Merge branch 'main' into release-intune-2207

Author: v-alje

memdocs/autopilot/known-issues.md

@@ -30,7 +30,7 @@ This article describes known issues that can often be resolved by configuration
 
 ### Autopilot profile not being applied when assigned 
 
-In Windows 10 April (KB5011831) release, there is an issue where the Autopilot profile may fail to apply to the device. As a result, any settings made in the profile may not be configured for the user such as device renaming. To resolve this issue, the May (KB5015020) cumulative update needs to be applied to the device.
+In Windows 10 April and some May update releases, there is an issue where the Autopilot profile may fail to apply to the device and the hardware hash may not be harvested. As a result, any settings made in the profile may not be configured for the user such as device renaming. To resolve this issue, the May (KB5015020) cumulative update needs to be applied to the device.
 
 ### DefaultuserX profile not deleted
 

memdocs/configmgr/protect/deploy-use/defender-advanced-threat-protection.md

@@ -2,7 +2,7 @@
 title: Microsoft Defender for Endpoint
 titleSuffix: Configuration Manager
 description: Learn how to manage and monitor Microsoft Defender for Endpoint, a new service that helps enterprises respond to advanced attacks.
-ms.date: 12/02/2021
+ms.date: 07/18/2022
 ms.prod: configuration-manager
 ms.technology: configmgr-protect
 ms.topic: conceptual
@@ -29,7 +29,7 @@ Microsoft Defender for Endpoint's cloud-based portal is [Microsoft Defender Secu
 ### <a name="bkmk_os"></a> Supported client operating systems
 
 <!--5229962-->
-You can onboard the following operating systems:
+You can onboard the following operating systems using Configuration Manager:
 
 - Windows 8.1
 - Windows 10, version  1709 or later
@@ -40,6 +40,9 @@ You can onboard the following operating systems:
 - Windows Server 2019
 - Windows Server 2022<!-- 10200029 -->
 
+> [!IMPORTANT]
+> Operating systems that have reached the end of their [product lifecycle](/lifecycle/faq/general-lifecycle) aren't typically supported for onboarding unless they have been enrolled into the [Extended Security Updates (ESU program)](/lifecycle/faq/extended-security-updates). For more information about supported operating systems and capabilities with Microsoft Defender for Endpoint, see [Minimum requirements for Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/minimum-requirements#supported-windows-versions). <!-- MAX 6198973-->
+
 ## About onboarding to Microsoft Defender for Endpoint with Configuration Manager
 
 Different operating systems have different needs for onboarding to Microsoft Defender for Endpoint. Windows 8.1 and other down-level operating system devices need the **Workspace key** and **Workspace ID** to onboard. Up-level devices, such as Windows Server version 1803, need the onboarding configuration file. Configuration Manager also installs the Microsoft Monitoring Agent (MMA) when needed by onboarded devices but it doesn't update the agent automatically.

memdocs/configmgr/tenant-attach/atp-onboard.md

@@ -22,7 +22,7 @@ Microsoft Endpoint Manager is an integrated solution for managing all of your de
 
 [!INCLUDE [Prerequisites for Configuration Manager tenant attached devices](./includes/configmgr-endpoint-security-prerequisties.md)]
 - [Microsoft Intune and Microsoft Defender for Endpoint integration enabled](../../intune/protect/advanced-threat-protection-configure.md#enable-microsoft-defender-for-endpoint-in-intune)
-- Client onboarded to [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).<!--Adding MDE License Requirement-->
+- Client which meets the minimum requirements for, and is onboarded to [Microsoft Defender for Endpoint](/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).<!--Adding MDE License Requirement & MAX 6198973-->
 
 ## <a name="bkmk_onboard"></a> Create Microsoft Defender for Endpoint policies
 

memdocs/intune/apps/app-protection-policy-settings-android.md

@@ -36,7 +36,7 @@ This article describes the app protection policy settings for Android devices. T
 There are three categories of policy settings: data protection settings, access requirements, and conditional launch. In this article, the term *policy-managed apps* refers to apps that are configured with app protection policies.
 
 > [!IMPORTANT]
-> The Intune Company Portal is required on the device to receive App Protection Policies for Android devices. 
+> Either the Intune Company Portal or the Microsoft Authenticator is required on the device to receive App Protection Policies for Android devices. 
 >
 > The Intune Managed Browser has been retired. Use [Microsoft Edge](../apps/manage-microsoft-edge.md) for your protected Intune browser experience. 
 

memdocs/intune/apps/intune-management-extension.md

@@ -187,7 +187,7 @@ In **PowerShell scripts**, select the script to monitor, choose **Monitor**, and
 
 ## Intune management extension logs
 
-Agent logs on the client machine are typically in `\ProgramData\Microsoft\IntuneManagementExtension\Logs`. You can use [CMTrace.exe](/configmgr/core/support/cmtrace) to view these log files.
+Agent logs on the client machine are typically in `C:\ProgramData\Microsoft\IntuneManagementExtension\Logs`. You can use [CMTrace.exe](/configmgr/core/support/cmtrace) to view these log files.
 
 ![Screenshot or sample cmtrace agent logs in Microsoft Intune](./media/apps-win32-app-management/apps-win32-app-10.png)  
 

memdocs/intune/apps/lob-apps-windows.md

@@ -69,7 +69,7 @@ A line-of-business (LOB) app is one that you add from an app installation file.
     - **Publisher**: Enter the name of the publisher of the app.
     - **App Install Context**: Select the install context to be associated with this app. For dual mode apps, select the desired context for this app. For all other apps, this is pre-selected based on the package and cannot be modified.
     - **Ignore app version**: Set to **Yes** if the app developer automatically updates the app. This option applies to mobile .msi apps and Windows apps with self-updating installers (such as Google Chrome).
-    - **Command-line arguments**: Optionally, enter any command-line arguments that you want to apply to the .msi file when it runs.  An example is **/q**. Do not include the msiexec command or arguments, such as **/i** or **/x**, as they are automatically used. For more information, see [Command-Line Options](/windows/desktop/Msi/command-line-options). If the .MSI file needs additional command-line options consider using [Win32 app management](app-management.md).
+    - **Command-line arguments**: Optionally, enter any command-line arguments that you want to apply to the .msi file when it runs.  An example is **/q**. Do not include the msiexec command or arguments, such as **/i** or **/x**, as they are automatically used. For more information, see [Command-Line Options](/windows/desktop/Msi/command-line-options). If the .MSI file needs additional command-line options consider using [Win32 app management](apps-win32-app-management.md).
     - **Category**: Select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the company portal.
     - **Show this as a featured app in the Company Portal**: Display the app prominently on the main page of the company portal when users browse for apps.
     - **Information URL**: Optionally, enter the URL of a website that contains information about this app. The URL appears in the company portal.

memdocs/intune/apps/store-apps-company-portal-autopilot.md

@@ -1,9 +1,9 @@
 ---
 # required metadata
 
-title: Add and assign the Windows 10 Company Portal app for Autopilot provisioned devices
+title: Add and assign the Windows 10 Company Portal app for Intune managed devices
 titleSuffix: Microsoft Intune
-description: Add and assign the Windows 10 Company Portal app to Intune for Autopilot provisioned devices.
+description: Add and assign the Windows 10 Company Portal app to Intune managed devices.
 keywords:
 author: Erikre
 ms.author: erikre
@@ -32,15 +32,15 @@ ms.collection:
 - highpri
 ---
 
-# Add and assign the Windows 10 Company Portal app for Autopilot provisioned devices
+# Add and assign the Windows 10 Company Portal app for Intune managed devices
 
-To manage devices and install apps, your users can use the Company Portal app. You can assign the Windows 10 Company Portal app directly from Intune. 
+To manage devices and install apps, your users can optionally use the Company Portal app. You can assign the Windows 10 Company Portal app directly from Intune. 
 
 ## Prerequisites
 
-For Windows 10 Autopilot provisioned devices, it is recommended that you associate your Microsoft Store for Business account with Intune. For more information, see [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](windows-store-for-business.md).
+You can choose to install the **Company Portal (Offline)** app using the steps below. The Company Portal app will be installed in device context when assigned to the Autopilot group and will be installed on the device before the user logs in. Offline apps are updated using Intune, whereas online apps are updated by the store. Use offline apps when you need to install and maintain a specific app version.
 
-You can choose to install the **Company Portal (Offline)** app using the steps below. The Company Portal app will be installed in device context when assigned to the Autopilot group and will be installed on the device before the user logs in. Offline apps are updated using Intune, whereas online apps are updated by the store. When synced from the Microsoft Store for Business and deployed as a Microsoft Store app, the Company Portal (Offline) updates will occur automatically to any required assignments. If you need to maintain a specific version of the Company Portal app, refer to [Manually add the Windows 10 company portal app](./store-apps-company-portal-app.md) for details.
+For Windows 10 Autopilot provisioned devices, it is recommended that you associate your Microsoft Store for Business account with Intune. For more information, see [How to manage volume purchased apps from the Microsoft Store for Business with Microsoft Intune](windows-store-for-business.md).
 
 ## Configure the store settings to show the offline app
 
@@ -71,7 +71,7 @@ You can choose to install the **Company Portal (Offline)** app using the steps b
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) with your admin account.
 2. Select **Apps** > **Windows**.
 3. From the list of Windows apps, select **Company Portal (Offline)**.
-4. To [Assign](apps-deploy.md) the Company Portal app as a required app to your selected autopilot device groups, select **Properties** > **Edit** (next to **Assignments**) > **Add Group** (below **Required**) and then select a device group to assign the app. 
+4. To [Assign](apps-deploy.md) the Company Portal app as a required app to your selected device groups, select **Properties** > **Edit** (next to **Assignments**) > **Add Group** (below **Required**) and then select a device group to assign the app. 
 5. As this is an *Offline* app, be sure to change the **License type** to **Device licensing** before selecting **Review + save**. To set the **License type**, click **User** on the row of the group you added (under the **License type** column). 
 6. Select **Device licensing** > **OK** > **Review + save**.
 

memdocs/intune/apps/vpp-apps-ios.md

@@ -209,7 +209,7 @@ You can renew an Apple Business Manager location token (Apple VPP token) by down
 To renew an Apple Business Manager location token (Apple VPP token), use the following steps:
 
 1. Navigate to [Apple Business Manager](https://business.apple.com/) or [Apple School Manager](https://school.apple.com/).
-2. Download the existing token in **Apple Business (or School) Manager**, by selecting **Settings** > **Apps and Books** > **My Server Tokens**.
+2. Download the existing token in **Apple Business (or School) Manager**, by selecting **Preferences** > **Payments and Billing** > **Apps and Books** > **Server Tokens**.
 3. Update the token in [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) by selecting **Tenant administration** > **Connectors and tokens** > **Apple VPP tokens**.
 4. Select the VPP token you are renewing, click **Edit** on the Basics category, upload the new token on this page, and then save your changes.
 

memdocs/intune/protect/windows-hello.md

@@ -75,7 +75,7 @@ END OLD -->
 
 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-2. Go to **Devices** >  **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
+2. Go to **Devices** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
 
 3. Select from the following options for **Configure Windows Hello for Business**: