With Apple's release of iOS/iPadOS and macOS 26 Tahoe, we’ve been working hard to ensure that Microsoft Intune provides day zero support for Apple’s latest operating systems (OS) so that existing features work as expected.
We’ll continue to upgrade our service and release new capabilities that integrate elements of the new OS versions.
New settings
With continued investments in the Intune data-driven infrastructure that powers the settings catalog, we’re able to provide day zero support for new OS settings as they’re released by Apple. The settings catalog has been updated to support newly released iOS/iPadOS and macOS settings for both declarative device management (DDM) and mobile device management (MDM) to empower your IT teams to have devices ready on day zero. New settings include:
Audio Accessory Settings
Configure temporary pairing behavior for AirPods and Beats audio accessories. Located under the Declarative Device Management (DDM) category.
- Temporary Pairing Disabled
- Temporary Pairing Unpairing Time
- Unpairing Policy
- Unpairing Hour
Safari Settings
Customize the Safari browsing experience. Located under the Declarative Device Management (DDM) category.
- Accept Cookies
- Allow Disabling Fraud Warning
- Allow History Clearing
- Allow JavaScript
- Allow Private Browsing
- Allow Popups
- Allow Summary
- Page Type
- Homepage URL
- Extension Identifier
Restrictions
Restrict specific features on devices. Located under the Restrictions category.
- Allow Safari History Clearing
- Allow Safari Private Browsing
- Allowed Camera Restriction Bundle IDs
- Denied ICCIDs For iMessage And FaceTime
- Denied ICCIDs For RCS
Default Applications
Restrict modifications to the default calling and messaging apps. Located under the Managed Settings category.
- Calling
- Messaging
Web Content Filter
Configure Safari History behavior when using content filtering. Located under the Web Content Filter category.
- Safari History Retention Enabled
More information on configuring these new settings using the settings catalog can be found at Create a policy using settings catalog in Microsoft Intune.
Intune Company Portal support for improved Purebred derived credentials flow
With iOS 26, Purebred (version 3) is supporting a new and improved derived credentials user experience. As part of Intune’s day zero support, the Intune Company Portal for iOS/iPadOS will support Purebred's new experience.
If your organization continues to use an older version of Purebred, there will be no changes to your Purebred and Company Portal derived credentials experience. If your organization is planning on upgrading to the new version of Purebred, be sure you have the latest Company Portal version (v5.2509.0).
Support statement for “supported” versus “allowed” versions for user-less Apple devices
As new operating system updates are released throughout the year by Apple, Intune plans to support critical functionality that comes with each new OS version. With the release of iOS/iPadOS and macOS 26, we’ll continue with our existing model for enrolling user-less devices for supported and allowed OS versions to keep enrolled devices secure and efficient.
This includes devices enrolling without user affinity (user-less devices), such as shared iPads and devices enrolling through Automated Device Enrollment (ADE) without user affinity. We highly recommend updating your organization’s devices to the most recent Apple OS version publicly available to keep your devices secure and up to date.
Supported OS versions means that user-less devices running the three most recent iOS/iPadOS versions will be fully supported by Intune. Devices running iOS/iPadOS 26.x, 18.x, and 17.x can enroll and take advantage of all Intune MDM functionality that is applicable to user-less devices, and all new eligible features will work on these devices.
Allowed OS versions means that user-less devices running a non-supported iOS/iPadOS version (within three versions of the supported versions) will be able to enroll and take advantage of Intune’s eligible features supported by the MDM protocol but doesn’t guarantee that there won’t be breaking OS features, bugs, or issues. Devices enrolled with user affinity or apps that rely on user sign-in will continue to not be supported.
User-less enrollment and feature support
|
|
Supported |
Allowed |
|
Applicable Versions |
Three most recent versions (N-2):
|
Up to three versions below the supported version (N-5):
|
|
Can enroll |
Yes |
Yes |
|
User-less eligible Intune MDM Features |
Yes |
Yes. May be impacted by breaking OS features, bugs, or issues. |
|
User affinity enrollment |
Yes |
No |
|
Apps that require user sign-in |
Yes |
No |
For more details review the blog: Support statement for supported versus allowed versions for user-less Apple devices: Support statement for supported versus allowed versions for user-less Apple devices.
If you have any questions or feedback, leave a comment on this post or reach out on X @IntuneSuppTeam. Stay tuned to What’s new in Intune for additional settings and capabilities that will soon be available.
