Merge pull request #16386 from MicrosoftDocs/main

Publish main to live, Wednesday 3:30PM PDT, 10/16

Author: Stacyrch140

memdocs/intune/apps/app-configuration-managed-home-screen-app.md

@@ -167,7 +167,7 @@ The following table lists the Managed Home Screen available configuration keys,
 
 |     Configuration Key    |     Value Type    |     Default Value    |     Description    |     Available in device configuration profile    |
 |-|-|-|-|-|
-|     Enable sign in    |     bool    |     FALSE    |     Turn this setting to True to enable   end-users to sign into Managed Home Screen. When used with   Microsoft Entra shared device mode, users who sign in to Managed Home Screen will   get automatically signed in to all other apps on the device that have participated   with Microsoft Entra shared device mode. By default this setting is off.     |     ✔️ <p>NOTE:  On devices that have a device configuration profile with the [**Enabled System Navigation Features** setting](../configuration/device-restrictions-android-for-work.md#dedicated-devices) set to **Home and Overview buttons**, end users can ignore and skip the sign in screen.         |
+|     Enable sign in    |     bool    |     FALSE    |     Turn this setting to True to enable   end-users to sign into Managed Home Screen. When used with   Microsoft Entra shared device mode, users who sign in to Managed Home Screen will   get automatically signed in to all other apps on the device that have participated   with Microsoft Entra shared device mode. By default this setting is off. <p>NOTE: After rebooting the device, end users must reauthenticate by signing in to Managed Home Screen.     |     ✔️ <p>NOTE:  On devices that have a device configuration profile with the [**Enabled System Navigation Features** setting](../configuration/device-restrictions-android-for-work.md#dedicated-devices) set to **Home and Overview buttons**, end users can ignore and skip the sign in screen.           |
 |     Sign in type    |     string    |     Microsoft Entra ID    |     Set this configuration to "AAD" to sign in   with a Microsoft Entra account. Otherwise, set this configuration to "Other". Users who   sign in with a non-AAD account won't get single sign-on to all apps that   have integrated with Microsoft Entra shared device mode, but will still get signed   in to Managed Home Screen. By default, this setting uses "AAD" user accounts.   This setting can only be used if **Enable sign in** has been set to True.     |     ✔️          |
 |     Domain name    |     string    |         | Set a domain name to be appended to usernames for sign in. If this is not set, users will need to enter the domain name. To allow users to select between multiple domain name options, add semicolon delimited strings. Enable sign in must be set to TRUE to use this configuration. <p>**NOTE**: This setting does not prevent users from inputting alternative domain names.     |     ❌          |
 |     Login hint text    |     string    |          | Set a custom login hint string by entering a string. If no string is set, the default string "Enter email or phone number" will be displayed. Enable sign in must be set to TRUE to use this configuration.   |     ❌          |

memdocs/intune/configuration/bundle-ids-built-in-ios-apps.md

@@ -78,6 +78,7 @@ This feature applies to:
 | com.apple.mobilenotes       | Notes        | Apple     |
 | com.apple.Numbers           | Numbers      | Apple     |
 | com.apple.Pages             | Pages        | Apple     |
+| com.apple.Passwords         | Passwords    | Apple     |
 | com.apple.mobilephone       | Phone        | Apple     |
 | com.apple.Photo-Booth       | Photo Booth  | Apple     |
 | com.apple.mobileslideshow   | Photos       | Apple     |

memdocs/intune/configuration/device-restrictions-windows-10.md

@@ -1187,6 +1187,8 @@ You can exclude certain files from Microsoft Defender Antivirus scans by modifyi
 - **File extensions to exclude from scans and real-time protection**: Add one or more file extensions like **jpg** or **txt** to the exclusions list. Any files with these extensions aren't included in any real-time or scheduled scans.
 - **Processes to exclude from scans and real-time protection**: Add one or more processes of the type **.exe**, **.com**, or **.scr** to the exclusions list. These processes aren't included in any real-time, or scheduled scans.
 
+For more information, see [Exclusions overview](/defender-endpoint/navigate-defender-endpoint-antivirus-exclusions) in the Microsoft Defender documentation.
+
 ## Power settings
 
 These settings use the [power policy CSP](/windows/client-management/mdm/policy-csp-power), which also lists the supported Windows editions.

memdocs/intune/copilot/copilot-devices.md

@@ -4,8 +4,8 @@
 title: Copilot in Intune shows device information and errors
 description: Microsoft Copilot in Intune can help you get information about your devices, compare devices, and get error information. Use this information to help you manage and troubleshoot device issues.
 keywords: security copilot, intune, microsoft intune, copilot, device information, device errors, device troubleshooting, analyze error code, compare devices, AI, generative-AI
-author: MandiOhlinger
-ms.author: mandia
+author: Erikre
+ms.author: erikre
 manager: dougeby
 ms.date: 04/01/2024
 ms.topic: how-to

memdocs/intune/copilot/copilot-intune-faq.md

@@ -4,8 +4,8 @@
 title: Copilot in Intune FAQ
 description: Get answers to common questions when using Copilot in Microsoft Intune.
 keywords: security copilot, intune, microsoft intune, copilot, faq
-author: MandiOhlinger
-ms.author: mandia
+author: Erikre
+ms.author: erikre
 manager: dougeby
 ms.date: 04/01/2024
 ms.topic: how-to

memdocs/intune/copilot/copilot-intune-overview.md

@@ -4,8 +4,8 @@
 title: Microsoft Copilot in Intune features overview
 description: Microsoft Copilot in Intune is an AI platform. It can help you create policies, get information about existing policies, and show more details on specific settings, including their impacts on users and devices. You can also use Copilot to troubleshoot device issues.
 keywords: Security Copilot, Intune, Microsoft Intune, AI, Copilot, settings catalog, policies, device details, troubleshooting
-author: MandiOhlinger
-ms.author: mandia
+author: Erikre
+ms.author: erikre
 manager: dougeby
 ms.date: 04/01/2024
 ms.topic: get-started

memdocs/intune/copilot/security-copilot.md

@@ -4,8 +4,8 @@
 title: Use Copilot for Security to get device and policy information
 description: You can use Copilot for Security to get information about your Intune data, including devices, apps, policies, and groups managed in Intune. You can also compare policies, get device specific details, and get target info for policies.
 keywords:
-author: MandiOhlinger
-ms.author: mandia
+author: Erikre
+ms.author: erikre
 manager: dougeby
 ms.date: 04/01/2024
 ms.topic: concept-article

memdocs/intune/developer/app-sdk-android-phase4.md

@@ -95,7 +95,7 @@ MAMStrictMode.global().setHandler(handler);
 If a check fails in a situation where your app is doing nothing
 incorrect, report it as mentioned above.
 In the meantime, it may be necessary to disable the check encountering a false positive, at least while waiting for an updated SDK.
-The check, which failed will be shown in the error raised by the default handler, or will be passed to a custom handler if set.
+The check that failed will be shown in the error raised by the default handler or it will be passed to a custom handler, if set.
 
 Although suppressions can be done globally, temporarily disabling per-thread at the specific call site is preferred.
 The following examples show various ways to disable [MAMStrictCheck.IDENTITY_NO_SUCH_FILE][MAMStrictCheck] (raised if an
@@ -389,7 +389,7 @@ If the enrollment attempt fails, the account's status may change over time as th
 | `UNENROLLMENT_SUCCEEDED` | Unenrollment was successful.|
 | `UNENROLLMENT_FAILED` | The unenrollment request failed.  Further details can be found in the device logs. In general, this won't occur as long as the app passes a valid (neither null nor empty) UPN. There's no direct, reliable remediation the app can take. If this value is received when unregistering a valid UPN, report as a bug to the Intune MAM team.|
 | `PENDING` | The initial enrollment attempt for the account is in progress.  The app can block access to corporate data until the enrollment result is known, but isn't required to do so. |
-| `COMPANY_PORTAL_REQUIRED` | The account is licensed for Intune, but the app can't be enrolled until the Company Portal app is installed on the device. The Intune App SDK attempts to block access to the app for the given account and direct them to install the Company Portal app. When sending this notification to the app, the Intune App SDK will show a nonblocking UI on top of the current Activity if the Activity is currently visible to the user or the next time `onResume` is called. If the user cancels out this nonblocking UI, the Intune App SDK will show a blocking UI the next time `onCreate` is called for an Activity and the current identity is managed (see below for details on troubleshooting). |
+| `COMPANY_PORTAL_REQUIRED` | The account is licensed for Intune, but the app can't be enrolled until the Company Portal app is installed on the device. The Intune App SDK attempts to block access to the app for the given account and directs the user to install the Company Portal app. When sending this notification to the app, the Intune App SDK will show a nonblocking UI on top of the current Activity if the Activity is currently visible to the user or the next time `onResume` is called. If the user cancels out this nonblocking UI, the Intune App SDK will show a blocking UI the next time `onCreate` is called for an Activity and the current identity is managed (see below for details on troubleshooting). |
 
