From c859ead1b4b06d5694cd0e88055939ce83ca59bb Mon Sep 17 00:00:00 2001
From: Conrad Gryba <111100824+cgryba@users.noreply.github.com>
Date: Fri, 31 Oct 2025 14:15:08 -0700
Subject: [PATCH] Updated conditional launch offline grace period data wipe

Updated line 52 to make level 3 conditional launch settings more aggressive than level 2
---
 .../intune-service/includes/app-protection-framework-level3.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/intune/intune-service/includes/app-protection-framework-level3.md b/intune/intune-service/includes/app-protection-framework-level3.md
index e735d5cc4d..633aeb56f8 100644
--- a/intune/intune-service/includes/app-protection-framework-level3.md
+++ b/intune/intune-service/includes/app-protection-framework-level3.md
@@ -49,5 +49,5 @@ Level 3 is the data protection configuration recommended as a standard for organ
 | Device conditions  |       Max   OS version  |          *Format: Major.Minor.Build <br>Example:   15.0* / Block access |          iOS/iPadOS        | Microsoft recommends configuring   the maximum iOS/iPadOS major version to ensure beta or unsupported versions of the operating system aren't used. See   [Apple security updates](https://support.apple.com/en-us/HT201222) for Apple's latest recommendations |
 | Device conditions  |       Max   OS version  |          *Format: Major.Minor<br>   Example: 22631.* / Block access   |          Windows        | Microsoft recommends configuring   the maximum Windows major version to ensure beta or unsupported versions of the operating system aren't used. |
 | Device conditions  |       Samsung Knox device attestation  | Wipe data |          Android        | Microsoft recommends configuring the **Samsung Knox device attestation** setting to **Wipe data** to ensure the org data is removed if the device doesn't meet Samsung's Knox hardware-based verification of device health.  This setting verifies all Intune MAM client responses to the Intune service were sent from a healthy device.  <p> This setting will apply to all devices targeted.  To apply this setting only to Samsung devices, you can use "Managed apps" assignment filters.  For more information on assignment filters, see [Use filters when assigning your apps, policies, and profiles in Microsoft Intune](/mem/intune-service/fundamentals/filters).|
-| App conditions | Offline grace period | 30 / Block access (days) | iOS/iPadOS, Android, Windows | |
+| App conditions | Offline grace period | 14 / Wipe data (days) | iOS/iPadOS, Android, Windows | |