PM feedback, changes, and JSON edits

Brenduns · Brenduns · commit 3482c0646482 · 2022-09-26T10:52:34.000-07:00
diff --git a/memdocs/intune/protect/compliance-custom-json.md b/memdocs/intune/protect/compliance-custom-json.md
@@ -27,17 +27,17 @@ ms.custom: intune-azure
 ms.collection: M365-identity-device-management
 ---
 
-# Custom compliance JSON files
+# Custom compliance JSON files for Microsoft Intune
 
-To support [custom settings for compliance](../protect/compliance-use-custom-settings.md), you create a JSON file that identifies the settings and value pairs that you want to use for custom compliance. The JSON defines what a PowerShell discovery script will evaluate for compliance on the device.
+To support [custom settings for compliance](../protect/compliance-use-custom-settings.md) for Microsoft Intune, you create a JSON file that identifies the settings and value pairs that you want to use for custom compliance. The JSON defines what a discovery script will evaluate for compliance on the device.
 
-You’ll upload the JSON file when you create a compliance policy that includes custom compliance settings. 
+You’ll upload the JSON file when you create a compliance policy that includes custom compliance settings.
 
 A correctly formatted JSON file must include the following information:
 
 - **SettingName** - The name of the custom setting to use for base compliance.
-- **Operator** - Represents a specific action that is used to build a compliance rule. For options, see the following list of supported operators.
-- **DataType** - The type of data that you can use to build your compliance rule. For options, see the following list of supported DataTypes.
+- **Operator** - Represents a specific action that is used to build a compliance rule. For options, see the following list of *supported operators*.
+- **DataType** - The type of data that you can use to build your compliance rule. For options, see the following list of *supported DataTypes*.
 - **Operand** - Represent the values that the operator works on.
 - **MoreInfoURL** - A URL that’s shown to device users so they can learn more about the compliance requirement when their device is noncompliant for a setting. You can also use this to link to instructions to help users bring their device into compliance for this setting.
 - **RemediationStrings** - Information that gets displayed in the Company Portal when a device is noncompliant to a setting. This information is intended to help users understand the remediation options to bring a device to a compliant state.
@@ -84,7 +84,7 @@ A correctly formatted JSON file must include the following information:
 
 For more information, see [Available languages for Windows](/windows-hardware/manufacture/desktop/available-language-packs-for-windows).
 
-## Example JSON file
+## Example JSON file for Windows devices
 
 ```json
 {
diff --git a/memdocs/intune/protect/compliance-policy-monitor.md b/memdocs/intune/protect/compliance-policy-monitor.md
@@ -39,10 +39,10 @@ Compliance reports help you understand when devices fail to meet your [complianc
 This article applies to:
 
 - Android device administrator
-- Android (AOSP) (preview)
+- Android (AOSP) (*preview*)
 - Android Enterprise
 - iOS/iPadOS
-- Linux (Ubuntu Desktop, version 20.04 LTS)
+- Linux - Ubuntu Desktop, version 20.04 LTS and 22.04 LTS
 - macOS
 - Windows 10 and later
 
diff --git a/memdocs/intune/protect/compliance-use-custom-settings.md b/memdocs/intune/protect/compliance-use-custom-settings.md
@@ -33,14 +33,14 @@ To expand on Intune’s built-in device compliance options, you can add custom c
 
 This feature applies to:
 
-- Linux – Ubuntu Desktop, version 20.04 LTS
+- Linux – Ubuntu Desktop, version 20.04 LTS and 22.04 LTS
 - Windows 10/11
 
-Before you can add custom settings to a policy, you’ll need to prepare a JSON file and a detection script for use with each supported platform. Both the script and JSON become part of the compliance policy. Each compliance policy supports a single script, and each script can detect multiple settings:
+Before you can add custom settings to a policy, you’ll need to prepare a JSON file, and a detection script for use with each supported platform. Both the script and JSON become part of the compliance policy. Each compliance policy supports a single script, and each script can detect multiple settings:
 
 - The JSON file defines the custom settings and the values that are considered as compliant. You can also configure messages for users to tell them how to restore compliance for each setting. You add your JSON file while creating a compliance policy, just after you select a discovery script for that policy. 
 
-- Scripts are specific to different platforms and delivered to devices through the compliance policy. When policy is evaluated, the script detects the settings from the JSON file and then reports the results to Intune. Windows uses a PowerShell script and Linux uses a Bash script. 
+- Scripts are specific to different platforms and delivered to devices through the compliance policy. When policy is evaluated, the script detects the settings from the JSON file, and then reports the results to Intune. Windows uses a PowerShell script and Linux uses a Bash script. 
 
   The scripts must be uploaded to the Microsoft Endpoint Manager admin center before you create a compliance policy. You select the script when you’re configuring a policy to support custom settings.  
 
@@ -140,9 +140,9 @@ Policies support the use of a single script. However, each script supports check
 
 ## Additional troubleshooting for Linux devices
 
-To identify settings that are not compliant for a device:
+To identify settings that aren't compliant for a device:
 
-- [In the Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you can identify devices that are not compliant with policy. **Navigate** to **Reports** > **Device compliance**, select the *Reports* tab, and then select the tile for **Noncompliant devices and settings**. Use the drop-downs to configure the report you want, and then select **Generate** report.
+- [In the Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you can identify devices that aren't compliant with policy. **Navigate** to **Reports** > **Device compliance**, select the *Reports* tab, and then select the tile for **Noncompliant devices and settings**. Use the drop-downs to configure the report you want, and then select **Generate** report.
 
 The admin center displays a separate line for each setting that isn’t compliant on a device.  
 
@@ -165,15 +165,6 @@ To be compliant with *Password Policy* settings, configure the Linux system to u
 - Passwords that include a minimum number of letters, digits, or special characters
 - Passwords of a minimum length
 
-Intune uses the **pam_pwquality** module to ensure password rules meet your organization’s standards. For more information on how to configure the parameters in **pam_pwquality**, refer to the Ubuntu documentation. As an example, following is a sample configuration line from the */etc/pam.d/common-password* file that enforces passwords that have at least one digit, one uppercase letter, and are at least twelve characters long: `password required pam_pwquality.so dcredit=-1 ucredit=-1 ocredit=-1 minlen=12`
-
-We recommend you update the pwquality file before you run the pam-auth-update tool:
-
-1. First *edit /usr/share/pam-configs/pwquality* to have the right password policy settings.
-2. Save the file.
-3. Run `sudo pam-auth-update --enable pwquality`
-4. Verify that the common password file at /etc/pam.d/common-password has updated to match the update made in the pwquality file.
-
 #### Device encryption
 
 Users of devices that don’t meet compliance settings for disk and partition encryption might receive a message that they must encrypt the device drives.
@@ -185,7 +176,7 @@ There are several options for disk and partition encryption on Linux operating s
 The following is general guidance when encrypting disk and partitions:
 
 - Encrypting Linux system volumes after installation is possible, but potentially time consuming. We recommend setting up disk encryption while installing the operating system.
-- Not all filesystem partitions need to be encrypted for a device to meet organizational standards. The following are not evaluated by the built-in device encryption settings:
