Merge branch 'main' into release-intune-2203

Author: Angela Fleischmann

memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md

@@ -86,7 +86,7 @@ An Android Enterprise personally-owned work profile includes the following featu
 
 - **Traditional MDM functionality**: Key MDM capabilities, such as app lifecycle management using managed Google Play, is available in any Android Enterprise scenario. Managed Google Play provides a robust experience to install and update apps without any user intervention. IT can also push app configuration settings to organizational apps. It also doesn't require end users to allow installations from unknown sources. Other common MDM activities, such as deploying certificates, configuring WiFi/VPNs, and setting device passcodes are available with Android Enterprise personally-owned work profiles.
 
-- **DLP on the Android Enterprise personally-owned work profile boundary**: With a Android Enterprise personally-owned work profile, DLP policies are enforced at the work profile level, not the app level. For example, copy/paste protection is enforced by the APP settings applied to an app, or enforced by the work profile. When the app is deployed into a work profile, administrators can pause copy/paste protection to the work profile by turning off this policy at the APP level.
+- **DLP on the Android Enterprise personally-owned work profile boundary**: With an Android Enterprise personally-owned work profile, DLP policies are enforced at the work profile level, not the app level. For example, copy/paste protection is enforced by the APP settings applied to an app, or enforced by the work profile. When the app is deployed into a work profile, administrators can pause copy/paste protection to the work profile by turning off this policy at the APP level.
 
 ## Tips to optimize the work profile experience
 

memdocs/intune/apps/app-management.md

@@ -90,7 +90,7 @@ You can find most app-related information in the **Apps** workload, which you ca
 
 The apps workload provides links to access common app information and functionality. 
 
-The top of the App workload navigation menu provide commonly used app details:
+The top of the App workload navigation menu provides commonly used app details:
 - **Overview**: Select this option to view the tenant name, the MDM authority, the tenant location, the account status, app installation status, and app protection policy status.
 - **All apps**: Select this option to display a list of all available apps. You can add additional apps from this page. Additionally, you can see the status of each app, as well as whether each app is assigned. For more information, see [Add apps](apps-add.md) and [Assign apps](apps-deploy.md).
 - **Monitor apps**

memdocs/intune/apps/app-protection-policy.md

@@ -366,7 +366,7 @@ When dealing with different types of settings, an Intune SDK version requirement
  > Note that users targeted with APP policies on non-dedicated devices will not be impacted.
 
 ### Microsoft Teams Android devices
-The Teams app on [Microsoft Teams Android devices](https://www.microsoft.com/microsoft-teams/across-devices/devices?rtc=2) does not support APP (does not receive policy though the Company Portal app). This means that app protection policy settings will not be applied to Teams on Microsoft Teams Android devices.
+The Teams app on [Microsoft Teams Android devices](https://www.microsoft.com/microsoft-teams/across-devices/devices?rtc=2) does not support APP (does not receive policy through the Company Portal app). This means that app protection policy settings will not be applied to Teams on Microsoft Teams Android devices.
 
 ### Device biometric authentication
 For Android devices that support biometric authentication, you can allow end users to use fingerprint or Face Unlock, depending on what their Android device supports. You can configure whether all biometric types beyond fingerprint can be used to authenticate. Note that fingerprint and Face Unlock are only available for devices manufactured to support these biometric types and are running the correct version of Android. Android 6 and higher is required for fingerprint, and Android 10 and higher is required for Face Unlock.

memdocs/intune/apps/apps-supported-intune-apps.md

@@ -201,7 +201,7 @@ If the user does not have the Company Portal app installed, the user will be tak
 
 ## Company Portal and Apple Setup Assistant for iOS/iPadOS
 
-For iOS/iPadOS devices running 13.0 and later, when creating an Automated Device Enrollment profile, you can now choose a new authentication method: **Setup Assistant with modern authentication**.  This method provides all the security from authenticating with the Company Portal but avoids the issue of leaving end users stuck on a device that they can't use while the Company Portal installs on the device. The user has to authenticate using Azure AD credentials during the setup assistant screens. This will require an additional Azure AD login post-enrollment in the Company Portal app to gain access to corporate resources protected by Conditional Access and for Intune to assess device compliance. The correct Company Portal version will automatically be sent down as a required app to the device for iOS/iPadOS, which we recommend choosing a VPP token for from the enrollment profile.
+For iOS/iPadOS devices running 13.0 and later, when creating an Automated Device Enrollment profile, you can now choose a new authentication method: **Setup Assistant with modern authentication**. This method provides all the security from authenticating with the Company Portal but avoids the issue of leaving end users stuck on a device that they can't use while the Company Portal installs on the device. The user has to authenticate using Azure AD credentials during the setup assistant screens. This will require an additional Azure AD login post-enrollment in the Company Portal app to gain access to corporate resources protected by Conditional Access and for Intune to assess device compliance. The correct Company Portal version will automatically be sent down as a required app to the device for iOS/iPadOS, which we recommend choosing a VPP token for from the enrollment profile.
 
 Enrollment is completed once the user lands on the home screen, and users can freely use the device for resources not protected by Conditional Access. User affinity is established when users complete the additional Azure AD login into the Company Portal app on the device. If the tenant has multi-factor authentication turned on for these devices or users, the users will be asked to complete multi-factor authentication during enrollment during Setup Assistant. Multi-factor authentication is not required, but it is available for this authentication method within Conditional Access if needed. 
 

memdocs/intune/apps/company-portal-app.md

@@ -184,6 +184,7 @@ Compared to standard apps, OEMConfig apps expand the managed configurations priv
 | Datalogic | com.datalogic.settings.oemconfig | |
 | Ecom - Ex-Handy 10 | com.ecom.econfig | |
 | Ecom - Smart-Ex 02 | com.ecom.econfig.smart | |
+| Getac | com.getac.app.getacoemconfig | |
 | Honeywell | com.honeywell.oemconfig | |
 | Honeywell - Scanpal EDA | com.honeywell.oemconfig.scanpal | |
 | HMDGlobal - 7.2 | com.hmdglobal.app.oemconfig.n7_2 | 

memdocs/intune/configuration/android-oem-configuration-overview.md

@@ -51,7 +51,7 @@ This article shows you how export your GPOs, import the GPOs into Endpoint Manag
 
 ## Prerequisites
 
-- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), sign in as the Intune administrator with a role that has the **Security Baselines** permission.
+- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), sign in as the Intune administrator or with a role that has the **Security Baselines** permission.
 
   For example, the **Endpoint Security Manager** role has the **Security Baselines** permission. For more information on the built-in roles, see [role-based access control](../fundamentals/role-based-access-control.md).
 

memdocs/intune/configuration/group-policy-analytics.md

@@ -301,7 +301,7 @@ The tool expects the following parameters.
 | `--input`          | Yes      | A semi-colon delimited list of jar files and directories of class files to modify. This should include all jars/directories that you intend to rewrite.                          |
 | `--output`         | Yes      | A semi-colon delimited list of jar files and directories to store the modified classes to. There should be one output entry per input entry, and they should be listed in order. |
 | `--classpath`      | Yes      | The build classpath. This may contain both jars and class directories.                                                                                                           |
-| `--processed`      | No       | A semi-colon delimited list of jar files and directories containing classes which have already been been processed by a previous invocation of the build tool.                   |
+| `--processed`      | No       | A semi-colon delimited list of jar files and directories containing classes which have already been processed by a previous invocation of the build tool.                   |
 | `--excludeClasses` | No       | A semi-colon delimited list containing the names of the classes that should be excluded from rewriting.                                                                          |
 | `--report`         | No       | Directory to write an HTML report about modified classes to. If not specified, no report is written.                                                                             |
 
@@ -734,7 +734,7 @@ When checking the open policy, the `username` should be the UPN/username/email a
 file or cloud service being opened from. `OpenLocation.LOCAL` is not a cloud service location, but may be tagged with 
 an identity to indicate ownership. When opening a file from local storage, the file owner must always be considered, 
 because the file owner's save-as policy may or may not permit other users to open the file. For identity-tagged files, 
-`username` should be the the file owner's identity. For files without an identity tag, 
+`username` should be the file owner's identity. For files without an identity tag, 
 `username` should be null. 
 
 >[!NOTE]
@@ -1055,7 +1055,7 @@ void registerAuthenticationCallback(MAMServiceAuthenticationCallback callback);
 void updateToken(String upn, String aadId, String resourceId, String token);
 ```
 
-1. The app must implement the [MAMServiceAuthenticationCallback] interface to allow the SDK to request an AAD token for the given user and resource ID. The callback instance must be provided to the `MAMEnrollmentManager` by calling its registerAuthenticationCallback method. A token may be needed early in the app lifecycle for enrollment retries or app protection policy refresh check-ins, so the the callback must be registered in the `onCreate()` (or `onMAMCreate()`) method of the app's Application subclass.
+1. The app must implement the [MAMServiceAuthenticationCallback] interface to allow the SDK to request an AAD token for the given user and resource ID. The callback instance must be provided to the `MAMEnrollmentManager` by calling its registerAuthenticationCallback method. A token may be needed early in the app lifecycle for enrollment retries or app protection policy refresh check-ins, so the callback must be registered in the `onCreate()` (or `onMAMCreate()`) method of the app's Application subclass.
 
 2. The **acquireToken** method should acquire the access token for the requested resource ID for the given user. If it can't acquire the requested token, it should return null.
 
@@ -1655,7 +1655,7 @@ a set of **IdentitySwitchOption** values.
      
 * `DATA_FROM_INTENT`: Use if requesting an identity switch when data
    from the intent will be displayed in the activity. The opposite of
-   `IGNORE_INTENT`. This will cause receive policy for the new
+   `IGNORE_INTENT`. This will cause the receive policy for the new
    identity to treat the intent as incoming data.
    
    For example: Your app receives an intent containing metadata that
@@ -1789,7 +1789,7 @@ In addition to the app's ability to set the identity, a thread, or a context's i
           final AppIdentitySwitchResultCallback callback);
   ```
 
