Merge pull request #16991 from MicrosoftDocs/main

DA announcement

memdocs/configmgr/compliance/TOC.yml

@@ -3,6 +3,8 @@ items:
   href: index.yml
 - name: Understand and explore
   items:
+  - name: Understand compliance
+    href: understand/fundamentals-of-compliance.md
   - name: Ensure device compliance
     href: understand/ensure-device-compliance.md
 - name: Get started

memdocs/configmgr/compliance/understand/fundamentals-of-compliance.md

@@ -0,0 +1,55 @@
+---
+title: Understand compliance in Configuration Manager
+author: dougeby
+ms.author: dougeby
+manager: dougeby
+audience: ITPro
+ms.topic: conceptual
+ms.service: configuration-manager
+ms.collection: 
+ - tier1
+ - essentials-compliance
+description: Learn about compliance certifications, dependencies, and features in Configuration Manager supporting data protection and regulatory requirements.
+ms.date: 12/3/2024
+---
+
+# Understand compliance in Configuration Manager
+
+Configuration Manager supports compliance features to help organizations meet national, regional, and industry-specific regulations. Configuration Manager aligns with Microsoft's commitment to data protection, privacy, and compliance, by offering tools to help secure and manage data effectively.
+
+## Shared responsibility model
+
+Microsoft ensures that Configuration Manager complies with various industry standards and regulatory frameworks. However, customers are responsible for implementing their data protection and compliance strategies to align with their specific organizational requirements.
+
+## Compliance dependencies
+
+Configuration Manager leverages other Microsoft services for compliance, including:
+
+- [Microsoft Entra ID](/entra/fundamentals/whatis): Identity and access management.
+- [Microsoft Intune](/mem/intune): Enforces device compliance and conditional access policies.
+
+## Microsoft Intune capabilities for compliance
+
+Microsoft Intune helps enforce compliance policies and protect organizational data specifically for Intune:
+
+- **Conditional Access**: Ensures only compliant devices and apps managed by Intune can access sensitive data. See [Conditional Access](/mem/intune/protect/conditional-access).
+- **Device Compliance Enforcement**: Enforces device compliance policies to meet organizational security requirements. See [Device Compliance Policies](/mem/intune/protect/device-compliance-get-started).
+
+For more information about Intune compliance capabilities, visit the [Microsoft Intune documentation](/mem/intune).
+> [!NOTE]
+> For more information about how to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune, see [What is co-management?](/mem/configmgr/comanage/overview).
+
+## Data encryption
+
+Use Configuration Manager to manage BitLocker Drive Encryption (BDE) for on-premises Windows clients, which are joined to Active Directory. It provides full BitLocker lifecycle management that can replace the use of Microsoft BitLocker Administration and Monitoring. For more information, see [Plan for BitLocker management](/mem/configmgr/protect/plan-design/bitlocker-management).
+
+## Compliance features
+
+Configuration Manager includes several compliance features that help organizations manage device compliance. For more information, see [Ensure device compliance with Configuration Manager](/mem/configmgr/compliance/understand/ensure-device-compliance).
+
+## Related articles
+
+- [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement)
+- [Microsoft Trust Center](https://www.microsoft.com/trust-center)
+- [Additional privacy information](/mem/configmgr/core/plan-design/security/additional-privacy)
+- [Fundamentals of security](/mem/configmgr/core/understand/fundamentals-of-security)

memdocs/configmgr/core/understand/fundamentals-of-security.md

@@ -10,7 +10,9 @@ author: banreet
 ms.author: banreetkaur
 manager: apoorvseth
 ms.localizationpriority: medium
-ms.collection: tier3
+ms.collection: 
+- essentials-security
+- tier3
 ms.reviewer: mstewart,aaroncz 
 ---
 

memdocs/intune/apps/app-configuration-managed-home-screen-app.md

@@ -37,7 +37,9 @@ The Managed Home Screen is the application used for corporate-owned Android Ente
 
 ## When to configure the Microsoft Managed Home Screen app
 
-First, ensure that your devices are supported. Intune supports the enrollment of Android Enterprise dedicated devices and fully managed devices running OS version 8.0 and above that reliably connect to Google Mobile Services. Similarly, Managed Home Screen supports Android devices running OS version 8.0 and above. 
+ [!INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)]
+
+First, ensure that your devices are supported. Intune supports the enrollment of Android Enterprise dedicated devices and fully managed devices running OS version 8.0 and above. Similarly, Managed Home Screen supports Android devices running OS version 8.0 and above. 
 
 Typically, if settings are available to you through device configuration profiles (**Devices** > **Manage devices** > **Configuration**), configure the settings there. Doing so will save you time, minimize errors, and will give you a better Intune-support experience. However, some of the Managed Home Screen settings are currently only available via the **App configuration policies** pane in the Intune admin center. Use this document to learn how to configure the different settings either using the configuration designer or a JSON script. Additionally, use this document to learn what Managed Home Screen settings are available using device configuration profiles. You may also see [Device settings](../configuration/device-restrictions-android-for-work.md#device-experience) for a full list of settings available in **Devices** > **Manage devices** > **Configuration** that impact the Managed Home Screen. 
 

memdocs/intune/apps/manage-without-gms.md

@@ -37,10 +37,8 @@ Microsoft Intune uses Google Mobile Services (GMS) to communicate with the Micro
 > [!NOTE]
 > These GMS related limitations also apply to Device Administrator management and Android (AOSP) Management.
 
-> [!NOTE]
-> Microsoft Intune is ending support for [Android device administrator management](../enrollment/android-enroll-device-administrator.md) on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable.
-> For devices running Android 15 or earlier that don't have access GMS (excluding Microsoft Teams certified Android devices), Intune will continue allowing device administrator enrollment and will maintain limited support, since Android Enterprise management is unavailable to these devices. However, device administrator use on these devices is still not recommended, since Google's device administrator deprecation means there could be future functionality impact outside Intune's ability to mitigate.
-> For more information, and to learn about alternatives to device administrator, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443).  
+[!INCLUDE [android_device_administrator_support](../includes/android-device-administrator-support.md)]
+
 ## Install the Intune Company Portal app without access to the Google Play Store
 
 ### For users outside of People's Republic of China

memdocs/intune/fundamentals/whats-new.md

@@ -7,7 +7,7 @@ keywords:
 author: brenduns
 ms.author: brenduns
 manager: dougeby
-ms.date: 12/20/2024
+ms.date: 12/31/2024
 ms.topic: conceptual
 ms.service: microsoft-intune
 ms.subservice: fundamentals
@@ -75,6 +75,13 @@ You can use RSS to be notified when this page is updated. For more information,
 ### Tenant administration
 
 -->
+## Week of December 30, 2024  
+
+### Device enrollment  
+
+#### Intune ends support for Android device administrator on devices with access to Google Mobile Services<!-- 24563742 -->
+As of December 31, 2024, Microsoft Intune no longer supports Android device administrator management on devices with access to Google Mobile Services (GMS). This change comes after Google deprecated Android device administrator management and ceased support. Intune support and help documentation remains for devices without access to GMS running Android 15 or earlier, and Microsoft Teams devices migrating to Android Open Source Project (AOSP) management. For more information about how this change impacts your tenant, see [Intune ending support for Android device administrator on devices with GMS access in December 2024](https://techcommunity.microsoft.com/blog/intunecustomersuccess/intune-ending-support-for-android-device-administrator-on-devices-with-gms-in-de/3915443). 
+
 
 ## Week of December 16, 2024 (Service release 2412)
 

memdocs/intune/includes/android-device-administrator-support.md

@@ -4,7 +4,7 @@ description: include file
 author: lenewsad
 ms.service: microsoft-intune
 ms.topic: include
-ms.date: 06/12/2024
+ms.date: 12/31/2024
 ms.author: lanewsad
 ms.custom: include file
 ms.collection:
@@ -13,4 +13,4 @@ ms.collection:
 ---
 
 > [!IMPORTANT]
-> Microsoft Intune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on December 31, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable. If you currently use device administrator management, we recommend switching to another Android management option in Intune before support ends. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443).  
+> Android device administrator management is deprecated and no longer available for devices with access to Google Mobile Services (GMS). If you currently use device administrator management, we recommend switching to another Android management option. Support and help documentation remain available for some devices without GMS, running Android 15 and earlier. For more information, see [Ending support for Android device administrator on GMS devices](https://techcommunity.microsoft.com/t5/intune-customer-success/microsoft-intune-ending-support-for-android-device-administrator/ba-p/3915443).