MicrosoftDocs
diff --git a/‎memdocs/autopilot/index.yml‎
Lines changed: 1 addition & 1 deletion b/‎memdocs/autopilot/index.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1702.md‎
Lines changed: 8 additions & 8 deletions b/‎memdocs/configmgr/core/get-started/capabilities-in-technical-preview-1702.md‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎memdocs/configmgr/core/get-started/technical-preview.md‎
Lines changed: 1 addition & 1 deletion b/‎memdocs/configmgr/core/get-started/technical-preview.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎memdocs/intune/apps/app-protection-policy-settings-ios.md‎
Lines changed: 1 addition & 1 deletion b/‎memdocs/intune/apps/app-protection-policy-settings-ios.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎memdocs/intune/apps/apps-add.md‎
Lines changed: 2 additions & 2 deletions b/‎memdocs/intune/apps/apps-add.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎memdocs/intune/apps/apps-win32-app-management.md‎
Lines changed: 3 additions & 1 deletion b/‎memdocs/intune/apps/apps-win32-app-management.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎memdocs/intune/apps/lob-apps-windows.md‎
Lines changed: 1 addition & 1 deletion b/‎memdocs/intune/apps/lob-apps-windows.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎memdocs/intune/configuration/device-profile-troubleshoot.md‎
Lines changed: 3 additions & 3 deletions b/‎memdocs/intune/configuration/device-profile-troubleshoot.md‎
Lines changed: 3 additions & 3 deletions
@@ -123,4 +123,4 @@ landingContent:
       - text: Windows Autopilot and Surface devices
         url: /surface/windows-autopilot-and-surface-devices
       - text: Windows Autopilot for HoloLens 2
-        url:  https://docs.microsoft.com/hololens/hololens2-autopilot
+        url: /hololens/hololens2-autopilot
@@ -71,7 +71,7 @@ To use Azure AD with Configuration Manager, you'll need the following:
 - A Configuration Manager site that runs on an Azure VM that is joined to your Azure AD.
 - Configuration Manager clients that run in the same Azure AD environment.
 
-To configure Azure AD Domain Service, see [Get started with Azure AD Domain Services](/azure/active-directory-domain-services/create-instance).
+To configure Azure AD Domain Service, see [Get started with Azure AD Domain Services](/azure/active-directory-domain-services/tutorial-create-instance).
 
 ### Discover resources
 After you set up Configuration Manager to run in Azure AD, you can use the following Active Directory discovery methods to search
@@ -96,9 +96,10 @@ AAD stores users under the **AADDC Users** OU.  Configure the following:
 - **Group Discovery**  
 Azure AD does not have an OU that stores groups. Instead, use the same general structure as the System or User queries and configure the LDAP query to point to the OU that contains the groups you want to discover.
 
-See the following for more information about Azure AD:  
-- [Azure Active Directory Domain Services](https://azure.microsoft.com/services/active-directory-ds) on azure.microsoft.com.
-- [Active Directory Domain Services Documentation](/azure/active-directory-domain-services) on docs.microsoft.com.
+See the following for more information about Azure AD:
+
+- [Azure Active Directory Domain Services product information](https://azure.microsoft.com/services/active-directory-ds)
+- [Active Directory Domain Services documentation](/azure/active-directory-domain-services/)
 
 ## Conditional access device compliance policy improvements
 
@@ -224,8 +225,7 @@ Additionally, you can now specify multiple certification authorities (CAs) on mu
 
 For iOS devices, you can associate a PFX certificate profile to an email profile and enable S/MIME encryption.  This then enables S/MIME in the native email client on iOS and associates the correct S/MIME encryption certificate to it.
 
-For more information about certificates in Configuration Manager, see [Introduction to certificate profiles]( /sccm/protect/deploy-use/introduction-to-certificate-profiles).
-
+For more information about certificates in Configuration Manager, see [Introduction to certificate profiles](../../protect/deploy-use/introduction-to-certificate-profiles.md).
 
 ## New compliance settings for iOS devices
 
@@ -345,8 +345,8 @@ To try this, create a configuration item through the standard workflow, choose *
 #### Perform selective wipe
 Devices enrolled as Android for Work can only be selectively wiped because you only manage the work profile. This protects the personal profile from being wiped. Performing a selective wipe on an Android for Work device removes the work profile, including all apps and data, and unenrolls the device.
 
-To selectively wipe an Android for Work device, use the normal [selective wipe process](/sccm/mdm/deploy-use/wipe-lock-reset-devices#selective-wipe) in the Configuration Manager console.
+To selectively wipe an Android for Work device, use the normal [selective wipe process](../../mdm/deploy-use/wipe-lock-reset-devices.md#selective-wipe) in the Configuration Manager console.
 