-  * The **AppIdentitySwitchReason** captures the source of the implicit switch, and can accept the values `CREATE`, `RESUME_CANCELLED`, and `NEW_INTENT`.  The `RESUME_CANCELLED` reason is used when activity resume causes PIN, authentication, or other compliance UI to be displayed and the user attempts to cancel out of that UI, generally though use of the back button.
+  * The **AppIdentitySwitchReason** captures the source of the implicit switch, and can accept the values `CREATE`, `RESUME_CANCELLED`, and `NEW_INTENT`.  The `RESUME_CANCELLED` reason is used when activity resume causes PIN, authentication, or other compliance UI to be displayed and the user attempts to cancel out of that UI, generally through use of the back button.
 
 
     * The **AppIdentitySwitchResultCallback** is as follows:
@@ -1962,7 +1962,7 @@ Apps that make use of [MAMDataProtectionManager] should implement a receiver for
 enabled when the buffers were protected. An app can remediate this situation by calling
 `MAMDataProtectionManager.unprotect` on all buffers during this notification. It
 is also safe to call protect during this notification if it is desired to preserve identity
-information -- encryption is guaranteed to be disabled during the notification.
+information (encryption is guaranteed to be disabled during the notification).
 
 
 ### Content Providers

memdocs/intune/developer/app-sdk-android.md

@@ -2219,7 +2219,7 @@ You can require that a Win32 app must restart after a successful install. Also,
 You'll see a new user experience when creating app configuration policies in Intune. This experience provides the same settings and details that you have used previously, however the new experience follows a wizard-like process before adding a policy to Intune. From the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** > **App configuration policies** > **Add**. For more information, see [App configuration policies for Microsoft Intune](../apps/app-configuration-policies-overview.md). 
 
 #### Intune support for additional Microsoft Edge for Windows 10 deployment channel<!-- 5861774 -->
-Microsoft Intune now support the additional **Stable** deployment channel for the Microsoft Edge (version 77 and later) for Windows 10 app. The **Stable** channel is the recommended channel for deploying Microsoft Edge for Windows 10 broadly in Enterprise environments. This channel updates every six weeks, each release incorporating improvements from the **Beta** channel. In addition to the **Stable** and **Beta** channels, Intune supports a **Dev** channel. For more information, see [Microsoft Edge for Windows 10 - Configure app settings](../apps/apps-windows-edge.md#configure-app-settings).
+Microsoft Intune now supports the additional **Stable** deployment channel for the Microsoft Edge (version 77 and later) for Windows 10 app. The **Stable** channel is the recommended channel for deploying Microsoft Edge for Windows 10 broadly in Enterprise environments. This channel updates every six weeks, each release incorporating improvements from the **Beta** channel. In addition to the **Stable** and **Beta** channels, Intune supports a **Dev** channel. For more information, see [Microsoft Edge for Windows 10 - Configure app settings](../apps/apps-windows-edge.md#configure-app-settings).
 
 #### S/MIME support for Microsoft Outlook for iOS<!-- 2669398 -->
 Intune supports delivering S/MIME signing and encryption certificates that can be used with Outlook for iOS on iOS devices. For more information, see [Sensitivity labeling and protection in Outlook for iOS and Android](/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/sensitive-labeling-and-protection-outlook-for-ios-android).
@@ -5812,7 +5812,7 @@ The following are the settings administrators can configure:
 - **Resource account**
   - **Active Directory user**
 
-    Domainname\username or User Principle Name (UPN): [email protected]
+    Domainname\username or User Principal Name (UPN): [email protected]
 
   - **Password**
 

memdocs/intune/fundamentals/whats-new-archive.md

@@ -115,7 +115,7 @@ Data is reported through the Windows [DeviceStatus CSP](/windows/client-manageme
 
 - Device name
 - Firewall status
-- User principle name
+- User principal name
 - Target (The method of device management)
 - Last check in time