Merge pull request #7740 from MicrosoftDocs/main

Thomas Raya · web-flow · commit 7edb6226b4a9 · 2022-06-07T08:13:52.000-07:00
Publish 06/06/2022, 10:30 AM
diff --git a/memdocs/intune/configuration/settings-catalog-printer-provisioning.md b/memdocs/intune/configuration/settings-catalog-printer-provisioning.md
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 05/23/2022
+ms.date: 06/06/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -30,7 +30,7 @@ ms.collection: M365-identity-device-management
 # Create a Universal Print policy in Microsoft Intune
 
 > [!NOTE]
-> This feature will release over several days and won't be available to all customers immediately.
+> This feature will release over several days and won't be available to all tenants immediately.
 
 Many organizations are moving their printer infrastructure to the cloud. [Universal Print](/universal-print/fundamentals/universal-print-whatis) is a cloud-based printing solution in Microsoft 365. It uses built-in cloud printers, built-in legacy printers, and runs entirely in Microsoft Azure.
 
@@ -60,9 +60,11 @@ This article shows you how to create a Universal Print policy in Microsoft Intun
   - **Printer Administrator** or **Global Administrator** roles: Needed to add printers.
 
     For more information on these roles, go to [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference).
+
   - **Intune Administrator** or **Global Administrator** roles: Needed to create and assign Intune policies.
 
     For more information on these roles, go to [Role-based access control (RBAC) with Microsoft Intune](../fundamentals/role-based-access-control.md)
+
   - An assigned Universal Print license.
 
 - End user accounts need the following permissions/licenses:
@@ -72,6 +74,8 @@ This article shows you how to create a Universal Print policy in Microsoft Intun
 
   If the profile is assigned to an Azure AD user/user group that can't access the printers because of permissions, then Intune grants the assigned user/user group the permissions.
 
+- These settings use the [UniversalPrint CSP](/windows/client-management/mdm/universalprint-csp).
+
 ## Create the policy
 
 This policy includes your printer information. When you assign the policy, the printers are automatically installed. Then, on their devices, users select a printer that you added.
diff --git a/memdocs/intune/enrollment/windows-bulk-enroll.md b/memdocs/intune/enrollment/windows-bulk-enroll.md
@@ -70,6 +70,9 @@ Azure AD users are standard users on these devices and receive assigned Intune p
 6. Select **Enroll in Azure AD**, enter a **Bulk Token Expiry** date, and then select **Get Bulk Token**. The token validity period is 180 days.
    ![Screenshot of account management in the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-account.png)
 
+> [!NOTE]
+> Once a provisioning package is created, it can be revoked before its expiration by removing the associated package_{GUID} user account from Azure AD.
+
 7. Provide your Azure AD credentials to get a bulk token.
    ![Screenshot of signing in to the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-cred.png)
 
diff --git a/memdocs/intune/fundamentals/in-development.md b/memdocs/intune/fundamentals/in-development.md
@@ -79,7 +79,7 @@ Feedback settings will be provided to address M365 enterprise feedback policies
 You will be able to select to include **Photo Library** as a supported application storage service for *outgoing* data. This support is in addition to *incoming* data transfer support for **Photo Library**. By selecting **Photo Library** in the **Allow users to open data from selected services** setting within Intune, you can allow managed accounts to send *outgoing* data to their device's photo library from their managed apps on iOS and Android platforms. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** > **App protection policies** > **Create Policy**. Choose either **iOS/iPadOS** or **Android**. This setting will be available as part of the **Data protection** step and specifically for **Policy managed apps**. For related information, see [Data protection](../apps/app-protection-framework.md#data-protection-2).
 
 ### Use App Protection Policies with Android Enterprise dedicated devices and Android (AOSP) devices<!-- 13819227 -->
-Intune-managed Android Enterprise dedicated devices enrolled with Azure Active Directory (Azure AD) shared mode and Android (AOSP) devices will be able to receive app protection policies policies and can be targeted separately from other Android device types. For more information about Android Enterprise dedicated devices and Android (AOSP), see [Android Enterprise dedicated devices](../fundamentals/deployment-guide-enrollment-android.md#android-enterprise-dedicated-devices) and [Android Open Source Project](../fundamentals/deployment-guide-enrollment-android.md#android-open-source-project).
+Intune-managed Android Enterprise dedicated devices enrolled with Azure Active Directory (Azure AD) shared mode and Android (AOSP) devices will be able to receive app protection policies and can be targeted separately from other Android device types. For more information about Android Enterprise dedicated devices and Android (AOSP), see [Android Enterprise dedicated devices](../fundamentals/deployment-guide-enrollment-android.md#android-enterprise-dedicated-devices) and [Android Open Source Project](../fundamentals/deployment-guide-enrollment-android.md#android-open-source-project).
 
 <!-- ***********************************************-->
 
@@ -99,7 +99,7 @@ Applies to:
 For more information, see [Using Azure Virtual Desktop multi-session with Microsoft Intune](../fundamentals/azure-virtual-desktop-multi-session.md)
 
 ### Remotely restart and shut down macOS device <!-- 12472418 -->
-You'll be able to remotely restart or shutdown a macOS device using device actions. These device actions are available for devices running macOS 10.13 and later. 
+You'll be able to remotely restart or shut down a macOS device using device actions. These device actions are available for devices running macOS 10.13 and later. 
 For more information, see [Restart devices with Microsoft Intune](../remote-actions/device-restart.md).
 
 ### Additional Remote actions for Android (AOSP) Corporate devices<!-- 8504019 -->
@@ -117,7 +117,7 @@ Applies to:
 ### Improved certificate reporting details<!-- 13316515 -->
 We’re changing what Intune displays when you view certificate details for devices and certificate profiles. [Microsoft Endpoint Manager admin center]( https://go.microsoft.com/fwlink/?linkid=2109431) > **Devices** > **Monitor** > **Certificates**. 
 
-Today, the certificate reports can show certificates that are no longer valid, or that are no longer on a device. With this change, you’ll won't see information for those invalid certificates. Instead, Intune displays only those that are valid, that were revoked within the last 30 days, or that expired within the last 30 days will be shown.
+Today, the certificate reports can show certificates that are no longer valid, or that are no longer on a device. With this change, you won't see information for those invalid certificates. Instead, Intune displays only those that are valid, that were revoked within the last 30 days, or that expired within the last 30 days will be shown.
 
 ### View a managed device's group membership<!-- 4100067 -->
 In the monitor section of the **Devices** workload of Intune, you'll be able to view the group membership of all AAD groups for a managed device. When this is available, you will be able to select **Group Membership** by signing in to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and selecting **Devices** > **Monitor** > *select a device* > **Group Membership**.
diff --git a/memdocs/intune/protect/advanced-threat-protection-configure.md b/memdocs/intune/protect/advanced-threat-protection-configure.md
@@ -7,7 +7,7 @@ keywords: configure, manage, capabilities, attack surface reduction, next-genera
 author: brenduns 
 ms.author: brenduns
 manager: dougeby
-ms.date: 05/23/2022
+ms.date: 06/06/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -40,6 +40,8 @@ Use the information and procedures in this article to configure integration of M
 
 Before starting, your environment must meet the [prerequisites](../protect/advanced-threat-protection.md#prerequisites) to use Microsoft Defender for Endpoint with Intune.
 
+In addition to managing settings for Microsoft Defender for Endpoint on devices you manage with Intune, you can manage Defender for Endpoint security configurations on devices that aren’t enrolled with Intune. This scenario is called *Security Management for Microsoft Defender for Endpoint* and requires configuring the *Allow Microsoft Defender for Endpoint to enforce Endpoint Security Configurations* toggle to *On*. For more information, see [MDE Security Configuration Management](../protect/mde-security-integration.md).
+
 ## Enable Microsoft Defender for Endpoint in Intune
 
 The first step you take is to set up the service-to-service connection between Intune and Microsoft Defender for Endpoint. Set up requires administrative access to both the Microsoft Defender Security Center, and to Intune.
@@ -52,7 +54,7 @@ You only need to enable Microsoft Defender for Endpoint a single time per tenant
 
 2. Select **Endpoint security** > **Microsoft Defender for Endpoint**, and then select **Open the Microsoft Defender for Endpoint admin console**. 
 
-   This opens the **Microsoft 365 Defender** portal at *security.microsoft.com*, which [replaces the use of the previous portal](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) at *securitycenter.windows.com*.
+   This opens the **Microsoft 365 Defender** portal at *security.microsoft.com*, which [replaces the use of the previous portal](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide&preserve-view=true) at *securitycenter.windows.com*.
 
    > [!TIP]
    > If the **Connection status** at the top of the page is already set to **Enabled**, the connection to Intune has already been made, and the admin center displays different UI than in the following screen shot. In this event, you can use the link **Open the Microsoft Defender for Endpoint admin console** to open the Microsoft Defender Security Center and use the guidance in the following step to confirm that the **Microsoft Intune connection** is set to **On**.
diff --git a/memdocs/intune/protect/antivirus-microsoft-defender-settings-windows-tenant-attach.md b/memdocs/intune/protect/antivirus-microsoft-defender-settings-windows-tenant-attach.md
@@ -327,7 +327,7 @@ Learn more
 
 - **Allow users to view full History results**
   > [!NOTE]
-  >  This is a legacy setting that only applies to versions of Windows prior to Windows 10 version 1703. User of this setting with a current operating system has no effect. This setting is scheduled for removal from this policy. For more information, see **-DisablePrivacyMode** in [Set-MpPreference](/powershell/module/defender/set-mppreference?view=windowsserver2022-ps) in the Windows PowerShell documentation.
+  >  This is a legacy setting that only applies to versions of Windows prior to Windows 10 version 1703. User of this setting with a current operating system has no effect. This setting is scheduled for removal from this policy. For more information, see **-DisablePrivacyMode** in [Set-MpPreference](/powershell/module/defender/set-mppreference?view=windowsserver2022-ps&preserve-view=true) in the Windows PowerShell documentation.
 
   - **Not Configured** (*default*)
   - **Yes**
diff --git a/memdocs/intune/protect/atp-manage-vulnerabilities.md b/memdocs/intune/protect/atp-manage-vulnerabilities.md
@@ -94,7 +94,7 @@ Following is an example workflow for an application. This same general workflow
 
 ## Work with security tasks
 
-Before you can work with security tasks, they must be created from within the Defender Security Center. For information on using the Microsoft Defender Security Center to create security tasks, see [Remediate vulnerabilities with threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-remediation?view=o365-worldwide#request-remediation) in the Defender for Endpoint documentation.
+Before you can work with security tasks, they must be created from within the Defender Security Center. For information on using the Microsoft Defender Security Center to create security tasks, see [Remediate vulnerabilities with threat and vulnerability management](/microsoft-365/security/defender-endpoint/tvm-remediation?view=o365-worldwide&preserve-view=true#request-remediation) in the Defender for Endpoint documentation.
 
 To manage security tasks:
 
diff --git a/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md b/memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md
@@ -40,9 +40,9 @@ You can configure Conditional Access policies based on Check Point Harmony Mobil
 
 ## Supported platforms
 
-- **Android 4.1 and later**
+- **Android 8 and later**
 
-- **iOS 8 and later**
+- **iOS 12 and later**
 
 ## Pre-requisites
 
diff --git a/memdocs/intune/protect/compliance-custom-script.md b/memdocs/intune/protect/compliance-custom-script.md
@@ -63,7 +63,7 @@ PS C:\Users\apervaiz\Documents> .\sample.ps1
 4. On **Settings**, configure the following behavior for the script:
 
    - **Run this script using the logged on credentials** – By default, the script runs in the System context on the device. Set this to Yes to have it run in the context of the logged-on user. If the user isn’t logged in, the script defaults back to the System context.
-   - **Enforce script signature check** – For more information, see [about_Signing](/powershell/module/microsoft.powershell.core/about/about_signing?view=powershell-7.1) in the PowerShell documentation.
+   - **Enforce script signature check** – For more information, see [about_Signing](/powershell/module/microsoft.powershell.core/about/about_signing?view=powershell-7.1&preserve-view=true) in the PowerShell documentation.
    - **Run script in 64 bit PowerShell Host** – By default, the script runs using the 32-bit PowerShell host. Set this to *Yes* to force the script to run using the 64-bit host instead.
 
 5. Complete the script creation process. The script is now visible in the *Scripts* pane of the Microsoft Endpoint Manager admin center and will be available to select when configuring compliance policies.
diff --git a/memdocs/intune/protect/lookout-mobile-threat-defense-connector.md b/memdocs/intune/protect/lookout-mobile-threat-defense-connector.md
@@ -56,8 +56,8 @@ Lookout's mobile app, **Lookout for work**, is installed and run on mobile devic
 
 The following platforms are supported for Lookout when enrolled in Intune:
 
-- **Android 4.1 and later**  
-- **iOS 8 and later**  
+- **Android 5.0 and later**  
+- **iOS 12 and later**  
 
 For additional information about platform and language support, visit the [Lookout website](https://personal.support.lookout.com/hc/articles/114094140253).  
 
diff --git a/memdocs/intune/protect/mcafee-mobile-threat-defense-connector.md b/memdocs/intune/protect/mcafee-mobile-threat-defense-connector.md
@@ -37,9 +37,9 @@ You can configure Conditional Access policies based on MVISION Mobile risk asses
 
 ## Supported platforms
 
-- **Android 8.0 and later**
+- **Android 5.1 and later**
 
-- **iOS 9 and later**
+- **iOS 10 and later**
 
 ## Prerequisites
 
diff --git a/memdocs/intune/protect/pradeo-mobile-threat-defense-connector.md b/memdocs/intune/protect/pradeo-mobile-threat-defense-connector.md
@@ -40,9 +40,9 @@ You can configure Conditional Access policies based on Pradeo risk assessment en
 
 ## Supported platforms
 
-- **Android 4.0.3 and later**
+- **Android 5.1 and later**
 
-- **iOS 7 and later**
+- **iOS 12.1 and later**
 
 ## Prerequisites
 
diff --git a/memdocs/intune/protect/privacy-data-store-process.md b/memdocs/intune/protect/privacy-data-store-process.md
@@ -39,7 +39,7 @@ After Intune [collects the data](privacy-data-collect.md), Intune follows the Da
 
 Microsoft offers and operates Intune services in many regions worldwide. Intune respects the storage location elections made by the administrator for Customer Data.
 
-For more information, see [Data Center Locations](/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide#data-center-locations)
+For more information, see [Data Center Locations](/microsoft-365/enterprise/o365-data-locations?view=o365-worldwide#data-center-locations&preserve-view=true)
 
 ### Data residency option
 
@@ -63,7 +63,7 @@ Microsoft 365 Data Handling Standard policy specifies how long customer data is
 -**Active Deletion**: The tenant has an active subscription and a user or administrator deletes data, or administrators delete a user.
 -**Passive Deletion**: The tenant subscription ends.
 
-For each of the deletion scenarios, see [Data Retention, Deletion, and Destruction in Microsoft 365](/microsoft-365/enterprise/microsoft-365-data-retention-deletion-and-destruction-overview?view=o365-worldwide).  
+For each of the deletion scenarios, see [Data Retention, Deletion, and Destruction in Microsoft 365](/microsoft-365/enterprise/microsoft-365-data-retention-deletion-and-destruction-overview?view=o365-worldwide&preserve-view=true).  
 
 In general, personal data collected by Intune is removed within 30 days after deletion. Audit logs are retained for up to one year for security purposes. 
 
diff --git a/memdocs/intune/protect/skycure-mobile-threat-defense-connector.md b/memdocs/intune/protect/skycure-mobile-threat-defense-connector.md
@@ -48,9 +48,9 @@ You can enable SEP Mobile risk assessment through Intune device compliance polic
 
 ## Supported platforms
 
-- **Android 4.1 and later**
+- **Android 5.0 and later**
 
-- **iOS 8 and later**
+- **iOS 10 and later**
 
 ## Pre-requisites
 
diff --git a/memdocs/intune/protect/sophos-mtd-connector.md b/memdocs/intune/protect/sophos-mtd-connector.md
@@ -39,8 +39,8 @@ You can configure Conditional Access policies based on Sophos Mobile risk assess
 
 ## Supported platforms
 
-- Android 8.0 and later
-- iOS 11.0 and later
+- Android 7.0 and later
+- iOS 14.0 and later
 
 ## Prerequisites
 
diff --git a/memdocs/intune/protect/wandera-mtd-connector.md b/memdocs/intune/protect/wandera-mtd-connector.md
@@ -59,8 +59,8 @@ These categories and their associated threat levels are configurable in Wandera'
 
 The following platforms are supported for Wandera when enrolled in Intune:
 
-- Android 8.0 and later  
-- iOS 10.2 and later 
+- Android 9.0 and later  
+- iOS 13.7 and later 
 
 For more information about platform and device, see the [Wandera website](https://www.wandera.com/mobile-threat-defense/).
 
diff --git a/memdocs/intune/protect/zimperium-mobile-threat-defense-connector.md b/memdocs/intune/protect/zimperium-mobile-threat-defense-connector.md
@@ -37,9 +37,9 @@ You can configure Conditional Access policies based on Zimperium risk assessment
 
 ## Supported platforms
 
-- **Android 4.1 and later**
+- **Android 5.1 and later**
 
-- **iOS 8 and later**
+- **iOS 10 and later**
 
 ## Prerequisites
 
diff --git a/windows-365/enterprise/TOC.yml b/windows-365/enterprise/TOC.yml
@@ -157,6 +157,12 @@ items:
           href: restore-bulk.md
       - name: End grace period
         href: end-grace-period.md
+      - name: Digital forensics
+        items:
+        - name: Overview
+          href: digital-forensics.md
+        - name: Place a Cloud PC under review
+          href: place-cloud-pc-under-review.md
     - name: Reports
       items:
       - name: Resource performance report
diff --git a/windows-365/enterprise/digital-forensics.md b/windows-365/enterprise/digital-forensics.md
@@ -0,0 +1,61 @@
+---
+# required metadata
+title: Digital forensics with Windows 365 Enterprise Cloud PCs
+titleSuffix:
+description: Learn about using Windows 365 Enterprise Cloud PCs with digital forensics.
+keywords:
+author: ErikjeMS  
+ms.author: erikje
+manager: dougeby
+ms.date: 06/01/2022
+ms.topic: overview
+ms.service: cloudpc
+ms.subservice:
+ms.localizationpriority: high
+ms.technology:
+ms.assetid: 
+
+# optional metadata
+
+#ROBOTS:
+#audience:
+
+ms.reviewer: anbiswas    
+ms.suite: ems
+search.appverid: MET150
+#ms.tgt_pltfrm:
+ms.custom: intune-azure; get-started
+ms.collection: M365-identity-device-management
+---
+
+# Digital forensics and Windows 365 Enterprise Cloud PCs
+
+Just like physical devices, Windows 365 Enterprise Cloud PCs can be deployed, secured, and managed using [Microsoft Endpoint Manager](/mem/endpoint-manager-overview. As part of PC ownership, you may be asked to submit Cloud PCs to internal or third parties to perform digital forensics. Digital forensics is the science that addresses the recovery and investigation of digital data to support criminal investigations or civil proceedings.
+
+To support these forensics, Windows 365 offers the ability to [place a Cloud PC under review](place-cloud-pc-under-review.md). This action will securely save a snapshot of the Cloud PC to the customer’s Azure Storage Account. When transferred to that account, the customer has complete ownership of the snapshot.
+
+Investigators can attach disk copies of the Cloud PC snapshot and transfer it to a secure storage account dedicated to forensic analysis. This process can be done without re-creating, powering on, or accessing the original source Cloud PC.
+
+## Scenarios
+
+You may have to place a Cloud PC under review for any of these scenarios:
+
+1. A request from an internal Security Operation Center (SOC) team.
+2. A response to a request from an internal or external third party auditor.
+3. As a response to a pending or ongoing legal investigation.
+
+## Considerations for digital forensics
+
+In response to legal requests for data stored on a Cloud PC, admins must attest that digital evidence they provide demonstrates a valid Chain of Custody (CoC) throughout the evidence acquisition, preservation, and access process. For this reason, admins should make sure to support adequate:
+
+- access control
+- data protection and integrity
+- monitoring and alerting
+- logging and auditing
+
+<!-- ########################## -->
+## Next steps
+
+[Place a Cloud PC under review](place-cloud-pc-under-review.md).
+
+For more information about Microsoft’s support for digital investigations, see [Computer forensics chain of custody in Azure]( /azure/architecture/example-scenario/forensics/).
diff --git a/windows-365/enterprise/media/place-cloud-pc-under-review/choose-device.png b/windows-365/enterprise/media/place-cloud-pc-under-review/choose-device.png
diff --git a/windows-365/enterprise/media/place-cloud-pc-under-review/place-cloud-pc-under-review.png b/windows-365/enterprise/media/place-cloud-pc-under-review/place-cloud-pc-under-review.png
diff --git a/windows-365/enterprise/media/place-cloud-pc-under-review/subscription-storage.png b/windows-365/enterprise/media/place-cloud-pc-under-review/subscription-storage.png
diff --git a/windows-365/enterprise/place-cloud-pc-under-review.md b/windows-365/enterprise/place-cloud-pc-under-review.md
