Merge pull request #8297 from MicrosoftDocs/main

v-stsavell · web-flow · commit 0ea36643008c · 2022-08-22T12:37:42.000-05:00
Publish main to live on 8/22 @ 10:30 am
diff --git a/memdocs/intune/configuration/android-oem-configuration-overview.md b/memdocs/intune/configuration/android-oem-configuration-overview.md
@@ -140,7 +140,7 @@ Be sure the device supports OEMConfig, the correct OEMConfig app is added to Int
 
     Select **Next**.
 
-11. In **Assignments**, select the users or groups that will receive your profile. Assign one profile to each device. The OEMConfig model only supports one policy per device.
+11. In **Assignments**, select the users or groups that will receive your profile. Assign one profile to each device. The OEMConfig model only supports one policy per device. An OEMConfig profile that exceeds 350kb will not be assigned, and will show a "pending" status.  
 
     For more information on assigning profiles, see [Assign user and device profiles](device-profile-assign.md).
 
diff --git a/memdocs/intune/enrollment/android-dedicated-devices-fully-managed-enroll.md b/memdocs/intune/enrollment/android-dedicated-devices-fully-managed-enroll.md
@@ -89,16 +89,23 @@ Scan the QR code from the enrollment profile to enroll devices running Android 8
 
 ## Enroll by using Google Zero Touch 
 
-To use this method, zero-touch enrollment must be supported on devices and affiliated with a supplier that is part of the Android zero-touch enrollment service. For more information, such as prerequisites, where to purchase devices, and how to associate a Google Account with your corporate email, see [Zero-touch enrollment for IT admins](https://support.google.com/work/android/answer/7514005)(opens Android Enterprise Help). 
+To use this method, zero-touch enrollment must be supported on devices and affiliated with a supplier that is part of the Android zero-touch enrollment service. For more information, such as prerequisites, where to purchase devices, and how to associate a Google Account with your corporate email, see [Zero-touch enrollment for IT admins](https://support.google.com/work/android/answer/7514005) (opens Android Enterprise Help docs). 
 
 This section describes how to:    
 * Create a zero-touch configuration in the admin center 
 * Create a zero-touch configuration in the zero-touch enrollment portal  
 
 ### Create zero-touch configuration in admin center        
-The zero-touch iframe lets you access the zero-touch enrollment portal in the Microsoft Endpoint Manager admin center. To enable the iframe, you must first add the *update app sync* permission and enable enrollment for corporate-owned, fully managed devices. After those steps are complete, the zero-touch enrollment option becomes visible in the admin center and you can link your account and create zero-touch configurations.  
+The zero-touch iframe gives you access to the zero-touch enrollment portal and zero-touch configurations in the Microsoft Endpoint Manager admin center. 
+  
+To enable the iframe, you must first add the *update app sync* permission and enable enrollment for corporate-owned, fully managed devices. Once you enable the iframe, you can:  
 
-Complete the following steps to enable the iframe and create a new zero-touch configuration. To create configurations in the zero-touch enrollment portal instead, skip to [Create configuration in zero-touch enrollment portal](android-dedicated-devices-fully-managed-enroll.md#create-configuration-in-zero-touch-enrollment-portal).  
+  * Link your zero-touch account to Intune  
+  * Add support information  
+  * Configure zero-touch enabled devices  
+  * Customize provisioning extras  
+
+Complete the steps in this section to enable the iframe. To create configurations in the zero-touch enrollment portal instead, skip to [Create configuration in zero-touch enrollment portal](android-dedicated-devices-fully-managed-enroll.md#create-configuration-in-zero-touch-enrollment-portal).  
 
 #### Step 1: Add required permission   
 Add the *update app sync* permission.     
@@ -131,18 +138,20 @@ Link a zero-touch account with your Microsoft Intune account. Upon linking the a
 3. The iframe opens.  Select **Next** to begin setup.   
 4. Sign in with the Google account you provided to your reseller. 
 5. Select the zero-touch account you want to link, and then select **Link**.  
-6. A default configuration is created. A screen appears with basic information about the new configuration. Intune will automatically apply the default to any zero-touch enabled device that's without an existing configuration. Select **Next** to continue.    
+6. A default configuration is created. A screen appears with basic information about the configuration. Intune will automatically apply the default configuration to any zero-touch enabled device that's without an existing configuration.  
 
 > [!TIP]
-> The token used for the default configuration is for a fully managed device. If you want to create a zero-touch configuration for a corporate-owned work profile device or a dedicated device, see [Create configuration in zero-touch enrollment portal](android-dedicated-devices-fully-managed-enroll.md#create-configuration-in-zero-touch-enrollment-portal) (in this article). 
-6. Add support information to assist device users during setup. 
-7. Select **Save**.  
+> The token used for the default configuration is meant for a fully managed device. If you want to create a zero-touch configuration for a corporate-owned work profile device or a dedicated device, select **View devices in the zero-touch portal**. For next steps, see [Create configuration in zero-touch enrollment portal](android-dedicated-devices-fully-managed-enroll.md#create-configuration-in-zero-touch-enrollment-portal) in this article.  
+
+7. Select **Next** to continue.  
+8. Add support information to assist device users during setup.  
+9. Select **Save**.  
 
-Once your account is linked with Intune, zero-touch enabled devices are ready to receive the default configuration. You can view existing zero-touch configurations, edit support information, unlink the account, and link other accounts in the admin center.   
+Once your account is linked with Intune, the default configuration is applied to zero-touch enabled devices that do not already have a configuration. You can view existing zero-touch configurations, edit support information, unlink the account, and link other accounts in the admin center.   
 
 ### Create configuration in zero-touch enrollment portal        
 
-Add a zero-touch configuration in the Google zero-touch enrollment portal. You can use the zero-touch enrollment portal by itself to manage configurations, or you can use it in combination with the zero-touch iframe. The portal supports configurations for fully managed and dedicated devices, and corporate-owned devices with a work profile. 
+Add a zero-touch configuration in the [zero-touch enrollment portal](https://partner.android.com/zerotouch). You can use the portal by itself to manage configurations, or you can use it in combination with the zero-touch iframe. The portal supports configurations for fully managed and dedicated devices, and corporate-owned devices with a work profile. 
 
 1. Sign in to the zero-touch enrollment portal with your Google account.
 2. Select the option to add a new configuration.  
@@ -162,7 +171,7 @@ Add a zero-touch configuration in the Google zero-touch enrollment portal. You c
             "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YourEnrollmentToken"
  6. Enter your organization's name and support information, which is shown on screen while users set up their devices.   
  
-For more information about how to assign a default configuration or apply a configuration in the zero-touch portal, see [Zero-touch enrollment for IT admins](https://support.google.com/work/android/answer/7514005)(opens Android Enterprise Help).  
+For more information about how to assign a default configuration or apply a configuration in the zero-touch portal, see [Zero-touch enrollment for IT admins](https://support.google.com/work/android/answer/7514005) (opens Android Enterprise Help docs).  
 
 ## Enroll by using Knox Mobile Enrollment
 To use Samsung's Knox Mobile Enrollment, the device must be running Android OS version 8.0 or later and Samsung Knox 2.8 or higher. For more information, learn [how to automatically enroll your devices with Knox Mobile Enrollment](./android-samsung-knox-mobile-enroll.md).  
diff --git a/memdocs/intune/fundamentals/in-development.md b/memdocs/intune/fundamentals/in-development.md
@@ -8,7 +8,7 @@ keywords:
 author: dougeby 
 ms.author: dougeby
 manager: dougeby
-ms.date: 07/28/2022
+ms.date: 08/19/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -65,9 +65,6 @@ You can use RSS to be notified when this article is updated. For more informatio
 
 ## App management
 
-### Noncompliance details available for Android (AOSP) in Microsoft Intune app<!-- 12645770 -->
-Android (AOSP) users will be able to view the reasons why devices are marked as noncompliant in the Microsoft Intune app. This information will be available in the Intune app for devices enrolled as user-associated Android (AOSP) devices.
-
 ### New app types for Microsoft Endpoint Manager<!-- 7210233 -->
 As an admin, you will be able to create and assign two new types of Intune apps:
 - **iOS/iPadOS web clip** 
@@ -79,20 +76,6 @@ These new app types work in a similar way to the existing **web link** applicati
 
 ## Device management
 
-### Reset passcode remote action available for Android (AOSP) Corporate devices<!-- 10247332 -->
-You will be able to leverage Reset passcode remote action from the Microsoft Endpoint Manager admin center for Android Open Source Project (AOSP) Corporate devices.
-
-For information on remote actions, see:
-- [Reset or remove a device passcode in Intune](../remote-actions/device-passcode-reset.md)
-- [Remotely restart devices with Intune](../remote-actions/device-restart.md)
-- [Remotely lock devices with Intune](../remote-actions/device-remote-lock.md)
-
-Applies to:
-- Android Open Source Project (AOSP)
-
-### View contents of macOS shell scripts and custom attributes<!-- 14757037 -->
-You'll be able to view the contents of macOS shell scripts and custom attributes after you upload these to Intune. When this capability is available, you'll be able to view Shell scripts and custom attributes in [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) by selecting **Devices** > **macOS**. For related information, see [Use shell scripts on macOS devices in Intune](../apps/macos-shell-scripts.md).
-
 ### Intune moving to support iOS/iPadOS 14 and higher later this year<!-- 14778947 -->
 Later this year, Apple is expected to release iOS/iPadOS 16. Due to this expected release, Microsoft Intune and the Intune Company Portal will require iOS/iPadOS 14 and higher shortly after the release of iOS/iPad 16. For related information, see [Supported operating systems and browsers in Intune](../fundamentals/supported-devices-browsers.md).
 
@@ -103,137 +86,6 @@ With Apple's expected release of macOS 13 Ventura later this year, Microsoft Int
 
 ## Device configuration
 
-### iOS/iPadOS settings catalog will support declarative device management<!-- 15016105 -->
-On iOS/iPadOS 15+ devices enrolled using [User Enrollment](../enrollment/ios-user-enrollment.md), the settings catalog will be able use Apple’s declarative device management (DDM) when configuring settings.
-
-- No action is required to use DDM. The feature will be built into the settings catalog.
-- There is no impact to existing policies in the settings catalog.
-- iOS/iPadOS devices that aren't enabled for DDM will continue to use Apple’s standard MDM protocol.
-
-For more information, go to:
-- [Meet declarative device management](https://aka.ms/DDM2021) (opens Apple's web site)
-- [Microsoft simplifies Endpoint Manager enrollment for Apple updates](https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-simplifies-endpoint-manager-enrollment-for-apple/ba-p/3570319)
-- [Use the settings catalog to configure settings on Windows, iOS/iPadOS and macOS devices](../configuration/settings-catalog.md)
-
-Applies to:
--  iOS/iPadOS 15 or later devices enrolled using Apple User Enrollment
-
-### New macOS settings available in the Settings Catalog <!-- 15020250 -->
-The [Settings Catalog](../configuration/settings-catalog.md) lists all the settings you can configure in a device policy, and all in one place. There are new settings are available in the Settings Catalog (**Devices** > **Configuration profiles** > **Create profile** > **macOS** for platform > **Settings catalog** for profile type).
-
-New settings include:
-
-**Microsoft Auto Update**:
-
-- Current Channel
-- Number of minutes for the final countdown timer
-
-**Restrictions**:
-
-- Allow Universal Control
-
-The following settings are also in Settings Catalog. Previously, they were only available in Templates:
-
-**Authentication > Extensible Single Sign On**:
-
-- Extension Data
-- Extension Identifier
-- Hosts
-- Realm
-- Screen Locked Behavior
-- Team Identifier
-- Type
-- URLs
-
-**Authentication > Extensible Single Sign On > Extensible Single Sign On Kerberos**:
-
-- Extension Data
-- Allow Automatic Login
-- Allow Password Change
-- Credential Bundle ID ACL
-- Credential Use Mode
-- Custom Username Label
-- Delay User Setup
-- Domain Realm Mapping
-- Help Text
-- Include Kerberos Apps In Bundle ID ACL
-- Include Managed Apps In Bundle ID ACL
-- Is Default Realm
-- Monitor Credentials Cache
-- Perform Kerberos Only
-- Preferred KDCs
-- Principal Name
-- Password Change URL
-- Password Notification Days
-- Password Req Complexity
-- Password Req History
-- Password Req Length
-- Password Req Min Age
-- Password Req Text
-- Require TLS For LDAP
-- Require User Presence
-- Site Code
-- Sync Local Password
-- Use Site Auto Discovery
-- Extension Identifier
-- Hosts
-- Realm
-- Team Identifier
-- Type
-
-For more information about configuring Settings catalog profiles in Intune, see [Create a policy using settings catalog](../configuration/settings-catalog.md).
-
-Applies to:
-- macOS
-
-### New iOS/iPadOS settings in the Settings Catalog<!-- 15020319 -->
-The [Settings Catalog](../configuration/settings-catalog.md) lists all the settings you can configure in a device policy, and all in one place. There are new iOS/iPadOS settings available in the Settings Catalog (**Devices** > **Configuration profiles** > **Create profile** > **iOS/iPadOS** for platform > **Settings catalog** for profile type). Previously, these settings were only available in Templates:
-
-**Authentication > Extensible Single Sign On**:
-
-- Extension Data
-- Extension Identifier
-- Hosts
-- Realm
-- Screen Locked Behavior
-- Team Identifier
-- Type
-- URLs
-
-**Authentication > Extensible Single Sign On > Extensible Single Sign On Kerberos**:
-
-- Extension Data
-- Allow Automatic Login
-- Credential Bundle ID ACL
-- Domain Realm Mapping
-- Help Text
-- Include Managed Apps In Bundle ID ACL
-- Is Default Realm
-- Preferred KDCs
-- Principal Name
-- Require User Presence
-- Site Code
-- Use Site Auto Discovery
-- Extension Identifier
-- Hosts
-- Realm
-- Team Identifier
-- Type
-
-**System Configuration > Lock Screen Message**:
-- Asset Tag Information
-- Lock Screen Footnote
-
-For more information about configuring Settings catalog profiles in Intune, see [Create a policy using settings catalog](../configuration/settings-catalog.md).
-
-Applies to:
-- iOS/iPadOS
-
-### SCEP certificate profile support for Android (ASOP) devices<!-- 8506336 -->
-To expand our support for the Android Open Source Project (AOSP) platform, you’ll soon be able to deploy Simple Certificate Enrollment Protocol (SCEP) certificate profiles to corporate-owned and userless devices. In Intune, you can find this functionality in **Devices** > **Configuration profiles** > **Create profile** > **Android (AOSP)**.
-
-This expands on the [certificate profile support](../fundamentals/whats-new.md#certificate-profiles-support-for-android-asop-devices) that was added in June of 2022.
-
 ### Filter on the user scope or device scope in the Settings Catalog for Windows devices<!-- 13949975 -->
 When you create a Settings Catalog policy, you can use **Add settings** > **Add filter** to filter settings based on the Windows OS edition (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Settings Catalog (preview)** for profile type).
 
@@ -245,17 +97,6 @@ Applies to:
 - Windows 10
 - Windows 11
 
-### Import custom ADMX and ADML administrative templates to create a device configuration profile<!-- 4970862 -->
-You can create a device configuration policy that uses built-in ADMX templates (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **Administrative templates**).
-
-You'll be able to import custom and 3rd party/partner ADMX and ADML templates into the Endpoint Manager admin center. Once imported, you can create a device configuration policy, assign the policy to your devices, and manage the settings in the policy.
-
-For information on the built-in ADMX templates, see [Use Windows 10/11 templates to configure group policy settings in Microsoft Intune](../configuration/administrative-templates-windows.md).
-
-Applies to:
-- Windows 11
-- Windows 10
-
 <!-- ***********************************************-->
 
 ## Device security
@@ -277,13 +118,6 @@ Reusable groups will be configured on a new Tab for *Reusable settings* that wil
 
 <!-- ***********************************************-->
 
-## Device enrollment
-
-### Configure zero-touch enrollment in the admin center<!-- 1872357 -->
-Configure zero-touch enrollment seamlessly from the admin center. This feature will let you link your zero-touch account to Intune, add support information, configure zero-touch enabled devices with Android Device Policy, and customize provisioning extras.  
-
-<!-- ***********************************************-->
-
 ## Monitor and troubleshoot
 
 ### Open Help and Support without losing your context in the Microsoft Endpoint Manager admin center<!-- 12469338 -->
diff --git a/memdocs/intune/remote-actions/devices-wipe.md b/memdocs/intune/remote-actions/devices-wipe.md
@@ -50,7 +50,7 @@ The **Retain enrollment state and user account** option is only available for Wi
 
 MDM policies will be reapplied the next time the device connects to Intune.
 
-A wipe is useful for resetting a device before you give the device to a new user, or when the device has been lost or stolen. Be careful about selecting **Wipe**. Data on the device cannot be recovered. This level of device wipe follows a standard file delete process, rather than a low-level delete.
+A wipe is useful for resetting a device before you give the device to a new user, or when the device has been lost or stolen. Be careful about selecting **Wipe**. Data on the device cannot be recovered. The method that "Wipe" uses to remove data is simple file deletion, and the drive is BitLocker decrypted as part of this process. 
 
 ### Wiping a device
 
