MicrosoftDocs
diff --git a/‎memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md‎
Lines changed: 2 additions & 5 deletions b/‎memdocs/intune/fundamentals/azure-virtual-desktop-multi-session.md‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎memdocs/intune/fundamentals/in-development.md‎
Lines changed: 1 addition & 10 deletions b/‎memdocs/intune/fundamentals/in-development.md‎
Lines changed: 1 addition & 10 deletions
diff --git a/‎memdocs/intune/includes/intune-notices.md‎
Lines changed: 21 additions & 13 deletions b/‎memdocs/intune/includes/intune-notices.md‎
Lines changed: 21 additions & 13 deletions
diff --git a/‎memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md‎
Lines changed: 24 additions & 24 deletions b/‎memdocs/intune/protect/checkpoint-sandblast-mobile-mobile-threat-defense-connector.md‎
Lines changed: 24 additions & 24 deletions
@@ -34,7 +34,7 @@ ms.collection:
 > [!IMPORTANT]
 > Azure Virtual Desktop multi-session with Microsoft Intune is currently in preview and may be modified before it’s released. See [Public preview in Microsoft Intune](public-preview.md) for more information.
 
-You can now use Microsoft Intune to manage Windows 10 or Windows 11 Enterprise multi-session remote desktops in the Microsoft Endpoint Manager admin center just as you can manage a shared Windows 10 or Windows 11 client device. When managing such virtual machines (VMs), you must use device-based configurations. Such configurations require user-less enrollments.
+You can now use Microsoft Intune to manage Windows 10 or Windows 11 Enterprise multi-session remote desktops in the Microsoft Endpoint Manager admin center just as you can manage a shared Windows 10 or Windows 11 client device. When managing such virtual machines (VMs), you must use device-based configurations. Such configurations require user-less enrollments. 
 
 Windows 10 or Windows 11 Enterprise multi-session is a new Remote Desktop Session Host exclusive to [Azure Virtual Desktop](/azure/virtual-desktop/) on Azure. It provides the following benefits:
 
@@ -67,7 +67,7 @@ Windows 10 or Windows 11 Enterprise multi-session VMs are treated as a separate
 
 ## Create the device configuration profile
 
-To configure configuration policies for Windows 10 or Windows 11 Enterprise multi-session VMs, you'll usually use the [Settings catalog](../configuration/settings-catalog.md) in the Microsoft Endpoint Manager admin center.
+To configure configuration policies for Windows 10 or Windows 11 Enterprise multi-session VMs, you'll need to use the [Settings catalog](../configuration/settings-catalog.md) in the Microsoft Endpoint Manager admin center.
 
 The existing device configuration profile templates aren't supported for Windows 10 or Windows 11 Enterprise multi-session VMs, with the exception of the following templates:
 
@@ -106,9 +106,6 @@ Windows 10 or Windows 11 Administrative Templates are supported for Windows 10 o
 - ADMX-backed policies are supported. Some policies are not yet available in the Settings catalog.
 - ADMX-ingested policies are supported, including Office and Microsoft Edge settings available in Office administrative template files and Microsoft Edge administrative template files. For a complete list of ADMX-ingested policy categories, see [Win32 and Desktop Bridge app policy configuration](/windows/client-management/mdm/win32-and-centennial-app-policy-configuration#overview). Some ADMX ingested settings will not be applicable to Windows 10 or Windows 11 Enterprise multi-session.
 
-> [!NOTE]
-> Some ADMX settings currently require an insider build. You can hover over the information bubble next to the setting name to see if an insider build is required for a specific setting.
-
 ## Compliance and Conditional access
 
 You can secure your Windows 10 or Windows 11 Enterprise multi-session VMs by configuring compliance policies and Conditional Access policies in the Microsoft Endpoint Manager admin center. The following compliance policies are supported on Windows 10 or Windows 11 Enterprise multi-session VMs:
 
@@ -8,7 +8,7 @@ keywords:
 author: dougeby 
 ms.author: dougeby
 manager: dougeby
-ms.date: 04/14/2022
+ms.date: 04/19/2022
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -104,15 +104,6 @@ As a public preview, we’re adding new Setup Assistant screens you can configur
 ### Device actions available to Android (AOSP) users in Microsoft Intune app<!-- 12645718 -->
 AOSP device users will be able to delete, wipe, and rename their enrolled devices in the Microsoft Intune app. This feature will be available on devices enrolled in Intune as user-associated (Android) AOSP devices. 
 
-### Updating the device diagnostics folder structure<!-- 8504019 -->
-We’re updating how Intune exports [Windows Device Diagnostic data](../remote-actions/collect-diagnostics.md). Today, the zip file is flat structure of numbered folders that doesn’t identify their contents. Once updated, the logs collected will be named to match the data that was collected, and if multiple files are collected a folder will be created.
-
-To take advantage of this diagnostic logging update, devices must install one of the following updates:
-- Windows 11 - KB5011563
-- Windows 10 - KB5011543
-
-These updates are expected to be made available through Windows Updates on April 12, 2022.
-
 ### Support for Audio Alert on Android corporate-owned work- profiles and fully managed (COBO and COPE) devices<!-- 13499471 -->
 You'll be able to use the **Play lost device sound** device action to trigger an alarm sound on the device to assist in locating the lost or stolen Android Enterprise corporate owned work profiles and fully managed devices.
 
 
@@ -4,13 +4,33 @@ description: include file
 author: ErikjeMS  
 ms.service: microsoft-intune
 ms.topic: include
-ms.date: 01/19/2022
+ms.date: 04/19/2022
 ms.author: erikje
 ms.custom: include file
 ---
 
 These notices provide important information that can help you prepare for future Intune changes and features.  
 
+### Plan for Change: iOS/iPadOS notifications will require minimum version 5.2203.0 of the Company Portal<!-- 14131757 -->
+
+We will be making service side updates to iOS/iPadOS notifications in Microsoft Intune's May (2205) service release that will require users to have updated to at least version 5.2203.0 of the iOS/iPadOS Company Portal (released in March 2022).
+
+#### How does this affect you or your users?
+
+There is no change in functionality for push notifications, however, users will need to update to at least version 5.2203.0 of the Company Portal. If users do not update the app prior to this change, they will not receive messages sent by your organization and will instead receive a notification telling them to update their app. Once they update their app, push notifications will resume.
+
+Scenarios that send push notifications to the Company Portal include:
+
+- [Custom notifications](../remote-actions/custom-notifications.md)
+- [Push notifications for noncompliance](../protect/actions-for-noncompliance.md#available-actions-for-noncompliance)
+- [Device ownership change push notifications](../apps/company-portal-app.md#device-ownership-notification)
+- [Delivery of S/MIME certificates for iOS to access Outlook](/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/smime-outlook-for-ios-and-android)
+- [Derived credential enrollment](../protect/derived-credentials.md)
+
+#### How can you prepare?  
+
+The required version of the Company Portal has been released, so most users have likely [updated the app](../user-help/install-a-new-version-of-the-company-portal-app.md) and will not be impacted. However, you may want to notify users of this change to ensure all users continue to receive push notifications sent by your organization.
+
 ### Plan for change: Intune is moving to support Android 8.0 and later in January 2022<!-- 10946003 -->  
 
 Microsoft Intune will be moving to support Android version 8.0 (Oreo) and later for mobile device management (MDM) enrolled devices on or shortly after January 7, 2022.  
@@ -159,18 +179,6 @@ This change will affect you only if you currently manage, or plan to manage, mac
 
 Check your Intune reporting to see what devices or users might be affected. Go to **Devices** > **All devices** and filter by macOS. You can add more columns to help identify who in your organization has devices running macOS 10.14 or earlier. Ask your users to upgrade their devices to a supported OS version before the release of macOS 12.
 
-### Plan for change: Intune is ending support for standalone client apps on Microsoft Tunnel<!-- 9370486   -->
-
-Beginning on June 14, 2021, the Microsoft Defender for Endpoint app on Android supports Microsoft Tunnel functionality and is the official tunnel client app for Android Enterprise customers. With the release of Microsoft Defender for Endpoint as the Microsoft Tunnel client app, the standalone Microsoft Tunnel app for Android is deprecated. Support will end after January 31, 2022. When support ends, the standalone tunnel app will be removed from the Google Play store.
-
-#### How does this affect you or your users?
-
-If you use the standalone tunnel app for Android, you'll need to move to the Microsoft Defender for Endpoint app before January 31, 2022. This move will ensure that users can still access the Tunnel Gateway configuration.
-
-#### How can you prepare?
-
-For your devices that run Android Enterprise and currently use the standalone tunnel app, plan to [replace the standalone tunnel app with the Defender for Endpoint app](../protect/microsoft-tunnel-migrate-app.md). New devices should use Microsoft Defender for Endpoint as the tunnel client app.
-
 ### Upgrade to the Microsoft Intune Management Extension<!-- 10102913 -->
 
 We've released an upgrade to the Microsoft Intune Management Extension to improve handling of Transport Layer Security (TLS) errors on Windows 10 devices.
 
@@ -1,14 +1,14 @@
 ---
 # required metadata
 
-title: Set up Check Point SandBlast MTD connector with Intune
+title: Set up Check Point Harmony Mobile MTD connector with Intune
 titleSuffix: Microsoft Intune
-description: Learn about integrating Intune with Check Point SandBlast Mobile Threat Defense to control mobile device access to your corporate resources.
+description: Learn about integrating Intune with Check Point Harmony Mobile Threat Defense to control mobile device access to your corporate resources.
 keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 03/09/2020
+ms.date: 04/19/2022
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: protect
@@ -29,11 +29,11 @@ ms.custom: intune-azure; seodec18
 ms.collection: M365-identity-device-management
 ---
 
-# Check Point SandBlast Mobile Threat Defense connector with Intune
+# Check Point Harmony Mobile Threat Defense connector with Intune
 
-You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by Check Point SandBlast Mobile, a mobile threat defense solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the Check Point SandBlast Mobile app.
+You can control mobile device access to corporate resources using Conditional Access based on risk assessment conducted by Check Point Harmony Mobile, a mobile threat defense solution that integrates with Microsoft Intune. Risk is assessed based on telemetry collected from devices running the Harmony Mobile Protect app.
 
-You can configure Conditional Access policies based on Check Point SandBlast Mobile risk assessment enabled through Intune device compliance policies, which you can use to allow or block noncompliant devices to access corporate resources based on detected threats.
+You can configure Conditional Access policies based on Check Point Harmony Mobile risk assessment enabled through Intune device compliance policies, which you can use to allow or block noncompliant devices to access corporate resources based on detected threats.
 
 > [!NOTE]
 > This Mobile Threat Defense vendor is not supported for unenrolled devices.
@@ -50,14 +50,14 @@ You can configure Conditional Access policies based on Check Point SandBlast Mob
 
 - Microsoft Intune subscription
 
-- Check Point SandBlast Mobile Threat Defense subscription
-  - See [CheckPoint SandBlast website](https://www.checkpoint.com/) for more information.
+- Check Point Harmony Mobile Threat Defense subscription
+  - See the [CheckPoint Harmony website](https://www.checkpoint.com/harmony).
 
-## How do Intune and Check Point SandBlast Mobile help protect your company resources?
+## How do Intune and Check Point Harmony Mobile help protect your company resources?
 
-Check Point Sandblast Mobile app for Android and iOS/iPadOS captures file system, network stack, device and application telemetry where available, then sends the telemetry data to the Check Point SandBlast cloud service to assess the device's risk for mobile threats.
+Check Point Harmony Mobile app for Android and iOS/iPadOS captures file system, network stack, device and application telemetry where available, then sends the telemetry data to the Check Point Harmony cloud service to assess the device's risk for mobile threats.
 
-The Intune device compliance policy includes a rule for Check Point SandBlast Mobile Threat Defense, which is based on the Check Point SandBlast risk assessment. When this rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the Check Point SandBlast mobile app installed in their devices to resolve the issue and regain access to corporate resources.
+The Intune device compliance policy includes a rule for Check Point Harmony Mobile Threat Defense, which is based on the Check Point Harmony risk assessment. When this rule is enabled, Intune evaluates device compliance with the policy that you enabled. If the device is found noncompliant, users are blocked access to corporate resources like Exchange Online and SharePoint Online. Users also receive guidance from the Harmony Mobile Protect app installed in their devices to resolve the issue and regain access to corporate resources.
 
 Here are some common scenarios:
 
@@ -74,12 +74,12 @@ When malicious apps such as malware are detected on devices, you can block devic
 *Block when malicious apps are detected:*
 
 > [!div class="mx-imgBorder"]
-> ![Check Point MTD block when malicious apps are detected](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/checkpoint-mtd-2.PNG)
+> ![Check Point MTD block when malicious apps are detected](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/checkpoint-mtd-2.PNG)
 
 *Access granted on remediation:*
 
 > [!div class="mx-imgBorder"]
-> ![Check Point MTD access granted](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/checkpoint-mtd-3.PNG)
+> ![Check Point MTD access granted](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/checkpoint-mtd-3.PNG)
 
 ### Control access based on threat to network
 
@@ -88,12 +88,12 @@ Detect threats like **Man-in-the-middle** in network, and protect access to Wi-F
 *Block network access through Wi-Fi:*
 
 > [!div class="mx-imgBorder"]
-> ![Check Point MTD block network access through Wi-Fi](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/checkpoint-mtd-4.PNG)
+> ![Check Point MTD block network access through Wi-Fi](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/checkpoint-mtd-4.PNG)
 
 *Access granted on remediation:*
 
 > [!div class="mx-imgBorder"]
-> ![Check Point MTD Wi-Fi access granted](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/checkpoint-mtd-5.PNG)
+> ![Check Point MTD Wi-Fi access granted](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/checkpoint-mtd-5.PNG)
 
 ### Control access to SharePoint Online based on threat to network
 
@@ -102,30 +102,30 @@ Detect threats like **Man-in-the-middle** in network, and prevent synchronizatio
 *Block SharePoint Online when network threats are detected:*
 
 > [!div class="mx-imgBorder"]
-> ![Check Point MTD block SharePoint Online access](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/checkpoint-mtd-6.PNG)
+> ![Check Point MTD block SharePoint Online access](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/checkpoint-mtd-6.PNG)
 
 *Access granted on remediation:*
 
 > [!div class="mx-imgBorder"]
-> ![Check Point MTD SharePoint Online access granted](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/checkpoint-mtd-7.PNG)
+> ![Check Point MTD SharePoint Online access granted](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/checkpoint-mtd-7.PNG)
 
 ### Control access on unenrolled devices based on threats from malicious apps
 
-When the Check Point Sandblast Mobile Threat Defense solution considers a device to be infected:
+When the Check Point Harmony Mobile Threat Defense solution considers a device to be infected:
 > [!div class="mx-imgBorder"]
-> ![App protection policy blocks due to detected malware](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/sandblast-app-policy-block.png)
+> ![App protection policy blocks due to detected malware](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/harmony-app-policy-block.png)
 
 Access is granted on remediation:
 
 > [!div class="mx-imgBorder"]
-> ![Access is granted on remediation for App protection policy](./media/checkpoint-sandblast-mobile-mobile-threat-defense-connector/sandblast-app-policy-remediated.png)
+> ![Access is granted on remediation for App protection policy](./media/checkpoint-harmony-mobile-mobile-threat-defense-connector/harmony-app-policy-remediated.png)
 
 ## Next steps
 
-- [Integrate CheckPoint SandBlast with Intune](checkpoint-sandblast-mobile-mtd-connector-integration.md)
+- [Integrate Check Point Harmony Mobile with Intune](checkpoint-sandblast-mobile-mtd-connector-integration.md)
 
-- [Set up CheckPoint SandBlast Mobile app](mtd-apps-ios-app-configuration-policy-add-assign.md)
+- [Set up Harmony Mobile Protect app](mtd-apps-ios-app-configuration-policy-add-assign.md)
 
-- [Create CheckPoint SandBlast Mobile device compliance policy](mtd-device-compliance-policy-create.md)
+- [Create Check Point Harmony Mobile device compliance policy](mtd-device-compliance-policy-create.md)
 
-- [Enable CheckPoint SandBlast Mobile MTD connector](mtd-connector-enable.md)
+- [Enable Check Point Harmony Mobile MTD connector](mtd-connector-enable.md)