Merge pull request #7078 from MicrosoftDocs/main

3/21 OOB publish for Intune 2203

Author: aczechowski

memdocs/configmgr/tenant-attach/atp-onboard.md

@@ -1,8 +1,8 @@
 ---
-title: Tenant attach - Onboard Configuration Manager clients to Microsoft Defender for Endpoint from the Microsoft Endpoint Manager admin center (preview)
+title: Tenant attach - Onboard Configuration Manager clients to Microsoft Defender for Endpoint from the Microsoft Endpoint Manager admin center
 titleSuffix: Configuration Manager
 description: "Deploy Microsoft Defender for Endpoint Detection and Response (EDR) onboarding policies to Configuration Manager managed clients from the admin center."
-ms.date: 09/27/2021
+ms.date: 03/21/2022
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-core
@@ -12,13 +12,10 @@ ms.author: mstewart
 ms.localizationpriority: high
 ---
 
-# <a name="bkmk_atp"></a> Tenant attach: Onboard Configuration Manager clients to Microsoft Defender for Endpoint from the admin center (preview)
+# <a name="bkmk_atp"></a> Tenant attach: Onboard Configuration Manager clients to Microsoft Defender for Endpoint from the admin center
 <!--5691658-->
 *Applies to: Configuration Manager (current branch)*
 
-> [!Important]
-> This information relates to a preview feature which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune into a single console called **Microsoft Endpoint Manager admin center**. You can deploy Microsoft Defender for Endpoint onboarding policies to Configuration Manager managed clients. These clients don't require Azure AD or MDM enrollment, and the policy is targeted at ConfigMgr collections rather than Azure AD Groups.
 
 <!--Adding Include for Prerequisites-->

memdocs/configmgr/tenant-attach/deploy-antivirus-policy.md

@@ -1,8 +1,8 @@
 ---
-title: Tenant attach - Create and deploy Antivirus policies from the admin center (preview)
+title: Tenant attach - Create and deploy Antivirus policies from the admin center
 titleSuffix: Configuration Manager
 description: "Create and deploy Antivirus policies from the Microsoft Endpoint Manager console and for Configuration Manager collections."
-ms.date: 09/27/2021
+ms.date: 03/21/2022
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-core
@@ -12,14 +12,11 @@ ms.author: mstewart
 ms.localizationpriority: high
 ---
 
-# <a name="bkmk_atp"></a> Tenant attach: Create and deploy Antivirus policies from the admin center (preview)
+# <a name="bkmk_atp"></a> Tenant attach: Create and deploy Antivirus policies from the admin center
 <!--5691658-->
 *Applies to: Configuration Manager (current branch)*
 
-> [!Important]
-> This information relates to a preview feature which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
- Create Microsoft Defender antivirus policies in the Microsoft Endpoint Manager console and deploy them to Configuration Manager collections.
+Create Microsoft Defender antivirus policies in the Microsoft Endpoint Manager console and deploy them to Configuration Manager collections.
 
 <!--Adding Include for Prerequisites-->
 
@@ -31,13 +28,16 @@ ms.localizationpriority: high
 1. Select **Endpoint security** then **Antivirus**.
 1. Select **Create Policy**.
 1. For the **Platform**, select **Windows 10, Windows 11, and Windows Server (ConfigMgr)**.
-1. For the **Profile**, select **Microsoft Defender Antivirus (Preview)** then **Create**.
+1. For the **Profile**, select **Microsoft Defender Antivirus** then **Create**.
 1. Assign a **Name** and optionally a **Description** on the **Basics** page.
 1. On the **Configuration settings** page, configure the settings you want to manage with this profile. When your done configuring settings, select **Next**. For more information about available policies, see [Antivirus policy settings for tenant attached devices](../../intune/protect/antivirus-microsoft-defender-settings-windows-tenant-attach.md?toc=/mem/configmgr/tenant-attach/toc.json&bc=/mem/configmgr/tenant-attach/breadcrumb/toc.json).
 1. Assign the policy to a Configuration Manager collection on the **Assignments** page.
 
 ## <a name="bkmk_security"></a> Assign Windows Security experience policy to a collection
 
+> [!Important]
+> This information relates to a preview feature which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 1. In a browser, go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
 1. Select **Endpoint security** then **Antivirus**.
 1. Select **Create Policy**.

memdocs/configmgr/tenant-attach/endpoint-security-get-started.md

@@ -2,7 +2,7 @@
 title: Get started - Create and deploy endpoint security policies from the admin center (preview)
 titleSuffix: Configuration Manager
 description: Create and deploy endpoint security policies from the Microsoft Endpoint Manager console and for Configuration Manager collections.
-ms.date: 05/18/2021
+ms.date: 03/21/2022
 ms.topic: conceptual
 ms.prod: configuration-manager
 ms.technology: configmgr-core
@@ -12,13 +12,10 @@ ms.author: mstewart
 ms.localizationpriority: high
 ---
 
-# <a name="bkmk_atp"></a> Get started: Create and deploy endpoint security policies from the admin center (preview)
+# <a name="bkmk_atp"></a> Get started: Create and deploy endpoint security policies from the admin center
 <!--5691658-->
 *Applies to: Configuration Manager (current branch)*
 
-> [!Important]
-> This information relates to a preview feature which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune into a single console called **Microsoft Endpoint Manager admin center**.
 
 <!--Adding Include for Prerequisites-->

memdocs/configmgr/tenant-attach/includes/configmgr-endpoint-security-profiles.md

@@ -13,7 +13,7 @@ The following profiles are supported for devices you manage with Configuration M
 
 - Platform: **Windows 10, Windows 11, and Windows Server (ConfigMgr)**
 
-  - Profile: **Microsoft Defender Antivirus Policy (preview)** - Manage [Antivirus policy settings for Configuration Manager devices](../../../intune/protect/antivirus-microsoft-defender-settings-windows-tenant-attach.md?toc=/mem/configmgr/tenant-attach/toc.json&bc=/mem/configmgr/tenant-attach/breadcrumb/toc.json), when you use tenant attach.
+  - Profile: **Microsoft Defender Antivirus Policy** - Manage [Antivirus policy settings for Configuration Manager devices](../../../intune/protect/antivirus-microsoft-defender-settings-windows-tenant-attach.md?toc=/mem/configmgr/tenant-attach/toc.json&bc=/mem/configmgr/tenant-attach/breadcrumb/toc.json), when you use tenant attach.
 
     This profile is supported with devices that are tenant attached and run the following platforms:
     - Windows 10 and later (x86, x64, ARM64)

memdocs/intune/apps/company-portal-app.md

@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/08/2021
+ms.date: 03/10/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -136,6 +136,8 @@ The following table provides privacy-specific configuration details:
 | Privacy message about what support can't see or do (iOS/iPadOS) | 520 | Keep the default message or customize the message to list the items that your organization can't see on managed iOS/iPadOS devices. You can use markdown to add bullets, bolding, italics, and links.  |
 | Privacy message about what support can see or do (iOS/iPadOS) | 520 | Keep the default message or customize the message to list the items that your organization can see on managed iOS/iPadOS devices. You can use markdown to add bullets, bolding, italics, and links.  |
 
+For related information, see [Configure feedback settings for Company Portal and Microsoft Intune apps](../apps/company-portal-app.md#configure-feedback-settings-for-company-portal-and-microsoft-intune-apps).
+
 ### Device ownership notification
 
 The following table provides notification-specific configuration details:
@@ -302,6 +304,31 @@ Notifications from the iOS/iPadOS Company Portal app are now delivered to device
 
 For more information about notifications, see [Receive a custom notification](../remote-actions/custom-notifications.md#receive-a-custom-notification).
 
+## Configure feedback settings for Company Portal and Microsoft Intune apps
+
+There are a number of M365 enterprise policies which affect whether feedback must be enabled or disabled for currently logged users. These policies are available via the [Microsoft 365 Apps admin center](https://config.office.com/). In relation to Microsoft Intune, these policies affect feedback and surveys for the Intune Company Portal app and Microsoft Intune app.
+
+M365 feedback policies include the following policies:
+
+| Policy   Name | Default State | Policy Summary |
+|---|---|---|
+| Allow the use of connected experiences in Office | Enabled | Controls whether clients can use the suite of connected experiences, including feedback. |
+| Allow users to submit feedback to Microsoft | Enabled | Controls the feedback entry points across applications. |
+| Allow users to receive and respond to in-product surveys from Microsoft | Enabled | Controls the survey prompts within the product. |
+| Allow users to include screenshots and attachments when they submit feedback to Microsoft | Disabled | Controls the metadata the user can decide to submit with the feedback and survey. |
+| Allow Microsoft to follow up on feedback submitted by users | Disabled | Controls whether the user can share contact info with the feedback and survey. |
+| Allow users to include log files and content samples when feedback is submitted to Microsoft | Disabled | Controls the metadata the user can decide to submit with the feedback and survey. |
+
+To configure feedback policy settings:
+
+1. Go to [Microsoft 365 Apps admin center](https://config.office.com/) and login.
+2. Select **Customization** > **Policy Management** > **Create**.
+3. Enter **name** and **description**.
+4. Choose the type of user that this policy will apply.
+5. Choose the group for your tenant that this policy will apply.
+6. Search for **Feedback** and **Survey** to find and select the policies.
+7. For each policy listed, set the value to either **Enabled** or **Disabled**.
+
 ## Next steps
 
 - [Configure your organization's logo and brand color for new tab pages in Microsoft Edge for iOS and Android](manage-microsoft-edge.md#organization-logo-and-brand-color)

memdocs/intune/apps/lob-apps-macos.md

@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 12/16/2021
+ms.date: 03/11/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -39,6 +39,8 @@ ms.collection:
 Use the information in this article to help you add macOS line-of-business apps to Microsoft Intune. You must download an external tool to pre-process your *.pkg* files before you can upload your line-of-business file to Microsoft Intune. The pre-processing of your *.pkg* files must take place on a macOS device.
 
 > [!NOTE]
+> Uploading *.pkg* files in the **Add app** pane is in public preview.
+>
 > Starting with the release of macOS Catalina 10.15, prior to adding your apps to Intune, check to make sure your macOS LOB apps are notarized. If the developers of your LOB apps did not notarize their apps, the apps will fail to run on your users' macOS devices. For more information about how to check if an app is notarized, visit [Notarize your macOS apps to prepare for macOS Catalina](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Notarizing-your-macOS-apps-to-prepare-for-macOS/ba-p/808579).
 > 
 > macOS LOB apps have a maximum size limit of 2 GB per app.
@@ -47,6 +49,9 @@ Use the information in this article to help you add macOS line-of-business apps
 
 ## Before your start
 
+> [!NOTE]
+> Using the Intune App Wrapping Tool for Mac is not required when uploading *.pkg* files. Uploading *.pkg* files in the **Add app** pane is in public preview.
+
 You must download an external tool, mark the downloaded tool as an executable, and pre-process your *.pkg* files with the tool before you can upload your line-of-business file to Microsoft Intune. The pre-processing of your *.pkg* files must take place on a macOS device. Use the Intune App Wrapping Tool for Mac to enable Mac apps to be managed by Microsoft Intune.
 
 > [!IMPORTANT]
@@ -87,10 +92,15 @@ You must download an external tool, mark the downloaded tool as an executable, a
 
 ## Step 1 - App information
 
+> [!NOTE]
+> Uploading *.pkg* files in the **Add app** pane is in public preview.
+>
+> The **minimum operating system** for uploading a *.pkg* file is macOS 10.14. Upload a *.intunemac* file to select an older minimum operating system.
+
 ### Select the app package file
 
 1. In the **Add app** pane, click **Select app package file**. 
-2. In the **App package file** pane, select the browse button. Then, select an macOS installation file with the extension *.intunemac*.
+2. In the **App package file** pane, select the browse button. Then, select an macOS installation file with the extension *.intunemac* or *.pkg*.
    The app details will be displayed.
 3. When you're finished, select **OK** on the **App package file** pane to add the app.
 
@@ -103,7 +113,7 @@ You must download an external tool, mark the downloaded tool as an executable, a
     - **Minimum Operating System**: From the list, choose the minimum operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it will not be installed.
     - **Ignore app version**: Select **Yes** to install the app if the app is not already installed on the device. Select **No** to only install the app when it is not already installed on the device, or if the deploying app's version number does not match the version that's already installed on the device.
     - **Install as managed**: Select **Yes** to install the Mac LOB app as a managed app on  supported devices (macOS 11 and higher). A macOS LOB app can only be installed as managed when the app distributable contains a single app without any nested packages and installs to the */Applications* directory. Managed line-of-business apps will be able to be removed using the **uninstall** assignment type on supported devices (macOS 11 and higher). In addition, removing the MDM profile removes all managed apps from the device. The default value is **No**.
-    - **Included apps**: Review and edit the apps that are contained in the uploaded file. Included app bundle IDs and build numbers are used for detecting and monitoring app installation status of the uploaded file. Included apps list should only contain the application(s) installed by the uploaded file in **Applications** folder on Macs. Any other type of file that is not an application or an application that is not installed to **Applications** folder should be removed from the **Included apps** list. If **Included apps** list contains files that are not applications or if all the listed apps are not installed, app installation status does not report success.<br>Mac Terminal can be used to lookup and confirm the included app details of an installed app.<br>For example, to look up the bundle ID and build number of Company Portal, run the following:<br>    *defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleIdentifier*<br>Then, run the following:<br>    *defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleVersion*
+    - **Included apps**: Review and edit the apps that are contained in the uploaded file. Included app bundle IDs and build numbers are used for detecting and monitoring app installation status of the uploaded file. The app listed first is used as the primary app in app reporting. <br>Included apps list should only contain the application(s) installed by the uploaded file in **Applications** folder on Macs. Any other type of file that is not an application or an application that is not installed to **Applications** folder should be removed from the **Included apps** list. If **Included apps** list contains files that are not applications or if all the listed apps are not installed, app installation status does not report success.<br>Mac Terminal can be used to look up and confirm the included app details of an installed app.<br>For example, to look up the bundle ID and build number of Company Portal, run the following:<br> *defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleIdentifier*<br>Then, run the following:<br> *defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleShortVersionString*
     - **Category**: Select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the company portal.
     - **Show this as a featured app in the Company Portal**: Display the app prominently on the main page of the company portal when users browse for apps.
     - **Information URL**: Optionally, enter the URL of a website that contains information about this app. The URL appears in the company portal.
@@ -146,8 +156,9 @@ The app you have created appears in the apps list where you can assign it to the
 
 [!INCLUDE [shared-proc-lob-updateapp](../includes/shared-proc-lob-updateapp.md)]
 
-> [!NOTE]
-> For the Intune service to successfully deploy a new *.pkg* file to the device you must increment the package `version` and `CFBundleVersion` string in the *packageinfo* file in your *.pkg* package.
+To update a line-of-business app deployed as a *.intunemac* file, you must increment the package `version` and `CFBundleVersion` string in the *packageinfo* file in your *.pkg* file.
+
+To update a line-of-business app deployed as a *.pkg* file, you must increment the `CFBundleShortVersionString` of the *.pkg* file.
 
 ## Next steps