Blog Post

Intune Customer Success
2 MIN READ

Update to adding apps on Windows 11 SE devices for Microsoft Intune for Education

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Jun 26, 2023

By Aasawari Navathe - Sr Product Manager | Microsoft Intune

 

With Intune’s June (2306) release, we’ve made it easier for Intune for Education admins to add and deploy apps on their Windows 11 SE devices with the Managed installer policy. This policy automatically allows apps on Windows 11 SE devices deployed using the Intune Management Extension, which eliminates the need to request a supplemental policy update by Microsoft.

 

Windows 11 SE devices used in education environments by students are highly controlled to prevent users from installing apps not specified in the allowed apps list through the Windows Defender Application Control (WDAC) policy. Adding apps was managed by a WDAC supplemental policy maintained by Microsoft. To add apps to the allow list, admins needed to request a supplemental policy update by Microsoft. Now, with the 2306 release, admins can add apps via the Managed installer in the Microsoft Intune admin center, saving them time and making it easier to maintain the allowed apps on the list.

 

Customer Experience

For Windows 11 SE customers who are using Intune for Education, no action is needed. The Managed installer policy will automatically apply to newly enrolled and existing Windows 11 SE devices. You can view the reporting status of the policy on these devices in the Intune admin center under Endpoint security > Application control (preview) > Managed installer.

 

Intune for Education tenants can see the status of the Managed installer policy as Active (Windows 11 SE only). Clicking into the policy, you can view Overview, Properties, and a detailed Device status pane.

 

A screenshot of the Managed installer - Intune Management Extension page in the Intune admin center showing the detailed Overview pane.

 

After a tenant is upgraded to 2306, and the device receives the Managed installer policy (no admin action needed for this), subsequent apps installed by Intune will be able to run on Windows 11 SE devices.

 

Important: Apps already deployed on Windows 11 SE devices prior to the Managed installer policy being applied will need to be redeployed from Intune to be allowed to run.

 

For more information, see the following documents:

 

Let us know if you have any questions by leaving a comment below or reaching out to us on Twitter @IntuneSuppTeam.

Published Jun 26, 2023
Version 1.0
Intune for Education

2 Comments

  • JasperL's avatar
    JasperL
    Copper Contributor
    Jul 12, 2023

    Does this mean if an app is not on the https://learn.microsoft.com/en-us/education/windows/windows-11-se-overview#available-applicationsfor Windows 11 SE, we don't have to http://aka.ms/eduapprequest from you guys anymore? Because this would help tremendously if we could add other apps in Intune for Education not on that list. There are a couple of apps that our devices really need but can't use because Windows 11 SE doesn't allow it. And your guy's slow approval process does not help at all. 

  • ne88012's avatar
    ne88012
    Copper Contributor
    Jun 28, 2023

    Will the ability to add additional managed installers be added? I don't use Windows SE but I do use WDAC and managed installers with Intune. My managed installer policy has more the just the Intune management extension to allow some apps to auto update. Currently I use proactive remediation to manage and update my policies.