MicrosoftDocs
diff --git a/‎memdocs/configmgr/core/clients/manage/remote-control/prerequisites-for-remote-control.md‎
Lines changed: 0 additions & 2 deletions b/‎memdocs/configmgr/core/clients/manage/remote-control/prerequisites-for-remote-control.md‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎memdocs/configmgr/develop/core/understand/sqlviews/software-updates-views-configuration-manager.md‎
Lines changed: 3 additions & 0 deletions b/‎memdocs/configmgr/develop/core/understand/sqlviews/software-updates-views-configuration-manager.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎memdocs/configmgr/develop/core/understand/sqlviews/status-alert-views-configuration-manager.md‎
Lines changed: 3 additions & 0 deletions b/‎memdocs/configmgr/develop/core/understand/sqlviews/status-alert-views-configuration-manager.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎memdocs/endpoint-manager-getting-started.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/endpoint-manager-getting-started.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎memdocs/intune/apps/app-management.md‎
Lines changed: 4 additions & 4 deletions b/‎memdocs/intune/apps/app-management.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎memdocs/intune/apps/app-protection-policy.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/intune/apps/app-protection-policy.md‎
Lines changed: 2 additions & 2 deletions
@@ -55,8 +55,6 @@ Before you can run reports for remote control, install the reporting services po
 
 - Permitted viewers must be given permission to use remote control by adding these users to the **Permitted viewers of Remote Control and Remote Assistance** list in the **Remote Tools** client settings.
 
-- If the user account that you use for remote control is joined to Azure Active Directory (Azure AD), you may need to set a group policy setting on the client to be remote-controlled. In the policy path **Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options**, enable the following policy: **Network security: Allow PKU2U authentication requests to this computer to use online identities**. Also add the Azure AD user account to the local **Remote Desktop Users** group on the client.
-
 For more information, see [Configure role-based administration](../../../servers/deploy/configure/configure-role-based-administration.md).
 
 ### Remote clients
 
@@ -138,6 +138,9 @@ The view can be joined to other views by using the **CI_ID**, **AssignmentID**,
 Lists all software updates, by **CI_ID**, in software update deployments, listed by assignment ID, and summarized state reported by targeted clients. The view includes the target collection ID and name; the time of the last summarization; the total number of client computers targeted; the count of client computers reporting unknown, not applicable, missing (required), and present (already installed) states; the number of clients that have installed the software update or failed to install the update; and so on.
 The view can be joined to other views by using the **CI_ID**, **AssignmentID**, and **CollectionID** columns.
 
+> [!NOTE]
+> This view has been deprecated, no longer generates summary data, and may be removed in the future.
+
 ### v_UpdateEnforcementSummaryPerCollection
 
 Lists the summary state for all software updates that have been deployed. The view provides the software update, by **CI_ID**, target collection, collection name, and summarized enforcement state reported by clients in the collection.
 
@@ -341,6 +341,9 @@ The view can be joined to other views by using the **CI_ID**, **AssignmentID**,
 Lists all software updates, by **CI_ID**, in software update deployments, listed by **AssignmentID**, and summarized state reported by targeted clients. The view includes the target collection ID and name; the time of the last summarization; the total number of client computers targeted; the count of client computers reporting unknown, not applicable, missing (required), and present (already installed) states; the number of clients that have installed the software update and failed to install the update; and so on. The view is also listed and described in the [Software Updates Views in Configuration Manager](software-updates-views-configuration-manager.md) topic.
 The view can be joined to other views by using the **CI_ID**, **AssignmentID**, and **CollectionID** columns.
 
+> [!NOTE]
+> This view has been deprecated, no longer generates summary data, and may be removed in the future.
+
 ### v_UpdateEnforcementSummaryPerCollection
 
 Lists the summary state for all software updates that have been deployed. The view provides the software update, by **CI_ID**, target collection, collection name, and summarized enforcement state reported by clients in the collection. The view is also listed and described in the [Software Updates Views in Configuration Manager](software-updates-views-configuration-manager.md) topic.
 
@@ -139,7 +139,7 @@ The following articles will help you understand how to create and monitor compli
 
 ## Intune app protection policies
 
-Intune app protection policies (APP) allow you to protect organizational data within an application. Together with app configuration capabilities, you can implement mobile application management (MAM) in Intune to help protect sensitive data that is accessed from both managed and unmanaged devices. With MAM without enrollment (MAM-WE), you can use Intune to manage work or school-related apps, including productivity apps such as the Microsoft Office apps, on almost any [device](./intune/apps/app-management.md#app-management-capabilities-by-platform), including personal devices in bring-your-own-device (BYOD) scenarios. See the official list of [Microsoft Intune protected apps](./intune/apps/apps-supported-intune-apps.md) available for public use.
+Intune app protection policies (APP) allow you to protect organizational data within an application. Together with app configuration capabilities, you can implement mobile application management (MAM) in Intune to help protect sensitive data that is accessed from managed applications. See the official list of [Microsoft Intune protected apps](./intune/apps/apps-supported-intune-apps.md) available for public use.
 
 To get an overview of app protection policies and how they work, check out the following articles:
 
@@ -218,4 +218,4 @@ For additional information about Microsoft Endpoint Manager, see the following d
 - [Microsoft Intune overview](./intune/fundamentals/what-is-intune.md)
 - [Device management overview](./intune/fundamentals/what-is-device-management.md)
 - [Tutorial: Walkthrough Intune in Microsoft Endpoint Manager](./intune/fundamentals/tutorial-walkthrough-endpoint-manager.md)
-- [High-level architecture for Microsoft Intune](./intune/fundamentals/high-level-architecture.md)
+- [High-level architecture for Microsoft Intune](./intune/fundamentals/high-level-architecture.md)
@@ -1,8 +1,8 @@
 ---
 # required metadata
 
-title: App protection policies and Android Enterprise personally-owned work profiles in Microsoft Intune
-description: See the differences and pros and cons when deciding to use app protection policies or Android Enterprise personally-owned work profiles for personal or BYOD Android Enterprise devices in Microsoft Intune. Compare the differences and features you get with app protection policies without enrollment (APP-WE) and Android Enterprise personally-owned work profiles.
+title: Mobile Application Management (MAM) and Android Enterprise personally-owned work profiles in Microsoft Intune
+description: See the available features when deciding to use Mobile Application Management (MAM) and/or Android Enterprise personally-owned work profiles for personal or BYOD Android devices in Microsoft Intune.
 keywords:
 
 author: Erikre
 
@@ -45,12 +45,12 @@ Additionally, you might want to assign and manage apps on devices that are not e
 
 [Intune mobile application management](app-lifecycle.md) refers to the suite of Intune management features that lets you publish, push, configure, secure, monitor, and update mobile apps for your users.
 
-MAM allows you to manage and protects your organization's data within an application. With **MAM without enrollment** (MAM-WE), a work or school-related app that contains sensitive data can be managed on almost any [device](app-management.md#app-management-capabilities-by-platform), including personal devices in **bring-your-own-device** (BYOD) scenarios. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
+MAM allows you to manage and protect your organization's data within an application. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
 
 Intune MAM supports two configurations:
 
-- **Intune MDM + MAM**: IT administrators can only manage apps using MAM and app protection policies on devices that are enrolled with Intune mobile device management (MDM). To manage apps using MDM + MAM, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-- **MAM without device enrollment**: MAM without device enrollment, or MAM-WE, allows IT administrators to manage apps using MAM and app protection policies on devices not enrolled with Intune MDM. This means apps can be managed by Intune on devices enrolled with third-party EMM providers. To manage apps using MAM-WE, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Also, apps can be managed by Intune on devices enrolled with third-party Enterprise Mobility Management (EMM) providers or not enrolled with an MDM at all. For more information about BYOD and Microsoft's EMS, see [Technology decisions for enabling BYOD with Microsoft Enterprise Mobility + Security (EMS)](../fundamentals/byod-technology-decisions.md).
+- **Intune MDM + MAM**: IT administrators can manage apps using MAM on devices that are enrolled with Intune mobile device management (MDM). To manage apps using MDM + MAM, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+- **Unenrolled devices with MAM managed applications**: IT administrators can manage org data and accounts in apps using MAM on unenrolled devices or devices enrolled with third-party EMM providers. To manage apps using MAM, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). For more information about BYOD and Microsoft's EMS, see [Technology decisions for enabling BYOD with Microsoft Enterprise Mobility + Security (EMS)](../fundamentals/byod-technology-decisions.md).
 
 ## App management capabilities by platform
 
@@ -138,4 +138,4 @@ For more information about apps, see [Add apps to Microsoft Intune](../apps/apps
 
 ## Next steps
 
-- [Add an app to Microsoft Intune](apps-add.md)
+- [Add an app to Microsoft Intune](apps-add.md)
@@ -37,7 +37,7 @@ ms.collection:
 
 App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app is an app that has app protection policies applied to it, and can be managed by Intune.
 
-Mobile Application Management (MAM) app protection policies allows you to manage and protect your organization's data within an application. With **MAM without enrollment** (MAM-WE), a work or school-related app that contains sensitive data can be managed on almost any [device](app-management.md#app-management-capabilities-by-platform), including personal devices in **bring-your-own-device** (BYOD) scenarios. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
+Mobile Application Management (MAM) app protection policies allows you to manage and protect your organization's data within an application. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
 
 ## How you can protect app data
 Your employees use mobile devices for both personal and work tasks. While making sure your employees can be productive, you want to prevent data loss, intentional and unintentional. You'll also want to protect company data that is accessed from devices that are not managed by you.
@@ -372,7 +372,7 @@ The Teams app on [Microsoft Teams Android devices](https://www.microsoft.com/mic
 For Android devices that support biometric authentication, you can allow end users to use fingerprint or Face Unlock, depending on what their Android device supports. You can configure whether all biometric types beyond fingerprint can be used to authenticate. Note that fingerprint and Face Unlock are only available for devices manufactured to support these biometric types and are running the correct version of Android. Android 6 and higher is required for fingerprint, and Android 10 and higher is required for Face Unlock.
 
 ### Company Portal app and Intune app protection
-Much of app protection functionality is built into the Company Portal app. Device enrollment is _not required_ even though the Company Portal app is always required. For mobile application management without enrollment (MAM-WE), the end user just needs to have the Company Portal app installed on the device.
+Much of app protection functionality is built into the Company Portal app. Device enrollment is _not required_ even though the Company Portal app is always required. For Mobile Application Management (MAM), the end user just needs to have the Company Portal app installed on the device.
 
 ### Multiple Intune app protection access settings for same set of apps and users
 Intune app protection policies for access will be applied in a specific order on end-user devices as they try to access a targeted app from their corporate account. In general, a block would take precedence, then a dismissible warning. For example, if applicable to the specific user/app, a minimum Android patch version setting that warns a user to take a patch upgrade will be applied after the minimum Android patch version setting that blocks the user from access. So, in the scenario where the IT admin configures the min Android patch version to 2018-03-01 and the min Android patch version (Warning only) to 2018-02-01, while the device trying to access the app was on a patch version 2018-01-01, the end user would be blocked based on the more restrictive setting for min Android patch version that results in blocked access.