Microsoft Intune 2210 October Update New Features

Microsoft released new set of features for Microsoft Intune with release 2210 in October 24, 2022 and the features included in application management, device configuration, enrollment & management. In this blog post, we will see the more information for each feature.

Use filters with app configuration policies for managed devices

          When you create policies, you can use filters to assign policy. For example, we can use filters to target devices with specific manufacturer, OS version or only to personal devices etc. there are some scenarios

  • Deploy Windows restriction policies only to corporate devices excluding personal devices
  • Deploy an iOS app only to iPad devices in marketing group.

The features applicable to Android, iOS/iPadOS, MacOS & Windows 10/11 and there are some restrictions when creating filters, each tenant can be up to 200 filters, each filter is limited to 3072 characters & devices must be enrolled in Intune. To create filter, Sign in to Endpoint Manager Admin center and select tenant administration -> filters -> Create and provide Filter name, Description & Platform information and use rule builder or rule syntax. Once rule created, select filter under assignments and save.

Group Policy analytics automatically applies scope tags assigned to admins when they import Group Policy objects

          You can import your on-premise GPOs using Group policy analytics in Microsoft Intune. Scope tags assigned to admins will automatically apply to imported GPOs in Group policy Analytics. Admins have “Singapore”, “India”, “UK” scope tags assigned to their role. Admin with “Singapore” scope tag imports a GPO, “Singapore” scope tag will be applied to imported GPOs and admins with “India”, “UK” scope tag can’t see imported GPOs from “Singapore” admin. This feature applies to Windows 11, Windows 10 operating systems. Export on-premise GPOs as an XML file and save report and the file should be less than 4MB and to import GPOs into Group policy analytics. Go to Microsoft Endpoint admin center, select Devices -> Group policy analytics(preview). Select import option and select saved XML file and Intune automatically analyses the GPO in the XML file. After the analysis runs, the imported GPO will list the information.

New network endpoints for Microsoft Intune

         New network endpoints have been added for new Azure Scale Units (ASU) in Intune Service and admins need to add latest IP Addresses in the firewall rules for endpoints to communicate. Please refer the below link to more information on the IP details. Network endpoints for Microsoft Intune | Microsoft Learn

Filter app and group policy assignments using Windows 11 SE operating system SKUs

        When you create a policy, you can use filters to assign a policy based on rules you create. We can filter the assignment using different device properties, such as device manufacturer, operating system SKU, and more while assigning an app or policy.

  • It Improves flexibility and granularity when assigning Intune policies and apps.
  • It can be used and reused in multiple scenarios in “Include” or “Exclude” mode.
  • Two new Windows 11 SE operating system SKU’s are available. these SKUs used to include or exclude Windows 11 SE devices from applying group-targeted policies and applications.

Some of restrictions are there for creating filters:

  • For each tenant, there can be up to 200 filters.
  • Each filter is limited to 3072 characters.
  • Devices must be enrolled in Intune. Filters can’t be evaluated on devices that aren’t enrolled. This behavior includes:
    • A restriction on the Available with or without enrollment app assignment intent
    • Devices that are targeted with Endpoint Security configuration using Microsoft Defender for Endpoint integration, such as servers.

New settings for Device Firmware Configuration Interface (DFCI) profiles on Windows devices

          This feature can used to control BIOS settings and you can create the profile under Devices -> Configuration Policies -> Create Profile -> Windows 10 and later for platform -> Templates -> Device firmware Configuration Interface. There are new settings you can configure in the DFCI policy, and this will apply to Windows 11 on supported UEFI & Windows 10 RS5 (1809) and later on supported UEFI.

  • Cameras:
    • Front camera
    • Infrared camera
    • Rear camera
  • Radios:
    • WWAN
    • NFC
  • Ports
    • SD Card

Connect Chrome OS devices in Intune (public preview)

           View company or school-owned devices that run on Chrome OS in the Microsoft Endpoint Manager admin center. Now, you create and monitor a connection between the Google Admin console and Microsoft Intune. Chrome OS device information will be synced into Intune. Synced Device information is viewable in device inventory list. Basic remote actions are also available in the admin center, such as deprovision, restart, wipe, and lost mode. Devices must be enrolled before you can see them in the admin center. It will be done in the help of Google Admin center. 

Manage macOS software updates with Intune

         macOS software updates deployment is now supports from Intune for the devices enrolled using Automated Device Enrollment (ADE). Critical updates, Firmware updates, Configuration file updates and all other updates (OS, built-in apps) supported from Intune. We can configure the below settings when scheduling the updates.

  • Download and install: Download or install the update, depending on the current state.
  • Download only: Download the software update without installing it.
  • Install immediately: Download the software update and trigger the restart countdown notification.
  • Notify only: Download the software update and notify the user through the App Store.
  • Install later: Download the software update and install it at a later time.
  • Not configured: No action taken on the software update.

It applies to macOS 12 and later version and we can delay visibility of updates. To monitor the updates installation failures, please go to Devices -> Monitor -> Installation status for macOS devices.

Deprovision Jamf Pro from within the Microsoft Endpoint Manager admin center & Jamf Pro console

            Go to Microsoft Endpoint Manager admin center -> Tenant Administration -> Connectors and tokens -> Partner device management and select option to Terminate. Intune displays the message and review the message and select ok. macOS devices will be removed from Intune in 90 days after termination. To remove the connection from Jamf Pro console, Go to Global Management -> Conditional access. Edit the macOS Intune Integration and clear Enable Intune Integration for macOS and save. Jamf pro sends the configuration to Intune and the integration will be terminated.

New hardware details available for individual devices running on iOS/iPadOS

        The below details are available in the Hardware pane of every device of iOS/iPadOS.

  • Battery level: Shows the battery level of the device anywhere between 0 and 100, or defaults to null if the battery level cannot be determined. This is available for devices running iOS/iPadOS 5.0 and later.
  • Resident users: Shows the number of users currently on the shared iPad device, or defaults to null if the number of users cannot be determined. This is available for devices running iOS/iPadOS 13.4 and later.

In-app notifications for Microsoft Intune app

         Compliance notification will be sent Android Open Source Project(AOSP) device users in the Microsoft Intune app. Notifications are not supported for userless devices. Device Compliance & Organization notifications categories available in app notifications.  You will receive device is out of compliance notifications under Device compliance categories. Organization can be dismissed or deleted.

Newly available protected apps for Intune

         MyITOps for Intune by MyITOps, Ltd, MURAL – Visual Collaboration by Tactivos, Inc protected applications now available for Microsoft Intune.

To read about “Microsoft Introduction of Microsoft Intune Product Family”, kindly click here.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 014
Cyber Security

WME Security Briefing 14 June 2024

LightSpy Spyware’s macOS Variant Detected with Advanced Surveillance Capabilities Overview Findings reveal a previously undocumented macOS variant of the LightSpy spyware. It was initially thought to target only iOS users. This spyware utilizes a plugin-based system

Read More »
WME Cybersecurity Briefings No. 013
Cyber Security

WME Security Briefing 10 June 2024

CISA Urges Patching of Actively Exploited Linux Kernel Vulnerability Overview CISA just issued an urgent advisory concerning a newly discovered security flaw in the Linux kernel. The flaw is being actively exploited to affect the netfilter component of

Read More »
3 Things to Consider Before You Enable Copilot for Microsoft 365
Microsoft Copilot

3 Things to Consider Before You Enable Copilot for Microsoft 365

In today’s digital landscape, any productivity tool that streamlines workflow and boosts performance is a pleasant addition. With its AI-powered productivity-enhancing capabilities, Microsoft Copilot has emerged as a game-changer for employees, particularly for organizations using Microsoft

Read More »
WME Cybersecurity Briefings No. 012
Cyber Security

WME Security Briefing 03 June 2024

Moroccan Cybercrime Group Exploits Gift Card Systems for Major Financial Gains Overview: Storm-0539, also called Atlas Lion, is a Moroccan cybercrime group that executes advanced email and SMS phishing attacks. They are committing fraud by utilizing

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=