Merge pull request #6346 from MicrosoftDocs/main

12/9/2021 AM Publish

Author: Taojunshen

memdocs/autopilot/known-issues.md

@@ -12,7 +12,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.reviewer: jubaptis
 manager: dougeby
-ms.date: 10/05/2021
+ms.date: 12/08/2021
 ms.collection: M365-modern-desktop
 ms.topic: troubleshooting
 ---

memdocs/autopilot/policy-conflicts.md

@@ -13,7 +13,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.reviewer: jubaptis
 manager: dougeby
-ms.date: 8/31/2021
+ms.date: 12/08/2021
 ms.collection: M365-modern-desktop
 ms.topic: troubleshooting
 ---
@@ -36,7 +36,7 @@ Some policy settings can cause issues in some Windows Autopilot scenarios. These
 |-------|---------------|
 | [AppLocker CSP](/windows/client-management/mdm/applocker-csp) | The AppLocker CSP is not supported in the Enrollment Status Page as it triggers a reboot when a policy is applied or a deletion occurs. |
 |Device restriction / [Password Policy](/windows/client-management/mdm/devicelock-csp) | The out-of-box experience (OOBE) or user desktop autologon can fail when a device reboots during the device Enrollment Status Page (ESP). This failure can occur when certain [DeviceLock policies](/windows/client-management/mdm/policy-csp-devicelock) are applied to a device. Such policies can include:<ul><li>Minimum password length and password complexity</li><li>Any similar group policy settings (including any that disable autologon)</li></ul>This possible failure is especially true for kiosk scenarios where passwords are automatically generated. |
-| Windows Security Baseline / [Administrator elevation prompt behavior](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions)<br><br>Windows Security Baseline / [Require admin approval mode for administrators](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions) | More prompts may appear when modifying user account control (UAC) settings during the OOBE using the device Enrollment Status Page (ESP). Increased prompts are more likely if the device reboots after policies are applied. To work around this issue, the policies can be targeted to users instead of devices so that they apply later in the process. |
+| Windows Security Baseline / [Administrator elevation prompt behavior](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions)<br><br>Windows Security Baseline / [Require admin approval mode for administrators](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions)<br><br>Windows Security Baseline / [Enable virtualization based security](/windows/client-management/mdm/policy-csp-deviceguard) | These policies require a reboot, as a result more prompts may appear when modifying user account control (UAC) settings during the OOBE using the device Enrollment Status Page (ESP). Increased prompts are more likely if the device reboots after policies are applied. To work around this issue, the policies can be targeted to users instead of devices so that they apply later in the process. |
 | Device restrictions / Cloud and Storage / [Microsoft Account sign-in assistant](../intune/configuration/device-restrictions-windows-10.md#cloud-and-storage) | Setting this policy to "disabled" will disable the Microsoft Sign-in Assistant service (wlidsvc). This service is required by Windows Autopilot to obtain the Windows Autopilot profile. |
 | Registry keys that affect Windows Autopilot for [pre-provisioned deployment](pre-provision.md)<br><br>**Registry path**:<br>`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Automatic logon` | **Registry key**:<br>If the [AutoAdminLogon](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon) registry key is set to `0` (disabled), this breaks Windows Autopilot pre-provisioning. |
 | [MDM wins over Group Policy](/windows/client-management/mdm/policy-csp-controlpolicyconflict) | This policy allows the IT admin to control which policy will be used when both the MDM policy and its equivalent Group Policy (GP) are set on the device. |

