Merge branch 'main' into release-intune-2207

Author: v-alje

memdocs/configmgr/compliance/deploy-use/create-configuration-items-for-windows-10-devices-managed-with-the-client.md

@@ -118,6 +118,9 @@ Use the Configuration Manager **Windows 10 or later** configuration item to mana
 
 ### Windows Information Protection
 
+[!INCLUDE [wip-deprecation](../../../includes/wip-deprecation.md)]
+<!-- MAXADO-6010051 -->
+
 With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leaks through apps and services, like email, social media, and the public cloud. These are outside of the organization's control. Examples include when an employee:
 
 - Sends the latest engineering pictures from their personal email account.

memdocs/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md

@@ -5,7 +5,7 @@ description: Learn about the features that Configuration Manager no longer suppo
 ms.prod: configuration-manager
 ms.technology: configmgr-core
 ms.topic: conceptual
-ms.date: 04/11/2022
+ms.date: 07/21/2022
 author: mestew
 ms.author: mstewart
 manager: dougeby
@@ -31,6 +31,7 @@ The following features are deprecated. You can still use them now, but Microsoft
 
 |Feature|Deprecation first announced|Planned end of support|
 |-------|---------------------------|----------------------|
+| [Windows Information Protection](../../../../compliance/deploy-use/create-configuration-items-for-windows-10-devices-managed-with-the-client.md#windows-information-protection) <!-- MAXADO-6010051 --> | July 2022 | TBD |
 | Upgrade from any version of System Center 2012 Configuration Manager to current branch. For more information, see [Upgrade to Configuration Manager current branch](../../../servers/deploy/install/upgrade-to-configuration-manager.md)<!-- 13846745 --> | April 2022 | Version 2303 |
 | The Configuration Manager client for **macOS** and Mac client management. For more information, see [Supported clients: Mac computers](../../configs/supported-operating-systems-for-clients-and-devices.md#mac-computers).<!-- 12927803 --> Migrate management of macOS devices to Microsoft Intune. For more information, see [Deployment guide: Manage macOS devices in Microsoft Intune](../../../../../intune/fundamentals/deployment-guide-platform-macos.md). | January 2022 | December 31, 2022 |
 | The site system roles for on-premises MDM and macOS clients: **enrollment proxy point and enrollment point**.<!-- 12454901,12927803 --> | January 2022 | December 31, 2022 |

memdocs/includes/wip-deprecation.md

@@ -0,0 +1,17 @@
+---
+author: aczechowski
+ms.author: aaroncz
+ms.prod: configuration-manager
+ms.topic: include
+ms.date: 07/21/2022
+# note this include file is in this folder because it's used in both ConfigMgr and Intune articles
+---
+
+<!-- 6010051 -->
+
+> [!NOTE]
+> Starting in July 2022, Microsoft is deprecating Windows Information Protection. Microsoft Endpoint Manager is discontinuing future investments in managing and deploying Windows Information Protection.
+>
+> Support for the Windows Information Protection without enrollment scenario in Microsoft Intune will be removed by the end of December 2022.
+>
+> For more information, see [End of support guidance for Windows Information Protection](https://aka.ms/Intune-WIP-support).

memdocs/intune/apps/windows-information-protection-policy-create.md

@@ -33,6 +33,9 @@ ms.collection:
 
 # Create and deploy Windows Information Protection (WIP) policy with Intune
 
+[!INCLUDE [wip-deprecation](../../includes/wip-deprecation.md)]
+<!-- MAXADO-6010051 -->
+
 [!INCLUDE [azure_portal](../includes/azure_portal.md)]
 
 You can use Windows Information Protection (WIP) policies with Windows 10 apps to protect apps without device enrollment.

memdocs/intune/fundamentals/whats-new.md

@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 07/07/2022
+ms.date: 07/15/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -107,7 +107,7 @@ Intune-managed Android Enterprise dedicated devices enrolled with Azure Active D
 #### Users assigned the Endpoint Security Manager admin role can modify Mobile Threat Defense connector settings<!-- 14179885 -->
 We’ve updated the permissions of the built-in [Endpoint Security Manager](../fundamentals/role-based-access-control.md#built-in-roles) admin role. The role now has the **Modify** permission for the **Mobile Threat Defense** category set to **Yes**. With this change, users assigned this role have permission to change the [Mobile Threat Defense connector](../protect/mtd-connector-enable.md) (MTD connector) settings for your Tenant. Previously, this permission was set to *No*.
 
-If you missed the previous notice about this coming change, now is a good time to review the users that are assigned the *Endpoint Security Manager* role for your tenant. If any should not should not have permissions to edit the MTD connector settings, update their role permissions or [create a custom role](../fundamentals/create-custom-role.md) that includes only *Read* permissions for Mobile Threat Defense.
+If you missed the previous notice about this coming change, now is a good time to review the users that are assigned the *Endpoint Security Manager* role for your tenant. If any should not have permissions to edit the MTD connector settings, update their role permissions or [create a custom role](../fundamentals/create-custom-role.md) that includes only *Read* permissions for Mobile Threat Defense.
 
 View the full list of permissions for the built-in [Endpoint Security Manager role](../protect/endpoint-security.md#permissions-granted-by-the-endpoint-security-manager-role).
 
@@ -124,7 +124,7 @@ You can now use the following [certificate profiles](../protect/certificates-con
 #### New settings for DFCI profiles on Windows 10/11 devices<!-- 6039135 -->
 On Windows 10/11 devices, you can create a Device Firmware Configuration Interface (DFCI) profile (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **Device Firmware Configuration Interface** for profile type).
 
-DFCI profiles lets Intune pass management commands to UEFI (Unified Extensible Firmware Interface) using the DFCI firmware layer. This additional firmware layer makes configuration more resilient to malicious attacks. DFCI also limits end users' control over the BIOS by graying out managed settings.
+DFCI profiles let Intune pass management commands to UEFI (Unified Extensible Firmware Interface) using the DFCI firmware layer. This additional firmware layer makes configuration more resilient to malicious attacks. DFCI also limits end users' control over the BIOS by graying out managed settings.
 
 There are new settings you can configure:
 - **Microphones and Speakers**:
@@ -811,7 +811,7 @@ For more information about protected apps, see [Microsoft Intune protected apps]
 There's a new **Software updates** page for tenant attached devices. This page displays the status for software updates on a device. You can review which updates are successfully installed, failed, and are assigned but not yet installed. Using the timestamp for the update status assists with troubleshooting. For more information, see [Tenant attach: Software updates in the admin center](../../configmgr/tenant-attach/software-updates.md).
 
 #### Microsoft Defender for Endpoint support for App Sync on iOS/iPadOS<!-- 9768396 -->
-*Before you can use this capability you must opt-in to an MDE Preview. To opt-in, contact `[email protected]`.* 
+*Before you can use this capability you must opt in to an MDE Preview. To opt in, contact `[email protected]`.* 
 
 When you use Microsoft Defender for Endpoint (MDE) as your Mobile Threat Defense application, as part of a preview from MDE, you can [configure MDE to request Application Inventory data](../protect/advanced-threat-protection-configure.md#enable-microsoft-defender-for-endpoint-in-intune) from Intune from iOS/iPadOS devices. The following two settings are now available:
 
@@ -2494,7 +2494,7 @@ You can now enable Outlook S/MIME settings to always sign and/or always encrypt
 
 #### Scope tags for Managed Google Play apps<!-- 6114508  -->
 
-Scope tags determine which objects an admin with specific rights can view in Intune. Most newly created items in Intune take on the scope tags of the creator. This is not the case for Managed Google Play Store apps. You can now optionally assign a scope tag to apply to all newly-synced Managed Google Play apps on the **Managed Google Play connector** pane. The chosen scope tag will only apply to new Managed Google Play apps, not Managed Google Play apps that have already been approved in the tenant. For related information see [Add Managed Google Play apps to Android Enterprise devices with Intune](../apps/apps-add-android-for-work.md) and [Use role-based access control (RBAC) and scope tags for distributed IT](../fundamentals/scope-tags.md).
+Scope tags determine which objects an admin with specific rights can view in Intune. Most newly created items in Intune take on the scope tags of the creator. This is not the case for Managed Google Play Store apps. You can now optionally assign a scope tag to apply to all newly synced Managed Google Play apps on the **Managed Google Play connector** pane. The chosen scope tag will only apply to new Managed Google Play apps, not Managed Google Play apps that have already been approved in the tenant. For related information see [Add Managed Google Play apps to Android Enterprise devices with Intune](../apps/apps-add-android-for-work.md) and [Use role-based access control (RBAC) and scope tags for distributed IT](../fundamentals/scope-tags.md).
 
 #### Content of macOS LOB apps will be displayed in Intune<!-- 6991005  -->
 

memdocs/intune/protect/windows-information-protection-configure.md

@@ -32,6 +32,9 @@ ms.collection:
 
 # Learn about Windows Information Protection and Microsoft Intune
 
+[!INCLUDE [wip-deprecation](../../includes/wip-deprecation.md)]
+<!-- MAXADO-6010051 -->
+
 With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leaks through apps and services, like email, social media, and the public cloud, which are outside of the enterprise's control. For example, an employee sends the latest engineering pictures from a personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to public cloud storage.
 
 **Windows Information Protection** helps to protect against this potential data leakage without otherwise interfering with the employee experience. It also helps to protect enterprise apps and data against accidental data leaks on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.

memdocs/intune/user-help/sign-in-to-the-company-portal.md

@@ -114,9 +114,12 @@ If you normally use a smart card to access work resources, follow the steps in t
 
 The following articles describe the enrollment instructions for smart card-enabled devices, and includes the sign-in-from-another-device method. 
 
-  * [Enroll with Entrust](enroll-ios-device-entrust-datacard.md)
-  * [Enroll with Intercede](enroll-ios-device-intercede.md)  
-  * [Enroll with DISA Purebred](enroll-ios-device-disa-purebred.md)
+  * [Enroll with Entrust for iOS](enroll-ios-device-entrust-datacard.md) 
+  * [Enroll with Entrust for Android](enroll-android-device-entrust-datacard.md)
+  * [Enroll with Intercede for iOS](enroll-ios-device-intercede.md)  
+  * [Enroll with Intercede for Android](enroll-android-device-intercede.md)  
+  * [Enroll with DISA Purebred for iOS](enroll-ios-device-disa-purebred.md)
+  * [Enroll with DISA Purebred for Android](enroll-android-device-disa-purebred.md)
 
 ## App permissions for Android   
 The permissions described in this section apply to the Company Portal app for Android and devices running Android, versions 8.0 and later.    

windows-365/business-enterprise-comparison.md

@@ -67,7 +67,7 @@ Windows 365 is available in two editions: [Windows 365 Business](./business/inde
 | Capability | Windows 365 Business | Windows 365 Enterprise |
 | --- | --- | --- |
 | Management | Users can [restart, reset, rename, and troubleshoot](./end-user-access-cloud-pc.md#user-actions) their Cloud PCs on the Windows 365 homepage. | Users can [restart, rename, and troubleshoot](end-user-access-cloud-pc.md) their Cloud PCs on the Windows 365 homepage. |
-| Role | By default, each user is a Standard User on their Cloud PC. To grant Local Administrator permissions to a specific user on a Cloud PC, see [Remote management actions](./business/remotely-manage-business-cloud-pcs.md#remote-management-actions). To grant Local Administrator permissions for Cloud PCs that you create in the future, see [Change organizational default settings](./business/change-organization-default-settings.md).| By default, each user is assigned a standard user role on their Cloud PC. This can be changed by the admin in the Microsoft Endpoint Manager admin center.|
+| Role | By default, each user is a Standard User on their Cloud PC. To grant Local Administrator permissions to a specific user on a Cloud PC, see [Remote management actions](./business/remotely-manage-business-cloud-pcs.md#remote-management-actions). To grant Local Administrator permissions for Cloud PCs that you create in the future, see [Change organizational default settings](./business/change-organization-default-settings.md).| By default, each user is assigned a standard user role on their Cloud PC. This role can be changed by the admin in the Microsoft Endpoint Manager admin center.|
 | Access | Users can access their Cloud PC at windows365.microsoft.com or by using Microsoft Remote Desktop. | Users can access their Cloud PC at windows365.microsoft.com or by using Microsoft Remote Desktop. |
 | Platform | Any platform that supports Microsoft Remote Desktop clients. [Learn more.](/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients)  | Any platform that supports Microsoft Remote Desktop clients. [Learn more.](/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients)  |
 

windows-365/business/add-user-assign-licenses.md

@@ -40,4 +40,4 @@ You can add a user and assign them licenses by following these steps:
 6. If you want to specify a password, de-select the **Automatically create a password** box. Then, enter a password.
 7. If you don’t want to require the user to change their password when they first sign into the new Cloud PC, de-select the **This user must change their password when they first sign in** box.
 8. If you don't want to automatically email the sign-in info to the user, de-select **Email the sign-in info** box.
-9. Select **Add user**. A new Cloud PC will be created and the user can use the sign in information to access it.
+9. Select **Add user**. A new Cloud PC will be created and the user can use the sign-in information to access it.

windows-365/business/apps-install.md

@@ -43,7 +43,7 @@ Some apps may require that the user have administrator privileges. To change a u
 
 ## Default apps
 
-The following apps are pre-installed on Windows 365 Business Cloud PCs when they are created:
+The following apps are pre-installed on Windows 365 Business Cloud PCs when they're created:
 
 - [Microsoft 365 Apps for Enterprise](/mem/intune/apps/apps-add-office365) (formerly Office 365 Pro Plus)
 - Microsoft Teams