Not a user yet?
Log in Register for free Suggest a product
Update

New settings available in the Apple settings catalog

IntuneIntune
Microsoft
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

Week of September 23, 2024 (Service release 2409)

App management
Working Time settings for app protection policies
Working time settings allow you to enforce policies that limit access to apps and mute message notifications received from apps during non-working time. The limit access setting is now available for the Microsoft Teams and Microsoft Edge apps. You can limit access by using App Protection Policies (APP) to block or warn end users from using the iOS/iPadOS or Android Teams and Edge apps during non-working time by setting the Non-working time conditional launch setting. Also, you can create a non-working time policy to mute notifications from the Teams app to end users during non-working time.

Applies to:

  • Android
  • iOS/iPadOS

Streamlined app creation experience for apps from Enterprise App Catalog
We've streamlined the way apps from Enterprise App Catalog are added to Intune. We now provide a direct app link rather than duplicating the app binaries and metadata. App contents now download from a *.manage.microsoft.com subdomain. This update helps to improve the latency when adding an app to Intune. When you add an app from Enterprise App Catalog, it syncs immediately and is ready for additional action from within Intune.

Update Enterprise App Catalog apps
Enterprise App Management is enhanced to allow you to update an Enterprise App Catalog app. This capability guides you through a wizard that allows you to add a new application and use supersedence to update the previous application.

Device configuration
Samsung ended support for multiple Android device administrator (DA) settings
On Android device administrator managed (DA) devices, Samsung has deprecated many Samsung Knox APIs (opens Samsung's web site) configuration settings.

In Intune, this deprecation impacts the following device restrictions settings, compliance settings, and trusted certificate profiles:

  • Device restriction settings for Android in Microsoft Intune
  • View the Android device administrator compliance settings for Microsoft Intune compliance policies
  • Create trusted certificate profiles in Microsoft Intune

In the Intune admin center, when you create or update a profile with these settings, the impacted settings are noted.

Though the functionality might continue to work, there's no guarantee that it will continue working for any or all Android DA versions supported by Intune. For more information on Samsung support for deprecated APIs, see What kind of support is offered after an API is deprecated? (opens Samsung's web site).

Instead, you can manage Android devices with Intune using one of the following Android Enterprise options:

  • Set up enrollment of Android Enterprise personally owned work profile devices
  • Set up Intune enrollment of Android Enterprise corporate-owned devices with work profile
  • Set up enrollment for Android Enterprise fully managed devices
  • Set up Intune enrollment of Android Enterprise dedicated devices
  • App protection policies overview
    Applies to:
  • Android device administrator (DA)

Device Firmware Configuration Interface (DFCI) supports VAIO devices
For Windows 10/11 devices, you can create a DFCI profile to manage UEFI (BIOS) settings. In Microsoft Intune admin center, select Devices > Manage devices > Configuration > Create > New policy > Windows 10 and later for platform > Templates > Device Firmware Configuration Interface for profile type.

Some VAIO devices running Windows 10/11 are enabled for DFCI. Contact your device vendor or device manufacturer for eligible devices.

Applies to:

  • Windows 10
  • Windows 11

New settings available in the Apple settings catalog
The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. For more information about configuring Settings Catalog profiles in Intune, see Create a policy using settings catalog.

There are new settings in the Settings Catalog. To see these settings, in the Microsoft Intune admin center, go to Devices > Manage devices > Configuration > Create > New policy > iOS/iPadOS or macOS for platform > Settings catalog for profile type.

iOS/iPadOS
Declarative Device Management (DDM) > Math Settings:

Calculator

Basic Mode
Math Notes Mode
Scientific Mode
System Behavior

Keyboard Suggestions
Math Notes
Web Content Filter:

Hide Deny List URLs
macOS
Declarative Device Management (DDM) > Math Settings:

Calculator

  • Basic Mode
  • Math Notes Mode
  • Scientific Mode

System Behavior

  • Keyboard Suggestions
  • Math Notes
    System Configuration>System Extensions:
  • Non Removable From UI System Extensions
  • Non Removable System Extensions

Consent prompt update for remote log collection
End users might see a different consent experience for remote log collection after the Android APP SDK 10.4.0 and iOS APP SDK 19.6.0 updates. End users will no longer see a common prompt from Intune and will only see a prompt from the application, if it has one.

Adoption of this change is per-application and is subject to each applications release schedule.

Applies to:

  • Android
  • iOS/iPadOS

Device enrollment
New Setup Assistant screens available for configuration for ADE
New Setup Assistant screens are available to configure in the Microsoft Intune admin center. You can hide or show these screens during automated device enrollment (ADE).

For macOS:

  • Wallpaper: Show or hide the macOS Sonoma wallpaper setup pane that appears after an upgrade on devices running macOS 14.1 and later.
  • Lockdown mode: Show or hide the lockdown mode setup pane on devices running macOS 14.1 and later.
  • Intelligence: Show or hide the Apple Intelligence setup pane on devices running macOS 15 and later.

For iOS/iPadOS:

  • Emergency SOS: Show or hide the safety setup pane on devices running iOS/iPadOS 16 and later.
  • Action button: Show or hide the setup pane for the action button on devices running iOS/iPadOS 17 and later.
  • Intelligence: Show or hide the Apple Intelligence setup pane on devices running iOS/iPadOS 18 and later.
    You can configure these screens in new and existing enrollment policies.

Extended expiration date for corporate-owned, user-associated AOSP enrollment tokens
Now when you create an enrollment token for Android Open Source Project (AOSP) corporate-owned, user-associated devices, you can select an expiration date that's up to 65 years into the future, an improvement over the previous 90 day expiration date. You can also modify the expiration date of existing enrollment tokens for Android Open Source Project (AOSP) corporate-owned, user-associated devices.

Device security
New disk encryption template for Personal Data Encryption
You can now use the new Personal Data Encryption (PDE) template that is available through endpoint security disk encryption policy. This new template configures the Windows PDE configuration service provider (CSP), which was introduced in Windows 11 22H2. The PDE CSP is also available through the settings catalog.

PDE differs from BitLocker in that it encrypts files instead of whole volumes and disks. PDE occurs in addition to other encryption methods such as BitLocker. Unlike BitLocker that releases data encryption keys at boot, PDE doesn't release data encryption keys until a user signs in using Windows Hello for Business.

Applies to:

  • Windows 11 version 22h2 or later

Intune Apps
Newly available protected app for Intune
The following protected app is now available for Microsoft Intune:

  • Notate for Intune by Shafer Systems, LLC
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft Intune updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad