New Features

New Features

App management
Intune support for additional macOS app types from the Company Portal
Intune supports the capability to deploy DMG and PKG apps as Available in the Intune macOS Company Portal. This capability enables end users to browse and install agent-deployed applications using Company Portal for macOS. This capability requires a minimum version of the Intune agent for macOS v2407.005 and Intune Company Portal for macOS v5.2406.2.

Newly available Enterprise App Catalog apps for Intune
The Enterprise App Catalog has updated to include additional apps. For a complete list of supported apps.

The Intune App SDK and Intune App Wrapping Tool are now in a different GitHub repo
The Intune App SDK and Intune App Wrapping Tool have moved to a different GitHub repository and a new account. There are redirects in place for all existing repositories. In addition, the Intune sample applications are also included in this move. This change relates to both Android and iOS platforms.

Device configuration
New clipboard transfer direction settings available in the Windows settings catalog
The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. For more information about configuring Settings Catalog profiles in Intune, see Create a policy using settings catalog.

There are new settings in the Settings Catalog. To see these settings, in the Microsoft Intune admin center, go to Devices>Manage devices >Configuration>Create>New policy>Windows 10 and later for platform>Settings catalog for profile type.

Administrative Templates>Windows Components>Remote Desktop Services>Remote Desktop Session Host>Device and Resource Redirection:

• Restrict clipboard transfer from server to client
• Restrict clipboard transfer from server to client (User)
• Restrict clipboard transfer from client to server
• Restrict clipboard transfer from client to server (User)
  For more information on configuring the clipboard transfer direction in Azure Virtual Desktop, see Configure the clipboard transfer direction and types of data that can be copied in Azure Virtual Desktop.

Applies to:

• Windows 11
• Windows 10
  New settings available in the Apple settings catalog
  The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. For more information about configuring Settings Catalog profiles in Intune, see Create a policy using settings catalog.

There are new settings in the Settings Catalog. To see these settings, in the Microsoft Intune admin center, go to Devices>Manage devices >Configuration>Create>New policy>iOS/iPadOS or macOS for platform>Settings catalog for profile type.

iOS/iPadOS
Restrictions:

• Allow Auto Dim

macOS
Privacy>Privacy Preferences Policy Control:

• Bluetooth Always

Android Enterprise has new values for the Allow access to all apps in Google Play store setting
In an Intune device restrictions configuration policy, you can configure the Allow access to all apps in Google Play store setting using the Allow and Not configured options (Devices>Manage devices> Configuration>Create>New policy>Android Enterprise for platform>Fully managed, dedicated and corporate-owned work profile>Device restrictions for profile type>Applications).

The available options are updated to Allow, Block, and Not configured.

There is no impact to existing profiles using this setting.

For more information on this setting and the values you can currently configure, see Android Enterprise device settings list to allow or restrict features on corporate-owned devices using Intune.

Applies to:

• Android Enterprise Fully managed, dedicated and corporate-owned work profile

Device enrollment
Use corporate Microsoft Entra account to enable Android Enterprise management options in Intune
Managing Intune-enrolled devices with Android Enterprise management options previously required you to connect your Intune tenant to your managed Google Play account using a personal Gmail account. Now you can use a corporate Microsoft Entra account to establish the connection. This change is happening in new tenants, and doesn't affect tenants that have already established a connection. For more information, see Connect Intune account to Managed Google Play account - Microsoft Intune | Microsoft Learn.

New support for Red Hat Enterprise Linux
Microsoft Intune now supports device management for Red Hat Enterprise Linux. You can enroll and manage Red Hat Enterprise Linux devices, and assign standard compliance policies, custom configuration scripts, and compliance scripts. For more information, see Deployment guide: Manage Linux devices in Microsoft Intune and Enrollment guide: Enroll Linux desktop devices in Microsoft Intune.
Applies to:

• Red Hat Enterprise Linux 9
• Red Hat Enterprise Linux 8

New Intune report and device action for Windows enrollment attestation (public preview)
Use the new device attestation status report in Microsoft Intune to find out if a device has attested and enrolled securely while being hardware-backed. From the report, you can attempt remote attestation via a new device action.

Just-in-time registration and compliance remediation available for all iOS/iPadOS enrollments
You can now configure just-in-time (JIT) registration and JIT compliance remediation for all Apple iOS and iPadOS enrollments. These Intune-supported features improve the enrollment experience because they can take the place of the Intune Company Portal app for device registration and compliance checks. We recommend setting up JIT registration and compliance remediation for new enrollments, and to improve the experience for existing enrolled devices. For more information

Device management
Consolidation of Intune profiles for identity protection and account protection
We have consolidated the Intune profiles that were related to identity and account protection, into a single new profile named Account protection. This new profile is found in the account protection policy node of endpoint security, and is now the only profile template that remains available when creating new policy instances for identity and account protection. The new profile includes Windows Hello for Business settings for both users and devices, and settings for Windows Credential Guard.

Because this new profile uses Intune’s unified settings format for device management, the profiles settings are also available through the settings catalog, and help to improve the reporting experience in the Intune admin center.

You can continue to use any instances of the following profile templates that you already have in place, but Intune no longer supports creating new instances of these profiles:

Identity protection – previously available from Devices>Configuration >Create >New Policy>Windows 10 and later>Templates>Identity Protection
Account protection (Preview) – previously available from Endpoint Security >Account protection>Windows 10 and later>Account protection (Preview)
Applies to:

• Windows 10
• Windows 11
  New operatingSystemVersion filter property with new comparison operators (preview)
  There's a new operatingSystemVersion filter property. This property:

Is in public preview and still being developed. So, some features, like Preview devices, don't work yet.

Should be used instead of the existing OSVersion property. The OSVersion property is being deprecated.

When operatingSystemVersion is generally available (GA), the OSVersion property will retire, and you won't be able to create new filters using this property. Existing filters that use OSVersion continue to work.

Has new comparison operators:

GreaterThan: Use for version value types.

Allowed values: -gt | gt
Example: (device.operatingSystemVersion -gt 10.0.22000.1000)
GreaterThanOrEquals: Use for version value types.

Allowed values: -ge | ge
Example: (device.operatingSystemVersion -ge 10.0.22000.1000)
LessThan: Use for version value types.

Allowed values: -lt | lt
Example: (device.operatingSystemVersion -lt 10.0.22000.1000)
LessThanOrEquals: Use for version value types.

Allowed values: -le | le
Example: (device.operatingSystemVersion -le 10.0.22000.1000)
For managed devices, operatingSystemVersion applies to:

• Android
• iOS/iPadOS
• macOS
• Windows
  For managed apps, operatingSystemVersion applies to:
• Android
• iOS/iPadOS
• Windows

Government community cloud (GCC) support for Remote Help for macOS devices
GCC customers can now use Remote Help for macOS devices on both web app and native application.

Applies to:

• macOS 12, 13 and 14

Device security
Updated security baseline for Windows 365 Cloud PC
You can now deploy the Intune security baseline for Windows 365 Cloud PC. This new baseline is based on Windows version 24H1. This new baseline version uses the unified settings platform seen in the Settings Catalog, which features an improved user interface and reporting experience, consistency and accuracy improvements with setting tattooing, and the new ability to support assignment filters for profiles.
Use of Intune security baselines can help you maintain best-practice configurations for your Windows devices and can help you rapidly deploy configurations to your Windows devices that meet the security recommendations of the applicable security teams at Microsoft.
As with all baselines, the default baseline represents the recommended configurations for each setting, which you can modify to meet the requirements of your organization.

Applies to:

• Windows 10
• Windows 11
  To view the new baselines included settings with their default configurations, see, Windows 365 baseline settings version 24H1.

Intune apps
**Newly available protected apps for Intune
The following protected apps are now available for Microsoft Intune:**

• Asana: Work in one place (Android) by Asana, Inc.
• Goodnotes 6 (iOS) by Time Base Technology Limited
• Riskonnect Resilience by Riskonnect, Inc.
• Beakon Mobile App by Beakon Mobile Team
• HCSS Plans: Revision control (iOS) by Heavy Construction Systems Specialists, Inc.
• HCSS Field: Time, cost, safety (iOS) by Heavy Construction Systems Specialists, Inc.