Merge pull request #6813 from Erikre/erikre-doc-13389055

erikre-doc-13389055

Author: Erikre

memdocs/endpoint-manager-getting-started.md

@@ -139,7 +139,7 @@ The following articles will help you understand how to create and monitor compli
 
 ## Intune app protection policies
 
-Intune app protection policies (APP) allow you to protect organizational data within an application. Together with app configuration capabilities, you can implement mobile application management (MAM) in Intune to help protect sensitive data that is accessed from both managed and unmanaged devices. With MAM without enrollment (MAM-WE), you can use Intune to manage work or school-related apps, including productivity apps such as the Microsoft Office apps, on almost any [device](./intune/apps/app-management.md#app-management-capabilities-by-platform), including personal devices in bring-your-own-device (BYOD) scenarios. See the official list of [Microsoft Intune protected apps](./intune/apps/apps-supported-intune-apps.md) available for public use.
+Intune app protection policies (APP) allow you to protect organizational data within an application. Together with app configuration capabilities, you can implement mobile application management (MAM) in Intune to help protect sensitive data that is accessed from managed applications. See the official list of [Microsoft Intune protected apps](./intune/apps/apps-supported-intune-apps.md) available for public use.
 
 To get an overview of app protection policies and how they work, check out the following articles:
 
@@ -218,4 +218,4 @@ For additional information about Microsoft Endpoint Manager, see the following d
 - [Microsoft Intune overview](./intune/fundamentals/what-is-intune.md)
 - [Device management overview](./intune/fundamentals/what-is-device-management.md)
 - [Tutorial: Walkthrough Intune in Microsoft Endpoint Manager](./intune/fundamentals/tutorial-walkthrough-endpoint-manager.md)
-- [High-level architecture for Microsoft Intune](./intune/fundamentals/high-level-architecture.md)
+- [High-level architecture for Microsoft Intune](./intune/fundamentals/high-level-architecture.md)

memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md

@@ -1,8 +1,8 @@
 ---
 # required metadata
 
-title: App protection policies and Android Enterprise personally-owned work profiles in Microsoft Intune
-description: See the differences and pros and cons when deciding to use app protection policies or Android Enterprise personally-owned work profiles for personal or BYOD Android Enterprise devices in Microsoft Intune. Compare the differences and features you get with app protection policies without enrollment (APP-WE) and Android Enterprise personally-owned work profiles.
+title: Mobile Application Management (MAM) and Android Enterprise personally-owned work profiles in Microsoft Intune
+description: See the available features when deciding to use Mobile Application Management (MAM) and/or Android Enterprise personally-owned work profiles for personal or BYOD Android devices in Microsoft Intune.
 keywords:
 
 author: Erikre

memdocs/intune/apps/app-management.md

@@ -45,12 +45,12 @@ Additionally, you might want to assign and manage apps on devices that are not e
 
 [Intune mobile application management](app-lifecycle.md) refers to the suite of Intune management features that lets you publish, push, configure, secure, monitor, and update mobile apps for your users.
 
-MAM allows you to manage and protects your organization's data within an application. With **MAM without enrollment** (MAM-WE), a work or school-related app that contains sensitive data can be managed on almost any [device](app-management.md#app-management-capabilities-by-platform), including personal devices in **bring-your-own-device** (BYOD) scenarios. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
+MAM allows you to manage and protect your organization's data within an application. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
 
 Intune MAM supports two configurations:
 
-- **Intune MDM + MAM**: IT administrators can only manage apps using MAM and app protection policies on devices that are enrolled with Intune mobile device management (MDM). To manage apps using MDM + MAM, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-- **MAM without device enrollment**: MAM without device enrollment, or MAM-WE, allows IT administrators to manage apps using MAM and app protection policies on devices not enrolled with Intune MDM. This means apps can be managed by Intune on devices enrolled with third-party EMM providers. To manage apps using MAM-WE, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Also, apps can be managed by Intune on devices enrolled with third-party Enterprise Mobility Management (EMM) providers or not enrolled with an MDM at all. For more information about BYOD and Microsoft's EMS, see [Technology decisions for enabling BYOD with Microsoft Enterprise Mobility + Security (EMS)](../fundamentals/byod-technology-decisions.md).
+- **Intune MDM + MAM**: IT administrators can manage apps using MAM on devices that are enrolled with Intune mobile device management (MDM). To manage apps using MDM + MAM, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+- **Unenrolled devices with MAM managed applications**: IT administrators can manage org data and accounts in apps using MAM on unenrolled devices or devices enrolled with third-party EMM providers. To manage apps using MAM, customers should use Intune in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). For more information about BYOD and Microsoft's EMS, see [Technology decisions for enabling BYOD with Microsoft Enterprise Mobility + Security (EMS)](../fundamentals/byod-technology-decisions.md).
 
 ## App management capabilities by platform
 
@@ -138,4 +138,4 @@ For more information about apps, see [Add apps to Microsoft Intune](../apps/apps
 
 ## Next steps
 
-- [Add an app to Microsoft Intune](apps-add.md)
+- [Add an app to Microsoft Intune](apps-add.md)

memdocs/intune/apps/app-protection-policy.md

@@ -37,7 +37,7 @@ ms.collection:
 
 App protection policies (APP) are rules that ensure an organization's data remains safe or contained in a managed app. A policy can be a rule that is enforced when the user attempts to access or move "corporate" data, or a set of actions that are prohibited or monitored when the user is inside the app. A managed app is an app that has app protection policies applied to it, and can be managed by Intune.
 
-Mobile Application Management (MAM) app protection policies allows you to manage and protect your organization's data within an application. With **MAM without enrollment** (MAM-WE), a work or school-related app that contains sensitive data can be managed on almost any [device](app-management.md#app-management-capabilities-by-platform), including personal devices in **bring-your-own-device** (BYOD) scenarios. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
+Mobile Application Management (MAM) app protection policies allows you to manage and protect your organization's data within an application. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Microsoft Intune protected apps](apps-supported-intune-apps.md) available for public use.
 
 ## How you can protect app data
 Your employees use mobile devices for both personal and work tasks. While making sure your employees can be productive, you want to prevent data loss, intentional and unintentional. You'll also want to protect company data that is accessed from devices that are not managed by you.
@@ -372,7 +372,7 @@ The Teams app on [Microsoft Teams Android devices](https://www.microsoft.com/mic
 For Android devices that support biometric authentication, you can allow end users to use fingerprint or Face Unlock, depending on what their Android device supports. You can configure whether all biometric types beyond fingerprint can be used to authenticate. Note that fingerprint and Face Unlock are only available for devices manufactured to support these biometric types and are running the correct version of Android. Android 6 and higher is required for fingerprint, and Android 10 and higher is required for Face Unlock.
 
 ### Company Portal app and Intune app protection
-Much of app protection functionality is built into the Company Portal app. Device enrollment is _not required_ even though the Company Portal app is always required. For mobile application management without enrollment (MAM-WE), the end user just needs to have the Company Portal app installed on the device.
+Much of app protection functionality is built into the Company Portal app. Device enrollment is _not required_ even though the Company Portal app is always required. For Mobile Application Management (MAM), the end user just needs to have the Company Portal app installed on the device.
 
 ### Multiple Intune app protection access settings for same set of apps and users
 Intune app protection policies for access will be applied in a specific order on end-user devices as they try to access a targeted app from their corporate account. In general, a block would take precedence, then a dismissible warning. For example, if applicable to the specific user/app, a minimum Android patch version setting that warns a user to take a patch upgrade will be applied after the minimum Android patch version setting that blocks the user from access. So, in the scenario where the IT admin configures the min Android patch version to 2018-03-01 and the min Android patch version (Warning only) to 2018-02-01, while the device trying to access the app was on a patch version 2018-01-01, the end user would be blocked based on the more restrictive setting for min Android patch version that results in blocked access. 

memdocs/intune/apps/apps-supported-intune-apps.md

@@ -182,7 +182,7 @@ The following apps support the core Intune App Protection Policy settings. Apps
 | **Senses**<p><img alt="Partner app - Senses icon" src="./media/apps-supported-intune-apps/icon-p-senses.png" width="100"> | Senses is a cloud sales support tool. Senses helps manage sales and customer success, and proposes best practices based on accumulated customer information. | [App Store link (iOS)](https://apps.apple.com/app/senses-%E3%82%BB%E3%83%B3%E3%82%B7%E3%83%BC%E3%82%BA/id1210014628) |
 | **ServiceNow<sup>&#174;</sup> Agent - Intune**<p><img alt="Partner app - ServiceNow Agent icon" src="./media/apps-supported-intune-apps/icon-p-servicenow-agent.png" width="100"> | ServiceNow Mobile Agent app delivers out-of-the-box, mobile-first experiences for the most common service desk agent workflows, making it easy for agents to triage, act on and resolve requests on the go. The app enables service desk agents to promptly manage and resolve end user issues from their mobile devices. Agents use the app’s intuitive interface to accept and update work even without Internet connectivity. The app greatly simplifies work by leveraging native device capabilities for tasks like navigation, barcode scanning, or collecting a signature.<br><br>The app comes with out-of-the-box workflows for service desk agents in IT, Customer Service, HR, Field Services, Security Ops and IT Asset Management. Organizations can easily configure and extend the workflows to meet their own unique needs.<p>With Mobile Agent you can:<ul><li>Manage the work assigned to your teams.</li><li>Triage incidents and cases.</li><li>Act on approvals with swipe gestures and quick actions.</li><li>Complete work while offline.</li><li>Access the full issue details, activity stream, and related lists of records.</li><li>Optimize workflows with location, camera, and touchscreen hardware</li></ul> | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.servicenow.fulfiller.mam.intune),<br>[App Store link (iOS)](https://apps.apple.com/app/servicenow-agent-intune/id1494183149) |  
 | **ServiceNow<sup>&#174;</sup> Onboarding - Intune**<p><img alt="Partner app - ServiceNow Onboarding icon" src="./media/apps-supported-intune-apps/icon-p-servicenow-onboarding.png" width="100"> | ServiceNow<sup>&#174;</sup> Mobile Onboarding empowers new hires to complete tasks, view content, and get help across departments—including IT, HR, Facilities, Finance, and Legal—all from a single native mobile app.<br><br>Streamline the onboarding experience by allowing new hires to:<ul><li>Order a laptop and phone from IT.</li><li>Setup a workspace with Facilities.</li><li>Sign a non-disclosure agreement (NDA) from Legal.</li><li>Submit a photo and update their profile with HR.</li><li>Review an expense policy from Finance and get help if they have questions.</li></ul>Powered by the Now Platform<sup>&#174;</sup>, Mobile Onboarding manages workflows across multiple departments and systems, hiding the complexity of backend processes. New hires don't even have to know which departments are involved in any given process. They receive a simple and easy onboarding experience and can complete tasks before they even start, ensuring they are day-one ready. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.servicenow.onboarding.mam.intune),<br>[App Store link (iOS)](https://apps.apple.com/app/servicenow-onboarding-intune/id1494184220) |  
-| **Slack for Intune**<p><img alt="Partner app - Slack for Intune icon" src="./media/apps-supported-intune-apps/icon-p-slack.png" width="100"> | Slack for Intune is for Slack customers that have enabled Microsoft Intune Mobile Application Management (MAM) or Microsoft Intune Mobile Application Management without device enrollment (MAM-WE). | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.Slack.intune), [App Store link (iOS)](https://apps.apple.com/app/slack-for-intune/id1558736484) |  
+| **Slack for Intune**<p><img alt="Partner app - Slack for Intune icon" src="./media/apps-supported-intune-apps/icon-p-slack.png" width="100"> | Slack for Intune is for Slack customers that have enabled Microsoft Intune Mobile Application Management (MAM). | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.Slack.intune), [App Store link (iOS)](https://apps.apple.com/app/slack-for-intune/id1558736484) |  
 | **PK Protect for Intune**<p><img alt="Partner app - PK Protect for Intune icon" src="./media/apps-supported-intune-apps/icon-p-smartcrypt.png" width="100"> | PK Protect for Intune is specifically designed for existing PKWARE customers operating in an Intune environment. PK Protect lets you get your work done on the go. It's fast, secure and simple to use so you can be productive from anywhere. If you are unsure if you have PK Protect, contact your company's IT administrator. With PK Protect, you can: Encrypt and decrypt files using Smartkeys, Decrypt archives with X.509 Digital Certificates, Create and manage Smartkeys, Perform digital signing and authentication of data with X.509 Digital Certificates, Encrypt and decrypt files with Strong Passphrase encryption, including AE2, Login with existing Active Directory credentials, Create and view unencrypted zip archives. PK Protect armors data at its core, eliminating vulnerabilities everywhere data is used, shared or stored. For nearly three decades, PKWARE has provided encryption and compression software to more than 30,000 enterprise customers and over 200 government agencies. Available for iOS/iPadOS and Android. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.pkware.smartcrypt.intune), [App Store link (iOS)](https://apps.apple.com/app/smartcrypt-for-intune/id1489232256) |
 | **Space Connect**<p><img alt="Partner app - Space Connect icon" src="./media/apps-supported-intune-apps/icon-p-space-connect.png" width="100"> | Space Connect brings together people and office space to enable businesses to manage office space more effectively & automatically. Book desks, book rooms, check your calendar, find your colleagues, and more with our mobile workspace management solution. | [Google Play link (Android)](https://play.google.com/store/apps/details?id=com.bluechilli.spaceconnectapp), [App Store link (iOS)](https://apps.apple.com/app/space-connect/id1023361383) |  
 | **Speaking Email**<p><img alt="Partner app - Speaking Email icon" src="./media/apps-supported-intune-apps/icon-p-speaking-email-icon.png" width="100">   | Get more time in your day by having your email read to you on the move. Voice commands and simple gestures designed to be safe to use while driving give you the ability to archive, flag or even reply on the move.<p>Smart content detection skips over disclaimers, reply headers, and email signatures to speak only the content without the clutter.<p>Employees can sign in via Intune to access Microsoft 365 Exchange email. | [App Store link (iOS)](https://apps.apple.com/app/apple-store/id991406423?ct=intune) | 

