Microsoft IntuneUpdates made this week on ;
Note: Regular monthly updates may take up to three days to become available.
- Day Asia Pacific
- Day Europe, Middle East and Africa (EMEA)
- Day North America
Application management
New application types for Microsoft Endpoint Manager
As an administrator, you will be able to create and assign two new types of Intune apps:A
- iOS web clip
- Windows web connection
These new types of apps work similarly to the existing weblink app type, but are only available for their own platform, whereas web link applications are valid on all platforms.
With these new application types, you can assign to groups and use assignment filters to limit the assignment scope. You can find this functionality in the Microsoft Endpoint Manager Admin Center Applications > Add'> Applications you can find it by selecting.
Device management
Microsoft Intune Ends Support for Windows 8.1
Microsoft Intune will end support for devices running Windows 8.1 on October 21, 2022. After this date, technical assistance and automatic updates that help protect your devices running Windows 8.1 will no longer be available. Additionally, Intune will no longer support Windows 8.1 sideloading, as the sideloading scenario for line-of-business apps only applies to Windows 8.1 devices.
Device configuration
New lock screen message when adding custom support information to Android Enterprise devices
On Android Enterprise devices, you can create a device restrictions configuration profile that displays a custom support message on devices
(Devices > Configuration profiles > Create profile > Android Enterprise > Fully managed, dedicated, and corporate-owned work profile for platform > Device restrictions for profile type > Custom support information).
There is a new setting you can configure:
- Lock screen message: You can add a message that is shown on the device's lock screen.
Lock screen message When you configure it, you can also use the following device identifiers to display device-specific information:
{{AADDeviceId}}: Azure AD device ID{{AccountId}}: Intune tenant ID or account ID: Intune tenant ID or account ID:{{DeviceId}}: Intune device ID{{DeviceName}}: Intune device name: Intune device name{{domain}}: Domain name{{EASID}}: Exchange Active Sync ID{{IMEI}}: IMEI of the device{{mail}}: User's email address{{MEID}}: MEID of the device{{partialUPN}}: UPN prefix before the symbol@{{SerialNumber}}: Device serial number{{SerialNumberLast4Digits}}: Last four digits of the device serial number{{UserId}}: Intune user ID{{UserName}}: Username{{userPrincipalName}}: User's UPN
Not
Variables are not validated in the UI and are case sensitive. As a result, you may see profiles saved with incorrect input.
Applies to:
- Android 7.0 and newer
- Fully managed by Android Enterprise
- Android Enterprise enterprise specific devices
- Android Enterprise corporate business profile
Filter by user scope or device scope in the Settings Catalog for Windows devices
When you create a Settings Catalog policy, you can filter settings by Windows operating system version by selecting Add settings > Add filter you can use
Add settings > Add filter to filter settings based on the Windows OS edition (Devices > Configuration profiles > Create profile > Windows 10 and later for platform > Settings Catalog (preview) for profile type).
When you add a filter, you can also filter settings by user scope or device scope.
It applies to the following;
- Windows 10
- Windows 11
Android Open Source Project (AOSP) platform is now generally available
Microsoft Intune management for company-owned devices running on the Android Open Source Project (AOSP) platform is now generally available (GA), including all of the features that were available as part of the public preview.
Device Firmware Configuration Interface (DFCI) now supports Acer devices
On Windows 10/11 devices, you can create a DFCI profile to manage UEFI (BIOS) settings (Devices > Configuration profiles > Platform > Templates a Windows 10 and above > profile creation > for profile type Device Firmware Configuration Interface).
New Acer devices running Windows 10/11 will be enabled for DFCI starting in fall 2022. This way, administrators can create DFCI profiles to manage BIOS and then deploy the profiles to these Acer devices.
Applies to:
- Windows 10
- Windows 11
New settings available in the iOS/iPadOS and macOS Settings Catalog
The Settings Catalog lists all the settings you can configure in a device policy, all in one place.
There are new settings in the Settings Catalog. You can find these settings in the Microsoft Endpoint Manager Admin Center. Devices > Configuration profiles > iOS/ipados or macOS for platform > MacOS > for profile type in the settings catalog You can see it.
New settings include:
LDAP> accounts:
- LDAP Account Description
- LDAP Account Host Name
- LDAP Account Password
- Use LDAP Account SSL
- LDAP Account Username
- LDAP Search Settings
Applies to:
- iOS/iPadOS
- macOS (MacOS System
The following settings are also available in the Settings Catalog. Previously, they were only available in Templates:
Privacy Policy > Privacy Preferences Policy Control:
- Accessibility
- Address book
- Apple Events
- Calendar
- camera
- File Provider Entity
- Listen Activity
- Media Library
- Microphone
- Photo
- After the Event
- Reminders
- Screen Capture
- Speech recognition
- System Policy All Files
- System Policy Desktop Folder
- System Policy Documents Folder
- System Policy Downloads Folder
- System Policy Network Units
- System Policy Removable Volumes
- System Policy System Manager Files
Device registration
Set up registration notifications (public preview)
Enrollment notifications notify device users via email or push notification when a new device is enrolled in Microsoft Intune. You can use enrollment notifications for security purposes, such as notifying users and helping them report accidentally enrolled devices, or communicating with employees during the onboarding or hiring process. Enrollment notifications are available to try out now in public preview for Windows, Apple, and Android devices. This feature is supported only with user-driven enrollment methods.
Device security
Assign compliance policies to an entire group of devices
All devices option is now available for compliance policy assignments. With this option, you can assign a compliance policy to all registered devices in your organization that match the policy's platform without having to create an Azure Active Directory group that includes all devices.
All devices Once you include a device group, you can exclude individual device groups to further refine the assignment scope.
Trend Micro – New mobile threat defense partner
Now that the Trend Micro Mobile Security You can use it as an integrated mobile threat defense (MTD) partner with Intune. By configuring the Trend MTD connector in Intune, you can control mobile device access to corporate resources using conditional access based on risk assessment.
Grace period status visible on the Intune Company Portal website
The Intune Company Portal website displays a grace period status to account for devices that no longer meet compliance requirements but are still within the given grace period. Users are shown the date they must be compliant and instructions on how to become compliant. If they do not update their devices by the specified date, their status changes to non-compliant.
Intune apps
Newly available protected apps for Intune
The following protected apps are now available for Microsoft Intune:
- RingCentral for Intune by RingCentral, Inc.
- MangoApps, Work from Anywhere – MangoSpring, Inc.
