Merge pull request #6699 from MicrosoftDocs/main

Publish 02/03/2022, 10:30 AM

Author: v-dihans

memdocs/configmgr/core/servers/deploy/configure/azure-services-wizard.md

@@ -261,6 +261,9 @@ To mitigate both cases, renew the secret key.
 
 For more information on how to interact with these notifications, see [Configuration Manager console notifications](../../manage/admin-console-notifications.md).
 
+> [!NOTE]
+> You need to have at least the "Cloud Application Administrator" Azure AD role assigned to be able to renew the key.
+
 ### Renew key for created app
 
 1. In the Configuration Manager console, go to the **Administration** workspace, expand **Cloud Services**, and select the **Azure Active Directory Tenants** node.

memdocs/configmgr/osd/deploy-use/create-a-task-sequence-to-upgrade-an-operating-system.md

@@ -47,7 +47,7 @@ Before you create the task sequence, make sure the following requirements are in
 - For a deployment package that contains the feature update, distribute it to a distribution point that the client can access. For more information, see [Download software updates](../../sum/deploy-use/download-software-updates.md).
 
     > [!NOTE]
-    > If the feature update isn't already downloaded, you can manage the deployment package when you deploy the task sequence.
+    > If the feature update isn't already downloaded, you can manage the deployment package when you deploy the task sequence. 
     >
     > When you deploy the task sequence, you can also select the option of **No deployment package** for the feature update. When clients run the task sequence, they download the feature update from peers or the Microsoft cloud.
     >
@@ -62,6 +62,8 @@ Before you create the task sequence, make sure the following requirements are in
   - **Allow clients to download delta content when available**: If you use Windows Delivery Optimization, the content that the client downloads may be much smaller.
 
 #### Known issues with feature updates in a task sequence
+Windows 11 Feature Upgrades are not visible to be selected from the Wizard. This happens if the License Terms of the desired Feature Upgrade have not been accepted yet. To do so navigate to the Feature Upgrade and select "Review Licence" from the context menu. Review and Accept the licensing terms to make this Upgrade "deployable".
+<!-- Bug 13189927 -->
 
 ##### Create a new task sequence
 

memdocs/intune/enrollment/android-enroll.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 10/19/2021
+ms.date: 02/01/2022
 ms.topic: overview
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -46,13 +46,16 @@ As an Intune administrator, you can enroll Android devices in the following ways
     - [Corporate-owned, user associated devices](android-aosp-corporate-owned-user-associated-enroll.md): For corporate-owned, single user devices intended exclusively for work and not personal use. Admins can manage the entire device.  
     - [Corporate-owned, userless devices](android-aosp-corporate-owned-userless-enroll.md): For corporate-owned, shared devices. Admins can manage the entire device.  
 
+> [!TIP]
+> For guidance on which enrollment method is right for your organization, see [Deployment guide: Enroll Android devices in Microsoft Intune](../fundamentals/deployment-guide-enrollment-android.md).
+
 ## Prerequisites
 
-To prepare to manage mobile devices, you must set the mobile device management (MDM) authority to **Microsoft Intune**. See [Set the MDM authority](../fundamentals/mdm-authority-set.md) for instructions. You set this item only once, when you are first setting up Intune for mobile device management.
+To prepare to manage mobile devices, you must set the mobile device management (MDM) authority to **Microsoft Intune**. See [Set the MDM authority](../fundamentals/mdm-authority-set.md) for instructions. You set this item only once, when you’re first setting up Intune for mobile device management.
 
 For Android Enterprise, refer to the following support article from Google to ensure that Android Enterprise is available in your country or region: https://support.google.com/work/android/answer/6270910
 
-For devices manufactured by Zebra Technologies, you may need to grant the Company Portal additional permissions depending on the capabilities of the specific device. [Mobility Extensions on Zebra devices](../configuration/android-zebra-mx-overview.md) has more details.
+For devices manufactured by Zebra Technologies, you may need to grant the Company Portal more permissions depending on the capabilities of the specific device. [Mobility Extensions on Zebra devices](../configuration/android-zebra-mx-overview.md) has more details.
 
 For Samsung Knox Standard devices, there are [more prerequisites](android-samsung-knox-mobile-enroll.md).
 

memdocs/intune/fundamentals/deployment-guide-enrollment-android.md

@@ -2,12 +2,12 @@
 # required metadata
 
 title: Android device enrollment guide for  Microsoft Intune
-description: Enroll Android and Android Enterprise corporate-owned work profile, personally owned devices with a work profile, fully managed, and dedicated devices in Microsoft Intune. Decide which enrollment method to use, and get an overview of the administrator and end user tasks to enroll devices.
+description: Enroll Android and Android Enterprise corporate-owned work profile, personally owned devices with a work profile, fully managed, AOSP, and dedicated devices in Microsoft Intune. Decide which enrollment method to use, and get an overview of the administrator and end user tasks to enroll devices.
 keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 04/14/2021
+ms.date: 02/02/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -18,7 +18,7 @@ ms.localizationpriority: high
 #ROBOTS:
 #audience:
 #ms.devlang:
-ms.reviewer: chmaguir
+ms.reviewer: chmaguir, priyar
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
@@ -36,6 +36,7 @@ Personal and organization-owned devices can be enrolled in Intune. Once enrolled
 - [Android Enterprise corporate owned dedicated devices](#android-enterprise-dedicated-devices) (COSU)
 - [Android Enterprise corporate owned fully managed](#android-enterprise-fully-managed) (COBO)
 - [Android Enterprise corporate owned work profile](#android-enterprise-corporate-owned-work-profile) (COPE)
+- [Android Open Source Project (preview)](#android-open-source-project) (AOSP)
 - [Android device administrator](#android-device-administrator) (DA)
 
 This article provides recommendations on the Android enrollment methods. It also includes an overview of the administrator and user tasks for each enrollment type.
@@ -56,9 +57,10 @@ These devices are personal or BYOD (bring your own device) Android devices that
 ---
 | Feature | Use this enrollment option when |
 | --- | --- | 
+| Use Google Mobile Services (GMS). | ✔️ |
 | Devices are personal or BYOD. | ✔️ <br/><br/> You can mark these devices as corporate or personal. |
 | You have new or existing devices. | ✔️ |
-| Need to enroll a small number of devices, or a large number of devices (bulk enrollment). | ✔️ |
+| Need to enroll a few devices, or a large number of devices (bulk enrollment). | ✔️ |
 | Devices are associated with a single user. | ✔️ |
 | You use the optional device enrollment manager (DEM) account. | ✔️ |
 | Devices are managed by another MDM provider. | ❌ <br/><br/> When a device enrolls, MDM providers install certificates and other files. These files must be removed. The quickest way may be to unenroll, or factory reset the devices. If you don't want to factory reset, then contact the MDM provider. |
@@ -97,9 +99,10 @@ Previously referred to as COSU. These devices are organization-owned, and suppor
 ---
 | Feature | Use this enrollment option when |
 | --- | --- |
+| Use Google Mobile Services (GMS). | ✔️ |
 | Devices are owned by the organization or school. |  ✔️ |
 | You have new or existing devices. | ✔️ |
-| Need to enroll a small number of devices, or a large number of devices (bulk enrollment). | ✔️ |
+| Need to enroll a few devices, or a large number of devices (bulk enrollment). | ✔️ |
 | Devices are user-less, such as kiosk, dedicated, or shared. | ✔️ |
 | Devices are personal or BYOD. | ❌ <br/><br/>BYOD or personal devices should be enrolled using [Android Enterprise personally owned devices with a work profile](#byod-android-enterprise-personally-owned-devices-with-a-work-profile) (in this article).|
 | Devices are associated with a single user. | ❌ <br/><br/> Not recommended. These devices should be enrolled using Android Enterprise fully managed. |
@@ -122,7 +125,12 @@ This task list provides an overview. For more specific information, see [Set up
 
 ### Android Enterprise dedicated devices end user tasks
 
-It's not recommended for users to enroll Android Enterprise dedicated devices. This task should be completed by administrators.
+Admins can complete the enrollment themselves, and then give the devices to the users. Or, users can enroll the devices using the following steps:
+
+1. Users turn on the device, and are prompted for information, including the enrollment method: NFC, Token, QR Code, or Google Zero Touch.
+2. After they enter the required information, your enrollment profile applies to the device. When the enrollment wizard completes, the device is ready to use.
+
+[!INCLUDE [users-dont-like-enroll](../includes/users-dont-like-enroll.md)]
 
 ## Android Enterprise fully managed
 
@@ -131,9 +139,10 @@ Previously referred to as COBO. These devices are organization-owned, and have o
 ---
 | Feature | Use this enrollment option when |
 | --- | --- |
+| Use Google Mobile Services (GMS). | ✔️ |
 | Devices are owned by the organization or school. |  ✔️ |
 | You have new or existing devices. | ✔️ |
-| Need to enroll a small number of devices, or a large number of devices (bulk enrollment). | ✔️ |
+| Need to enroll a few devices, or a large number of devices (bulk enrollment). | ✔️ |
 | Devices are associated with a single user. | ✔️ |
 | Devices are user-less, such as kiosk, dedicated, or shared. | ❌ <br/><br/> User-less devices should be enrolled using Android Enterprise dedicated devices.|
 | Devices are personal or BYOD. | ❌ <br/><br/>BYOD or personal devices should be enrolled using [Android Enterprise personally owned devices with a work profile](#byod-android-enterprise-personally-owned-devices-with-a-work-profile) (in this article).|
@@ -174,9 +183,10 @@ Previously referred to as COPE. These devices are organization-owned, and have o
 ---
 | Feature | Use this enrollment option when |
 | --- | --- |
+| Use Google Mobile Services (GMS). | ✔️ |
 | Devices are owned by the organization or school. |  ✔️ |
 | You have new or existing devices. | ✔️ |
-| Need to enroll a small number of devices, or a large number of devices (bulk enrollment). | ✔️ |
+| Need to enroll a few devices, or a large number of devices (bulk enrollment). | ✔️ |
 | Devices are associated with a single user. | ✔️ |
 | Devices are user-less, such as kiosk, dedicated, or shared. | ❌ <br/><br/>User-less devices should be enrolled using Android Enterprise dedicated devices. Also, an organization administrator can enroll. When the device is enrolled, create a [dedicated device](../configuration/device-restrictions-android-for-work.md#device-experience) profile, and assign this profile to this device. |
 | Devices are personal or BYOD. | ❌ <br/><br/>BYOD or personal devices should be enrolled using [Android Enterprise personally owned devices with a work profile](#byod-android-enterprise-personally-owned-devices-with-a-work-profile) (in this article).|
@@ -192,7 +202,7 @@ This task list provides an overview. For more specific information, see [Set up
 - Be sure your devices are [supported](supported-devices-browsers.md).
 - Factory reset the devices. This step is required.
 - In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), connect your Intune organization account to your Managed Google Play account. When you connect, Intune automatically adds the Company Portal app and other common Android Enterprise apps to the devices. For the specific steps, see [Connect your Intune account to your Managed Google Play account](../enrollment/connect-intune-android-enterprise.md).
-- In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), enable corporate-owned personal profile devices. For the specific steps, see [Set up Intune enrollment of Android Enterprise corporate-owned devices with work profile](../enrollment/android-corporate-owned-work-profile-enroll.md)..
+- In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), enable corporate-owned personal profile devices. For the specific steps, see [Set up Intune enrollment of Android Enterprise corporate-owned devices with work profile](../enrollment/android-corporate-owned-work-profile-enroll.md).
 - Enroll the devices in Intune. For the specific steps, see [Enroll your Android Enterprise devices](../enrollment/android-dedicated-devices-fully-managed-enroll.md).
 - Communicate to your users how they should enroll: Near Field Communication (NFC), Token, QR Code, Google Zero Touch, or Samsung Knox Mobile Enrollment (KME).
 
@@ -209,6 +219,61 @@ The specific steps depend on how you configured the enrollment profile. For the
 
 [!INCLUDE [users-dont-like-enroll](../includes/users-dont-like-enroll.md)]
 
+## Android Open Source Project
+
+> [!NOTE]
+> Currently, there's limited OEM support for this enrollment method.
+
+Also referred to as AOSP. Currently in [public preview](public-preview.md). These devices are organization-owned, and don't use Google Mobile Services (GMS). They can be kiosk-style devices that aren't associated with a single or specific user, or can have one user. They're used exclusively for organization work; not personal use.
+
+When you create the Intune enrollment profile, you decide if the devices are userless, or are associated with a single user. For more information on these options, including supported OEMs, see:
+
+- [Set up Intune enrollment for Android (AOSP) corporate-owned userless devices](../enrollment/android-aosp-corporate-owned-userless-enroll.md)
+- [Set up Intune enrollment for Android (AOSP) corporate-owned user-associated devices](../enrollment/android-aosp-corporate-owned-user-associated-enroll.md)
+
+---
+| Feature | Use this enrollment option when |
+| --- | --- |
+| Use Google Mobile Services (GMS). | ❌ AOSP doesn't use [GMS](https://www.android.com/gms/) (opens Android's web site). For example, some countries don't support GMS. <br/><br/> If your devices will use GMS, then use [dedicated devices](#android-enterprise-dedicated-devices) (in this article) or [fully managed](#android-enterprise-fully-managed) (in this article) enrollment. |
+| Devices are owned by the organization or school. | ✔️ |
+| You have new or existing devices. | ✔️ |
+| Need to enroll a few devices, or a large number of devices (bulk enrollment). | ❌ <br/><br/> Can only enroll one device at a time. |
+| Devices are associated with a single user. | ✔️ |
+| Devices are user-less, such as kiosk, dedicated, or shared. | ✔️ |
+| Devices are personal or BYOD. | ❌ <br/><br/>BYOD or personal devices should be enrolled using [Android Enterprise personally owned devices with a work profile](#byod-android-enterprise-personally-owned-devices-with-a-work-profile) (in this article).|
+|Devices are managed by another MDM provider. | ❌ <br/><br/> To be fully managed by Intune, users need to unenroll from the current MDM provider, and then enroll in Intune. |
+| You use the optional device enrollment manager (DEM) account | ❌ <br/><br/> The DEM account isn't supported. |
+
+---
+
+### Android Open Source Project administrator tasks
+
+This task list provides an overview. For more specific information, see enrollment for [AOSP corporate-owned userless devices](../enrollment/android-aosp-corporate-owned-userless-enroll.md) and [AOSP corporate-owned user-associated devices](../enrollment/android-aosp-corporate-owned-user-associated-enroll.md).
+
+- Be sure your devices are [supported](supported-devices-browsers.md).
+- Factory reset the devices. This step is required. New devices might not require a factory reset.
+- In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), create an enrollment profile, and have your device group(s) ready. For the specific steps, see:
+  - [AOSP corporate-owned userless devices](../enrollment/android-aosp-corporate-owned-userless-enroll.md) 
+  - [AOSP corporate-owned user-associated devices](../enrollment/android-aosp-corporate-owned-user-associated-enroll.md)
+- Enroll the devices in Intune. For the specific steps, see:
+  - [AOSP corporate-owned userless devices](../enrollment/android-aosp-corporate-owned-userless-enroll.md) 
+  - [AOSP corporate-owned user-associated devices](../enrollment/android-aosp-corporate-owned-user-associated-enroll.md)
+
+  During enrollment, the Microsoft Intune app and Microsoft Authenticator app automatically install and open on the device, which allows the device to enroll. The device is locked in the enrollment process until enrollment completes.
+
+### Android Open Source Project end user tasks
+
+The specific steps depend on how you configured the enrollment profile.
+
+Admins can complete the enrollment themselves, and then give the devices to the users. Or, users can enroll the devices using the following steps:
+
+1. Users turn on the device, and are prompted for information, including the enrollment method: QR Code. If you created a user-associated devices enrollment profile, then they may be asked to sign in with their organization credentials (`[email protected]`).
+2. If you created a userless devices enrollment profile, then wait for the enrollment wizard to complete. When it does, the device is ready to use.
+
+    If you created a user-associated devices enrollment profile, then users enter the required information, and your enrollment profile applies to the device. For more specific steps, see [enroll the device](../user-help/enroll-device-android-microsoft-intune-app.md).
+
+[!INCLUDE [users-dont-like-enroll](../includes/users-dont-like-enroll.md)]
+
 ## Android device administrator
 
 These Android devices are corporate, or personal/BYOD (bring your own device) devices that can access organization email, apps, and other data.
@@ -225,7 +290,7 @@ There are some situations when you must use Device Administrator enrollment:
 
 - Android Enterprise requires access to Google services. Google services may not be available because of geography, or because of the device manufacturer. For example:
 
-  - There are places where Google services are not available, like China. In this situation, use Android device administrator enrollment.  
+  - There are places where Google services aren’t available, like China. In this situation, use Android device administrator enrollment.  
   - Some devices are based on Android, but don't have access to Google Services, such as Amazon Fire tablets. In this situation, use Android device administrator enrollment.
 
 - Android OS versions older than 5.0 must use Android device administrator enrollment. Android Enterprise enrollment isn't an option.

memdocs/intune/fundamentals/in-development.md

@@ -8,7 +8,7 @@ keywords:
 author: dougeby 
 ms.author: dougeby
 manager: dougeby
-ms.date: 02/01/2022
+ms.date: 02/03/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -198,14 +198,6 @@ For more information about remote help, see [Use remote help](../remote-actions/
 
 <!-- ***********************************************-->
 
-## Scripting
-
-### Intune Data Warehouse updates<!-- 9370034 -->
-
-The `applicationInventory` entity will be removed from the Intune Data Warehouse in an upcoming Intune service release. We're introducing a more complete and accurate dataset that will be available in the UI and via our export API. For related information, see [Export Intune reports using Graph APIs](../fundamentals/reports-export-graph-apis.md).
-
-<!-- ***********************************************-->
-
 ## Notices
 
 [!INCLUDE [Intune notices](../includes/intune-notices.md)]