in Microsoft Intune](../../intune/configuration/device-profile-create.md).
 
 > [!NOTE]
@@ -125,6 +130,9 @@ Updates can be managed using either of the following features:
 - [Use Update Channel and Target Version settings to update Microsoft 365 with Microsoft Intune Administrative Templates](../../intune/configuration/administrative-templates-update-office.md)
 - [Manage Microsoft 365 Apps with Configuration Manager](../sum/deploy-use/manage-office-365-proplus-updates.md).
 
+> [!NOTE]
+> To use Windows Autopatch with these devices, this workload needs to be managed by Intune. For more information, see [Prerequisites for Windows Autopatch](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites).
+
 For more information on the Intune feature, see [Add Microsoft 365 apps to Windows devices with Microsoft Intune](../../intune/apps/apps-add-office365.md).
 
 ## Client apps

memdocs/configmgr/hotfix/2207/14840616.md

@@ -40,8 +40,6 @@ The "Issues that are fixed" list isn't inclusive of all changes. Instead, it hig
 - Computers with updated BIOS may be duplicated in some collections. This happens because of duplicate information stored in the hardware inventory tables.
 <!-- 12554467 -->
 - Clients may generate excessive traffic to the Management point while downloading the WebView2 installation files. This happens after enabling the **Display custom tabs with Microsoft Edge WebView2 runtime** client setting. This update adds randomization to the WebView2 download process to reduce overall management point load.
-<!-- 1261946 -->
-- Discovery data for computers from untrusted domains may be marked as obsolete when they go through the client re-registration process. 
 <!-- 13177588 -->
 - The **New-CMFolder** PowerShell cmdlet allows invalid characters as input for folder names. This prevents later modification of the folder name in the Configuration Manager console.
 <!-- 13464778 -->

memdocs/index.yml

@@ -1,6 +1,6 @@
 ### YamlMime:Hub
-title: Microsoft Intune technologies documentation
-summary: Learn more about the Microsoft Intune technologies to help you secure, deploy, and manage users, apps, and endpoint devices.
+title: Microsoft Intune product family documentation
+summary: Learn more about the products & services in the Microsoft Intune product family that can help you secure, deploy, and manage users, apps, and endpoint devices.
 
 metadata:
   services: service
@@ -28,15 +28,15 @@ highlightedContent:
     - title: How to get support in the admin center
       itemType: overview
       url: ./get-support.md
-    - title: A highlighted doc here...
+    - title: Secure your remote workforce
       itemType: get-started
-      url: https://docs.microsoft.com/search/?terms=intune&category=Learn
-    - title: Another highlighted doc here...
+      url: /enterprise-mobility-security/remote-work/
+    - title: Training on Microsoft Learn
       itemType: get-started
-      url: ./get-support.md
+      url: https://docs.microsoft.com/search/?terms=intune&category=Learn  
 # productDirectory section (optional)
 productDirectory:
-  title: Get started
+  title: Get started with the Microsoft Intune product family
   items:
     # Card
     - title: Microsoft Intune docs
@@ -49,30 +49,29 @@ productDirectory:
       summary: Configuration Manager is an on-premises and cloud-connected device management solution to manage devices, deploy apps and software updates, etc.
       url: ./configmgr/index.yml
     # Card
-    - title: Endpoint Analytics docs
-      imageSrc: ./media/endpoint-analytics.svg
-      summary: Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and help you proactively make improvements before end-users generate a help desk ticket.
-      url: ./analytics/index.yml
-    # Card
     - title: Windows Autopilot docs
       imageSrc: ./media/autopilot.svg
       summary: Windows Autopilot is a collection of technologies used to set up and pre-configure new devices, getting them ready for productive use, and to reset, repurpose, and recover devices. 
       url: ./autopilot/index.yml
     # Card
-    - title: Endpoint Privilege Management docs
-      imageSrc: ./media/privilege.svg
-      summary: Remove barriers to end-user and IT productivity by elevating end-user permissions to perform specific admin actions only when needed on Windows devices. 
-      url: ./autopilot/index.yml
+    - title: Windows Autopatch docs
+      imageSrc: ./media/autopatch.png
+      summary: Windows Autopatch is a cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
+      url: /windows/deployment/windows-autopatch/index.yml
     # Card
-    - title: Azure Active Directory
-      imageSrc: ./media/active-directory.svg
-      summary: Azure Active Directory (Azure AD) is a cloud-based identity and access management service.
-      url: /azure/active-directory/index.yml
+    - title: Endpoint Analytics docs
+      imageSrc: ./media/endpoint-analytics.svg
+      summary: Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and help you proactively make improvements before end-users generate a help desk ticket.
+      url: ./analytics/index.yml    
+    
+    # Card
+    # Card
+    #- title: Azure Active Directory
+    #  imageSrc: ./media/active-directory.svg
+    #  summary: Azure Active Directory (Azure AD) is a cloud-based identity and access management service.
+    #  url: /azure/active-directory/index.yml
     # Card
-    - title: Training on Microsoft Learn
-      imageSrc: ./media/learn.svg
-      summary: Learn more about Microsoft Intune, including setting up Intune, managing apps & devices, securing your endpoints, and more. 
-      url: https://docs.microsoft.com/search/?terms=intune&category=Learn
+
 
 # additionalContent section (optional)
 # Card with summary style
@@ -98,39 +97,40 @@ additionalContent:
     - title: Related services
       items:
         # Card
+        - title: Azure Active Directory
+          summary: Azure Active Directory (Azure AD) is a cloud-based identity and access management service.
+          url: /azure/active-directory/index.yml
+        # Card
         - title: Windows client docs for IT Pros
           summary: Evaluate, plan, deploy, secure, and manage devices running Windows 10 and Windows 11.
           url: /windows/resources/index.yml
+        # Card
         - title: Windows 365 docs
           summary: Windows 365 is a cloud-based service that automatically creates a new type of Windows virtual machine (Cloud PCs) for your end users. 
           url: https://docs.microsoft.com/en-us/windows-365/index.yml
+        # Card
         - title: Microsoft Defender for Endpoint
           summary: Microsoft Defender for Endpoint delivers preventative protection, post-breach detection, automated investigation, and response.
           url: /microsoft-365/security/defender-endpoint/index.yml
-        - title: Microsoft Managed Desktop docs
-          summary: Microsoft Managed Desktop is a unique ITaaS solution that combines endpoint management and security monitoring in a way that gives users a secure and productive device experience that IT pros can trust.
-          url: /managed-desktop/index.yml
-        - title: Microsoft 365 docs
-          summary: Find the solutions, scenarios, and resources you need to get started with Microsoft 365 for your business or organization. Microsoft 365 includes services such as Teams and SharePoint, and Microsoft 365 Apps such as Outlook, Word, Excel, and PowerPoint.
-          url: /microsoft-365/index.yml
-        - title: Office deployment docs
-          summary: Deploy and manage Microsoft 365 Apps or other versions of Office.
-          url: /deployoffice/index.yml
 
     - title: Microsoft Intune community & support
       items:
         # Card
+        - title: Microsoft Endpoint Manager Blog
+          summary: Read Microsoft Endpoint Manager blog posts, including announcements, support tips, troubleshooting tips, and more.
+          url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/bg-p/MicrosoftEndpointManagerBlog
+        # Card
         - title: Intune Customer Success blog
           summary: Read blog posts written by the Intune support team, including announcements, support tips, troubleshooting tips, and more.
           url: https://techcommunity.microsoft.com/t5/intune-customer-success/bg-p/IntuneCustomerSuccess         
         # Card
-        - title: Microsoft Intune Tech Community blog
-          summary: Collaborate, share and learn from experts
-          url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+        - title: Configuration Manager blog
+          summary: Read Configuration manager blog posts, including announcements, support tips, troubleshooting tips, and more.
+          url: https://techcommunity.microsoft.com/t5/configuration-manager-blog/bg-p/ConfigurationManagerBlog
         # Card
-        - title: Microsoft Intune Tech Community blog
+        - title: Microsoft Endpoint Manager Tech Community discussions
           summary: Collaborate, share and learn from experts
-          url: https://techcommunity.microsoft.com/t5/microsoft-intune/bd-p/Microsoft-Intune
+          url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager/ct-p/microsoft-endpoint-manager
         # Card
         - title: "Twitter: #MSIntune"
           summary: Keep current with the active Twitter community

memdocs/intune/apps/app-discovered-apps.md

@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 03/29/2022
+ms.date: 09/13/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -31,7 +31,7 @@ ms.collection: M365-identity-device-management
 
 # Intune discovered apps
 
-Intune **discovered apps** is a list of detected apps on the Intune enrolled devices in your tenant. It acts as a software inventory for your tenant. **Discovered apps** is a separate report from the [app installation](apps-monitor.md) reports. For personal devices, Intune never collects information on applications that are unmanaged. On corporate devices, any app whether it is a managed app or not is collected for this report. Below is the table mapping the expected behavior. In general, the report refreshes every 7 days from the time of enrollment (not a weekly refresh for the entire tenant). The only exception to this refresh period is application information collected through the Intune Management Extension for Win32 Apps, which is collected every 24 hours.
+Intune **discovered apps** is a list of detected apps on the Intune enrolled devices in your tenant. It acts as a software inventory for your tenant. **Discovered apps** is a separate report from the [app installation](apps-monitor.md) reports. For personal devices, Intune never collects information on applications that are unmanaged. On corporate devices, any app whether it is a managed app or not is collected for this report. Below is the table mapping the expected behavior. In general, the report refreshes every 7 days from the time of enrollment (not a weekly refresh for the entire tenant). The only exception to this refresh cycle for the **Discovered apps** report is application information collected through the Intune Management Extension for Win32 Apps, which is collected every 24 hours.
 
