Merge pull request #10046 from MicrosoftDocs/main

v-stsavell · web-flow · commit e2be81ee945f · 2023-03-03T12:36:54.000-06:00
Publish main to live on 3/3 @ 10:30 am
diff --git a/memdocs/autopilot/windows-autopilot-hybrid.md b/memdocs/autopilot/windows-autopilot-hybrid.md
@@ -288,7 +288,9 @@ Autopilot deployment profiles are used to configure the Autopilot devices.
 
 13. Select **Next** > **Create**.
 
-It takes about 15 minutes for the device profile status to change from *Not assigned* to *Assigning* and, finally, to *Assigned*.
+> [!NOTE]
+>
+>Intune will periodically check for new devices in the assigned groups, and then begin the process of assigning profiles to those devices. Due to several different factors involved in the process of Autopilot profile assignment, an estimated time for the assignment can vary from scenario to scenario. These factors can include AAD groups, membership rules, hash of a device, Intune and Autopilot service, and internet connection. The assignment time will vary depending on all the factors and variables involved in a specific scenario.
 
 ## (Optional) Turn on the enrollment status page
 
diff --git a/memdocs/intune/enrollment/windows-bulk-enroll.md b/memdocs/intune/enrollment/windows-bulk-enroll.md
@@ -56,38 +56,41 @@ Azure AD users are standard users on these devices and receive assigned Intune p
 1. Download [Windows Configuration Designer (WCD)](https://www.microsoft.com/p/windows-configuration-designer/9nblggh4tx22) from the Microsoft Store.
    ![Screenshot of the Windows Configuration Designer app Store](./media/windows-bulk-enroll/bulk-enroll-store.png)
 
-2. Open the **Windows Configuration Designer** app and select **Provision desktop devices**.
+1. Open the **Windows Configuration Designer** app and select **Provision desktop devices**.
    ![Screenshot of selecting Provision desktop devices in the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-select.png)
 
-3. A **New project** window opens where you specify the following information:
+1. A **New project** window opens where you specify the following information:
    - **Name** - A name for your project
    - **Project folder** - Save location for the project
    - **Description** - An optional description of the project
    ![Screenshot of specifying name, project folder, and description in the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-name.png)
 
-4. Enter a unique name for your devices. Names can include a serial number (%SERIAL%) or a random set of characters. Optionally, you can also enter a product key if you are upgrading the edition of Windows, configure the device for shared use, and remove pre-installed software.
+1. Enter a unique name for your devices. Names can include a serial number (%SERIAL%) or a random set of characters. Optionally, you can also enter a product key if you are upgrading the edition of Windows, configure the device for shared use, and remove pre-installed software.
    
    ![Screenshot of specifying name and product key in the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-device.png)
 
-5. Optionally, you can configure the Wi-Fi network devices connect to when they first start.  If the network devices aren't configured, a wired network connection is required when the device is first started.
+1. Optionally, you can configure the Wi-Fi network devices connect to when they first start.  If the network devices aren't configured, a wired network connection is required when the device is first started.
    ![Screenshot of enabling Wi-Fi including Network SSID and Network type options in the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-network.png)
 
-6. Select **Enroll in Azure AD**, enter a **Bulk Token Expiry** date, and then select **Get Bulk Token**. The token validity period is 180 days.
+1. Select **Enroll in Azure AD**, enter a **Bulk Token Expiry** date, and then select **Get Bulk Token**. The token validity period is 180 days.
    ![Screenshot of account management in the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-account.png)
 
-> [!NOTE]
-> Once a provisioning package is created, it can be revoked before its expiration by removing the associated package_{GUID} user account from Azure AD.
+   > [!NOTE]
+   > Once a provisioning package is created, it can be revoked before its expiration by removing the associated package_{GUID} user account from Azure AD.
 
-7. Provide your Azure AD credentials to get a bulk token.
+1. Provide your Azure AD credentials to get a bulk token.
    ![Screenshot of signing in to the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-cred.png)
 
-8. In the **Stay signed in to all your apps** page, select **No, sign in to this app only**. If you keep the check box selected and press OK, the device you are using will become managed by your organization. If you do not intend for your device to be managed, make sure to select **No, sign in to this app only**. 
+   > [!NOTE]
+   > The account used to request the bulk token must be included in the [MDM user scope](windows-enroll.md#enable-windows-automatic-enrollment) that is specified in Azure AD.
+
+1. In the **Stay signed in to all your apps** page, select **No, sign in to this app only**. If you keep the check box selected and press OK, the device you are using will become managed by your organization. If you do not intend for your device to be managed, make sure to select **No, sign in to this app only**. 
 
-9. Click **Next** when **Bulk Token** is fetched successfully.
+1. Click **Next** when **Bulk Token** is fetched successfully.
 
-10. Optionally, you can **Add applications** and **Add certificates**. These apps and certificates are provisioned on the device.
+1. Optionally, you can **Add applications** and **Add certificates**. These apps and certificates are provisioned on the device.
 
-11. Optionally, you can password protect your provisioning package.  Click **Create**.
+1. Optionally, you can password protect your provisioning package.  Click **Create**.
     ![Screenshot of package protection in the Windows Configuration Designer app](./media/windows-bulk-enroll/bulk-enroll-create.png)
 
 ## Provision devices
diff --git a/memdocs/intune/fundamentals/whats-new.md b/memdocs/intune/fundamentals/whats-new.md
@@ -70,6 +70,24 @@ You can use RSS to be notified when this page is updated. For more information,
 
 ### Device configuration
 
+#### Support for Locate device on Android Enterprise corporate owned fully managed and Android Enterprise corporate owned work profile devices<!--12391424 -->
+
+You can now use "Locate device" on Android Enterprise corporate owned fully managed and Android Enterprise corporate owned work profile devices. With this feature, admins will be able to locate lost or stolen corporate devices on-demand.
+
+To do this, in [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), you will need to turn the feature on using **Device Restrictions** in **Device Configuration** for Android Enterprise.
+
+Click **Allow** on the **Locate device** toggle for fully managed and corporate owned work profile devices and select applicable groups. **Locate device** will be available when you select **Devices**, and then select **All devices**. From the list of devices you manage, select a supported device, and choose the **Locate device** remote action.
+
+For information on locating lost or stolen devices with Intune, go to:
+
+- [Locate lost or stolen devices with Intune](../remote-actions/device-locate.md)
+
+Applies to:
+
+- Android Enterprise corporate owned fully managed
+- Android Enterprise corporate owned dedicated devices
+- Android Enterprise corporate owned work profile
+
 #### Intune add-ons <!-- 13817801 -->
 
 Microsoft Intune Suite provides mission-critical advanced endpoint management and security capabilities into Microsoft Intune. 
diff --git a/memdocs/intune/remote-actions/device-locate.md b/memdocs/intune/remote-actions/device-locate.md
@@ -44,7 +44,7 @@ You need to enable Windows location services in Windows Out of Box Experience (O
 
 **Locate device** - The following platforms support this capability:
 
-- **Android Enterprise dedicated devices** – Requires the device run *Google Play Services* version **20.06.16** or later and have Location services turned on.  
+- **Android Enterprise** – This is applicable to dedicated devices, fully-managed, and corporate-owned work profile devices. Requires the device to run *Google Play Services* version **20.06.16** or later and have Location services turned on.  
 - **iOS/iPadOS 9.3 and later** - Requires the device to be in supervised mode, and be in [lost mode](device-lost-mode.md).
 - **Windows 10**:
   - Version 20H2 (10.0.19042.789) or later
@@ -57,8 +57,8 @@ You need to enable Windows location services in Windows Out of Box Experience (O
 
 - **iOS/iPadOS 9.3 and later** - Requires the device to be in supervised mode, and be in [lost mode](device-lost-mode.md)
 - **Android Enterprise dedicated devices** - Requires the Intune app running 2202.01 or later 
-- **Android Enterprise corporate-owned work profile (COPE) devices** - Requires the Intune app running 2202.01 or later
-- **Android Enterprise corporate-owned fully managed (COBO) devices** - Requires the Intune app running 2202.01 or later
+- **Android Enterprise corporate-owned work profile devices** - Requires the Intune app running 2202.01 or later
+- **Android Enterprise corporate-owned fully managed devices** - Requires the Intune app running 2202.01 or later
 
 **Unsupported** - Device location capabilities aren't supported for the following platforms:
 
@@ -77,8 +77,6 @@ You need to enable Windows location services in Windows Out of Box Experience (O
 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices**, and then select **All devices**.
 3. From the list of devices you manage, select a supported device, and choose **...**. Then choose the **Locate device** remote action.
-   
-   
 4. After the device is located, its location is shown in **Locate device**.  
 
    - You can select the location pin on the map to view a location address and coordinates.
@@ -87,6 +85,13 @@ You need to enable Windows location services in Windows Out of Box Experience (O
 
    ![Screenshot of Locate device using Intune in Azure](./media/device-locate/locate-device.png)
 
+Android use of **Locate device** is controlled by **Device Restrictions** in **Device Configuration**. 
+There are two separate toggles, one for dedicated and one for fully managed and corporate owned work profile devices.
+
+For fully managed and corporate owned work profile, **Locate device** is set to **Not configured** as the default and it blocks the feature. To allow this feature, use device restrictions within Device Configuration and configure the toggle for **Locate device** to Allow.
+
+For dedicated devices, **Locate device** is set to **Not configured** as the default, which allows the feature. To turn this feature off, use device restrictions within **Device Configuration** and configure the toggle for **Locate device** to **Block**. When **Locate device** is allowed, users will receive a one-time notification, "Intune can access your location", indicating that Intune has the ability to use location permissions on the device.
+
 ### Last known location
 
 When you use the *Locate device* action for an Android Enterprise dedicated device that is off-line and unable to respond with its current location, Intune attempts to display its last known location. This capability uses data submitted by the device when it checks in with Intune.
@@ -117,14 +122,14 @@ To start a lost device sound alert:
 4. On the devices *Overview* pane:
    - For **iOS/iPadOS**: select **Play Lost mode sound (supervise only)**. The sound plays on an iOS/iPadOS device until the device is removed from lost mode.
 
-   - For **Android Enterprise dedicated devices**, **Android Enterprise corporate-owned work profile (COPE) devices**, and **Android Enterprise corporate-owned fully managed (COBO) devices** : select **Play Lost device sound**. The sound plays on an Android Enterprise dedicated device for the set duration or if notifications are enabled, until a user on the device turns it off. 
+   - For **Android Enterprise dedicated devices**, **Android Enterprise corporate-owned work profile devices**, and **Android Enterprise corporate-owned fully managed devices** : select **Play Lost device sound**. The sound plays on an Android Enterprise dedicated device for the set duration or if notifications are enabled, until a user on the device turns it off. 
    
    -  For **Android Enterprise dedicated devices**:
       - devices running on operating systems below version 10, a full screen activity with a **Stop Sound** button pops up. 
       - devices running on operating systems version 10 or higher, if notifications are enabled, a notification with a **Stop Sound** button shows up.
       - To configure system notifications for devices in kiosk mode, see [Android Enterprise device settings to allow or restrict features using Intune](../configuration/device-restrictions-android-for-work.md).
      
-   - For **Android Enterprise corporate-owned work profile (COPE) devices**, and **Android Enterprise corporate-owned fully managed (COBO) devices** :
+   - For **Android Enterprise corporate-owned work profile devices**, and **Android Enterprise corporate-owned fully managed devices** :
      - To configure system notifications for devices, see [Android Enterprise device settings to allow or restrict features using Intune](../configuration/device-restrictions-android-for-work.md).
 
 ## Security and privacy information for lost mode and locate device actions
@@ -135,6 +140,7 @@ To start a lost device sound alert:
 - The data for last known locations is stored for up to seven days, and then removed.
 - Location data is encrypted, both while stored and while being transmitted.
 - For iOS/iPadOS devices, when you configure lost mode, you can customize a message that appears on the lock screen. In this message, to help the person that finds the device, be sure to include specific details to return the lost device.
+- For fully-managed and corporate-owned work profile scenarios, end users will receive a notification when the administrator uses this feature, if notifications have been enabled.
 
 ## Next steps
 
diff --git a/windows-365/enterprise/whats-new.md b/windows-365/enterprise/whats-new.md
@@ -35,7 +35,7 @@ ms.collection:
 Learn what new features are available in Windows 365 Enterprise.
 
 > [!NOTE]
-> Each monthly update may take up to a week to rollout to all customers.
+> Each monthly update may roll out over several weeks and might not be immediately available to all customers.
 
 <!-- Common categories:  
 ### App management
