Merge pull request #16249 from MicrosoftDocs/main

Publish main to live, Tuesday 3:30PM PDT, 10/01
MicrosoftDocs · Oct 1, 2024 · e17d412 · e17d412
2 parents 7b39e75 + 0908369
commit e17d412
Show file tree

Hide file tree

Showing 3 changed files with 120 additions and 48 deletions.
diff --git a/memdocs/intune/apps/apps-supported-intune-apps.md b/memdocs/intune/apps/apps-supported-intune-apps.md
@@ -71,8 +71,8 @@ The below apps support the Core Intune App Protection Policy settings and are al
 |Microsoft Excel|[Android](https://play.google.com/store/apps/details?id=com.microsoft.office.excel)|✔|No settings|✔|N/A|✖|✖|✔|
 |Microsoft Excel|[iOS](https://apps.apple.com/us/app/microsoft-excel/id586683407)|✔|No settings|✔|N/A|✖|✖|✔|
 |Microsoft Launcher|[Android](https://play.google.com/store/apps/details?id=com.microsoft.launcher)|✔|✔ see [Launcher app config](configure-microsoft-launcher.md)|✖|N/A|✖|✖|N/A|
-|Microsoft Lens - PDF Scanner|[Android](https://play.google.com/store/apps/details?id=com.microsoft.office.officelens)|✖|No settings|✖|N/A|✖|✖|N/A|
-|Microsoft Lens - PDF Scanner|[iOS](https://apps.apple.com/us/app/microsoft-lens-pdf-scanner/id975925059)|✖|No settings|✖|N/A|✖|✖|N/A|
+|Microsoft Lens - PDF Scanner|[Android](https://play.google.com/store/apps/details?id=com.microsoft.office.officelens)|✔|No settings|✖|N/A|✖|✖|N/A|
+|Microsoft Lens - PDF Scanner|[iOS](https://apps.apple.com/us/app/microsoft-lens-pdf-scanner/id975925059)|✔|No settings|✖|N/A|✖|✖|N/A|
 |Microsoft Lists|[iOS](https://apps.apple.com/us/app/microsoft-lists/id1530637363)|✔|No settings|✔|N/A|N/A|✔|✔|
 |Microsoft Lists|[Android](https://play.google.com/store/apps/details?id=com.microsoft.lists.public&gl=US)|✔|No settings|✖|N/A|N/A|✖|✖|
 |Microsoft Loop|[iOS](https://apps.apple.com/us/app/microsoft-loop/id1637682491)|✔|No settings|✔|N/A|✖|N/A|N/A|

diff --git a/memdocs/intune/fundamentals/in-development.md b/memdocs/intune/fundamentals/in-development.md
@@ -7,7 +7,7 @@ keywords:
 author: dougeby
 ms.author: dougeby
 manager: dougeby
-ms.date: 09/25/2024
+ms.date: 10/01/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -77,6 +77,19 @@ EPM is available as an [Intune Suite add-on-capability](../fundamentals/intune-a
 
 ## App management
 
+### Updates to app configuration policies for Android Enterprise devices<!-- 26711672 -->
+
+App configuration policies for Android Enterprise devices will soon support overriding the following additional permissions:
+
+- Access background location
+- Bluetooth (connect)
+
+For more information about app configuration policies for Android Enterprise devices, see [Add app configuration policies for managed Android Enterprise devices](../apps/app-configuration-policies-use-android.md).
+
+Applies to:
+
+- Android Enterprise devices
+
 ### New UI for Intune Company Portal app for Windows<!-- 27219294 -->
 
 The UI for the Intune Company Portal app for Windows will be updated. Users will be able to use the same functionality they’re used to with an improved experience for their desktop app. With the updated design, users will see improvements in user experience for the **Home**, **Devices**, and **Downloads & updates** pages. The new design will be more intuitive and will highlight areas where users need to take action.
@@ -93,16 +106,7 @@ Applies to:
 
 <!-- *********************************************** -->
 
-## Device configuration
-
-### Consent prompt update for remote log collection<!-- 28072852 -->
-
-End users might see a different consent experience for remote log collection after the Android APP SDK 10.4.0 and iOS APP SDK 19.6.0 updates. End users will no longer see a common prompt from Intune and will only see a prompt from the application if it has one.
-
-Applies to:
-
-- Android
-- iOS/iPadOS
+<!-- ## Device configuration -->
 
 <!-- *********************************************** -->
 
@@ -131,6 +135,69 @@ When this change takes effect, devices that are assigned this policy while manag
 
 <!-- *********************************************** -->
 
+## Device management
+
+### Minimum OS version for Android devices will be Android 10 and later for user-based management methods<!-- 14755802 -->
+
+From October 2024, the minimum OS supported for Android devices will be Android 10 and later for user-based management methods, which includes:
+
+- Android Enterprise personally-owned work profile
+- Android Enterprise corporate owned work profile
+- Android Enterprise fully managed
+- Android Open Source Project (AOSP) user-based
+- Android device administrator
+- App protection policies (APP)
+- App configuration policies (ACP) for managed apps
+
+For enrolled devices on unsupported OS versions (Android 9 and lower)
+
+- Intune technical support won't be provided.
+- Intune won't make changes to address bugs or issues.
+- New and existing features aren't guaranteed to work.
+
+While Intune won't prevent enrollment or management of devices on unsupported Android OS versions, functionality isn't guaranteed, and use isn't recommended.
+
+Userless methods of Android device management (Dedicated and AOSP userless) and Microsoft Teams certified Android devices won't be affected by this change.
+
+### Device Inventory for Windows<!-- 24853010 -->
+
+Device inventory lets you collect and view additional hardware properties from your managed devices to help you better understand the state of your devices and make business decisions.
+
+You'll soon be able to choose what you want to collect from your devices, using the catalog of properties and then view the collected properties in the Resource Explorer view.
+
+Applies to:
+
+- Windows (Corporate owned devices managed by Intune)
+
+### Collection of additional device inventory details<!-- 29460196 -->
+
+We're adding additional files and registry keys to be collected to assist in troubleshooting the Device Hardware Inventory feature.
+
+Applies to:
+
+- Windows
+
+<!-- *********************************************** -->
+
+## Device security
+
+### New strong mapping requirements for Intune-issued SCEP certificates<!-- 29005591 -->
+
+To align with the Windows Kerberos Distribution Center's (KDC) strong mapping attribute requirements described in [KB5014754](https://support.microsoft.com/help/5014754), SCEP certificates issued by Microsoft Intune will be required to have the following tag in the Subject Alternative Name (SAN) field:
+
+`URL=tag:microsoft.com,2022-09-14:sid:<value>`
+
+This tag will ensure that certificates are compliant with the KDC's latest requirements, and that certificate-based authentication continues working. Microsoft Intune will be adding support for the SID variable in SCEP profiles. You will be able to modify or create a new SCEP profile to include the OnPremisesSecurityIdentifier variable in the SCEP profile. This action will trigger Microsoft Intune to issue new certificates with the appropriate tag to all applicable users and devices.
+
+These requirements apply to:
+
+- Android, iOS/iPadOS, and macOS user certificates.
+- Windows 10/11 user and device certificates.
+
+They don't apply to device certificates used with Microsoft Entra joined users or devices, because SID is an on-premises identifier.
+
+<!-- *********************************************** -->
+
 <!-- ## Intune apps -->
 
 <!-- *********************************************** -->