 ## Monitor discovered apps with Intune
 
@@ -71,6 +71,7 @@ The following list provides the app platform type, the apps that are monitored f
 > - Windows 10/11 co-managed devices, as shown in the [client apps](../../configmgr/comanage/workloads.md#client-apps) workload in Configuration Manager, do not currently collect app inventory through the Intune Management Extension (IME) as per the above schedule. To mitigate this issue, the [client apps](../../configmgr/comanage/workloads.md#client-apps) workload in Configuration Manager should be switched to Intune for the IME to be installed on the device (IME is required for Win32 inventory and PowerShell deployment). Note that any changes or updates on this behavior are announced in [in development](../fundamentals/in-development.md) and/or [what's new](../fundamentals/whats-new.md).
 > - Personally-owned macOS devices enrolled before November 2019 may continue to show all apps installed on the device until the devices are enrolled again.
 > - Android Enterprise Fully Managed, Dedicated, and Corporate-Owned Work Profile devices do not display discovered apps.
+> - For customers using a Mobile Threat Defense partner with Intune, [App Sync data](../protect/mtd-connector-enable.md) is sent to Mobile Threat Defense partners at an interval based on device check-in, and should not be confused with the refresh interval for the Discovered Apps report.
 
 The number of discovered apps may not match the app install status count. Possibilities for inconsistencies include:
 

memdocs/intune/apps/app-protection-policy-settings-android.md

@@ -57,7 +57,7 @@ There are three categories of policy settings: data protection settings, access
 |<ul><b><ul><b>**Allow users to open data from selected services** |Select the application storage services that users can open data from. All other services are blocked. Selecting no services will prevent users from opening data.<br><br>Supported services:<ul><li>OneDrive for Business</li><li>SharePoint Online</li><li>Camera</li><li>Photo Library</li></ul>**Note:** Camera does not include Photos or Photo Gallery access. When selecting **Photo Library** in the **Allow users to open data from selected services** setting within Intune, you can allow managed accounts to allow *incoming* data from their device's photo library to their managed apps. |**All selected**  |
 |**Restrict cut, copy and paste between other apps** |Specify when cut, copy, and paste actions can be used with this app. Choose from: <ul><li>**Blocked**:  Do not allow cut, copy, and paste actions between this app and any other app.</li><li>**Policy managed apps**: Allow cut, copy, and paste actions between this app and other policy-managed apps.</li><li>**Policy managed with paste in**: Allow cut or copy between this app and other policy-managed apps. Allow data from any app to be pasted into this app.</li><li>**Any app**: No restrictions for cut, copy, and paste to and from this app. |**Any app** |
 |<ul><b>**Cut and copy character limit for any app** |Specify the number of characters that may be cut or copied from org data and accounts.  This will allow sharing of the specified number of characters when it would be otherwise blocked by the "Restrict cut, copy, and paste with other apps" setting.<p>Default Value = 0<p>**Note**: Requires Intune Company Portal version 5.0.4364.0 or later.  |**0** |
-|**Screen capture and Google Assistant** |Select **Block** to block screen capture and the **Google Assistant** capabilities of the device when using this app. Choosing **Block** will also blur the App-switcher preview image when using this app with a work or school account.|**Block** |
+|**Screen capture and Google Assistant** |Select **Block** to block screen capture and block **Google Assistant** accessing org data on the device when using this app. Choosing **Block** will also blur the App-switcher preview image when using this app with a work or school account.<p>**Note**: Google Assistant may be accessible to users for scenarios that do not access org data.  |**Block** |
 |**Approved keyboards**  |Select *Require* and then specify a list of approved keyboards for this policy. <p>Users who aren't using an approved keyboard receive a prompt to download and install an approved keyboard before they can use the protected app. This setting requires the app to have the Intune SDK for Android version 6.2.0 or later. |**Not required** |
 |<ul><b>**Select keyboards to approve** |This option is available when you select *Require* for the previous option. Choose *Select* to manage the list of keyboards and input methods that can be used with apps protected by this policy. You can add additional keyboards to the list, and remove any of the default options. You must have at least one approved keyboard to save the setting. Over time, Microsoft may add additional keyboards to the list for new App Protection Policies, which will require administrators to review and update existing policies as needed.<p>To add a keyboard, specify: <ul><li>**Name**: A friendly name that that identifies the keyboard, and is visible to the user. </li><li>**Package ID**:  The Package ID of the app in the Google Play store. For example, if the URL for the app in the Play store is `https://play.google.com/store/details?id=com.contoskeyboard.android.prod`, then the Package ID is `com.contosokeyboard.android.prod`. This package ID is presented to the user as a simple link to download the keyboard from Google Play.</li></ul></p> <p>**Note:** A user assigned multiple App Protection Policies will be allowed to use only the approved keyboards common to all policies.</p> ||