Merge branch 'main' into patch-1

memdocs/intune/apps/android-deployment-scenarios-app-protection-work-profiles.md

@@ -61,7 +61,7 @@ Individual Android apps are enabled for APP in a few ways:
 
     For more information on this tool, see [prepare line-of-business apps for app protection policies](../developer/apps-prepare-mobile-application-management.md).
 
-To see a list of apps enabled with APP, see [managed apps with a rich set of mobile application protection policies](https://www.microsoft.com/cloud-platform/microsoft-intune-apps).
+To see a list of apps enabled with APP, see [managed apps with a rich set of mobile application protection policies](/mem/intune/apps/apps-supported-intune-apps).
 
 ## Deployment scenarios
 

memdocs/intune/apps/mam-faq.yml

@@ -59,7 +59,7 @@ sections:
     questions: 
       - question: Which apps can be managed by app protection policies?
         answer: |
-          Any app that has been integrated with the [Intune App SDK](../developer/app-sdk.md) or wrapped by the [Intune App Wrapping Tool](../developer/apps-prepare-mobile-application-management.md) can be managed using Intune app protection policies. See the official list of [Intune-managed apps](https://www.microsoft.com/cloud-platform/microsoft-intune-apps) available for public use.
+          Any app that has been integrated with the [Intune App SDK](../developer/app-sdk.md) or wrapped by the [Intune App Wrapping Tool](../developer/apps-prepare-mobile-application-management.md) can be managed using Intune app protection policies. See the official list of [Intune-managed apps](/mem/intune/apps/apps-supported-intune-apps) available for public use.
           
       - question: What are the baseline requirements to use app protection policies on an Intune-managed app?
         answer: |

memdocs/intune/apps/manage-microsoft-edge.md

@@ -8,7 +8,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 02/27/2024
+ms.date: 10/24/2024
 ms.topic: how-to
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -282,7 +282,7 @@ Edge for iOS and Android allows organizations to disable certain features that a
 
 |Key |Value |
 |:-----------|:-------------|
-|com.microsoft.intune.mam.managedbrowser.disabledFeatures|**password** disables prompts that offer to save passwords for the end user <br>**inprivate** disables InPrivate browsing <br>**autofill** disables "Save and Fill Addresses" and "Save and Fill Payment info". Autofill will be disabled even for previously saved information <br>**translator** disables translator <br> **readaloud** disables read aloud <br> **drop** disables drop <br>**coupons** disables coupons <br>**extensions** disables extensions (Edge for Android only) <br>**developertools** grays out the build version numbers to prevent users from accessing Developer options (Edge for Android only) <br>**UIRAlert** suppress re-verify account popups in new tab page screen <br><br>To disable multiple features, separate values with `|`. For example, `inprivate|password` disables both InPrivate and password storage. |
+|com.microsoft.intune.mam.managedbrowser.disabledFeatures|**password** disables prompts that offer to save passwords for the end user <br>**inprivate** disables InPrivate browsing <br>**autofill** disables "Save and Fill Addresses" and "Save and Fill Payment info". Autofill will be disabled even for previously saved information <br>**translator** disables translator <br> **readaloud** disables read aloud <br> **drop** disables drop <br>**coupons** disables coupons <br>**extensions** disables extensions (Edge for Android only) <br>**developertools** grays out the build version numbers to prevent users from accessing Developer options (Edge for Android only) <br>**UIRAlert** suppress re-verify account popups in new tab page screen <br> **share** disables Share under menu <br> **sendtodevices** disables Send to devices under menu <br> **weather** disables weather in NTP (New Tab Page) <br><br>To disable multiple features, separate values with `|`. For example, `inprivate|password` disables both InPrivate and password storage. |
 
 #### Disable import passwords feature
 
@@ -316,9 +316,12 @@ Edge for Android can be enabled as a kiosk app with the following settings:
 |com.microsoft.intune.mam.managedbrowser.showAddressBarInKioskMode |**true** shows the address bar in kiosk mode <br>**false** (default) hides the address bar when kiosk mode is enabled|
 |com.microsoft.intune.mam.managedbrowser.showBottomBarInKioskMode |**true** shows the bottom action bar in kiosk mode <br>**false** (default) hides the bottom bar when kiosk mode is enabled |
 
+> [!NOTE]
+> Kiosk mode is not supported on iOS devices. However, you may want to use Locked View Mode (MDM policy only) to achieve a similar user experience, where users are unable to navigate to other websites, as the URL address bar becomes read-only in Locked View Mode.
+
 ### Locked view mode
 
-Edge for iOS and Android can be enabled as locked view mode with MDM policy EdgeLockedViewModeEnabled.
+Edge for iOS and Android can be enabled as locked view mode with MDM policy **[EdgeLockedViewModeEnabled](/deployedge/microsoft-edge-mobile-policies#edgelockedviewmodeenabled)**.
 
 |Key  |Value  |
 |:---------|:---------|
@@ -485,16 +488,6 @@ Organizations can configure a search provider for users. To configure a search p
 |com.microsoft.intune.mam.managedbrowser.DefaultSearchProviderName | The corresponding value is a string <br> **Example** `My Intranet Search`  |
 |com.microsoft.intune.mam.managedbrowser.DefaultSearchProviderSearchURL | The corresponding value is a string <br> **Example** `https://search.my.company/search?q={searchTerms}`|
 
-### Open external apps
-When a web page requests to open an external app, users will see a pop-up asking them to open the external app or not. Organizations can manage the behavior.
-
-|Key |Value |
-|:-----------|:-------------|
-|com.microsoft.intune.mam.managedbrowser.OpeningExternalApps |**0** (default) Show the pop-up for users to choose stay in Edge or open by external apps. <br>**1** Always open within Edge without showing the pop-up.<br> **2** Always open with external apps without showing the pop-up. If external apps aren't installed, the behavior will be the same as value 1|
-
-> [!NOTE]
-> As of version 120.2210.99, the app jump blocker feature is removed. External apps will be opened from Edge by default. Therefore, this policy is no longer valid from version 120.2210.99.
-
 ### Copilot
 
 > [!NOTE]

memdocs/intune/apps/store-apps-microsoft.md

@@ -77,6 +77,9 @@ An [Intune administrator](../fundamentals/users-add.md#types-of-administrators)
 
 The Microsoft Store provides a large variety of apps designed to work on your Microsoft devices. Within Intune, you can search and add the apps you want to assign to your workforce at your organization.
 
+> [!IMPORTANT]
+> There is no age restriction when searching for apps in the Microsoft Store.
+
 1. Select **Search the Microsoft Store app** to display the search panel which features a search bar and includes the following columns:
 
     - **Name** – The name of the app.
@@ -90,9 +93,8 @@ The Microsoft Store provides a large variety of apps designed to work on your Mi
     > Specific Microsoft Store apps may not be displayed and available in Intune. Common reasons an app doesn't appear when searching within Intune include the following:
     >
     > - The app is not available in US region.
-    > - The app is not available if there is an age restriction.
     > - The app is a paid app, which is not supported.
-    > - The app is an Android app.
+    > - The app platform isn't supported in the Microsoft Store.
 
 3. Choose the app that you want to deploy and choose **Select**.
 
@@ -124,7 +126,7 @@ The Microsoft Store provides a large variety of apps designed to work on your Mi
 You can choose how you want to assign Microsoft Store apps to users and devices.
 
 > [!NOTE]
-> If you assign an app to a device that is located in a region where that app is not supported or where that app does not meet the age restrictions, the app will not install on the device. However, if the device is moved to a region that supports the app, the app will install on the device. 
+> If you assign an app to a device that is located in a region where that app is not supported, the app will not install on the device. However, if the device is moved to a region that supports the app, the app will install on the device. 
 
 The following table provides assignment type details:
 

memdocs/intune/configuration/kiosk-settings-windows.md

@@ -100,7 +100,7 @@ Runs only one app on the device, such as a web browser or Store app.
 
     For more information on these options, see [Deploy Microsoft Edge kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy#supported-configuration-types).
 
-  - **Add Kiosk browser**: Select **Kiosk browser settings**. These settings control a web browser app on the kiosk. Be sure you get the [Kiosk browser app](https://businessstore.microsoft.com/store/details/kiosk-browser/9NGB5S5XG2KP) from the Store, add it to Intune as a [Client App](../apps/apps-add.md). Then, assign the app to the kiosk devices.
+  - **Add Kiosk browser**: Select **Kiosk browser settings**. These settings control a web browser app on the kiosk. Be sure you get the [Kiosk browser app](https://apps.microsoft.com/detail/9ngb5s5xg2kp?) from the Store, add it to Intune as a [Client App](../apps/apps-add.md). Then, assign the app to the kiosk devices.
 
     Enter the following settings:
 

memdocs/intune/fundamentals/cloud-configuration-setup-guide.md

@@ -287,18 +287,9 @@ The script is deployed to devices using in Intune. To add and deploy the script,
 
 #### Microsoft Store app
 
-If you previously removed the Microsoft Store app, you can redeploy it using Microsoft Intune. To re-add the Microsoft Store app (or any other apps you want to re-add), add the Microsoft Store app to your private organization app repository. Then, deploy the app to devices using Intune. The Microsoft Store app helps keep apps updated.
+If you previously removed the Microsoft Store app, you can redeploy it using Microsoft Intune. To re-add the Microsoft Store app (or any other apps you want to re-add), add the Microsoft Store app to your private organization app repository. Then, deploy the app to devices using Intune. The Microsoft Store app helps keep apps updated. For information about how to configure access to the Microsoft Store app, see [Manage access to private store](/microsoft-store/manage-access-to-private-store).  
 
-Your private organization app repository can be:
-
-- The Intune Company Portal app or website (preferred)
-
-- Microsoft Store for Business or Microsoft Store for Education
-
-  Previously, the Microsoft Store app had a Microsoft Store for Business tab. This tab is removed. If you use Microsoft Store for Business, then to access your private app repository, go to the [Microsoft Store for Business website](https://businessstore.microsoft.com/). For more information, go to [Manage access to private store](/microsoft-store/manage-access-to-private-store).
-
-  > [!NOTE]
-  > The Microsoft Store for Business and Microsoft Store for Education will be retired. For more information, go to [Microsoft Store for Business and Microsoft Store for Education](/microsoft-store/microsoft-store-for-business-overview).
+Your private organization app repository can be the Intune Company Portal app or website.  
 
 Using Intune, on Windows 10/11 Enterprise and Education devices, you can block end users from installing Microsoft Store apps outside of your organization's private app repository.
 

memdocs/intune/fundamentals/education-settings-configure-ios.md

@@ -162,7 +162,7 @@ When you're finished configuring certificates, choose **OK**.
 
 The profile is created and appears on the profiles list pane.
 
-Assign the profile to student devices in the classroom groups that were created when you synchronized your school data with Microsoft Entra ID (see [How to assign device profiles](../configuration/device-profile-assign.md).
+Assign the profile to student devices in the classroom groups that were created when you synchronized your school data with Microsoft Entra ID (see [How to assign device profiles](../configuration/device-profile-assign.md)).
 
 ## Next steps
 

memdocs/intune/fundamentals/intune-endpoints.md

@@ -48,7 +48,7 @@ To manage devices behind firewalls and proxy servers, you must enable communicat
 - For some tasks, Intune requires unauthenticated proxy server access to manage.microsoft.com, *.azureedge.net, and graph.microsoft.com.
 
   > [!NOTE]
-  > SSL traffic inspection is not supported for 'manage.microsoft.com', 'dm.microsoft.com', or the [Device Health Attestation (DHA) endpoints listed in the compliance section](#migrating-device-health-attestation-compliance-policies-to-microsoft-azure-attestation).
+  > SSL traffic inspection is not supported for '\*.manage.microsoft.com', '\*.dm.microsoft.com', or the [Device Health Attestation (DHA) endpoints listed in the compliance section](#migrating-device-health-attestation-compliance-policies-to-microsoft-azure-attestation).
 
 You can modify proxy server settings on individual client computers. You can also use Group Policy settings to change settings for all client computers located behind a specified proxy server.
 

memdocs/intune/fundamentals/intune-planning-guide.md

@@ -623,7 +623,7 @@ Validate the end-user experience with success metrics in your deployment plan. S
   - Tools and resources
   - Q & A
 
-The community-based [Intune forum](https://social.technet.microsoft.com/Forums/home) and [end-user documentation](/intune-user-help/use-managed-devices-to-get-work-done) are also great resources.
+The community-based [Intune forum](https://social.technet.microsoft.com/Forums/home) and [end-user documentation](/mem/intune/user-help/use-managed-devices-to-get-work-done) are also great resources.
 
 ## Related articles
 

memdocs/intune/fundamentals/intune-scale-guidelines.md

@@ -224,7 +224,7 @@ For more information, go to [How many tokens can I upload.](../apps/vpp-apps-ios
 - Local admins can create Win32 apps as needed within the cross-platform, line-of-business app and web-link limit. For more information, go to [Win32 app management](../apps/apps-win32-app-management.md).
 
   > [!NOTE]
-  > [Microsoft Store for Business](/microsoft-store/microsoft-store-for-business-overview) is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
+  > Microsoft Store for Business is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
 
 #### Android
 

memdocs/intune/fundamentals/manage-apps.md

@@ -125,7 +125,7 @@ The app features in the Intune admin center make it easier to deploy these diffe
   - [Win32 app management](../apps/apps-win32-app-management.md)
 
   > [!NOTE]
-  > [Microsoft Store for Business](/microsoft-store/microsoft-store-for-business-overview) is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
+  > Microsoft Store for Business is being retired. Starting with Windows 11, you have a new option for your private volume-licensed apps. For more information, go to [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) and [Update to Microsoft Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077).
 
 ## Configure apps before they're installed
 

memdocs/intune/industry/education/tutorial-school-deployment/enroll-autopilot.md

@@ -161,7 +161,7 @@ With the devices joined to Microsoft Entra tenant and managed by Intune, you can
 
 [MSFT-1]: https://partner.microsoft.com/
 
-[INT-1]: /intune/network-bandwidth-use
+[INT-1]: /mem/intune/fundamentals/network-bandwidth-use
 
 [M365-1]: https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
 

memdocs/intune/industry/education/tutorial-school-deployment/manage-surface-devices.md

@@ -42,6 +42,6 @@ To access and use the Surface Management Portal:
 
 <!-- Reference links in article -->
 
-[INT-1]: /intune/configuration/device-firmware-configuration-interface-windows
+[INT-1]: /mem/intune/configuration/device-firmware-configuration-interface-windows-settings
 [MEM-1]: /mem/autopilot/dfci-management
 [SURF-1]: /surface/surface-manage-dfci-guide

memdocs/intune/protect/create-conditional-access-intune.md

@@ -119,4 +119,4 @@ To take advantage of device compliance status, configure Conditional Access poli
 ## Next steps
 
 - [App-based Conditional Access with Intune](app-based-conditional-access-intune.md)
-- [Troubleshooting Intune Conditional Access](https://support.microsoft.com/help/4456106)
+- [Troubleshooting Intune Conditional Access](/troubleshoot/mem/intune/device-protection/troubleshoot-conditional-access)

memdocs/intune/protect/derived-credentials.md

@@ -141,7 +141,7 @@ The following are key considerations for each supported partner. Become familiar
 
 Review the platform-specific user workflow for the devices you'll use with derived credentials.
 
-- [iOS and iPadOS](/intune-user-help/enroll-ios-device-disa-purebred)
+- [iOS and iPadOS](/mem/intune/user-help/enroll-ios-device-disa-purebred)
 - [Android Enterprise](../user-help/enroll-android-device-disa-purebred.md) - *Corporate-Owned Work Profile* or *Fully managed devices*
 
 **Key requirements include**:
@@ -167,7 +167,7 @@ For information getting and configuring the DISA Purebred app, see [Deploy the D
 
 Review the platform-specific user workflow for the devices you'll use with derived credentials.
 
-- [iOS and iPadOS](/intune-user-help/enroll-ios-device-entrust-datacard)
+- [iOS and iPadOS](/mem/intune/user-help/enroll-ios-device-entrust-datacard)
 - [Android Enterprise](../user-help/enroll-android-device-entrust-datacard.md)- *Corporate-Owned Work Profile* or *Fully managed devices*
 
 **Key requirements include**:
@@ -191,7 +191,7 @@ Review the platform-specific user workflow for the devices you'll use with deriv
 
 Review the platform-specific user workflow for the devices you'll use with derived credentials.
 
-- [iOS and iPadOS](/intune-user-help/enroll-ios-device-intercede)
+- [iOS and iPadOS](/mem/intune/user-help/enroll-ios-device-intercede)
 - [Android Enterprise](../user-help/enroll-android-device-intercede.md) - *Corporate-Owned Work Profile* or *Fully managed devices*
 
 **Key requirements include**: