Merge pull request #279016 from dknappettmsft/patch-29

AVD client redirection added conditions table and clarified apps flow

Author: prmerger-automator[bot]

articles/virtual-desktop/client-device-redirection-intune.md

@@ -127,7 +127,7 @@ Here are some recommended policy settings you should use with Intune and Conditi
    - Specify a minimum device operating system version.
    - Specify a minimum Windows App and/or Remote Desktop app version number.
    - Block jailbroken/rooted devices.
-   - Require a mobile threat defense solution on devices, with no threats detected.
+   - Require a mobile threat defense (MTD) solution on devices, with no threats detected.
 
 - Conditional Access:
     - Block access unless criteria set in Intune mobile application management policies are met.
@@ -213,13 +213,13 @@ To create and apply an app configuration policy for managed apps, follow the ste
 
 You need to create an [app protection policy](/mem/intune/apps/app-protection-policy) for Windows App and the Remote Desktop app, which enable you to control how data is accessed and shared by apps on mobile devices.
 
-To create and apply an app protection policy, follow the steps in [How to create and assign app protection policies](/mem/intune/apps/app-protection-policies) and use the following settings:
+To create and apply an app protection policy, follow the steps in [How to create and assign app protection policies](/mem/intune/apps/app-protection-policies) and use the following settings. You need to create an app protection policy for each platform you want to target.
 
 - On the **Apps** tab, do the following, depending on whether you're targeting Windows App or the Remote Desktop app
 
-   - For Windows App, select **Select custom apps**, then for **Bundle or Package ID**, enter `com.microsoft.rdc.apple` and for platform, select **iOS/iPadOS**.
+   - For Windows App on iOS/iPadOS, select **Select custom apps**, then for **Bundle or Package ID**, enter `com.microsoft.rdc.apple`.
 
-   - For the Remote Desktop app, select **Select public apps**, then search for and select **Remote Desktop** for each platform you want to target.
+   - For the Remote Desktop app, select **Select public apps**, then search for and select **Remote Desktop**.
 
 - On the **Data protection** tab, only the following settings are relevant to Windows App and the Remote Desktop app. The other settings don't apply as Windows App and the Remote Desktop app interact with the session host and not with data in the app. On mobile devices, unapproved keyboards are a source of keystroke logging and theft.
 
@@ -237,7 +237,14 @@ To create and apply an app protection policy, follow the steps in [How to create
    > [!TIP]
    > If you disable clipboard redirection in an app configuration policy, you should set **Restrict cut, copy, and paste between other apps** to **Blocked**.
 
-- On the **Conditional launch** tab, we recommend you configure **Min app version** from the drop-down list. Enter a value based on your requirements for the minimum version of the app, then set the action to **Block access**.
+- On the **Conditional launch** tab, we recommend you add the following conditions:
+
+   | Condition | Condition type | Value | Action |
+   |--|--|--|--|
+   | Min app version | App condition | Based on your requirements. | Block access |
+   | Min OS version | Device condition | Based on your requirements. | Block access |
+   | Primary MTD service | Device condition | Based on your requirements.<br /><br />Your MTD connector must be set up. For **Microsoft Defender for Endpoint**, [configure Microsoft Defender for Endpoint in Intune](/mem/intune/protect/advanced-threat-protection-configure). | Block access |
+   | Max allowed device threat level | Device condition | Secured | Block access |
 
    For version details, see [What's new in Windows App](/windows-app/whats-new), [What's new in the Remote Desktop client for iOS and iPadOS](whats-new-client-ios-ipados.md), and [What's new in the Remote Desktop client for Android and Chrome OS](whats-new-client-android-chrome-os.md).