 #### Known issues for Android for Work
 **Configuring sync schedule in Android for Work email profiles causes them to fail to deploy**
-One of the options in the ConfigMgr UI for Android for Work email profiles is "Schedule". On other platforms, this allows the admin to configure a schedule for syncing email and other email account data down to the mobile devices it's deployed to. However, it does not work for Android for Work email profiles, and choosing any option other than "Not Configured" will cause the profile to not be deployed to any devices.
+One of the options in the ConfigMgr UI for Android for Work email profiles is "Schedule". On other platforms, this allows the admin to configure a schedule for syncing email and other email account data down to the mobile devices it's deployed to. However, it does not work for Android for Work email profiles, and choosing any option other than "Not Configured" will cause the profile to not be deployed to any devices.
@@ -184,7 +184,7 @@ The following features were released with previous versions of the Configuration
 - [Prefer cloud-based software update points on switching](2022/technical-preview-2201.md#bkmk_cmgsup) <!--7759984-->
 - [LEDBAT support for software update points](2022/technical-preview-2201.md#bkmk_ledbat) <!--4639895-->
 - [Improvements to Power BI Report Server Integration](2022/technical-preview-2201.md#bkmk_reports) <!--12487076-->
-- [Tenant attach features are generally available ](2022/technical-preview-2201.md#bkmk_ta) <!--6374854-->
+- [Tenant attach features are generally available](2022/technical-preview-2201.md#bkmk_ta) <!--6374854-->
 - [Deployment Status client notification actions](2022/technical-preview-2201.md#bkmk_notify) <!--7079837-->
 - [Sort by icon in the console](2022/technical-preview-2201.md#bkmk_sortico) <!--3877839-->
 - [PowerShell release notes preview](2022/technical-preview-2201.md#bkmk_powershell) <!--12654996-->
 
@@ -78,7 +78,7 @@ There are three categories of policy settings: *Data relocation*, *Access requir
 | **Printing Org data** | Select **Block** to prevent the app from printing work or school data. If you leave this setting to **Allow**, the default value, users will be able to export and print all Org data.  | **Allow**  |
 | **Restrict web content transfer with other apps** | Specify how web content (http/https links) is opened from policy-managed applications. Choose from: <ul><li>**Any app**: Allow web links in any app.</li><li>**Intune Managed Browser**: Allow web content to open only in the Intune Managed Browser. This browser is a policy-managed browser.</li><li>**Microsoft Edge**: Allow web content to open only in the Microsoft Edge. This browser is a policy-managed browser.</li><li>**Unmanaged browser**: Allow web content to open only in the unmanaged browser defined by **Unmanaged browser protocol** setting. The web content will be unmanaged in the target browser.<br>**Note**: Requires app to have Intune SDK version 11.0.9 or later.</li></ul> If you're using Intune to manage your devices, see [Manage Internet access using managed browser policies with Microsoft Intune](manage-microsoft-edge.md).<br><br>If a policy-managed browser is required but not installed, your end users will be prompted to install the Microsoft Edge.<p>If a policy-managed browser is required, iOS/iPadOS Universal Links are managed by the **Allow app to transfer data to other apps** policy setting. <p>**Intune device enrollment**<br>If you are using Intune to manage your devices, see Manage Internet access using managed browser policies with Microsoft Intune. <p>**Policy-managed Microsoft Edge**<br>The Microsoft Edge browser for mobile devices (iOS/iPadOS and Android) supports Intune app protection policies. Users who sign in with their corporate Azure AD accounts in the Microsoft Edge browser application will be protected by Intune. The Microsoft Edge browser integrates the Intune SDK and supports all of its data protection policies, with the exception of preventing:<br><ul><li>**Save-as**: The Microsoft Edge browser does not allow a user to add direct, in-app connections to cloud storage providers (such as OneDrive).</li><li>**Contact sync**: The Microsoft Edge browser does not save to native contact lists.</li></ul><br>**Note**: *The Intune SDK cannot determine if a target app is a browser. On iOS/iPadOS devices, no other managed browser apps are allowed.*    | **Not configured**  |
 |<ul>**Unmanaged Browser Protocol** | Enter the protocol for a *single* unmanaged browser. Web content (http/https links) from policy managed applications will open in any app that supports this protocol. The web content will be unmanaged in the target browser. <br><br>This feature should only be used if you want to share protected content with a specific browser that is not enabled using Intune app protection policies. You must contact your browser vendor to determine the protocol supported by your desired browser.<br><br>**Note**: *Include only the protocol prefix. If your browser requires links of the form `mybrowser://www.microsoft.com`, enter `mybrowser`.*<br>Links will be translated as:<br><ul><li>`http://www.microsoft.com` > `mybrowser://www.microsoft.com`</li><li>`https://www.microsoft.com` > `mybrowsers://www.microsoft.com`</li></ul> | **Blank**  |
-| **Org data notifications** | Specify how Org data is shared via OS notifications for Org accounts. This policy setting will impact the local device and any connected devices such as wearables and smart speakers. Apps may provide additional controls to customize notification behavior or may choose to not honor all values. Select from: <ul><li>**Blocked**: Do not share notifications.</li><ul><li>If not supported by the application, notifications will be allowed.</li></ul><li>**Block org Data**: Do not share Org data in notifications, for example.</li><UL><li>"You have new mail"; "You have a meeting".</li><li>If not supported by the application, notifications will be blocked.</li></ul><li>**Allow**: Shares Org data in the notifications.</li></ul> <p>**Note**: *This setting requires app support: <ul><li>Outlook for iOS 4.34.0 or later</li><li>Teams for iOS 2.0.22 or later.*</ul> | **Allow**   |
+| **Org data notifications** | Specify how Org data is shared via OS notifications for Org accounts. This policy setting will impact the local device and any connected devices such as wearables and smart speakers. Apps may provide additional controls to customize notification behavior or may choose to not honor all values. Select from: <ul><li>**Blocked**: Do not share notifications.</li><ul><li>If not supported by the application, notifications will be allowed.</li></ul><li>**Block org Data**: Do not share Org data in notifications, for example.</li><UL><li>"You have new mail"; "You have a meeting".</li><li>If not supported by the application, notifications will be allowed.</li></ul><li>**Allow**: Shares Org data in the notifications.</li></ul> <p>**Note**: *This setting requires app support: <ul><li>Outlook for iOS 4.34.0 or later</li><li>Teams for iOS 2.0.22 or later.*</ul> | **Allow**   |
 > [!NOTE]  
 > None of the data protection settings control the Apple managed open-in feature on iOS/iPadOS devices. To use manage Apple open-in, see [Manage data transfer between iOS/iPadOS apps with Microsoft Intune](data-transfer-between-apps-manage-ios.md).
 
 
@@ -63,7 +63,7 @@ The following table lists the specific app types and how you can add them in the
 | Windows LOB apps | LOB app | Select **Line-of-business** app as the app type, select the **App package file**, and then enter a Windows installation file with the extension **.msi**, **.appx**, **.appxbundle**, **.msix**, and **.msixbundle**. |
 | Built-in iOS/iPadOS app  | Built-in app | Select **Built-In app** as the **app type**, and then select the built-in app in the list of provided apps.  |
 | Built-in Android app  | Built-in app | Select **Built-In app** as the **app type**, and then select the built-in app in the list of provided apps.  |
-| Web apps  | Web app  | Select **Web link** as the **app type**, and then enter a valid URL pointing to the web app.  |
+| Cross platform web apps  | Web app  | Select **Web link** as the **app type**, and then enter a valid URL pointing to the web app.  |
 | Android Enterprise system apps  | Store app  | Select **Android Enterprise system app** as the **app type**, and then enter the app name, publisher, and package file.  |
 | Windows app (Win32)  | LOB app  | Select **Windows app (Win32)** as the **app type**, select the **App package file**, and then select an installation file with the extension **.intunewin**.  |
 | macOS LOB apps | LOB app  | Select **Line-of-business** as the **app type**, select the **App package file**, and then select an installation file with the extension **.intunemac**.  |
@@ -108,7 +108,7 @@ Use the [Intune deployment planning, design and implementation guide](../fundame
 You can choose from the following app types:
 - **Apps from the store**: Apps that have been uploaded to either the Microsoft store, the iOS/iPadOS store, or the Android store are store apps. The provider of a store app maintains and provides updates to the app. You select the app in the store list and add it by using Intune as an available app for your users.
 - **Apps written in-house or as a custom app (line-of-business)**: Apps that are created in-house or as a custom app are line-of-business (LOB) apps. The functionality of this type of app has been created for one of the Intune supported platforms, such as Windows, iOS/iPadOS, macOS, or Android. Your organization creates and provides you with updates as a separate file. You provide updates of the app to users by adding and deploying the updates using Intune.
-- **Apps on the web**: Web apps are client-server applications. The server provides the web app, which includes the UI, content, and functionality. Additionally, modern web hosting platforms commonly offer security, load balancing, and other benefits. This type of app is separately maintained on the web. You use Intune to point to this app type. You also assign which groups of users can access the app. Note that Android does not support web apps.
+- **Apps on the web**: Web apps are client-server applications. The server provides the web app, which includes the UI, content, and functionality. Additionally, modern web hosting platforms commonly offer security, load balancing, and other benefits. This type of app is separately maintained on the web. You use Intune to point to this app type. You also assign which groups of users can access the app.
 - **Apps from other Microsoft services**: Apps that have been sourced from either Azure AD or Office Online. **Azure AD Enterprise applications** are registered and assigned via the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). **Office Online applications** are assigned using the licensing controls available in the [M365 Admin Center](https://admin.microsoft.com). You can hide or show Azure AD Enterprise and Office Online applications to end-users in the Company Portal. From the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Tenant administration** > **Customization** to find this configuration setting. Select to **Hide** or **Show** either **Azure AD Enterprise applications** or **Office Online applications** in the Company Portal for each end-user. Each end-user will see their entire application catalog from the chosen Microsoft service. By default, each additional app source will be set to **Hide**. For more information, see [App source setting options](../apps/company-portal-app.md#app-source-setting-options). 
 
 As you're determining which apps your organization needs, consider how the apps integrate with cloud services, what data the apps access, whether the apps are available to BYOD users, and whether the apps require internet access.
 
@@ -31,7 +31,9 @@ Microsoft Intune allows Win32 app management capabilities. Although it's possibl
 > This app management capability supports both 32-bit and 64-bit operating system architecture for Windows applications.
 
 > [!IMPORTANT]
-> When you're deploying Win32 apps, consider using the [Intune Management Extension](../apps/intune-management-extension.md) approach exclusively, particularly when you have a multiple-file Win32 app installer. If you mix the installation of Win32 apps and line-of-business apps during Autopilot enrollment, the app installation might fail. The Intune management extension is installed automatically when a PowerShell script or Win32 app is assigned to the user or device. Additionally, the Intune management extension agent checks every hour (or on service or device restart) for any new Win32 app assignments.
+> When you're deploying Win32 apps, consider using the [Intune Management Extension](../apps/intune-management-extension.md) approach exclusively, particularly when you have a multiple-file Win32 app installer. If you mix the installation of Win32 apps and line-of-business apps during Autopilot enrollment, the app installation might fail as they both use the Trusted Installer service at the same time.
+> 
+> The Intune management extension is installed automatically when a PowerShell script or Win32 app is assigned to the user or device. Additionally, the Intune management extension agent checks every hour (or on service or device restart) for any new Win32 app assignments.
 
 ## Prerequisites
 
 
@@ -39,7 +39,7 @@ ms.collection:
 A line-of-business (LOB) app is one that you add from an app installation file. This kind of app is typically written in-house. The following steps provide guidance to help you add a Windows LOB app to Microsoft Intune.
 
 > [!IMPORTANT]
-> When deploying Win32 apps using an installation file with the .msi extension (packaged in an .intunewin file using the Content Prep Tool), consider using [Intune Management Extension](../apps/intune-management-extension.md). If you mix the installation of Win32 apps and line-of-business apps during Autopilot enrollment, the app installation may fail.  
+> When deploying Win32 apps using an installation file with the .msi extension (packaged in an .intunewin file using the Content Prep Tool), consider using [Intune Management Extension](../apps/intune-management-extension.md). If you mix the installation of Win32 apps and line-of-business apps during Autopilot enrollment, the app installation may fail as they both use the Trusted Installer service at the same time.
 
 ## Select the app type
 
 
@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 06/15/2022
+ms.date: 06/16/2022
 ms.topic: troubleshooting
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -90,11 +90,11 @@ Conflicts happen when two profile settings are the same. For example, you config
 
 A policy is deployed to the app and takes effect. A second policy is deployed. In this scenario, the first policy takes precedence, and stays applied. The second policy shows a conflict. If both are applied at the same time, meaning that there isn't preceding policy, then both are in conflict. Any conflicting settings are set to the most restrictive values.
 
-## What happens when iOS/iPadOS custom policies conflict?
+## What happens when iOS/iPadOS or macOS custom policies conflict?
 
 Intune doesn't evaluate the payload of Apple Configuration files or a custom Open Mobile Alliance Uniform Resource Identifier (OMA-URI) policy. It merely serves as the delivery mechanism.
 
-When you assign a custom policy, confirm that the configured settings don't conflict with compliance, configuration, or other custom policies. If a custom policy and its settings conflict, then the settings are applied randomly.
+When you assign a custom policy, confirm that the configured settings don't conflict with compliance, configuration, or other custom policies. If a custom policy and its settings conflict, then the settings are applied randomly by Apple.
 
 The built-in reporting features can help with conflicts. For more information on the available reports, go to [Intune reports](../fundamentals/reports.md).