Merge pull request #7892 from MicrosoftDocs/main

Publish Intune 2206

Author: dougeby

memdocs/intune/apps/app-protection-framework.md

@@ -151,7 +151,7 @@ The policies in level 1 enforce a reasonable data access level while minimizing
 | Device conditions  |       Jailbroken/rooted   devices  |        N/A / Block   access  |          iOS/iPadOS,   Android  |                  |
 | Device conditions  |       SafetyNet   device attestation  |          Basic   integrity and certified devices / Block access  |          Android  |          <p>This   setting configures Google's SafetyNet Attestation on end-user   devices. Basic integrity validates the integrity of the device. Rooted   devices, emulators, virtual devices, and devices with signs of tampering fail   basic integrity. </p><p> Basic  integrity and certified devices validates the compatibility of   the device with Google's services. Only unmodified devices that have been   certified by Google can pass this check.</p>  |
 | Device conditions  |       Require   threat scan on apps  |        N/A / Block   access  |          Android  |          This   setting ensures that Google's Verify Apps scan is turned on for end   user devices. If configured, the end-user will be blocked from access until   they turn on Google's app scanning on their Android device.        |
-| Device conditions  |       Require device lock  |        N/A / Block   access  |         Android  |          This   setting ensures that Android devices have a device PIN, password, or pattern are set to enable a device lock.  This condition does not distinguish between lock options or the complexity.                |
+| Device conditions  |       Require device lock  |        Low/Warn |         Android  |          This setting ensures that Android devices have a device password that meets the minimum password requirements.                |
 
 #### Level 2 enterprise enhanced data protection
 
@@ -183,6 +183,7 @@ The policy settings enforced in level 2 include all the policy settings recommen
 | Device conditions  |       Min   OS version  |          *Format: Major.Minor<br>   Example: 9.0* / Block access   |          Android        | Microsoft recommends configuring   the minimum Android major version to match the supported Android versions for   Microsoft apps. OEMs and devices adhering to Android Enterprise recommended   requirements must support the current shipping release + one letter upgrade.   Currently, Android recommends Android 9.0 and later for knowledge workers.   See [Android Enterprise Recommended requirements](https://www.android.com/enterprise/recommended/requirements/) for Android's latest   recommendations |
 | Device conditions  |       Min patch   version  |          *Format:   YYYY-MM-DD <br> Example: 2020-01-01* / Block access  |          Android        | Android devices can receive monthly security patches, but the   release is dependent on OEMs and/or carriers. Organizations should ensure   that deployed Android devices do receive security updates before implementing   this setting. See [Android Security Bulletins](https://source.android.com/security/bulletin/) for the latest patch   releases.  |
 | Device conditions  |       Required SafetyNet evaluation type  |          Hardware-backed key  |          Android  |          Hardware backed attestation enhances the existing SafetyNet attestation service check by leveraging a new evaluation type called [Hardware Backed](https://developer.android.com/training/safetynet/attestation#evaluation-types), providing a more robust root detection in response to newer types of rooting tools and methods that cannot always be reliably detected by a software only solution.<p> As its name implies, hardware backed attestation leverages a hardware-based component which shipped with devices installed with Android 8.1 and later. Devices that were upgraded from an older version of Android to Android 8.1 are unlikely to have the hardware-based components necessary for hardware backed attestation. While this setting should be widely supported starting with devices that shipped with Android 8.1, Microsoft strongly recommends testing devices individually before enabling this policy setting broadly.</p>  |
+| Device conditions  |       Require device lock  |          Medium/Block Access  |          Android        | This setting ensures that Android devices have a device password that meets the minimum password requirements.  |
 
 #### Level 3 enterprise high data protection
 
@@ -204,6 +205,7 @@ The policy settings enforced in level 3 include all the policy settings recommen
 | Data transfer |       Approved   keyboards  |          Require  |          Android        |  |
 | Data transfer |       Select   keyboards to approve  |          *add/remove   keyboards*  |          Android        | With Android, keyboards must be selected in   order to be used based on your deployed Android devices.  |
 | Functionality |       Printing org data  |          Block  |          iOS/iPadOS, Android         |  |
+| Device conditions |       Require device lock  |          High/Block Access  |          Android        | This setting ensures that Android devices have a device password that meets the minimum password requirements.  |
 
