fix merge conflict

Author: mestew

memdocs/configmgr/tenant-attach/breadcrumb/toc.yml

@@ -22,3 +22,26 @@ items:
           tocHref: /mem/intune/protect/
           topicHref: /mem/configmgr/tenant-attach/index
 
+<<<<<<< HEAD
+=======
+- name: Docs
+  tocHref: /
+  topicHref: /
+  items:
+  - name: Enterprise Mobility + Security
+    tocHref: /enterprise-mobility-security/
+    topicHref: /enterprise-mobility-security/
+    items:
+    - name: Microsoft Endpoint Manager
+      tocHref: /mem/
+      topicHref: /mem/
+      items:
+      - name: Configuration Manager
+        tocHref: /mem/configmgr/
+        topicHref: /mem/configmgr/index
+        items:
+        - name: Tenant attach
+          tocHref: /mem/configmgr/cloud-attach/
+          topicHref: /mem/configmgr/tenant-attach/index
+          
+>>>>>>> 31d477078725a2324c5ac04cf6beabf967e78f96

memdocs/intune/configuration/device-restrictions-windows-10.md

@@ -445,11 +445,9 @@ This device restrictions profile is directly related to the kiosk profile you cr
 - **Clear browsing data on exit** (desktop only): **Yes** clears the history, and browsing data when users exit Microsoft Edge. **No** (default) uses the OS default, which may cache the browsing data.
 - **Sync browser settings between user's devices**: Choose how you want to sync browser settings between devices. Your options:
   - **Allow**: Allow syncing of Microsoft Edge browser settings between user's devices
-  - **Block and enable user override**: Block syncing of Microsoft Edge browser settings between user's devices. Users can override this setting.
+  - **Block and enable user override**: Block syncing of Microsoft Edge browser settings between user's devices. Users can override this setting. When this option is selected, users can override the admin designation.
   - **Block**: Block syncing of Microsoft Edge browser setting between users devices. Users can't override this setting.
 
-When "block and enable user override" is selected, user can override admin designation.
-
 - **Allow Password Manager**: **Yes** (default) allows Microsoft Edge to automatically use Password Manager, which allows users to save and manage passwords on the device. **No** prevents Microsoft Edge from using Password Manager.
 - **Cookies**: Choose how cookies are handled in the web browser. Your options:
   - **Allow**: Cookies are stored on the device.

memdocs/intune/enrollment/android-dedicated-devices-fully-managed-enroll.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 04/21/2022
+ms.date: 08/16/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -54,7 +54,7 @@ After you've set up your Android Enterprise [dedicated devices](android-kiosk-en
 
 ## Enroll by using Near Field Communication (NFC)
 
-Create a specially-formatted NFC tag to provision NFC-supported devices running Android 8.0 or later. You can use your own app or any NFC tag-creation tool. For more information, see [C-based Android Enterprise device enrollment with Microsoft Intune](/archive/blogs/cbernier/nfc-based-android-enterprise-device-enrollment-with-microsoft-intune) and [Google's Android Management API documentation](https://developers.google.com/android/management/provision-device#nfc_method).
+Create a specially formatted NFC tag to provision NFC-supported devices running Android 8.0 or later. You can use your own app or any NFC tag-creation tool. For more information, see [C-based Android Enterprise device enrollment with Microsoft Intune](/archive/blogs/cbernier/nfc-based-android-enterprise-device-enrollment-with-microsoft-intune) and [Google's Android Management API documentation](https://developers.google.com/android/management/provision-device#nfc_method).
 
 For corporate-owned work profile (COPE) devices, the NFC enrollment method is only supported on devices running Android versions 8.0 to 10.0. It's not supported with Android 11.0 or later. 
 
@@ -68,7 +68,7 @@ For corporate-owned work profile (COPE) devices, the NFC enrollment method is on
 
 1. Turn on your wiped device.
 2. On the **Welcome** screen, select your language.
-3. Connect to your **Wifi**, and then choose **NEXT**.
+3. Connect to your **Wi-fi**, and then choose **NEXT**.
 4. Accept the Google Terms and conditions, and then choose **NEXT**.
 5. On the Google sign-in screen, enter **afw#setup** instead of a Gmail account, and then choose **NEXT**.
 6. Choose **INSTALL** for the **Android Device Policy** app.
@@ -87,13 +87,68 @@ Scan the QR code from the enrollment profile to enroll devices running Android 8
 2. On devices running Android 8.0, you'll be prompted to install a QR reader. Devices running Android 9 and later are pre-installed with a QR reader.
 3. Use the QR reader to scan the enrollment profile QR code and then follow the on-screen prompts to enroll.  
 
-## Enroll by using Google Zero Touch
+## Enroll by using Google Zero Touch 
 
-To use Google's Zero Touch system, the device must support it and be affiliated with a supplier that is part of the service.  For more information, see [Google's Zero Touch program website](https://www.android.com/enterprise/management/zero-touch/).
+To use this method, zero-touch enrollment must be supported on devices and affiliated with a supplier that is part of the Android zero-touch enrollment service. For more information, such as prerequisites, where to purchase devices, and how to associate a Google Account with your corporate email, see [Zero-touch enrollment for IT admins](https://support.google.com/work/android/answer/7514005)(opens Android Enterprise Help). 
 
-1. Create a new Configuration in the Zero Touch console.
-2. Choose **Microsoft Intune** from the EMM DPC dropdown.
-3. In Google's Zero Touch console, copy/paste the following JSON into the DPC extras field. Replace the *YourEnrollmentToken* string with the enrollment token you created as part of your enrollment profile. Be sure to surround the enrollment token with double quotes.
+This section describes how to:    
+* Create a zero-touch configuration in the admin center 
+* Create a zero-touch configuration in the zero-touch enrollment portal  
+
+### Create zero-touch configuration in admin center        
+The zero-touch iframe lets you access the zero-touch enrollment portal in the Microsoft Endpoint Manager admin center. To enable the iframe, you must first add the *update app sync* permission and enable enrollment for corporate-owned, fully managed devices. After those steps are complete, the zero-touch enrollment option becomes visible in the admin center and you can link your account and create zero-touch configurations.  
+
+Complete the following steps to enable the iframe and create a new zero-touch configuration. To create configurations in the zero-touch enrollment portal instead, skip to [Create configuration in zero-touch enrollment portal](android-dedicated-devices-fully-managed-enroll.md#create-configuration-in-zero-touch-enrollment-portal).  
+
+#### Step 1: Add required permission   
+Add the *update app sync* permission.     
+
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
+admin.
+2. Select **Tenant administration** > **Roles**. 
+3. Select your role from the list.  
+4. Select **Properties**.
+5. Go to **Permissions** and then select **Edit**.  
+5. Select **Android for Work**.  
+6. Next to **Update app sync**, select **Yes**.
+9. Select **Review + save** to review your changes.  
+9. Select **Save**.  
+
+#### Step 2: Enable enrollment for corporate-owned devices  
+Verify that enrollment is enabled for corporate-owned, fully managed devices.   
+
+1. In the admin center, go to **Devices** > **Enroll devices**.  
+2. Select **Android enrollment**. 
+3. Under **Enrollment profiles**, choose **Corporate-owned, fully managed user devices**.  
+4. Verify that the setting for **Allow users to enroll corporate-owned user devices**, is set to **Yes**.             
+
+#### Step 3: Link zero-touch account to Intune    
+Link a zero-touch account with your Microsoft Intune account. Upon linking the account, Intune creates a default zero-touch configuration.   
+
+1. In the admin center, go to **Devices** > **Enroll devices**.  
+2. Select **Android enrollment**. 
+2. Under **Bulk enrollment methods**, choose **Zero-touch enrollment**.  
+3. The iframe opens.  Select **Next** to begin setup.   
+4. Sign in with the Google account you provided to your reseller. 
+5. Select the zero-touch account you want to link, and then select **Link**.  
+6. A default configuration is created. A screen appears with basic information about the new configuration. Intune will automatically apply the default to any zero-touch enabled device that's without an existing configuration. Select **Next** to continue.    
+
+> [!TIP]
+> The token used for the default configuration is for a fully managed device. If you want to create a zero-touch configuration for a corporate-owned work profile device or a dedicated device, see [Create configuration in zero-touch enrollment portal](android-dedicated-devices-fully-managed-enroll.md#create-configuration-in-zero-touch-enrollment-portal) (in this article). 
+6. Add support information to assist device users during setup. 
+7. Select **Save**.  
+
+Once your account is linked with Intune, zero-touch enabled devices are ready to receive the default configuration. You can view existing zero-touch configurations, edit support information, unlink the account, and link other accounts in the admin center.   
+
+### Create configuration in zero-touch enrollment portal        
+
+Add a zero-touch configuration in the Google zero-touch enrollment portal. You can use the zero-touch enrollment portal by itself to manage configurations, or you can use it in combination with the zero-touch iframe. The portal supports configurations for fully managed and dedicated devices, and corporate-owned devices with a work profile. 
+
+1. Sign in to the zero-touch enrollment portal with your Google account.
+2. Select the option to add a new configuration.  
+3. Fill out the information in the configuration panel. 
+4. Select **Microsoft Intune** as the EMM DPC app.   
+5. Copy the following JSON text into the DPC extras field. Replace `YourEnrollmentToken` with the enrollment token you created as part of your enrollment profile. Be sure to surround the enrollment token with double quotes.  
 
     ```json
     {
@@ -105,11 +160,9 @@ To use Google's Zero Touch system, the device must support it and be affiliated
 
         "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": {
             "com.google.android.apps.work.clouddpc.EXTRA_ENROLLMENT_TOKEN": "YourEnrollmentToken"
-        }
-    }
-    ```
-
-4. Choose **Apply**.
+ 6. Enter your organization's name and support information, which is shown on screen while users set up their devices.   
+ 
+For more information about how to assign a default configuration or apply a configuration in the zero-touch portal, see [Zero-touch enrollment for IT admins](https://support.google.com/work/android/answer/7514005)(opens Android Enterprise Help).  
 
 ## Enroll by using Knox Mobile Enrollment
 To use Samsung's Knox Mobile Enrollment, the device must be running Android OS version 8.0 or later and Samsung Knox 2.8 or higher. For more information, learn [how to automatically enroll your devices with Knox Mobile Enrollment](./android-samsung-knox-mobile-enroll.md).  

memdocs/intune/protect/device-compliance-get-started.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 11/16/2021
+ms.date: 08/16/2022
 ms.topic: overview
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -123,6 +123,7 @@ The following subjects link to dedicated articles for different aspects of devic
 
   - [Android device administrator](compliance-policy-create-android.md)
   - [Android Enterprise](compliance-policy-create-android-for-work.md)
+  - [Android Android Open Source Project (AOSP)](compliance-policy-create-android-aosp.md)
   - [iOS](compliance-policy-create-ios.md)
   - [macOS](compliance-policy-create-mac-os.md)
   - [Windows Holographic for Business](compliance-policy-create-windows.md#windows-holographic-for-business)

memdocs/intune/protect/encrypt-devices.md

@@ -187,7 +187,7 @@ To change the disk encryption type between full disk encryption and used space o
 
 #### TPM startup PIN or key
 
-A device **must not require** use of a startup PIN or startup key.
+A device **must not be set to require** a startup PIN or startup key.
 
 When a TPM startup PIN or startup key is required on a device, BitLocker can't silently enable on the device and instead requires interaction from the end user. Settings to configure the TPM startup PIN or key are available in both the endpoint protection template and the BitLocker policy. By default, these policies do not configure these settings.
 
@@ -289,4 +289,4 @@ For information about BitLocker deployments and requirements, see the [BitLocker
 - [Monitor disk encryption](../protect/encryption-monitor.md)
 - [Troubleshooting BitLocker policy](/troubleshoot/mem/intune/troubleshoot-bitlocker-policies)
 - [Known issues for Enforcing BitLocker policies with Intune](/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues)
-- [BitLocker management for enterprises](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises), in the Windows security documentation
+- [BitLocker management for enterprises](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises), in the Windows security documentation

memdocs/intune/protect/microsoft-tunnel-configure.md

@@ -365,7 +365,9 @@ For more information about *mst-cli*, see [Reference for Microsoft Tunnel](../pr
 
 ## Uninstall the Microsoft Tunnel
 
-To uninstall the product, run **./mst-cli uninstall** from the Linux server as root.
+To uninstall the product, run **./mst-cli uninstall** from the Linux server as root. 
+
+After the product is uninstalled, delete the corresponding server record in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) under **Tenant administration** > **Microsoft Tunnel Gateway** > **Servers**.
 
 ## Next steps
 

memdocs/intune/protect/windows-10-feature-updates.md

@@ -224,6 +224,9 @@ Selecting a profile from the list opens the profiles **Overview** pane where you
 - Select **Properties** to modify the deployment.  On the *Properties* pane, select **Edit** to open the *Deployment settings or Assignments*, where you can then modify the deployment.
 - Select **End user update status** to view information about the policy.
 
+> [!NOTE]
+> The End user update status Last Scanned Time value will return 'Not scanned yet' until an initial user logs on and Update Session Orchestrator (USO) scan is initiated. For more information on the Unified Update Platform (UUP) architecture and related components, see [Get started with Windows Update](/windows/deployment/update/windows-update-overview).
+
 ## Validation and reporting
 
 There are multiple options to get in-depth reporting for Windows 10/11 updates with Intune. Windows update reports show details about your Windows 10 and Windows 11 devices side by side in the same report.

windows-365/enterprise/whats-new.md

@@ -7,7 +7,7 @@ keywords:
 author: ErikjeMS  
 ms.author: erikje
 manager: dougeby
-ms.date: 08/08/2022
+ms.date: 08/16/2022
 ms.topic: reference
 ms.service: cloudpc
 ms.subservice:
@@ -48,6 +48,24 @@ Learn what new features are available in Windows 365 Enterprise.
 ### End user experience
 -->
 
+
+<!-- ########################## -->
+## Week of August 15, 2022
+
+<!-- vvvvvvvvvvvvvvvvvvvvvv -->
+### App management
+
+#### Language and region configuration now also applies to Microsoft 365 Apps<!--40673170-->
+
+Provisioning policies configured for language now also apply to Microsoft 365 Apps. When a user first signs in, their Microsoft 365 Apps will use the configured language. For more information, see [Provide a localized Windows experience](provide-localized-windows-experience.md).
+
+<!-- vvvvvvvvvvvvvvvvvvvvvv -->
+### Monitor and troubleshoot
+
+#### Remoting connection report in Endpoint Analytics now generally available<!--38310774 -->
+The remoting connection report in Endpoint Analytics has moved out of preview and into general availability. For more information, see [Remoting connection report](report-remoting-connection.md).
+
+
 <!-- ########################## -->
 ## Week of August 8, 2022