Merge pull request #7533 from Erikre/erikre-doc-14337654

PRMerger16 · web-flow · commit b965904fb319 · 2022-05-04T12:13:44.000-07:00
Erikre-doc-14337654
diff --git a/memdocs/intune/apps/app-protection-framework.md b/memdocs/intune/apps/app-protection-framework.md
@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 04/14/2022
+ms.date: 05/04/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -199,7 +199,7 @@ The policy settings enforced in level 3 include all the policy settings recommen
 | Data Transfer |       Dialer App URL Scheme  |          *replace_with_dialer_app_url_scheme* |          iOS/iPadOS  | On iOS/iPadOS, this value must be replaced with the URL scheme for the custom dialer app being used. If the URL scheme is not known, contact the app developer for more information. For more information on URL schemes, see [Defining a Custom URL Scheme for Your App](https://developer.apple.com/documentation/uikit/inter-process_communication/allowing_apps_and_websites_to_link_to_your_content/defining_a_custom_url_scheme_for_your_app).|
 | Data transfer |       Receive   data from other apps  |          Policy   managed apps  |          iOS/iPadOS, Android         |  |
 | Data transfer |       Open data into Org documents  |          Block  |          iOS/iPadOS, Android         |  |
-| Data transfer |       Allow users to open data from selected services  |          OneDrive for Business, SharePoint, Camera, Photo Library  |          iOS/iPadOS, Android         | For related information, see [Android app protection policy settings](..\apps\app-protection-policy-settings-android.md) and [iOS app protection policy settings](..\apps\app-protection-policy-settings-ios.md).  |
+| Data transfer |       Allow users to open data from selected services  |          OneDrive for Business, SharePoint, Camera |          iOS/iPadOS, Android         | For related information, see [Android app protection policy settings](..\apps\app-protection-policy-settings-android.md) and [iOS app protection policy settings](..\apps\app-protection-policy-settings-ios.md).  |
 | Data transfer |       Third-party   keyboards  |          Block  |          iOS/iPadOS        | On iOS/iPadOS, this blocks all third-party keyboards from   functioning within the app.  |
 | Data transfer |       Approved   keyboards  |          Require  |          Android        |  |
 | Data transfer |       Select   keyboards to approve  |          *add/remove   keyboards*  |          Android        | With Android, keyboards must be selected in   order to be used based on your deployed Android devices.  |
diff --git a/memdocs/intune/apps/app-protection-policy-settings-android.md b/memdocs/intune/apps/app-protection-policy-settings-android.md
@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 04/13/2022
+ms.date: 05/04/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -54,7 +54,7 @@ There are three categories of policy settings: data protection settings, access
 |<ul><b><ul><b>**Dialer App Name** | When a specific dialer app has been selected, you must provide the name of the dialer app. | **Blank** |
 | **Receive data from other apps** | Specify what apps can transfer data to this app: <ul><li>**Policy managed apps**: Allow transfer only from other policy-managed apps.</li><li>**All apps**: Allow data transfer from any app.</li><li>**None**: Do not allow data transfer from any app, including other policy-managed apps. </li></ul> <p>There are some exempt apps and services from which Intune may allow data transfer. See  [Data transfer exemptions](app-protection-policy-settings-android.md#data-transfer-exemptions) for a full list of apps and services. | **All apps** |
 | <ul><b>**Open data into Org documents** | Select **Block** to disable the use of the *Open* option or other options to share data between accounts in this app. Select **Allow** if you want to allow the use of *Open*. <br><br>When set to **Block** you can configure the **Allow user to open data from selected services** to specific which services are allowed for Org data locations.<br><br>**Note:**<ul><li><i>This setting is only configurable when the setting **Receive data from other apps** is set to **Policy managed apps**.</i></li><li><i>This setting will be "Allow" when the setting **Receive data from other apps** is set to **All apps**.</i></li><li><i>This setting will be "Block" with no allowed service locations when the setting **Receive data from other apps** is set to **None**.</i></li><li><i>The following apps support this setting:</i><ul><li><i>OneDrive 6.14.1 or later.</i></li><li><i>Outlook for Android 4.2039.2 or later.</i></li><li><i>Teams for Android 1416/1.0.0.2021173701 or later.</i></li></ul></li></ul> | <br><br> **Allow**   |
-| <ul><b><ul><b>**Allow users to open data from selected services** | Select the application storage services that users can open data from. All other services are blocked. Selecting no services will prevent users from opening data.<br><br>Supported services:<ul><li>OneDrive for Business</li><li>SharePoint Online</li><li>Camera</li><li>Photo Library</li></ul>**Note:** Camera does not include Photos or Photo Gallery access.| **All selected**  |
+| <ul><b><ul><b>**Allow users to open data from selected services** | Select the application storage services that users can open data from. All other services are blocked. Selecting no services will prevent users from opening data.<br><br>Supported services:<ul><li>OneDrive for Business</li><li>SharePoint Online</li><li>Camera</li></ul>**Note:** Camera does not include Photos or Photo Gallery access.| **All selected**  |
 | **Restrict cut, copy and paste between other apps** | Specify when cut, copy, and paste actions can be used with this app. Choose from: <ul><li>**Blocked**:  Do not allow cut, copy, and paste actions between this app and any other app.</li><li>**Policy managed apps**: Allow cut, copy, and paste actions between this app and other policy-managed apps.</li><li>**Policy managed with paste in**: Allow cut or copy between this app and other policy-managed apps. Allow data from any app to be pasted into this app.</li><li>**Any app**: No restrictions for cut, copy, and paste to and from this app. | **Any app** |
 | <ul><b>**Cut and copy character limit for any app** | Specify the number of characters that may be cut or copied from org data and accounts.  This will allow sharing of the specified number of characters when it would be otherwise blocked by the "Restrict cut, copy, and paste with other apps" setting.<p>Default Value = 0<p>**Note**: Requires Intune Company Portal version 5.0.4364.0 or later.  | **0** |
 | **Screen capture and Google Assistant** | Select **Block** to block screen capture and the **Google Assistant** capabilities of the device when using this app. Choosing **Block** will also blur the App-switcher preview image when using this app with a work or school account.| **Block** |
diff --git a/memdocs/intune/apps/app-protection-policy-settings-ios.md b/memdocs/intune/apps/app-protection-policy-settings-ios.md
@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 01/21/2022
+ms.date: 05/04/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -57,7 +57,7 @@ There are three categories of policy settings: *Data relocation*, *Access requir
 |<ul><ul>**Dialer App URL Scheme** | When a specific dialer app has been selected, you must provide the dialer app URL scheme that is used to launch the dialer app on iOS devices. For more information, see Apple's documentation about [Phone Links](https://developer.apple.com/library/archive/featuredarticles/iPhoneURLScheme_Reference/PhoneLinks/PhoneLinks.html#//apple_ref/doc/uid/TP40007899-CH6-SW1). | **Blank** |
 | **Receive data from other apps** | Specify what apps can transfer data to this app: <ul><li>**All apps**: Allow data transfer from any app.</li><li>**None**: Do not allow data transfer from any app, including other policy-managed apps.</li><li>**Policy managed apps**: Allow transfer only from other policy-managed apps.</li><li>**All apps with incoming Org data**: Allow data transfer from any app. Treat all incoming data without a user identity as data from your organization. The data will be marked with the MDM enrolled user's identity as defined by the `IntuneMAMUPN` setting.<p><p>**Note:** _The **All apps with incoming Org data** value is applicable to MDM enrolled devices only. If this setting is targeted to a user on an unenrolled device, the behavior of the **Any apps** value applies._</li></ul> Multi-identity MAM enabled applications will attempt to switch to an unmanaged account when receiving unmanaged data if this setting is configured to **None** or **Policy managed apps**. If there is no unmanaged account signed into the app or the app is unable to switch, the incoming data will be blocked.<br><br> | **All apps** |
 | <ul>**Open data into Org documents** | Select **Block** to disable the use of the *Open* option or other options to share data between accounts in this app. Select **Allow** if you want to allow the use of *Open*. <br><br>When set to **Block** you can configure the **Allow user to open data from selected services** to specific which services are allowed for Org data locations.<br><br>**Note:**<ul><li><i>This setting is only configurable when the setting **Receive data from other apps** is set to **Policy managed apps**.</i></li><li><i>This setting will be "Allow" when the setting **Receive data from other apps** is set to **All apps** or **All apps with incoming Org data**. </i></li><li><i>This setting will be "Block" with no allowed service locations when the setting **Receive data from other apps** is set to **None**.</i></li><li><i>The following apps support this setting:</i><ul><li><i>OneDrive 11.45.3 or later.</i></li><li><i>Outlook for iOS 4.60.0 or later.</i></li><li><i>Teams for iOS 3.17.0 or later.</i></li></ul></li></ul> | **Allow** |
-| <ul><ul>**Allow users to open data from selected services** | Select the application storage services that users can open data from. All other services are blocked. Selecting no services will prevent users from opening data from external locations.<br><br>Supported services:<ul><li>OneDrive for Business</li><li>SharePoint Online</li><li>Camera</li><li>Photo Library</li></ul> **Note:** Camera does not include Photos or Photo Gallery access. | **All selected**  |
+| <ul><ul>**Allow users to open data from selected services** | Select the application storage services that users can open data from. All other services are blocked. Selecting no services will prevent users from opening data from external locations.<br><br>Supported services:<ul><li>OneDrive for Business</li><li>SharePoint Online</li><li>Camera</li></ul> **Note:** Camera does not include Photos or Photo Gallery access. | **All selected**  |
 | **Restrict cut, copy and paste between other apps** | Specify when cut, copy, and paste actions can be used with this app. Select from: <ul><li>**Blocked**:  Don't allow cut, copy, and paste actions between this app and any other app.</li><li>**Policy managed apps**: Allow cut, copy, and paste actions between this app and other policy-managed apps.</li><li>**Policy managed with paste in**: Allow cut or copy between this app and other policy-managed apps. Allow data from any app to be pasted into this app.</li><li>**Any app**: No restrictions for cut, copy, and paste to and from this app.</ul> | **Any app** |
 | <ul>**Cut and copy character limit for any app** | Specify the number of characters that may be cut or copied from Org data and accounts.  This will allow sharing of the specified number of characters to any application, regardless of the **Restrict cut, copy, and paste with other apps** setting.<p>Default Value = 0<p>**Note**: *Requires app to have Intune SDK version 9.0.14 or later.*  | **0** |
 | **Third party keyboards** | Choose **Block** to prevent the use of third-party keyboards in managed applications.<p>When this setting is enabled, the user receives a one-time message stating that the use of third-party keyboards is blocked. This message appears the first time a user interacts with organizational data that requires the use of a keyboard. Only the standard iOS/iPadOS keyboard is available while using managed applications, and all other keyboard options are disabled. This setting will affect both the organization and personal accounts of multi-identity applications. This setting does not affect the use of third-party keyboards in unmanaged applications.<p>**Note:** This feature requires the app to use Intune SDK version 12.0.16 or later. Apps with SDK versions from 8.0.14 to, and including, 12.0.15, will not have this feature correctly apply for multi-identity apps. For more details, see [Known issue: Third party keyboards are not blocked in iOS/iPadOS for personal accounts](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Updated-Known-issue-Third-party-keyboards-are-not-blocked-in-iOS/ba-p/339486). | **Allow** |
diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md
@@ -7,7 +7,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 04/29/2022
+ms.date: 05/04/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -67,9 +67,6 @@ You can use RSS to be notified when this page is updated. For more information,
 #### Updated app configuration policies list<!-- 13903969 -->
 The **App configuration policies** list has been modified in Intune. This list will no longer contain the **Assigned** column. To view whether an app configuration policy has been assigned, navigate to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Apps** > **App configuration policies** > *select a policy* > **Overview**.
 
-#### Photo library data transfer support via app protection policies<!-- 9450163 -->
-You can now select to include **Photo Library** as a supported application storage service. By selecting **Photo Library** in the **Allow users to open data from selected services** setting within Intune, you can allow managed accounts to allow *incoming* data from their device's photo library to their managed apps on iOS and Android platforms. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** > **App protection policies** > **Create Policy**. Choose either **iOS/iPadOS** or **Android**. This setting is available as part of the **Data protection** step and specifically for **Policy managed apps**. For related information, see [Data protection](../apps/app-protection-framework.md#data-protection-2).
-
 #### Password complexity for Android devices<!-- 9321870 -->
 The **Require device lock** setting in Intune has been extended to include values (**Low Complexity**, **Medium Complexity**, and **High Complexity**). If the device lock doesn’t meet the minimum password requirement, you can **warn**, **wipe data**, or **block** the end user from accessing a managed account in a managed app. This feature targets devices that operate on Android 11+. For devices operating on Android 11 and earlier, setting a complexity value of **Low**, **Medium**, or **High** will default to the expected behavior for **Low Complexity**. For related information, see [Android app protection policy settings in Microsoft Intune](..\apps\app-protection-policy-settings-android.md).
 
