Merge pull request #8063 from MicrosoftDocs/main

Merge live to main Thursday, 10:30

Author: Thomas Raya

memdocs/configmgr/protect/deploy-use/endpoint-protection-configure-standalone-client.md

@@ -18,6 +18,9 @@ ms.localizationpriority: medium
 
 Your organization may have a number of standalone clients that you cannot manage or protect with Microsoft Endpoint Configuration Manager. Without any endpoint protection in place, these standalone clients are vulnerable to potential malware attacks. To protect such standalone clients, you can manually configure them with Endpoint Protection, as described in this topic.
 
+> [!NOTE]
+> If you install the endpoint protection client on a device that's not managed by Configuration Manager, a [Management License (ML)](https://www.microsoft.com/licensing/product-licensing/client-access-license) may be required for the device.
+
 To configure Endpoint Protection on a standalone client manually:
 
 - [Create an antimalware policy for the standalone client](#create-an-antimalware-policy-for-the-standalone-client)

memdocs/intune/configuration/device-profile-assign.md

@@ -2,12 +2,12 @@
 # required metadata
 
 title: Assign device profiles in Microsoft Intune
-description: Use the Microsoft Endpoint Manager admin center to assign device profiles and policies to users and devices. Learn how to exclude groups from a profile assignment in Microsoft Intune.
+description: Use the Microsoft Endpoint Manager admin center to assign device configuration profiles and policies to users and devices. Learn how to exclude groups from a profile assignment in Microsoft Intune.
 keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 01/18/2022
+ms.date: 07/21/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -30,11 +30,13 @@ ms.collection:
   - highpri
 ---
 
-# Assign user and device profiles in Microsoft Intune
+# Assign user and device configuration profiles in Microsoft Intune
 
-You create a profile, and it includes all the settings you entered. The next step is to deploy or "assign" the profile to your user or device groups. When it's assigned, the users and devices receive your profile, and the settings you entered are applied.
+You create a device configuration profile, and it includes all the settings you entered. The next step is to deploy or "assign" the profile to your user or device groups. When it's assigned, the users and devices receive your profile, and the settings you entered are applied.
 
-This article shows you how to assign a profile, and includes some information on using scope tags on your profiles.
+This article shows you how to assign a profile, and includes some information on using scope tags on your device configuration profiles. 
+
+For information on device configuration profiles, and what you can configure, go to [Apply features and settings on your devices using device profiles in Microsoft Intune](device-profiles.md).
 
 > [!NOTE]  
 > When a profile is removed or no longer assigned to a device, different things can happen, depending on the settings in the profile. The settings are based on CSPs, and each CSP can handle the profile removal differently. For example, a setting might keep the existing value, and not revert back to a default value. The behavior is controlled by each CSP in the operating system. For a list of Windows CSPs, see [configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
@@ -117,7 +119,6 @@ As a best practice:
 
 For more information on groups, see [Add groups to organize users and devices](../fundamentals/groups-add.md).
 
-
 ### Fundamentals
 
 When you assign your policies and profiles, apply the following general principles:

memdocs/intune/configuration/email-settings-android-enterprise.md

@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 03/07/2022
+ms.date: 07/21/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -43,6 +43,9 @@ As an Intune administrator, you can create and assign email settings to Android
 
 - Create an [Android Enterprise email device configuration profile](email-settings-configure.md) > **Personally-owned work profile**.
 - Or, create an [app configuration policy](../apps/app-configuration-policies-use-android.md).
+- If your profile will use Gmail and you want to use modern authentication, then you may have to deploy the Google Chrome app to the work profile.
+
+  For more specific information, go to [Add Android store apps to Microsoft Intune](../apps/store-apps-android.md) and [Assign apps to groups with Microsoft Intune](../apps/apps-deploy.md).
 
 ## Android Enterprise
 

memdocs/intune/configuration/settings-catalog-printer-provisioning.md

@@ -7,7 +7,7 @@ keywords:
 author: MandiOhlinger
 ms.author: mandia
 manager: dougeby
-ms.date: 06/21/2022
+ms.date: 07/21/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: configuration
@@ -38,6 +38,7 @@ Using the settings catalog in Intune, you can create a printer policy, and deplo
 This feature applies to:
 
 - Windows 11
+- Windows 10 and later
 
 This article shows you how to create a Universal Print policy in Microsoft Intune. To learn more about Universal Print and onboarding, go to [What is Universal Print](/universal-print/fundamentals/universal-print-whatis) and [Set up Universal Print](/universal-print/fundamentals/universal-print-getting-started).
 

memdocs/intune/enrollment/apple-mdm-push-certificate-get.md

@@ -8,7 +8,7 @@ keywords:
 author: Lenewsad
 ms.author: lanewsad
 manager: dougeby
-ms.date: 07/12/2022
+ms.date: 07/15/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: enrollment
@@ -51,7 +51,7 @@ Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.co
 ### Step 1. Grant Microsoft permission to send user and device information to Apple
 Select **I agree.** to give Microsoft permission to send data to Apple.
 
-:::image type="content" source="./media/apple-mdm-push-certificate-get/create-mdm-push-certificate.png" alt-text="Screenshof of the Configure MDM Push Certificate screen with MDM Push not set up.":::
+:::image type="content" source="./media/apple-mdm-push-certificate-get/create-mdm-push-certificate.png" alt-text="Screenshot of the Configure MDM Push Certificate screen with MDM Push not set up.":::
 
 ### Step 2. Download the Intune certificate signing request required to create an Apple MDM push certificate
 Select **Download your CSR** to download and save the request file locally. The file is used to request a trust relationship certificate from the Apple Push Certificates Portal.

memdocs/intune/enrollment/device-group-mapping.md

@@ -57,7 +57,7 @@ You'll use the device category name when you create Azure Active Directory (Azur
 
 ### Step 2: Create Azure AD security groups 
 
-To enable automatic grouping, you must create a dynamic group using attribute-based rules in Azure AD. For instructions, see [Using attributes to create advanced rules](/azure/active-directory/users-groups-roles/groups-dynamic-membership#using-attributes-to-create-rules-for-device-objects) in the Azure AD documentation. Create an advanced rule for your group using the **deviceCategory** attribute and the category name you created in [Step 1](device-group-mapping.md#step-1-create-device category-in-Intune) of this article. 
+To enable automatic grouping, you must create a dynamic group using attribute-based rules in Azure AD. For instructions, see [Using attributes to create advanced rules](/azure/active-directory/users-groups-roles/groups-dynamic-membership#using-attributes-to-create-rules-for-device-objects) in the Azure AD documentation. Create an advanced rule for your group using the **deviceCategory** attribute and the category name you created in Step 1 of this article. 
 
 For example, to create a rule that automatically groups devices belonging in the HR category, use the following rule syntax: `device.deviceCategory -eq "HR"`    
 

memdocs/intune/fundamentals/monitor-audit-logs.md

@@ -74,7 +74,7 @@ Audit logs and operational logs can also be routed to Azure Monitor. In **Tenant
 
 ## Use Graph API to retrieve audit events
 
-For details on using the graph API to get up to one year of audit events, see [List auditEvents](/graph/api/intune-auditing-auditevent-list?view=graph-rest-1.0).
+For details on using the graph API to get up to one year of audit events, see [List auditEvents](/graph/api/intune-auditing-auditevent-list).
 
 ## Next steps
 

memdocs/intune/user-help/sign-in-to-the-company-portal.md

@@ -112,6 +112,15 @@ If you normally use a smart card to access work resources, follow the steps in t
 
 5. Once the screen says that you're signed in to Company Portal, you can close the browser and switch to your work device.  
 
+The following articles describe the enrollment instructions for smart card-enabled devices, and includes the sign-in-from-another-device method. 
+
+  * [Enroll with Entrust for iOS](enroll-ios-device-entrust-datacard.md) 
+  * [Enroll with Entrust for Android](enroll-android-device-entrust-datacard.md)
+  * [Enroll with Intercede for iOS](enroll-ios-device-intercede.md)  
+  * [Enroll with Intercede for Android](enroll-android-device-intercede.md)  
+  * [Enroll with DISA Purebred for iOS](enroll-ios-device-disa-purebred.md)
+  * [Enroll with DISA Purebred for Android](enroll-android-device-disa-purebred.md)
+
 ## App permissions for Android   
 The permissions described in this section apply to the Company Portal app for Android and devices running Android, versions 8.0 and later.    
 

windows-365/business-enterprise-comparison.md

@@ -67,7 +67,7 @@ Windows 365 is available in two editions: [Windows 365 Business](./business/inde
 | Capability | Windows 365 Business | Windows 365 Enterprise |
 | --- | --- | --- |
 | Management | Users can [restart, reset, rename, and troubleshoot](./end-user-access-cloud-pc.md#user-actions) their Cloud PCs on the Windows 365 homepage. | Users can [restart, rename, and troubleshoot](end-user-access-cloud-pc.md) their Cloud PCs on the Windows 365 homepage. |
-| Role | By default, each user is a Standard User on their Cloud PC. To grant Local Administrator permissions to a specific user on a Cloud PC, see [Remote management actions](./business/remotely-manage-business-cloud-pcs.md#remote-management-actions). To grant Local Administrator permissions for Cloud PCs that you create in the future, see [Change organizational default settings](./business/change-organization-default-settings.md).| By default, each user is assigned a standard user role on their Cloud PC. This can be changed by the admin in the Microsoft Endpoint Manager admin center.|
+| Role | By default, each user is a Standard User on their Cloud PC. To grant Local Administrator permissions to a specific user on a Cloud PC, see [Remote management actions](./business/remotely-manage-business-cloud-pcs.md#remote-management-actions). To grant Local Administrator permissions for Cloud PCs that you create in the future, see [Change organizational default settings](./business/change-organization-default-settings.md).| By default, each user is assigned a standard user role on their Cloud PC. This role can be changed by the admin in the Microsoft Endpoint Manager admin center.|
 | Access | Users can access their Cloud PC at windows365.microsoft.com or by using Microsoft Remote Desktop. | Users can access their Cloud PC at windows365.microsoft.com or by using Microsoft Remote Desktop. |
 | Platform | Any platform that supports Microsoft Remote Desktop clients. [Learn more.](/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients)  | Any platform that supports Microsoft Remote Desktop clients. [Learn more.](/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients)  |
 

windows-365/business/add-user-assign-licenses.md

@@ -40,4 +40,4 @@ You can add a user and assign them licenses by following these steps:
 6. If you want to specify a password, de-select the **Automatically create a password** box. Then, enter a password.
 7. If you don’t want to require the user to change their password when they first sign into the new Cloud PC, de-select the **This user must change their password when they first sign in** box.
 8. If you don't want to automatically email the sign-in info to the user, de-select **Email the sign-in info** box.
-9. Select **Add user**. A new Cloud PC will be created and the user can use the sign in information to access it.
+9. Select **Add user**. A new Cloud PC will be created and the user can use the sign-in information to access it.