memdocs/intune/apps/mam-faq.yml

@@ -35,18 +35,8 @@ sections:
     questions:
       - question: What is MAM?
         answer: |
-          [Intune mobile application management](app-lifecycle.md) refers to the suite of Intune management features that lets you publish, push, configure, secure, monitor, and update mobile apps for your users.
+          [MAM Overview](../apps/app-management.md#mobile-application-management-mam-basics)
           
-      - question: What are the benefits of MAM app protection?
-        answer: |
-          MAM protects an organization's data within an application. With MAM without enrollment (MAM-WE), a work or school-related app that contains sensitive data can be managed on almost any device, including personal devices in bring-your-own-device (BYOD) scenarios. Many productivity apps, such as the Microsoft Office apps, can be managed by Intune MAM. See the official list of [Intune-managed apps](https://www.microsoft.com/cloud-platform/microsoft-intune-apps) available for public use.
-          
-      - question: What device configurations does MAM support?
-        answer: |
-          Intune MAM supports two configurations:
-          - **Intune MDM + MAM**: IT administrators can only manage apps using MAM and app protection policies on devices that are enrolled with Intune mobile device management (MDM). To manage apps using MDM + MAM, customers should use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-          
-          - **MAM without device enrollment**: MAM without device enrollment, or MAM-WE, allows IT administrators to manage apps using MAM and app protection policies on devices not enrolled with Intune MDM. This means apps can be managed by Intune on devices enrolled with third-party EMM providers. To manage apps using MAM-WE, customers should use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). Also, apps can be managed by Intune on devices enrolled with third-party Enterprise Mobility Management (EMM) providers or not enrolled with an MDM at all.
           
   - name: App protection policies
     questions: 
@@ -205,7 +195,8 @@ sections:
   - name: App experience on Android
     questions: 
       - question: Why is the Company Portal app needed for Intune app protection to work on Android devices?
-        answer: Much of app protection functionality is built into the Company Portal app. Device enrollment is _not required_ even though the Company Portal app is always required. For MAM-WE, the end user just needs to have the Company Portal app installed on the device.
+        answer: |
+          [Company Portal app and Intune app protection](../apps/app-protection-policy.md#company-portal-app-and-intune-app-protection) 
 
       - question: How do multiple Intune app protection access settings that are configured to the same set of apps and users work on Android?
         answer: |