memdocs/intune/apps/app-configuration-managed-home-screen-app.md

@@ -120,6 +120,7 @@ The following table lists the Managed Home Screen available configuration keys,
 |-|-|-|-|-|
 | Exit lock task mode password | string |   | Enter a 4-6-digit code to use to temporarily drop   out of lock-task mode for troubleshooting. | ✔️ |
 | Enable easy access debug menu | bool | FALSE | Turn this setting to True to access the   debug menu from the Managed Settings app or from swipe-down while in Managed   Home Screen. The debug menu is currently where the capability to exit kiosk   mode lives, and is accessed by clicking the back button about 15 times. Keep   this setting set to False to keep the entry point to debug menu   only accessible via the back button. | ✔️ |
+| Show device's name on MHS | bool | FALSE | Turn this setting to True to easily view the device's Intune portal "device name" property from the Managed Settings app or from swipe-down while in Managed Home Screen. When using app config, make sure to also include the string property "Device's name," which is auto-populated by Intune with the correct value. | ❌ |
 | Enable MAX inactive time outside   of MHS | bool | FALSE | Turn this setting to True to automatically   re-launch Managed Home Screen after a set period of inactivity. The timer   will only count inactive time and, when configured, will reset each time the   user interacts with the device while outside of Managed Home Screen. Use   **MAX inactive time outside MHS** to set the inactivity timer. By default,   this setting is off. This setting can only be used if **Exit lock task mode   password** has been configured.  | ❌ |
 | MAX inactive time outside MHS | integer | 180 | Set the maximum amount of inactive time, in   seconds, that a user can spend outside of Managed Home Screen before it is   automatically re-launched. By default, this configuration is set to 180   seconds. **Enable MAX inactive time outside of MHS** must be set to true to   use this setting. | ❌ |
 | Enable MAX time outside MHS | bool | FALSE | Turn this setting to True to automatically   re-launch Managed Home Screen after a set period of time has passed. The   timer will factor in both inactive and active time spent outside of Managed   Home Screen. Use **MAX time outside MHS** to set the inactivity timer. By   default, this setting is off. This setting can only be used if **Exit lock   task mode password** has been configured. | ❌ |
@@ -135,7 +136,9 @@ The following table lists the Managed Home Screen available configuration keys,
 |     Enable show organization logo on sign in   page    |     bool    |     TRUE    |     Turn this setting to True to use a company   logo that will appear on the sign-in screen and the Session PIN screen. This   setting is used with **Organization logo on sign in page** and   can only be used if **Enable sign in** has been set to True.      |     ✔️          |
 |     Organization logo on sign in page    |     string    |          |     Allows you to brand your device with a logo   of your choice on the Managed Home Screen sign-in screen and Session PIN   screen. To use this setting, enter the URL of the image that you want set for   the logo. This setting can only be used if **Enable show organization logo on   sign in page** and **Enable sign in** have been set to True.     |     ✔️          |
 |     Enable session PIN    |     bool    |     FALSE    |     Turn this setting to True if you want   end-users to get prompted to create a local Session PIN after they’ve   successfully signed in to Managed Home Screen. The Session PIN prompt will   appear before end-user gets access to the home screen, and can be used in   conjunction with other features. The Session PIN lasts for the duration of a   user’s sign-in, and is cleared upon sign-out. By default, this setting is   off. This setting can only be used if **Enable sign in** has been set to   True.      |     ✔️          |
-|     Complexity of session PIN    |     string    |          |     Choose whether the local session PIN should   be "complex" or "simple". If you choose "complex," end-users will get   prompted to create a PIN with alphanumeric characters. If you choose   "simple," end-users will only be required to enter a numeric PIN. This setting   can only be used if **Enable session PIN** and **Enable sign in** have been   set to True.    |     ✔️          |
+|     Complexity of session PIN    |     string    |          |     Choose whether the local session PIN should   be **simple**, **complex**, or **alphanumeric complex**. If you choose **simple**, users will only be required to enter a numeric PIN. If you choose **complex**, users will get prompted to create a PIN with alphanumeric characters and no repeating (444) or ordered sequences (123, 432, 246) are allowed. Evaluation of repeating and sequential patterns begins at three (3) digits/characters. If you choose **alphanumeric complex**, then users will get prompted to create a PIN with alphanumeric characters, and at least one symbol or letter is required. No repeating (444) or ordered sequences (123, 432, 246) are allowed. Evaluation of repeating and sequential patterns begins at three (3) characters. The default value for this setting is one (1), where one (1) means that the user must have at least one character in their Session PIN. This setting can only be used if **Enable session PIN** and **Enable sign in** have been   set to True.    |     ✔️  <p>NOTE: The **alphanumeric complex** option is only available in app config today.        |
+|     Minimum length for session PIN    |     string    |          |     Define the minimum length a user's session PIN must adhere to. This can be used with any of the complexity values for session PIN. This setting can only be used if **Enable session PIN** and **Enable sign in** have been set to True.    |     ❌        |
+|     Maximum number of attempts for session PIN    |     string    |          |     Define the maximum number of times a user can attempt to enter their session PIN before getting automatically logged out from Managed Home Screen. The default value is zero (0), where zero (0) means the user gets infinite tries. This can be used with any of the complexity values for session PIN. This setting can only be used if **Enable session PIN** and **Enable sign in** have been set to True.    |     ❌        |
 |     Customer facing folder    |     Bool    |     FALSE    |     Use this specification with   **Create   Managed Folder for grouping apps** to create a folder that can’t be exited   without a user entering their Session PIN. This setting can only be used if   **Enable session PIN** and **Enable sign in** have been set to True.     |     ❌          |
 |     Require PIN code after returning from   screensaver     |     bool    |     FALSE    |     Turn this setting True if you want to   require end-users to enter their Session PIN to resume activity on Managed   Home Screen after the screensaver has appeared. This setting can only be used   if **Enable sign in** has been set to True.        |     ✔️          |
 |     Enable auto sign-out     |     bool    |     FALSE    |     Turn this setting to True to automatically   sign current user out of Managed Home Screen after a specified period of   inactivity. When used with Azure AD Shared device mode, users   will also get signed out of all apps on the device that participate with   Azure AD Shared device mode. By default, this setting is turned off. This   setting can only be used if **Enable sign in** has been set to True.     |     ✔️          |

memdocs/intune/fundamentals/whats-new.md

@@ -98,7 +98,7 @@ This feature is rolling out over the next week and should soon be available for
 #### Enable app update priority for Managed Google Play apps<!-- 7810180 -->
 You can set the update priority of Managed Google Play apps on dedicated, fully managed, and corporate-owned with a work profile Android Enterprise devices. Select **High Priority** to update an app as soon as the developer has published the update, regardless of charge status, Wi-Fi capability, or end user activity on the device. For related information, see [Add Managed Google Play apps to Android Enterprise devices with Intune](..\apps\apps-add-android-for-work.md).
 
-#### Clear app data between sessions for Android Enterprise dedicated devices enrolled with shared device mode<!-- 8663319 -->
+#### Clear app data between sessions for Android Enterprise dedicated devices enrolled with shared device mode (public preview)<!-- 8663319 -->
 Using Intune, you can choose to clear app data for applications that have not integrated with Shared device mode to ensure user privacy between sign-in sessions. Users will be required to initiate a sign-out from an application that has integrated with AAD's Shared device mode in order for IT-specified apps to have their data cleared. This functionality will be available for Android Enterprise dedicated devices enrolled with shared device mode on Android 9 or later.
 
 #### Export underlying discovered apps list data<!-- 9370255 -->

memdocs/intune/remote-actions/remote-help.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 12/08/2021
+ms.date: 12/09/2021
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: remote-actions
@@ -40,6 +40,9 @@ Remote help uses Intune role-based access controls (RBAC) to set the level of ac
 
 The remote help app is available from Microsoft to install on both devices enrolled with Intune and devices that aren’t enrolled. The app can also be deployed through Intune to your managed devices.
 
+> [!NOTE]
+> On 12/08/2021, the remote help installer was renamed from *remotehelp.exe* to *remotehelpinstaller.exe* to resolve issues with silent deployments. Although app functionality hasn't changed, we recommend using the same [*download link*](#download-remote-help) to download the updated version with the renamed installer. The installation command lines in this article have been updated to reflect the new installer file name.
+
 ## Remote help capabilities and requirements
 
 The Remote help app supports the following capabilities:

memdocs/intune/user-help/TOC.yml

@@ -8,7 +8,7 @@ items:
     href: use-managed-devices-to-get-work-done.md
   - name: What information can my organization see? 
     href: what-info-can-your-company-see-when-you-enroll-your-device-in-intune.md
-  - name: Access Intune Company Portal 
+  - name: Get Intune Company Portal  
     href: sign-in-to-the-company-portal.md
   - name: Device password requirements
     href: password-does-not-meet-it-administrator-requirements.md

memdocs/intune/user-help/sign-in-to-the-company-portal.md

@@ -36,11 +36,12 @@ Microsoft Intune helps organizations manage access to their internal apps, data,
 The app is available for desktop (Windows and macOS) and mobile (Android and iOS) devices. You must have a work or school account through your organization to sign in to the app.    
 
 ## Install app  
-Company Portal is available for Android, iOS, macOS, and Windows. 
+Intune Company Portal is available for Android, iOS, macOS, and Windows. 
 
 ### Android  
 Install Company Portal for Android from these stores:  
 
+* [Portal AppStore](https://portal.facebook.com/help/467356237073256/)(Opens Portal help documentation)  
 * [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.windowsintune.companyportal)  
 * [Amazon Appstore for Android](https://www.amazon.com/Microsoft-Corporation-Intune-Company-Portal/dp/B092BCFLBJ/)  
 
@@ -52,7 +53,7 @@ Google Play Store is not available in People's Republic of China. You can instal
 Install Company Portal for iOS from the [Apple App Store](https://apps.apple.com/app/intune-company-portal/id719171358).  
 
 ### macOS
-Install Company Portal for macOS from [Enroll my Mac](https://go.microsoft.com/fwlink/?linkid=853070.) Selecting this link will immediately download the Company Portal installer package on your device.  
+Install Company Portal for macOS from [Enroll my Mac](https://go.microsoft.com/fwlink/?linkid=853070.). Selecting this link will immediately download the Company Portal installer package on your device.  
 
 ### Windows  
 Install Company Portal for Windows from the [Microsoft Store](https://www.microsoft.com/p/company-portal/9wzdncrfj3pz?rtc=2&activetab=pivot:overviewtab).  

windows-365/TOC.yml

@@ -5,4 +5,6 @@ items:
   href: overview.md
 - name: Compare Windows 365 Business and Enterprise 
   href: business-enterprise-comparison.md
+- name: Export Cloud PC names 
+  href: export-cloud-pc-names.md
 

windows-365/business/get-started-windows-365-business.md

@@ -43,7 +43,7 @@ This article is for people who plan to buy and set up Windows 365 Business for t
 
 There are no licensing prerequisites to set up Windows 365 Business.
 
-For the best onboarding experience, please refer to the [setup troubleshooting guide](troubleshoot-windows-365-business.md) to make sure your environment preferences are optimized for Windows 365 Business. For example, the guide can help you if you are using multi-factor authentication, Conditional Access policies, or Intune in your environment.
+For the best onboarding experience, please refer to the [setup troubleshooting guide](troubleshoot-windows-365-business.md) to make sure your environment preferences are optimized for Windows 365 Business. For example, the guide can help you if you are using multifactor authentication, Conditional Access policies, or Intune in your environment.
 
 ## Buy subscriptions
 
@@ -122,7 +122,7 @@ While on the Windows 365 home page, users can perform actions on their Cloud PCs
 - **Restart**: Restarts the Cloud PC.
 
 - **Reset**:  Reset does the following:
-  - Reinstalls Windows 10.
+  - Reinstalls Windows (with the option to choose between Windows 11 and Windows 10).
   - Removes your personal files.
   - Removes any changes you made to settings.
   - Removes your apps.

windows-365/business/in-development.md

@@ -8,7 +8,7 @@ keywords:
 author: ErikjeMS 
 ms.author: erikje
 manager: dougeby
-ms.date: 11/05/2021
+ms.date: 12/09/2021
 ms.topic: reference
 ms.service: cloudpc
 ms.subservice: 
@@ -53,19 +53,9 @@ To help in your readiness and planning, this page lists Windows 365 Business upd
 -->
 
 <!-- ***********************************************-->
-## Device management
-
-### Windows 11 support for newly created Cloud PCs<!--35091970 -->
-
-In a future update, Windows 365 Business Cloud PCs will be created with Windows 11 installed by default. Admins will be able to choose between Windows 10 and 11 for their organization's Cloud PCs. On windows365.microsoft.com, users will be able to easily see the difference between their Windows 10 and 11 Cloud PCs.
-
-#### Manage Cloud PCs in the Microsoft 365 admin center and windows365.microsoft.com<!--36859306-->
-
-You’ll be able to control organization-wide Cloud PC settings and device-level actions in the Microsoft 365 admin center and on windows365.microsoft.com.
+## Upcoming features
 
-- **Organizational defaults**: You’ll be able to choose defaults for operating system (Windows 10 or 11) and account type (Standard or Local Administrator).
-- **Device level actions**: You’ll be able to use the following actions on any Cloud PC in your organization: Change account type, Restart, Reset, Rename, and Troubleshoot.
-- **Other management actions**: You’ll be able to create and delete users, reset passwords, and manage licenses for Windows 365 Cloud PCs and Microsoft 365 products.
+Check back here for announcements of upcoming features.
 
 ## Next steps