Microsoft released new set of features for Microsoft Intune with release 2210 in October 24, 2022 and the features included in application management, device configuration, enrollment & management. In this blog post, we will see the more information for each feature.
Use filters with app configuration policies for managed devices
When you create policies, you can use filters to assign policy. For example, we can use filters to target devices with specific manufacturer, OS version or only to personal devices etc. there are some scenarios
- Deploy Windows restriction policies only to corporate devices excluding personal devices
- Deploy an iOS app only to iPad devices in marketing group.
The features applicable to Android, iOS/iPadOS, MacOS & Windows 10/11 and there are some restrictions when creating filters, each tenant can be up to 200 filters, each filter is limited to 3072 characters & devices must be enrolled in Intune. To create filter, Sign in to Endpoint Manager Admin center and select tenant administration -> filters -> Create and provide Filter name, Description & Platform information and use rule builder or rule syntax. Once rule created, select filter under assignments and save.
Group Policy analytics automatically applies scope tags assigned to admins when they import Group Policy objects
You can import your on-premise GPOs using Group policy analytics in Microsoft Intune. Scope tags assigned to admins will automatically apply to imported GPOs in Group policy Analytics. Admins have “Singapore”, “India”, “UK” scope tags assigned to their role. Admin with “Singapore” scope tag imports a GPO, “Singapore” scope tag will be applied to imported GPOs and admins with “India”, “UK” scope tag can’t see imported GPOs from “Singapore” admin. This feature applies to Windows 11, Windows 10 operating systems. Export on-premise GPOs as an XML file and save report and the file should be less than 4MB and to import GPOs into Group policy analytics. Go to Microsoft Endpoint admin center, select Devices -> Group policy analytics(preview). Select import option and select saved XML file and Intune automatically analyses the GPO in the XML file. After the analysis runs, the imported GPO will list the information.
New network endpoints for Microsoft Intune
New network endpoints have been added for new Azure Scale Units (ASU) in Intune Service and admins need to add latest IP Addresses in the firewall rules for endpoints to communicate. Please refer the below link to more information on the IP details. Network endpoints for Microsoft Intune | Microsoft Learn
Filter app and group policy assignments using Windows 11 SE operating system SKUs
When you create a policy, you can use filters to assign a policy based on rules you create. We can filter the assignment using different device properties, such as device manufacturer, operating system SKU, and more while assigning an app or policy.
- It Improves flexibility and granularity when assigning Intune policies and apps.
- It can be used and reused in multiple scenarios in “Include” or “Exclude” mode.
- Two new Windows 11 SE operating system SKU’s are available. these SKUs used to include or exclude Windows 11 SE devices from applying group-targeted policies and applications.
Some of restrictions are there for creating filters:
- For each tenant, there can be up to 200 filters.
- Each filter is limited to 3072 characters.
- Devices must be enrolled in Intune. Filters can’t be evaluated on devices that aren’t enrolled. This behavior includes:
- A restriction on the Available with or without enrollment app assignment intent
- Devices that are targeted with Endpoint Security configuration using Microsoft Defender for Endpoint integration, such as servers.
New settings for Device Firmware Configuration Interface (DFCI) profiles on Windows devices
This feature can used to control BIOS settings and you can create the profile under Devices -> Configuration Policies -> Create Profile -> Windows 10 and later for platform -> Templates -> Device firmware Configuration Interface. There are new settings you can configure in the DFCI policy, and this will apply to Windows 11 on supported UEFI & Windows 10 RS5 (1809) and later on supported UEFI.
- Front camera
- Infrared camera
- Rear camera
- SD Card
Connect Chrome OS devices in Intune (public preview)
View company or school-owned devices that run on Chrome OS in the Microsoft Endpoint Manager admin center. Now, you create and monitor a connection between the Google Admin console and Microsoft Intune. Chrome OS device information will be synced into Intune. Synced Device information is viewable in device inventory list. Basic remote actions are also available in the admin center, such as deprovision, restart, wipe, and lost mode. Devices must be enrolled before you can see them in the admin center. It will be done in the help of Google Admin center.
Manage macOS software updates with Intune
macOS software updates deployment is now supports from Intune for the devices enrolled using Automated Device Enrollment (ADE). Critical updates, Firmware updates, Configuration file updates and all other updates (OS, built-in apps) supported from Intune. We can configure the below settings when scheduling the updates.
- Download and install: Download or install the update, depending on the current state.
- Download only: Download the software update without installing it.
- Install immediately: Download the software update and trigger the restart countdown notification.
- Notify only: Download the software update and notify the user through the App Store.
- Install later: Download the software update and install it at a later time.
- Not configured: No action taken on the software update.
It applies to macOS 12 and later version and we can delay visibility of updates. To monitor the updates installation failures, please go to Devices -> Monitor -> Installation status for macOS devices.
Deprovision Jamf Pro from within the Microsoft Endpoint Manager admin center & Jamf Pro console
Go to Microsoft Endpoint Manager admin center -> Tenant Administration -> Connectors and tokens -> Partner device management and select option to Terminate. Intune displays the message and review the message and select ok. macOS devices will be removed from Intune in 90 days after termination. To remove the connection from Jamf Pro console, Go to Global Management -> Conditional access. Edit the macOS Intune Integration and clear Enable Intune Integration for macOS and save. Jamf pro sends the configuration to Intune and the integration will be terminated.
New hardware details available for individual devices running on iOS/iPadOS
The below details are available in the Hardware pane of every device of iOS/iPadOS.
- Battery level: Shows the battery level of the device anywhere between 0 and 100, or defaults to null if the battery level cannot be determined. This is available for devices running iOS/iPadOS 5.0 and later.
- Resident users: Shows the number of users currently on the shared iPad device, or defaults to null if the number of users cannot be determined. This is available for devices running iOS/iPadOS 13.4 and later.
In-app notifications for Microsoft Intune app
Compliance notification will be sent Android Open Source Project(AOSP) device users in the Microsoft Intune app. Notifications are not supported for userless devices. Device Compliance & Organization notifications categories available in app notifications. You will receive device is out of compliance notifications under Device compliance categories. Organization can be dismissed or deleted.
Newly available protected apps for Intune
MyITOps for Intune by MyITOps, Ltd, MURAL – Visual Collaboration by Tactivos, Inc protected applications now available for Microsoft Intune.
To read about “Microsoft Introduction of Microsoft Intune Product Family”, kindly click here.