Merge pull request #15856 from MicrosoftDocs/main

publish main to live 10:30 AM 8/8/24

memdocs/intune/apps/manage-microsoft-edge.md

@@ -49,19 +49,6 @@ The richest and broadest protection capabilities for Microsoft 365 data are avai
 > [!NOTE]
 > New web clips (pinned web apps) on iOS devices will open in Edge for iOS and Android instead of the Intune Managed Browser when required to open in a protected browser. For older iOS web clips, you must re-target these web clips to ensure they open in Edge for iOS and Android rather than the Managed Browser.
 
-## Apply Conditional Access
-Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Edge for iOS and Android. To do this, you'll need a conditional access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
-
-Follow the steps in [Require approved client apps or app protection policy with mobile devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices), which allows Edge for iOS and Android, but blocks other mobile device web browsers from connecting to Microsoft 365 endpoints.
-
->[!NOTE]
-> This policy ensures mobile users can access all Microsoft 365 endpoints from within Edge for iOS and Android. This policy also prevents users from using InPrivate to access Microsoft 365 endpoints.
-
-With Conditional Access, you can also target on-premises sites that you have exposed to external users via the [Microsoft Entra application proxy](/azure/active-directory/active-directory-application-proxy-get-started).
-
-> [!NOTE]
-> To leverage app-based conditional access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
-
 ## Create Intune app protection policies
 
 App Protection Policies (APP) define which apps are allowed and the actions they can take with your organization's data. The choices available in APP enable organizations to tailor the protection to their specific needs. For some, it may not be obvious which policy settings are required to implement a complete scenario. To help organizations prioritize mobile client endpoint hardening, Microsoft has introduced taxonomy for its APP data protection framework for iOS and Android mobile app management.
@@ -87,8 +74,6 @@ For more information on the available settings, see [Android app protection poli
 > [!IMPORTANT]
 > To apply Intune app protection policies against apps on Android devices that are not enrolled in Intune, the user must also install the Intune Company Portal.  
 
-<a name='single-sign-on-to-azure-ad-connected-web-apps-in-policy-protected-browsers'></a>
-
 ## Single sign-on to Microsoft Entra connected web apps in policy-protected browsers
 
 Edge for iOS and Android can take advantage of single sign-on (SSO) to all web apps (SaaS and on-premises) that are Microsoft Entra connected. SSO allows users to access Microsoft Entra connected web apps through Edge for iOS and Android, without having to re-enter their credentials.
@@ -98,6 +83,19 @@ SSO requires your device to be registered by either the Microsoft Authenticator
 > [!NOTE]
 > Device registration is a simple check-in with the Microsoft Entra service. It doesn't require full device enrollment, and doesn't give IT any additional privileges on the device.
 
+## Apply Conditional Access
+Organizations can use Microsoft Entra Conditional Access policies to ensure that users can only access work or school content using Edge for iOS and Android. To do this, you'll need a conditional access policy that targets all potential users. These policies are described in [Conditional Access: Require approved client apps or app protection policy](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection).
+
+Follow the steps in [Require approved client apps or app protection policy with mobile devices](/azure/active-directory/conditional-access/howto-policy-approved-app-or-app-protection#require-approved-client-apps-or-app-protection-policy-with-mobile-devices), which allows Edge for iOS and Android, but blocks other mobile device web browsers from connecting to Microsoft 365 endpoints.
+
+>[!NOTE]
+> This policy ensures mobile users can access all Microsoft 365 endpoints from within Edge for iOS and Android. This policy also prevents users from using InPrivate to access Microsoft 365 endpoints.
+
+With Conditional Access, you can also target on-premises sites that you have exposed to external users via the [Microsoft Entra application proxy](/azure/active-directory/active-directory-application-proxy-get-started).
+
+> [!NOTE]
+> To leverage app-based conditional access policies, the Microsoft Authenticator app must be installed on iOS devices. For Android devices, the Intune Company Portal app is required. For more information, see [App-based Conditional Access with Intune](../protect/app-based-conditional-access-intune.md).
+
 ## Use app configuration to manage the browsing experience
 
 Edge for iOS and Android supports app settings that allow unified endpoint management, like Microsoft Intune, administrators to customize the behavior of the app.

memdocs/intune/developer/app-sdk-xamarin.md

@@ -117,11 +117,6 @@ for more information.
       ```csharp
        string enrolledAccount = IntuneMAMEnrollmentManager.Instance.EnrolledAccount;
       ```      
-### Sample Applications
-Sample applications highlighting MAM functionality in Xamarin.iOS apps are available on [GitHub](https://github.com/msintuneappsdk/sample-intune-xamarin-ios).
-
-> [!NOTE] 
-> There is no remapper for iOS/iPadOS. Integrating into a Xamarin.Forms app should be the same as for a regular Xamarin.iOS project. 
 
 ## Enabling Intune app protection policies in your Android mobile app
 1. Add the [Microsoft.Intune.MAM.Xamarin.Android NuGet package](https://www.nuget.org/packages/Microsoft.Intune.MAM.Xamarin.Android) to your Xamarin.Android project.
@@ -245,8 +240,5 @@ The Intune SDK Xamarin Bindings rely on the presence of the [Company Portal](htt
 
 For app protection without device enrollment, the user is _**not**_ required to enroll the device by using the Company Portal app.
 
-### Sample Applications
-Sample applications highlighting MAM functionality in Xamarin.Android and Xamarin.Forms apps are available on [GitHub](https://github.com/msintuneappsdk/Taskr-Sample-Intune-Xamarin-Android-Apps).
-
 ## Support
 If your organization is an existing Intune customer, please work with your Microsoft support representative to open a support ticket and create an issue on the GitHub issues page. We will help as soon as we can.

memdocs/intune/enrollment/android-dedicated-devices-fully-managed-enroll.md

@@ -91,7 +91,7 @@ admin.
 3. Select your role from the list.  
 4. Select **Properties**.
 5. Go to **Permissions** and then select **Edit**.  
-6. Select **Android for Work**.  
+6. Select **Android Enterprise**.  
 7. Next to **Update app sync**, select **Yes**.
 8. Select **Review + save** to review your changes.  
 9. Select **Save**.  
@@ -108,11 +108,11 @@ Verify that enrollment is enabled for corporate-owned, fully managed devices.
 Link a zero-touch account with your Microsoft Intune account.   
 
 1. In the [admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **By platform** > **Android**.  
-2. Select **Android enrollment**.  
+2. Select **Device onboarding** > **Enrollment**.  
 3. Under **Bulk enrollment methods**, choose **Zero-touch enrollment**.  
 4. The iframe opens.  Select **Next** to begin setup.   
 5. Sign in with the Google account you provided to your reseller. 
-6 Select the zero-touch account you want to link, and then select **Link**.  
+6. Select the zero-touch account you want to link, and then select **Link**.  
 7. A default configuration is created. A screen appears with basic information about the configuration. Intune will automatically apply the default configuration to any zero-touch enabled device that's without an existing configuration.  
 
    > [!CAUTION]