 ## (Recommended) Logging
 
@@ -678,7 +678,7 @@ If you're unsure if any of these sections apply to your app, revisit [Key Decisi
 [First Policy Application Test]:#first-policy-application-test
 [Data Protection Tests]:#data-protection-tests
 [Diagnostics Information]:#recommended-diagnostics-information
-[My app is not receiving or enforcing any policies]:#my-app-is-not-receiving-or-enforcing-any-policies
+[My app isn't receiving or enforcing any policies]:#my-app-isnt-receiving-or-enforcing-any-policies
 
 <!-- Other SDK Guide Markdown documentation -->
 [Stage 1: Plan the Integration]:app-sdk-android-phase1.md

memdocs/intune/fundamentals/whats-new-archive.md

@@ -4557,7 +4557,7 @@ As of October 12, 2022, the name Microsoft Endpoint Manager will no longer be us
 For more information, see [Intune documentation]( ../../index.yml).
 
 #### Grace period status visible in Windows Company Portal<!-- 14746606 -->  
-Windows Company Portal now displays a grace period status to account for devices that don't meet compliance requirements but are still within their given grace period. Users are shown the date by which they need to become compliant and the instructions for how to become compliant. If users don't update their device by the given date, their device status changes to noncompliant. For more information about setting grace periods, see [Configure compliance policies with actions for noncompliance](../protect/actions-for-noncompliance.md#available-actions-for-noncompliance) and [Check access from Device details page](../user-help/check-device-access-windows-cpapp.md#check-access-from-device-details-page).
+Windows Company Portal now displays a grace period status to account for devices that don't meet compliance requirements but are still within their given grace period. Users are shown the date by which they need to become compliant and the instructions for how to become compliant. If users don't update their device by the given date, their device status changes to noncompliant. For more information about setting grace periods, see [Configure compliance policies with actions for noncompliance](../protect/actions-for-noncompliance.md#available-actions-for-noncompliance) and [Check access from Device details page](../user-help/check-device-access-windows-cpapp.md).
 
 #### Linux device management available in Microsoft Intune<!-- 14616038 -->  
 Microsoft Intune now supports Linux device management for devices running Ubuntu Desktop 22.04 or 20.04 LTS. Intune admins don't need to do anything to enable Linux enrollment in the Microsoft Intune admin center.  Linux users can [enroll supported Linux devices](../user-help/enroll-device-linux.md) on their own and use the Microsoft Edge browser to access corporate resources online.

memdocs/intune/protect/antivirus-microsoft-defender-settings-windows-tenant-attach.md

@@ -60,6 +60,12 @@ View the Microsoft Defender Antivirus settings you can manage with the **Microso
 
 ## Microsoft Defender Antivirus Exclusions
 
+> [!WARNING]
+> **Defining exclusions lowers the protection offered by Microsoft Defender Antivirus**. Always evaluate the risks that are associated with implementing exclusions. Only exclude files you know aren't malicious.
+>
+> For more information, see [Exclusions overview](/defender-endpoint/navigate-defender-endpoint-antivirus-exclusions) in the Microsoft Defender documentation.
+
+
 For each setting in this group, you can expand the setting, select **Add**, and then specify a value for the exclusion.
 
 - **Defender Processes To Exclude**