+- Not all filesystem partitions need to be encrypted for a device to meet organizational standards. The following aren't evaluated by the built-in device encryption settings:
   - Read-only partitions
   - Pseudo-filesystems, like `/proc` or `tmpfs`
   - The `/boot` or `/boot/efi` partitions
@@ -194,8 +185,8 @@ The following is general guidance when encrypting disk and partitions:
 
 After making changes to a device to bring it into compliance, refresh the device status with Intune:  
 
-- If the Microsoft Intune app is still running, select **Refresh** on either the device details page or the compliance issues page to start a new check-in with Intune.
-- If the Microsoft Intune app is not running, sign into the app, which will start a new check-in.
+- If the Microsoft Intune app is still running, select **Refresh** on the device details page, or on the compliance issues page to start a new check-in with Intune.
+- If the Microsoft Intune app isn't running, sign into the app, which will start a new check-in.
 - After installation, the Microsoft Intune app periodically checks-in with Intune on its own, so long as the device is on, and a user is signed in to it.
 
 ## Next steps
diff --git a/memdocs/intune/protect/create-compliance-policy.md b/memdocs/intune/protect/create-compliance-policy.md
@@ -55,17 +55,17 @@ To use device compliance policies, be sure you:
   - Android AOSP
   - Android Enterprise
   - iOS
-  - Linux - Ubuntu Desktop, version 20.04 LTS  
+  - Linux - Ubuntu Desktop, version 20.04 LTS and 22.04 LTS
   - macOS
   - Windows 10/11
 
 - Enroll devices in Intune (required to see the compliance status)
 
 - Enroll devices to one user, or enroll without a primary user. Single devices cannot be enrolled to multiple users.
 
-In addition to compliance settings that are built-in to Intune, the following platforms support adding custom compliance settings to compliance policies:
+In addition to compliance settings that are built in to Intune, the following platforms support adding custom compliance settings to compliance policies:
 
-- Ubuntu Desktop, version 20.04 LTS  
+- Ubuntu Desktop, version 20.04 LTS and 22.04 LTS
 - Windows 10/11
 
 Before you can add custom settings, you must prepare a custom JSON file that defines the settings you want to base your custom compliance on, and a script that runs on devices to detect the settings defined in the JSON.
@@ -83,7 +83,7 @@ For more information about using custom compliance settings, including supported
    - *Android (AOSP)*
    - *Android Enterprise*
    - *iOS/iPadOS*
-   - Linux (Ubuntu Desktop, version 20.04 LTS)
+   - Linux - Ubuntu Desktop, version 20.04 LTS and 22.04 LTS)
    - *macOS*
    - *Windows 8.1 and later*
    - *Windows 10 and later*
@@ -116,14 +116,14 @@ For more information about using custom compliance settings, including supported
    - Device Encryption
    - Password Policy
 
-   Dedicated content for the settings in the settings catalog is not available.
+   Dedicated content for the settings in the settings catalog isn't available.
 
 6. Add custom settings to policies for supported platforms.
 
    > [!TIP]  
    > This is an optional step that’s supported only for the following platforms:  
    >
-   > - Linux - Ubuntu Desktop, version 20.04 LTS
+   > - Linux - Ubuntu Desktop, version 20.04 LTS and 22.04 LTS
    > - Windows 10/11
    > Before you can add custom settings to a policy, you must have uploaded a detection script to Intune, and have ready a JSON file that defines the settings you want to use for compliance. See [Custom compliance settings](../protect/compliance-use-custom-settings.md) for more information.
 
@@ -159,7 +159,7 @@ For more information about using custom compliance settings, including supported
 
    Select **+ Select groups to include** and then assign the policy to one or more groups. The policy will apply to these groups when you save the policy after the next step.
 
-   Policies for Linux do not support user-based assignments and can only be assigned to device groups.
+   Policies for Linux don't support user-based assignments and can only be assigned to device groups.
 
 10. On the **Review + create** tab, review the settings and select **Create** when ready to save the compliance policy.  
 
diff --git a/memdocs/intune/protect/device-compliance-get-started.md b/memdocs/intune/protect/device-compliance-get-started.md
@@ -128,19 +128,16 @@ The following subjects link to dedicated articles for different aspects of devic
   - [iOS](compliance-policy-create-ios.md)
   - [macOS](compliance-policy-create-mac-os.md)
   - [Windows Holographic for Business](compliance-policy-create-windows.md#windows-holographic-for-business)
-<<<<<<< HEAD
-=======
   - [Windows 8.1 and later](compliance-policy-create-windows-8-1.md)
     [!INCLUDE [windows-phone-81-windows-10-mobile-support](../includes/windows-phone-81-windows-10-mobile-support.md)]
->>>>>>> d7c6a99745ea32a9d4ab606446c93a1c32ea0490
   - [Windows 10/11](compliance-policy-create-windows.md)
 
-  Intune also supports compliance policy for Linux (Ubuntu Desktop, version 20.04 LTS), which uses the Settings catalog format instead of templates. Dedicated content for the settings in the settings catalog is not available, but information is available from within the Settings catalog.
+  Intune also supports compliance policy for Linux (Ubuntu Desktop, version 20.04 LTS and 22.04 LTS), which use the Settings catalog format instead of templates. Dedicated content for the settings in the settings catalog isn't available, but information is available from within the Settings catalog.
 
 - [**Custom compliance settings**](compliance-use-custom-settings.md) – With custom compliance settings you can expand on Intune’s built-in device compliance options.  Custom settings provide flexibility to base compliance on the settings that are available on a device without having to wait for Intune to add those settings.
 
   You can use custom compliance settings with the following platforms:
-  - Linux – Ubuntu Desktop, version 20.04 LTS
+  - Linux – Ubuntu Desktop, version 20.04 LTS and 22.04 LTS
   - Windows 10/11
 
 ## Monitor compliance status
@@ -176,14 +173,14 @@ The following table describes how noncompliant settings are managed when a compl
 
 |**Policy setting**| **Platform** |
 | --- | ----|
-| **PIN or password configuration** | - **Android 4.0 and later**: Quarantined<br>- **Samsung Knox Standard 4.0 and later**: Quarantined<br>- **Android Enterprise**: Quarantined  <br>  <br>- **iOS 8.0 and later**: Remediated<br>- **macOS 10.11 and later**: Remediated  <br>  <br>- **Windows 10/11**: Remediated|
-| **Device encryption** | - **Android 4.0 and later**: Quarantined<br>- **Samsung Knox Standard 4.0 and later**: Quarantined<br>- **Android Enterprise**: Quarantined<br><br>- **iOS 8.0 and later**: Remediated (by setting PIN)<br>- **macOS 10.11 and later**: Quarantined<br><br>- **Windows 10/11**: Quarantined|
-| **Jailbroken or rooted device** | - **Android 4.0 and later**: Quarantined (not a setting)<br>- **Samsung Knox Standard 4.0 and later**: Quarantined (not a setting)<br>- **Android Enterprise**: Quarantined (not a setting)<br><br>- **iOS 8.0 and later**: Quarantined (not a setting)<br>- **macOS 10.11 and later**: Not applicable<br><br>- **Windows 10/11**: Not applicable |
-| **Email profile** | - **Android 4.0 and later**: Not applicable<br>- **Samsung Knox Standard 4.0 and later**: Not applicable<br>- **Android Enterprise**: Not applicable<br><br>- **iOS 8.0 and later**: Quarantined<br>- **macOS 10.11 and later**: Quarantined<br><br>- **Windows 10/11**: Not applicable |
-| **Minimum OS version** | - **Android 4.0 and later**: Quarantined<br>- **Samsung Knox Standard 4.0 and later**: Quarantined<br>- **Android Enterprise**: Quarantined<br><br>- **iOS 8.0 and later**: Quarantined<br>- **macOS 10.11 and later**: Quarantined<br><br>- **Windows 10/11**: Quarantined|
-| **Maximum OS version** | - **Android 4.0 and later**: Quarantined<br>- **Samsung Knox Standard 4.0 and later**: Quarantined<br>- **Android Enterprise**: Quarantined<br><br>- **iOS 8.0 and later**: Quarantined<br>- **macOS 10.11 and later**: Quarantined<br><br>- **Windows 10/11**: Quarantined |
-| **Windows health attestation** | - **Android 4.0 and later**: Not applicable<br>- **Samsung Knox Standard 4.0 and later**: Not applicable<br>- **Android Enterprise**: Not applicable<br><br>- **iOS 8.0 and later**: Not applicable<br>- **macOS 10.11 and later**: Not applicable<br><br>- **Windows 10/11**: Quarantined<br>- **Windows 10/11**: Quarantined |
-
+| **Allowed Distros** | **Linux** *(only)* - Quarantined |
+| **Device encryption** | - **Android 4.0 and later**: Quarantined <br>- **Samsung Knox Standard 4.0 and later**: Quarantined <br>- **Android Enterprise**: Quarantined <br><br>- **iOS 8.0 and later**: Remediated (by setting PIN) <br>- **macOS 10.11 and later**: Quarantined <br><br>- **Linux**: Quarantined <br><br>- **Windows 10/11**: Quarantined|
+| **Email profile** | - **Android 4.0 and later**: Not applicable<br>- **Samsung Knox Standard 4.0 and later**: Not applicable<br>- **Android Enterprise**: Not applicable<br><br>- **iOS 8.0 and later**: Quarantined <br>- **macOS 10.11 and later**: Quarantined <br><br>- **Linux**: Not applicable <br><br>- **Windows 10/11**: Not applicable |
+| **Jailbroken or rooted device** | - **Android 4.0 and later**: Quarantined (not a setting) <br>- **Samsung Knox Standard 4.0 and later**: Quarantined (not a setting)<br>- **Android Enterprise**: Quarantined (not a setting) <br><br>- **iOS 8.0 and later**: Quarantined (not a setting) <br>- **macOS 10.11 and later**: Not applicable <br><br>- **Linux**: Not applicable <br><br>- **Windows 10/11**: Not applicable |
+| **Maximum OS version** | - **Android 4.0 and later**: Quarantined <br>- **Samsung Knox Standard 4.0 and later**: Quarantined <br>- **Android Enterprise**: Quarantined <br><br>- **iOS 8.0 and later**: Quarantined <br>- **macOS 10.11 and later**: Quarantined <br><br>- **Linux**: See *Allowed Distros* <br><br>- **Windows 10/11**: Quarantined |
+| **Minimum OS version** | - **Android 4.0 and later**: Quarantined <br>- **Samsung Knox Standard 4.0 and later**: Quarantined <br>- **Android Enterprise**: Quarantined <br><br>- **iOS 8.0 and later**: Quarantined <br>- **macOS 10.11 and later**: Quarantined  <br><br>- **Linux**: See *Allowed Distros* <br><br>- **Windows 10/11**: Quarantined|
+| **PIN or password configuration** | - **Android 4.0 and later**: Quarantined <br>- **Samsung Knox Standard 4.0 and later**: Quarantined <br>- **Android Enterprise**: Quarantined  <br><br>- **iOS 8.0 and later**: Remediated <br>- **macOS 10.11 and later**: Remediated <br><br>- **Linux**: Quarantined <br> <br>- **Windows 10/11**: Remediated|
+| **Windows health attestation** | - **Android 4.0 and later**: Not applicable <br>- **Samsung Knox Standard 4.0 and later**: Not applicable <br>- **Android Enterprise**: Not applicable <br><br>- **iOS 8.0 and later**: Not applicable <br>- **macOS 10.11 and later**: Not applicable <br><br>- **Linux**: Not applicable <br><br>- **Windows 10/11**: Quarantined |
 
 
 > [!NOTE]
