Merge pull request #8074 from MicrosoftDocs/main

aczechowski · web-flow · commit a8920a61ed5a · 2022-07-21T15:00:25.000-07:00
7/21 OOB publish for WIP deprecation
diff --git a/memdocs/configmgr/compliance/deploy-use/create-configuration-items-for-windows-10-devices-managed-with-the-client.md b/memdocs/configmgr/compliance/deploy-use/create-configuration-items-for-windows-10-devices-managed-with-the-client.md
@@ -118,6 +118,9 @@ Use the Configuration Manager **Windows 10 or later** configuration item to mana
   
 ### Windows Information Protection
 
+[!INCLUDE [wip-deprecation](../../../includes/wip-deprecation.md)]
+<!-- MAXADO-6010051 -->
+
 With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leaks through apps and services, like email, social media, and the public cloud. These are outside of the organization's control. Examples include when an employee:
 
 - Sends the latest engineering pictures from their personal email account.
diff --git a/memdocs/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md b/memdocs/configmgr/core/plan-design/changes/deprecated/removed-and-deprecated-cmfeatures.md
@@ -5,7 +5,7 @@ description: Learn about the features that Configuration Manager no longer suppo
 ms.prod: configuration-manager
 ms.technology: configmgr-core
 ms.topic: conceptual
-ms.date: 04/11/2022
+ms.date: 07/21/2022
 author: mestew
 ms.author: mstewart
 manager: dougeby
@@ -31,6 +31,7 @@ The following features are deprecated. You can still use them now, but Microsoft
 
 |Feature|Deprecation first announced|Planned end of support|
 |-------|---------------------------|----------------------|
+| [Windows Information Protection](../../../../compliance/deploy-use/create-configuration-items-for-windows-10-devices-managed-with-the-client.md#windows-information-protection) <!-- MAXADO-6010051 --> | July 2022 | TBD |
 | Upgrade from any version of System Center 2012 Configuration Manager to current branch. For more information, see [Upgrade to Configuration Manager current branch](../../../servers/deploy/install/upgrade-to-configuration-manager.md)<!-- 13846745 --> | April 2022 | Version 2303 |
 | The Configuration Manager client for **macOS** and Mac client management. For more information, see [Supported clients: Mac computers](../../configs/supported-operating-systems-for-clients-and-devices.md#mac-computers).<!-- 12927803 --> Migrate management of macOS devices to Microsoft Intune. For more information, see [Deployment guide: Manage macOS devices in Microsoft Intune](../../../../../intune/fundamentals/deployment-guide-platform-macos.md). | January 2022 | December 31, 2022 |
 | The site system roles for on-premises MDM and macOS clients: **enrollment proxy point and enrollment point**.<!-- 12454901,12927803 --> | January 2022 | December 31, 2022 |
diff --git a/memdocs/includes/wip-deprecation.md b/memdocs/includes/wip-deprecation.md
@@ -0,0 +1,17 @@
+---
+author: aczechowski
+ms.author: aaroncz
+ms.prod: configuration-manager
+ms.topic: include
+ms.date: 07/21/2022
+# note this include file is in this folder because it's used in both ConfigMgr and Intune articles
+---
+
+<!-- 6010051 -->
+
+> [!NOTE]
+> Starting in July 2022, Microsoft is deprecating Windows Information Protection. Microsoft Endpoint Manager is discontinuing future investments in managing and deploying Windows Information Protection.
+>
+> Support for the Windows Information Protection without enrollment scenario in Microsoft Intune will be removed by the end of December 2022.
+>
+> For more information, see [End of support guidance for Windows Information Protection](https://aka.ms/Intune-WIP-support).
diff --git a/memdocs/intune/apps/windows-information-protection-policy-create.md b/memdocs/intune/apps/windows-information-protection-policy-create.md
@@ -33,6 +33,9 @@ ms.collection:
 
 # Create and deploy Windows Information Protection (WIP) policy with Intune
 
+[!INCLUDE [wip-deprecation](../../includes/wip-deprecation.md)]
+<!-- MAXADO-6010051 -->
+
 [!INCLUDE [azure_portal](../includes/azure_portal.md)]
 
 You can use Windows Information Protection (WIP) policies with Windows 10 apps to protect apps without device enrollment.
diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md
@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 07/07/2022
+ms.date: 07/15/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -107,7 +107,7 @@ Intune-managed Android Enterprise dedicated devices enrolled with Azure Active D
 #### Users assigned the Endpoint Security Manager admin role can modify Mobile Threat Defense connector settings<!-- 14179885 -->
 We’ve updated the permissions of the built-in [Endpoint Security Manager](../fundamentals/role-based-access-control.md#built-in-roles) admin role. The role now has the **Modify** permission for the **Mobile Threat Defense** category set to **Yes**. With this change, users assigned this role have permission to change the [Mobile Threat Defense connector](../protect/mtd-connector-enable.md) (MTD connector) settings for your Tenant. Previously, this permission was set to *No*.
 
-If you missed the previous notice about this coming change, now is a good time to review the users that are assigned the *Endpoint Security Manager* role for your tenant. If any should not should not have permissions to edit the MTD connector settings, update their role permissions or [create a custom role](../fundamentals/create-custom-role.md) that includes only *Read* permissions for Mobile Threat Defense.
+If you missed the previous notice about this coming change, now is a good time to review the users that are assigned the *Endpoint Security Manager* role for your tenant. If any should not have permissions to edit the MTD connector settings, update their role permissions or [create a custom role](../fundamentals/create-custom-role.md) that includes only *Read* permissions for Mobile Threat Defense.
 
 View the full list of permissions for the built-in [Endpoint Security Manager role](../protect/endpoint-security.md#permissions-granted-by-the-endpoint-security-manager-role).
 
@@ -124,7 +124,7 @@ You can now use the following [certificate profiles](../protect/certificates-con
 #### New settings for DFCI profiles on Windows 10/11 devices<!-- 6039135 -->
 On Windows 10/11 devices, you can create a Device Firmware Configuration Interface (DFCI) profile (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **Device Firmware Configuration Interface** for profile type).
 
-DFCI profiles lets Intune pass management commands to UEFI (Unified Extensible Firmware Interface) using the DFCI firmware layer. This additional firmware layer makes configuration more resilient to malicious attacks. DFCI also limits end users' control over the BIOS by graying out managed settings.
+DFCI profiles let Intune pass management commands to UEFI (Unified Extensible Firmware Interface) using the DFCI firmware layer. This additional firmware layer makes configuration more resilient to malicious attacks. DFCI also limits end users' control over the BIOS by graying out managed settings.
 
 There are new settings you can configure:
 - **Microphones and Speakers**:
@@ -811,7 +811,7 @@ For more information about protected apps, see [Microsoft Intune protected apps]
 There's a new **Software updates** page for tenant attached devices. This page displays the status for software updates on a device. You can review which updates are successfully installed, failed, and are assigned but not yet installed. Using the timestamp for the update status assists with troubleshooting. For more information, see [Tenant attach: Software updates in the admin center](../../configmgr/tenant-attach/software-updates.md).
 
 #### Microsoft Defender for Endpoint support for App Sync on iOS/iPadOS<!-- 9768396 -->
-*Before you can use this capability you must opt-in to an MDE Preview. To opt-in, contact `mdatpmobile@microsoft.com`.* 
+*Before you can use this capability you must opt in to an MDE Preview. To opt in, contact `mdatpmobile@microsoft.com`.* 
 
 When you use Microsoft Defender for Endpoint (MDE) as your Mobile Threat Defense application, as part of a preview from MDE, you can [configure MDE to request Application Inventory data](../protect/advanced-threat-protection-configure.md#enable-microsoft-defender-for-endpoint-in-intune) from Intune from iOS/iPadOS devices. The following two settings are now available:
 
@@ -2494,7 +2494,7 @@ You can now enable Outlook S/MIME settings to always sign and/or always encrypt
 
 #### Scope tags for Managed Google Play apps<!-- 6114508  -->
 
-Scope tags determine which objects an admin with specific rights can view in Intune. Most newly created items in Intune take on the scope tags of the creator. This is not the case for Managed Google Play Store apps. You can now optionally assign a scope tag to apply to all newly-synced Managed Google Play apps on the **Managed Google Play connector** pane. The chosen scope tag will only apply to new Managed Google Play apps, not Managed Google Play apps that have already been approved in the tenant. For related information see [Add Managed Google Play apps to Android Enterprise devices with Intune](../apps/apps-add-android-for-work.md) and [Use role-based access control (RBAC) and scope tags for distributed IT](../fundamentals/scope-tags.md).
+Scope tags determine which objects an admin with specific rights can view in Intune. Most newly created items in Intune take on the scope tags of the creator. This is not the case for Managed Google Play Store apps. You can now optionally assign a scope tag to apply to all newly synced Managed Google Play apps on the **Managed Google Play connector** pane. The chosen scope tag will only apply to new Managed Google Play apps, not Managed Google Play apps that have already been approved in the tenant. For related information see [Add Managed Google Play apps to Android Enterprise devices with Intune](../apps/apps-add-android-for-work.md) and [Use role-based access control (RBAC) and scope tags for distributed IT](../fundamentals/scope-tags.md).
 
 #### Content of macOS LOB apps will be displayed in Intune<!-- 6991005  -->
 
diff --git a/memdocs/intune/protect/windows-information-protection-configure.md b/memdocs/intune/protect/windows-information-protection-configure.md
@@ -32,6 +32,9 @@ ms.collection:
 
 # Learn about Windows Information Protection and Microsoft Intune
 
+[!INCLUDE [wip-deprecation](../../includes/wip-deprecation.md)]
+<!-- MAXADO-6010051 -->
+
 With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leaks through apps and services, like email, social media, and the public cloud, which are outside of the enterprise's control. For example, an employee sends the latest engineering pictures from a personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to public cloud storage.
 
 **Windows Information Protection** helps to protect against this potential data leakage without otherwise interfering with the employee experience. It also helps to protect enterprise apps and data against accidental data leaks on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
