From 5ffa14a126c4cf8d47c6439813323d9ca0d38e69 Mon Sep 17 00:00:00 2001
From: Mandi Ohlinger <3229224+MandiOhlinger@users.noreply.github.com>
Date: Thu, 25 Jun 2026 16:41:23 -0400
Subject: [PATCH 1/4] Update authorized approvers for configmgr (#20468)

Added approvers for the /configmgr/ folder
---
 authorized-approvers.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/authorized-approvers.txt b/authorized-approvers.txt
index b44bb907f5..9b5d34f260 100644
--- a/authorized-approvers.txt
+++ b/authorized-approvers.txt
@@ -16,4 +16,6 @@
 # Specific folder overrides (include default team to retain their approval)
 # /FOLDER/ @MicrosoftDocs/msecd-org OPTIONAL_APPROVERS
 
-# /compliance/ @MicrosoftDocs/msecd-org @chvukosw @k-reagle
\ No newline at end of file
+# /compliance/ @MicrosoftDocs/msecd-org @chvukosw @k-reagle
+
+/configmgr/ @umair0204 @Yupiter2005 @hugowu-github @qiani @MandiOhlinger @Brenduns @paolomatarazzo @MicrosoftDocs/msecd-org

From ab7726481f23ce26f49dd86b39ef7532207b7702 Mon Sep 17 00:00:00 2001
From: Kara Wang <146743611+kara-wang@users.noreply.github.com>
Date: Fri, 26 Jun 2026 16:26:54 -0400
Subject: [PATCH 2/4] Revise unattended session guidelines for security
 (#20472)

Updated guidance for unattended control sessions to emphasize the prohibition of sensitive operations.
---
 intune/remote-help/start-session.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/intune/remote-help/start-session.md b/intune/remote-help/start-session.md
index d24bd1bbeb..c727c08ad4 100644
--- a/intune/remote-help/start-session.md
+++ b/intune/remote-help/start-session.md
@@ -264,8 +264,8 @@ Remote Help displays a warning if the sharer's device isn't enrolled in Microsof
 
     c. During an unattended control session, the screen of the device you're connected to is blocked due to security and privacy reasons, and the user is notified if they interact with it. If the user interacts with the blocked screen, they'll receive a notification letting them know that you're currently accessing the device. When the notification is shown, you and the end user won't be able to take any action for 30 seconds when this screen will close.
 
-      > [!TIP]
-      > We recommend limiting your activities to nonsensitive operations during an unattended control session, even with the screen of the device you're connected to blocked to the end user.  
+      > [!IMPORTANT]
+      > Do not perform sensitive operations during an unattended control session. On devices that use unattended access, do not install  or allowlist any apps that can record or mirror the screen. 
 
 1. At the end of the session, select **Leave** to end the session from the admin console.
 
@@ -296,4 +296,4 @@ Remote Help displays a warning if the sharer's device isn't enrolled in Microsof
 
 <!--links-->
 
-[Microsoft Intune admin center]: https://go.microsoft.com/fwlink/?linkid=2109431
\ No newline at end of file
+[Microsoft Intune admin center]: https://go.microsoft.com/fwlink/?linkid=2109431

From ce89dea7967d0d39d9b0771fef106e190bc8d0f4 Mon Sep 17 00:00:00 2001
From: Kara Wang <146743611+kara-wang@users.noreply.github.com>
Date: Fri, 26 Jun 2026 16:33:30 -0400
Subject: [PATCH 3/4] Revise permissions advice for Remote Help app (#20473)

* Revise permissions advice for Remote Help app

Updated guidance on app permissions for unattended access to emphasize avoiding screen recording or mirroring apps.

* Fix formatting of important note in deploy.md

---------

Co-authored-by: Laura Newsad <lanewsad@microsoft.com>
---
 intune/remote-help/deploy.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/intune/remote-help/deploy.md b/intune/remote-help/deploy.md
index 11361de020..81319de881 100644
--- a/intune/remote-help/deploy.md
+++ b/intune/remote-help/deploy.md
@@ -271,8 +271,9 @@ Content-Type: application/json
 
 To protect user privacy on the device, both the Android OS and device OEMs require certain permissions to be granted to the Remote Help app.
 
-> [!NOTE]
-> We don't recommend installing or allowlist apps capable of screen recording or mirroring if you intend to use unattended mode in your organization for risky operations.
+ > [!IMPORTANT]
+ > On devices that use unattended access, do not install or allowlist any apps that can record or mirror the screen. We also recommend that you avoid performing sensitive operations during an unattended control session.
+
 
 ##### Camera
 
@@ -492,4 +493,4 @@ To apply conditional access policies to Remote Help, follow these steps:
 
 <!--links-->
 
-[Microsoft Intune admin center]: https://go.microsoft.com/fwlink/?linkid=2109431
\ No newline at end of file
+[Microsoft Intune admin center]: https://go.microsoft.com/fwlink/?linkid=2109431

From 20076604dbe06f89acd396e9633f7aa1a618f906 Mon Sep 17 00:00:00 2001
From: Ross McAllister <10053959+rmca14@users.noreply.github.com>
Date: Fri, 26 Jun 2026 15:54:43 -0700
Subject: [PATCH 4/4] Update approval (#20476)

---
 authorized-approvers.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authorized-approvers.txt b/authorized-approvers.txt
index 9b5d34f260..bc83fd51f2 100644
--- a/authorized-approvers.txt
+++ b/authorized-approvers.txt
@@ -18,4 +18,4 @@
 
 # /compliance/ @MicrosoftDocs/msecd-org @chvukosw @k-reagle
 
-/configmgr/ @umair0204 @Yupiter2005 @hugowu-github @qiani @MandiOhlinger @Brenduns @paolomatarazzo @MicrosoftDocs/msecd-org
+# /configmgr/ @MicrosoftDocs/msecd-org @umair0204 @Yupiter2005 @hugowu-github @qiani