Not a user yet?
Log in Register for free Suggest a product
Update

Windows 365 Link is now available in public preview

IntuneIntune
Microsoft
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

Week of November 18, 2024 (Service release 2411)

App management
Configuration values for specific managed applications on Intune enrolled iOS devices

Starting with Intune's September (2409) service release, the IntuneMAMUPN, IntuneMAMOID, and IntuneMAMDeviceID app configuration values will be automatically sent to managed applications on Intune enrolled iOS devices for the following apps:

  • Microsoft Excel
  • Microsoft Outlook
  • Microsoft PowerPoint
  • Microsoft Teams
  • Microsoft Word

Additional installation error reporting for LOB apps on AOSP devices
Additional details are now provided for app installation reporting of Line of Business (LOB) apps on Android Open Source Project (AOSP) devices. You can view installation error codes and detailed error messages for LOB apps in Intune. For information about app installation error details, see Monitor app information and assignments with Microsoft Intune.

Applies to:

  • Android Open Source Project (AOSP) devices

Microsoft Teams app protection on VisionOS devices (preview)
Microsoft Intune app protection policies (APP) are now supported on the Microsoft Teams app on VisionOS devices. To learn more about how to target policies to VisionOS devices, see Managed app properties for more information about filters for managed app properties.

Applies to:

  • Microsoft Teams for iOS on VisionOS devices

Device configuration
New settings available in the Windows settings catalog
The Settings Catalog lists all the settings you can configure in a device policy, and all in one place.

A new setting Set Copilot Hardware Key is now available in the Settings Catalog. To see this and other settings, in the Microsoft Intune admin center, go to Devices > Manage devices > Configuration > Create > New policy > Windows 10 and later for platform > Settings catalog for profile type.

Applies to:

  • Windows 11

Device Firmware Configuration Interface (DFCI) support for Samsung devices
You can now use DFCI profiles to manage UEFI (BIOS) settings for Samsung devices that run Windows 10 or Windows 11. Not all Samsung devices running Windows are enabled for DFCI. Contact your device vendor or device manufacturer for eligible devices.

You can manage DFCI profiles from within the Microsoft Intune admin center by going to Devices>Manage devices >Configuration>Create >New policy>Windows 10 and later for platform>Templates>Device Firmware Configuration Interface for profile type. For more information about DFCI profiles, see:

  • Configure Device Firmware Configuration Interface (DFCI) profiles on Windows devices in Microsoft Intune
  • Device Firmware Configuration Interface (DFCI) management with Windows Autopilot

Applies to:

  • Windows

New settings available in the Apple settings catalog
The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. For more information about configuring Settings Catalog profiles in Intune, see Create a policy using settings catalog.

We've added new settings to the Settings Catalog. To view available settings, in the Microsoft Intune admin center, go to Devices>Manage devices>Configuration>Create>New policy>iOS/iPadOS or macOS for platform>Settings catalog for profile type.

iOS/iPadOS
Restrictions:

  • Allow Apps To Be Hidden
  • Allow Apps To Be Locked
  • Allow Call Recording
  • Allow Default Browser Modification
  • Allow External Intelligence Integrations
  • Allow External Intelligence Integrations Sign In
  • Allow Mail Summary
  • Allow RCS Messagin

macOS
Restrictions:

  • Allow External Intelligence Integrations
  • Allow External Intelligence Integrations Sign In
  • Allow Mail Summary
  • Allow Media Sharing Modification
  • Force Bypass Screen Capture Alert

macOS
Networking & Firewall:

  • Enable Logging
  • Logging Option

Device management
View profiles for your Endpoint Security policies in the Device Configuration node of the admin center
We’ve updated the Configuration view for Devices in the admin center to now display profiles for your endpoint security policies alongside your device configuration policies. This means you can view a combined list of your device configuration policies and the supported endpoint security policies in a single location where you can then select a policy to view and edit it.

The combined view supports the endpoint security profiles you create for the Linux, macOS, and Windows platforms for the following endpoint security policy types:

  • Account Protection
  • Antivirus
  • Application Control
  • Attack Surface Reduction
  • Disk encryption
  • Endpoint Detection and Response
  • Endpoint Privilege Management
  • Firewall

When viewing the list of policies, endpoint security policies are identified by their template type, like Microsoft Defender Antivirus, in the Policy type column.
To view the combined list profiles for all device types, in the admin center go to Devices > All devices and below Manage devices, select Configuration.
While you can view endpoint security policies in the device configuration node, you must still create new endpoint security policies in the endpoint security node. Additionally, the combined view does not display endpoint security profiles for the Windows (ConfigMgr) platform.

Windows 365 Link is now available in public preview
Windows 365 Link is the first Cloud PC device built by Microsoft to connect securely to Windows 365 in seconds, providing a responsive, high-fidelity Windows desktop experience in the Microsoft Cloud.

Windows 365 Link runs a small Windows based OS called Windows CPC, and shows up in Intune alongside other managed Windows devices and Cloud PCs.

Also, Device actions, such as Wipe, Restart, and Collect diagnostics work similarly to other Windows devices. As the OS is purpose built to directly connect to Windows 365, this results in only a fraction of Windows configuration policies being applicable, minimizing decision points.

The process to configure and apply those applicable policies is simple and familiar because the process is the same as your other Windows devices. Secondly, Windows 365 Link has no ability to store data locally, no local apps, no local admin users, and automatically keeps itself up to date.

This means several Intune features are not applicable including application and update management, along with scripts and remediations.

Windows 365 Link is now available in public preview. For more information, see Windows 365 Link—the first Cloud PC device for Windows 365.

Store macOS certificates in user keychain
A new deployment channel setting in Microsoft Intune enables you to store macOS authentication certificates in the user keychain. This enhancement strengthens system security and improves the user experience by reducing certificate prompts. Prior to this change, Microsoft Intune automatically stored user and device certificates in the system keychain. The deployment channel setting is available in SCEP and PKCS certificate profiles for macOS, and in VPN, Wi-Fi, and wired network settings configuration profiles for macOS. For more information about the profiles and their new setting, see:

  • Add VPN settings on macOS devices in Microsoft Intune
  • Add Wi-Fi settings for macOS devices in Microsoft Intune
  • Add wired network settings for macOS
  • Configure and use PKCS certificates with Intune
  • Create and assign SCEP certificate profiles in Intune

Evaluate compliance of Windows Subsystem for Linux (generally available)
Now generally available, Microsoft Intune supports compliance checks for instances of Windows Subsystem for Linux (WSL) running on a Windows host device. You can create a Windows 10/11 compliance policy that contains the allowed Linux distribution names and versions evaluated on WSL. Microsoft Intune includes the WSL compliance results in the overall compliance state of the host device.

For more information about WSL compliance, see Evaluate compliance for Windows Subsystem for Linux.

Intune Apps
Newly available protected apps for Intune
The following protected app is now available for Microsoft Intune:

  • Microsoft Designer by Microsoft Corporation

Monitor and troubleshoot
ICCID will be inventoried for Android Enterprise Dedicated and Fully Managed
We've added the ability to view a device's ICCID number for devices enrolled as Android Enterprise Dedicated or Android Fully Managed. Admins can view ICCID numbers in their device inventory.

You can now find the ICCID number for Android devices by navigating to Devices > Android. Select a device of interest. In the side panel, under Monitor select Hardware. The ICCID number will be in the Network details group. The ICCID number isn't supported for Android Corporate-Owned Work Profile devices.

Applies to:

  • Android dedicated and fully managed

New device actions for single device query
We're adding the Intune remote device actions to Single device query to help you manage your devices remotely. From the device query interface, you'll be able to run device actions based on query results for faster and more efficient troubleshooting.

Applies to:

  • Windows
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft Intune updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad