Merge pull request #7577 from MicrosoftDocs/main

Publish 05/10/2022 3:30 PM PT

Author: Angela Fleischmann

memdocs/intune/apps/app-protection-policy-settings-ios.md

@@ -47,7 +47,7 @@ There are three categories of policy settings: *Data relocation*, *Access requir
 | Setting | How to use | Default value |
 |------|----------|-------|
 | **Backup Org data to iTunes and iCloud backups** | Select **Block** to prevent this app from backing up work or school data to iTunes and iCloud. Select **Allow** to allow this app to back up of work or school data to iTunes and iCloud. | **Allow**  |
-| **Send Org data to other apps** | Specify what apps can receive data from this app: <ul><li>**All apps**: Allow transfer to any app. The receiving app will have the ability to read and edit the data.</li><li>**None**: Do not allow data transfer to any app, including other policy-managed apps. If the user performs a managed open-in function and transfers a document, the data will be encrypted and unreadable.</li><li> **Policy managed apps**: Allow transfer only to other policy-managed apps. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps on unenrolled devices or enrolled devices that allow sharing to unmanaged apps. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li><li> **Policy managed apps with OS sharing**: Only allow data transfer to other policy managed apps, as well as file transfers to other MDM managed apps on enrolled devices. <p><p>**Note:** _The **Policy managed apps with OS sharing** value is applicable to MDM enrolled devices only. If this setting is targeted to a user on an unenrolled device, the behavior of the **Policy managed apps** value applies. Users will be able to transfer unencrypted content via Open-in or Share extensions to any application allowed by the iOS MDM allowOpenFromManagedtoUnmanaged setting, assuming the sending app has the IntuneMAMUPN configured; for more information, see [How to manage data transfer between iOS apps in Microsoft Intune](data-transfer-between-apps-manage-ios.md). See https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf for more information on this iOS/iPadOS MDM setting._<p><p></li><li>**Policy managed apps with Open-In/Share filtering**: Allow transfer only to other policy managed apps, and filter OS Open-in/Share dialogs to only display policy managed apps. To configure the filtering of the **Open-In/Share** dialog, it requires both the app(s) acting as the file/document source and the app(s) that can open this file/document to have the Intune SDK for iOS version 8.1.1 or above. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps if Intune private data type are supported by the app. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li></ul><br>In addition, when set to **Policy managed apps** or **None**, the Spotlight search (enables searching data within apps) and Siri shortcuts iOS features are blocked. <p><p>This policy can also apply to iOS/iPadOS Universal Links. General web links are managed by the **Open app links in Intune Managed Browser** policy setting. <p> There are some exempt apps and services to which Intune may allow data transfer by default. In addition, you can create your own exemptions if you need to allow data to transfer to an app that doesn't support Intune APP. See [data transfer exemptions](#data-transfer-exemptions) for more information. | **All apps** |
+| **Send Org data to other apps** | Specify what apps can receive data from this app: <ul><li>**All apps**: Allow transfer to any app. The receiving app will have the ability to read and edit the data.</li><li>**None**: Do not allow data transfer to any app, including other policy-managed apps. If the user performs a managed open-in function and transfers a document, the data will be encrypted and unreadable.</li><li> **Policy managed apps**: Allow transfer only to other policy-managed apps. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps on unenrolled devices or enrolled devices that allow sharing to unmanaged apps. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li><li> **Policy managed apps with OS sharing**: Only allow data transfer to other policy managed apps, as well as file transfers to other MDM managed apps on enrolled devices. <p><p>**Note:** _The **Policy managed apps with OS sharing** value is applicable to MDM enrolled devices only. If this setting is targeted to a user on an unenrolled device, the behavior of the **Policy managed apps** value applies. Users will be able to transfer unencrypted content via Open-in or Share extensions to any application allowed by the iOS MDM allowOpenFromManagedtoUnmanaged setting, assuming the sending app has the IntuneMAMUPN and IntuneMAMOID configured; for more information, see [How to manage data transfer between iOS apps in Microsoft Intune](data-transfer-between-apps-manage-ios.md). See https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf for more information on this iOS/iPadOS MDM setting._<p><p></li><li>**Policy managed apps with Open-In/Share filtering**: Allow transfer only to other policy managed apps, and filter OS Open-in/Share dialogs to only display policy managed apps. To configure the filtering of the **Open-In/Share** dialog, it requires both the app(s) acting as the file/document source and the app(s) that can open this file/document to have the Intune SDK for iOS version 8.1.1 or above. <p><p>**Note:** _Users may be able to transfer content via Open-in or Share extensions to unmanaged apps if Intune private data type are supported by the app. Transferred data is encrypted by Intune and unreadable by unmanaged apps._</li></ul><br>In addition, when set to **Policy managed apps** or **None**, the Spotlight search (enables searching data within apps) and Siri shortcuts iOS features are blocked. <p><p>This policy can also apply to iOS/iPadOS Universal Links. General web links are managed by the **Open app links in Intune Managed Browser** policy setting. <p> There are some exempt apps and services to which Intune may allow data transfer by default. In addition, you can create your own exemptions if you need to allow data to transfer to an app that doesn't support Intune APP. See [data transfer exemptions](#data-transfer-exemptions) for more information. | **All apps** |
 | <ul>**Select apps to exempt** | This option is available when you select *Policy managed apps* for the previous option.   |   |
 | <ul>**Select universal links to exempt** | Specify which iOS/iPadOS [Universal Links](#universal-links) should open in the specified *unmanaged* application instead of the protected browser specified by the **Restrict web content transfer with other apps** setting. You must contact the application developer to determine the correct universal link format for each application.   |   |
 | <ul>**Select managed universal links** | Specify which iOS/iPadOS [Universal Links](#universal-links) should open in the specified *managed* application instead of the protected browser specified by the **Restrict web content transfer with other apps** setting. You must contact the application developer to determine the correct universal link format for each application.   |   |

memdocs/intune/apps/data-transfer-between-apps-manage-ios.md

@@ -86,7 +86,8 @@ Configuring the user UPN setting is **required** for devices that are managed by
 
    |Third-party MDM provider| Configuration Key | Value Type | Configuration Value|
    | ------- | ---- | ---- | ---- |
-   |Microsoft Intune| IntuneMAMUPN | String | {{UserPrincipalName}}|
+   |Microsoft Intune| IntuneMAMUPN | String | {{userprincipalname}}|
+   |Microsoft Intune| IntuneMAMOID | String | {{userid}}|
    |VMware AirWatch| IntuneMAMUPN | String | {UserPrincipalName}|
    |MobileIron | IntuneMAMUPN | String | ${userUPN} **or** ${userEmailAddress} |
    |Citrix Endpoint Management | IntuneMAMUPN | String | ${user.userprincipalname} |

memdocs/intune/remote-actions/remote-help.md

@@ -127,10 +127,10 @@ For users that opted out of automatic updates, when an update to remote help is
 - Intune admins can download and deploy the app to enrolled devices. For more information about app deployments, see [Install apps on Windows devices](../apps/apps-windows-10-app-deploy.md#install-apps-on-windows-10-devices).
 - Individual users who have permissions to install apps on their devices can also download and install remote help.
 
-[!NOTE]
-- In May 2022, existing users of remote help will see a recommended upgrade screen when they open the remote help app. Users will be able to continue using remote help without upgrading. 
-- On May 23, 2022, existing users of remote help will see a mandatory upgrade screen when they open the remote help app. They will not be able to proceed until they upgrade to the latest version of remote help.
-- Remote help will now require Microsoft Edge WebView2 Runtime. During the remote help installation process, if Microsoft Edge WebView2 Runtime is not installed on the device, then remote help installation will install it. When uninstalling remote help, Microsoft Edge WebView2 Runtime will not be uninstalled.
+> [!NOTE]
+> - In May 2022, existing users of remote help will see a recommended upgrade screen when they open the remote help app. Users will be able to continue using remote help without upgrading.
+> - On May 23, 2022, existing users of remote help will see a mandatory upgrade screen when they open the remote help app. They will not be able to proceed until they upgrade to the latest version of remote help.
+> - Remote help will now require Microsoft Edge WebView2 Runtime. During the remote help installation process, if Microsoft Edge WebView2 Runtime is not installed on the device, then remote help installation will install it. When uninstalling remote help, Microsoft Edge WebView2 Runtime will not be uninstalled.
 
 ### Download remote help