New settings available in the Apple settings catalog

Week of March 17, 2025 (Service release 2503)

Microsoft Intune Suite
Endpoint Privilege Manager support for ARM 64-bit devices
Endpoint Protection Manager (EPM) now supports managing file elevations on devices that run on ARM 64-bit architecture.

Applies to:

• Windows

Device configuration
New settings available in the Apple settings catalog
The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. For more information about configuring Settings Catalog profiles in Intune, go to Create a policy using settings catalog.

There are new settings in the Settings Catalog. To see these settings, in the Microsoft Intune admin center go to Devices>Manage devices>Configuration>Create>New policy>iOS/iPadOS or macOS for platform>Settings catalog for profile type.
iOS/iPadOS
Restrictions:

• Allow Apple Intelligence Report
• Allow Default Calling App Modification
• Allow Default Messaging App Modification
• Allow Mail Smart Replies
• Allow Notes Transcription
• Allow Safari Summary

macOS
Remote Desktop:

• Remote Desktop
  Restrictions:
• Allow Apple Intelligence Report
• Allow Mail Smart Replies
• Allow Notes Transcription
• Allow Safari Summary

Device management
New settings for Windows LAPS policy
Intune policies for Windows Local Administrator Password Solution (LAPS) now include several new settings and updates to two previously available settings. Use of LAPS which is a Windows built-in solution can help you secure the built-in local administrator account that is present on each Windows device. All the settings that you can manage through Intune LAPS policy are described in the Windows LAPS CSP.

The following new settings are available: (Each setting name is a link that opens the CSP documentation for that setting.)

• Automatic Account Management Enable Account
• Automatic Account Management Enabled
• Automatic Account Management Name Or Prefix
• Automatic Account Management Randomize Name
• Automatic Account Management Target
• Passphrase Length

The following settings have new options available:

• Password Complexity – The following are new options available for this setting:
• Passphrase (long words)
• Passphrase (short words)
• Passphrase (short words with unique prefixes)
• Post Authentication Actions - The following option is now available for this setting:
• Reset the password, logoff the managed account, and terminate any remaining processes: upon expiration of the grace period, the managed account password is reset, any interactive logon sessions using the managed account are logged off, and any remaining processes are terminated.

By default, each setting in LAPS policies is set to Not configured, which means the addition of these new settings won't change the behavior of your existing policies. To make use of the new settings and options, you can create new profiles or edit your existing profiles.

Applies to:

• Windows

Configure devices to stay on the latest OS version using declarative device management (DDM)

As part of the Settings Catalog, you can now configure devices to automatically update to the latest OS version using DDM. To use these new settings in the Microsoft Intune admin center, go to Devices>Manage devices>Configuration>Create>New policy>iOS/iPadOS or macOSfor platform> Settings catalog for profile type.

Declarative device management>Software Update Enforce Latest.

• Enforce Latest Software Update Version: If true, devices will upgrade to the latest OS version that is available for that device model. This uses the Software Update Enforcement configuration and will force devices to restart and install the update after the deadline passes.
• Delay In Days: Specify the number of days that should pass before a deadline is enforced. This delay is based on either the posting date of the new update when released by Apple, or when the policy is configured.
• Install Time: Specify the local device time for when updates are enforced. This setting uses the 24-hour clock format where midnight is 00:00 and 11:59pm is 23:59. Ensure that you include the leading 0 on single digit hours. For example, 01:00, 02:00, 03:00.

Learn more about configuring managed updates through DDM at Managed software updates.

Applies To:

• iOS/iPadOS
• macOS

Remote Help supports Azure Virtual Desktop muti-session
Remote Help now provides support for multi-session AVD with several users on a single virtual machine. Earlier, Remote Help was supporting Azure Virtual Desktop (AVD) sessions with one user on one virtual machine (VM).