 #### Access requirements
 

memdocs/intune/apps/apps-add-android-for-work.md

@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 05/05/2022
+ms.date: 06/08/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -21,7 +21,7 @@ ms.assetid: 2f6c06bf-e29a-4715-937b-1d2c7cf663d4
 #ROBOTS:
 #audience:
 
-ms.reviewer: chrisbal
+ms.reviewer: ilwu
 ms.suite: ems
 search.appverid: MET150
 #ms.tgt_pltfrm:
@@ -268,7 +268,7 @@ For Managed Google Play apps deployed to Android Enterprise personally-owned wor
 
 ## Working with Managed Google Play closed testing tracks
 
-You can distribute a non-production version of a Managed Google Play app to devices enrolled in an Android Enterprise scenario (**Android Enterprise personally-owned work profile (BYOD)**, **Android Enterprise fully managed (COBO)**, **Android Enterprise dedicated devices (COSU)**, and **Android Enterprise corporate-owned work profile (COPE)**) in order to perform testing. In Intune, you can see whether an app has a pre-production build test track published to it, as well as be able to assign that track to Azure Active Directory user groups or device groups. The workflow for assigning a production version to a group that currently exists is the same as assigning a non-production channel. After deployment, the install status of each track will correspond with the track's version number in Managed Google Play. For more information, see [Google Play's closed test tracks for app pre-release testing](https://support.google.com/googleplay/android-developer/answer/3131213).
+You can distribute a non-production version of a Managed Google Play app to devices enrolled in an Android Enterprise scenario (**Android Enterprise personally-owned work profile (BYOD)**, **Android Enterprise fully managed (COBO)**, **Android Enterprise dedicated devices enrolled with Azure AD shared mode (aka COSU)**, and **Android Enterprise corporate-owned work profile (COPE)**) in order to perform testing. In Intune, you can see whether an app has a pre-production build test track published to it, as well as be able to assign that track to Azure Active Directory user groups or device groups. The workflow for assigning a production version to a group that currently exists is the same as assigning a non-production channel. After deployment, the install status of each track will correspond with the track's version number in Managed Google Play. For more information, see [Google Play's closed test tracks for app pre-release testing](https://support.google.com/googleplay/android-developer/answer/3131213).
 
 > [!NOTE]
 > Required app deployments for non-production app tracks are currently unavilable for devices enrolled in Android Enterprise personally-owned work profile (BYOD).
@@ -285,6 +285,10 @@ When necessary, you can delete Managed Google Play apps from Microsoft Intune. T
 
 You can enable an Android Enterprise system app for [Android Enterprise dedicated devices](../enrollment/android-kiosk-enroll.md) or [fully managed devices](../enrollment/android-fully-managed-enroll.md). For more information about adding an Android Enterprise system app, see [Add Android Enterprise system apps to Microsoft Intune](apps-ae-system.md).
 
+## MAM policies with AE dedicated devices enrolled with Azure AD shared mode
+
+Intune-managed Android Enterprise dedicated devices enrolled with Azure AD shared mode can receive MAM policies and can be targeted separately from other Android enterprise devices. ntune-managed Android Enterprise dedicated devices that are not in Shared Device Mode will continue to be blocked from getting MAM. For more information about Intune-managed Android Enterprise dedicated devices enrolled with Azure AD shared mode, see [Android Enterprise dedicated devices](../fundamentals/deployment-guide-enrollment-android.md#android-enterprise-dedicated-devices).
+
 ## Next steps
 
 - [Assign apps to groups](apps-deploy.md)

memdocs/intune/apps/apps-supported-intune-apps.md

@@ -6,7 +6,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 05/31/2022
+ms.date: 06/09/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -157,6 +157,7 @@ The following apps support the core Intune App Protection Policy settings. Apps
 | **Webex for Intune**<p><img alt="Partner app - Webex for Intune icon" src="./media/apps-supported-intune-apps/icon-p-cisco-webex.png" width="100"> | Webex for Intune brings together your teams, your customers, and your work in real-time and anytime. You can call, message, and meet.<p><p>Capabilities:<br><ul><li>Calling built into the app for deeper conversations</li><li>Messaging and file sharing integrated with your content and workflow</li><li>Upgraded meeting experiences with personalized layouts & virtual backgrounds</li><li>Smart presence lets you know when people are available</li><li>Control Webex Devices directly from the app</li></ul><p>Built-in Intelligence:<br><ul><li>Notes, highlights and live translation in 10 languages</li><li>Unlock revolutionary people insights with Webex Graph</li><li>Reduce disruptions with noise removal & speech enhancements</li><li>Auto adjust meeting quality for the best experience</li></ul><p>Equal experiences for everyone:<br><ul><li>Reactions to allow everyone to participate in their own way</li><li>Work on any device from anywhere: desktop, mobile, web or Cisco Devices</li></ul> | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.cisco.wx2.android.msintune),<br>[App Store link (iOS)](https://apps.apple.com/app/cisco-webex-teams-for-intune/id1512240567) |
 | **Citrix Secure Mail**<p><img alt="Partner app - Citrix Secure Mail icon" src="./media/apps-supported-intune-apps/icon-p-citrix-secure-mail.png" width="100"> | Citrix Secure Mail is a containerized email, calendar, and contacts app with a rich user experience. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.citrix.mail.droid),<br>[App Store link (iOS)](https://apps.apple.com/us/app/citrix-secure-mail/id1155203964?mt=8) |
 | **Comfy**<p><img alt="Partner app - Comfy icon" src="./media/apps-supported-intune-apps/icon-p-comfy.png" width="100"> | Comfy is the workplace experience app that empowers you to get the most out of your office. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.buildingrobotics.comfy),<br>[App Store link (iOS)](https://apps.apple.com/app/comfy/id805595791) |
+| **Condeco**<p><img alt="Partner app - Condeco icon" src="./media/apps-supported-intune-apps/icon-p-condeco.png" width="100"> | The Condeco app allows you to book work spaces. With a few taps you can book a workstation or a meeting room, along with other areas like parking, lockers, quiet spaces, breakout zones, and more. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.condecosoftware.condeco) |
 | **Confidential File Viewer**<p><img alt="Partner app - Confidential File Viewer icon" src="./media/apps-supported-intune-apps/icon-p-hibun.png" width="100"> | The Confidential File Viewer (HIBUN) app is used to decrypt and reference password-protected encrypted files. Use the confidential file viewer to decrypted confidential files that have been created and encrypted using HIBUN Data Encryption. Confidential files encrypted with HIBUN AE Information Cypher can also be decrypted using the confidential file viewer. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=jp.co.hitachi_solutions.Hibun.HibunDP&hl=ja),<br>[App Store link (iOS)](https://apps.apple.com/jp/app/mi-wen-ji-mifairubyua/id1041326843) |
 | **Dashflow for Intune**<p><img alt="Partner app - Dashflow for Intune icon" src="./media/apps-supported-intune-apps/icon-p-dashflow.png" width="100"> | Dashflow&trade; is an artificial intelligence tool for businesses that need precise institutional-grade appraisal of commercial real estate investments.<p>You can use Dashflow&trade;:<br><ul><li>When bidding, advising or evaluating CRE assets and deals.</li><li>To save time and money on staff and on training, while boosting morale.</li><li>Anywhere: in the Board room or in a café, on a desktop or on a train, at home or at work.</li><li>To review and filter more deals, so improving productivity many-fold</li><li>To improve precision, increase flexibility, reduce risks, avoid errors and release creativity.</li><li>To get an instant check of results via a live Excel financial model: the DashModel.</li><li>To be far more responsive within and without your firm.</li></ul> | [App Store link (iOS)](https://apps.apple.com/app/dashflow-for-intune/id1576703796) |
 | **Diligent Boards**<p><img alt="Partner app - Diligent Boards icon" src="./media/apps-supported-intune-apps/icon-p-diligent.png" width="100"> | With Diligent Boards, organizations can conduct board, committee, and leadership meetings. Diligent Boards provides executives and senior leaders a secure way to access critical meeting and governance information. Diligent provides immediate access to sensitive meeting materials, along with the tools to review, discuss and collaborate on business topics. | [App Store link (iOS)](https://apps.apple.com/app/diligent-boards/id412771395) |
@@ -187,6 +188,7 @@ The following apps support the core Intune App Protection Policy settings. Apps
 | **PenPoint**<p><img alt="Partner app - PenPoint icon" src="./media/apps-supported-intune-apps/icon-p-penpoint.png" width="100"> | PenPoint works with PenLink’s on-premise software, PLX, to conduct lawful communications surveillance operations in the support of law enforcement investigations. PenPoint for Intune provides secure mobile access to communications surveillance data collected and stored by a PLX system. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.penlink.PenPoint),<br>[App Store link (iOS)](https://itunes.apple.com/app/penpoint/id1451352658?mt=8) | 
 | **PrinterOn for Microsoft**<p><img alt="Partner app - PrinterOn for Microsoft icon" src="./media/apps-supported-intune-apps/icon-p-printeron.png" width="100"> | PrinterOn's wireless mobile printing solutions enable users to remotely print from anywhere at any time over a secure network.| [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.printeron.droid.phone) | 
 | **Qlik Sense Mobile**<p><img alt="Partner app - Qlik Sense Mobile icon" src="./media/apps-supported-intune-apps/icon-p-qlik.png" width="100"> | Qlik Sense is a market leading, next generation application for self-service oriented analytics. Qlik's patented associative technology allows people to easily combine data from many different sources and explore it freely, without the limitations of query-based tools. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.qlik.qliksense.mobile),<br>[App Store link (iOS)](https://apps.apple.com/app/qlik-sense-mobile/id1217049362) | 
+| **RICOH Spaces**<p><img alt="Partner app - RICOH Spaces icon" src="./media/apps-supported-intune-apps/icon-p-ricoh.png" width="100"> | RICOH Spaces is a cloud hosted workplace enhancement platform designed to optimise your business with areas such as desk bookings, space bookings, wayfinding, workplace insights, and more. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.ricohsmartspaces.app),<br>[App Store link (iOS)](https://apps.apple.com/us/app/ricoh-spaces/id1481784300) | 
 | **SAP Fiori**<p><img alt="Partner app - SAP Fiori icon" src="./media/apps-supported-intune-apps/icon-p-sap-fiori.png" width="100"> | Increase your daily productivity by tackling your most common business tasks anywhere and anytime with the SAP Fiori Client mobile app for iPhone and iPad. Deliver a next-level mobile experience with enhanced attachment handling and full-screen operations using this enhanced mobile runtime for the Web version of over 750 SAP Fiori app. Plus, access custom SAP Fiori mobile apps—built by customers using SAP Fiori mobile service—that are ready to support Intune mobile app management. | [App Store link (iOS)](https://apps.apple.com/us/app/sap-fiori-client/id824997258?mt=8) |  
 | **Secure Contacts**<p><img alt="Partner app - Secure Contacts icon" src="./media/apps-supported-intune-apps/icon-p-secure.png" width="100"> | The Secure Contacts app allows you to synchronize your business contacts on iOS devices from various corporate data sources in a compliant way.<p>Features:<p><ul><li>Access to all business contacts<ul><li>Personal Microsoft Exchange Online address book</li><li>Company address book</li><li>Further data sources (Microsoft Dynamics CRM, Salesforce, etc.)</li></ul></li><li>Favorites list, including the most important contacts</li><li>Caller identification without synchronization with the device address book</li><li>Starting phone calls, chats, SMS (via Microsoft Teams and the iPhone's native apps)</li><li>Encrypted and compliant storage of all data</li><li>Mobile Application Management via Microsoft Intune (App Protection Policies)</li><li>Access control via Azure AD Conditional Access (Compliant Device and App Protection Policy)</li></ul><p><p>Requirements:<br><ul><li>For the full range of functions, an activation by Provectus Technologies GmbH is required.<li>To use the Secure Contacts app a Microsoft Azure AD user account must be present and activated with following functions:<ul><li>Azure Active Directory Premium P1 (or higher)</li><li>Exchange Online P1 (or higher)</li><li>Microsoft Intune</li></ul></li><li>In order to use the Microsoft Teams integration, the Microsoft Teams function must be activated</li></ul> | [App Store link (iOS)](https://apps.apple.com/us/app/secure-contacts/id1617596880) |
 | **Senses**<p><img alt="Partner app - Senses icon" src="./media/apps-supported-intune-apps/icon-p-senses.png" width="100"> | Senses is a cloud sales support tool. Senses helps manage sales and customer success, and proposes best practices based on accumulated customer information. | [App Store link (iOS)](https://apps.apple.com/app/senses-%E3%82%BB%E3%83%B3%E3%82%B7%E3%83%BC%E3%82%BA/id1210014628) |