What’s new in Microsoft Intune - 2301 (January) edition

Welcome to our first What's New of calendar year 2023! The January (2301) Microsoft Intune service release is here and this month we're providing many new or improved application management capabilities. We're releasing macOS software update policy management for supervised devices, introducing public preview of Microsoft Tunnel for Mobile Application Management (MAM) on iOS, and improving the app supersedence and tracking experience for win32 apps. Let me know if you've got feedback on these new capabilities; comment on this post or connect with me on LinkedIn.

Software update policy management for macOS devices

Keeping apps updated on your users' devices gives them access to the latest productivity features, while also improving app security and stability. App update management is a critical role of IT admins — using one platform to administer apps across all your device types enables efficiency.

Until now, managing software updates on macOS devices was often relegated to scripts, user engagement, or 3rd party tools outside of Intune. We're excited to share that macOS software update policies on supervised Mac devices are now fully available, all within the familiar Intune admin experience. With this addition, you can control how, what, and when software updates, including an update time window to minimize impact to user productivity. IT admins can now easily manage firmware, configuration files, and other critical updates, such as OS and built-in apps.

With Intune, IT admins can now manage vulnerability patches, specific firmware updates, the updated version of XProtect, Malware Removal Tool, Gatekeeper, and built-in apps (like Safari) all in addition to standard OS updates, such as macOS 13.0.1.

We previewed this new capability at Ignite this past October. You can view a demo starting at 9:30 in the Ignite session.

To learn more about this feature, see:

• Apple Support article on updates - Use MDM to deploy software updates to Apple devices - Apple Support
• Use Microsoft Intune policies to manage macOS software updates | Microsoft Learn

Microsoft Tunnel for MAM on iOS

Many customers in industries like manufacturing, healthcare, and finance have strict security and compliance requirements for allowing users to access corporate resources from personal devices. Historically, users in these security conscious industries have either enrolled their personal devices to gain corporate access or used one mobile device for work and another for personal use.

Shortly after the 2301 deployment wraps up (expected by early February), we're releasing in public preview the Microsoft Tunnel for MAM on iOS. Microsoft Tunnel for MAM extends our VPN gateway to unenrolled iOS devices for secure access to on-prem apps and resources using modern authentication, single sign-on, and conditional access. Employees will be able to securely access resources on their unmanaged iOS devices without compromising their personal privacy or device functionality. Device enrollment will not be required thus expanding on our existing Microsoft Tunnel capabilities currently available for Intune managed devices. We've also partnered with Edge to add Microsoft Tunnel for MAM on iOS and Android which we're planning to also release in public preview shortly.

From a company perspective, this allows IT Pros to manage access to corporate resources without requiring enrollment, while still being able to enhance security and compliance for sensitive data access from personal devices. Companies can adopt a bring your own device (BYOD) program instead of purchasing corporate-owned devices for all employees, as they can be confident that user privacy and corporate data will be protected on all devices.

This new functionality will be part of Microsoft Intune Suite once it's generally available. You can read more about what's coming in Microsoft Tunnel content:

• Reduce your overall TCO with a new Microsoft Intune plan - Microsoft Community Hub
• (Android) Use Microsoft Tunnel VPN with devices that don't enroll with Microsoft Intune | Microsoft Learn

Improvements to application supersedence

Managing applications and all their associated updates helps users be secure and productive as they use apps and access corporate data on their Windows devices.

This month, we are announcing general availability for Win32 application supersedence. Over the past two years, we've been adding many customer-requested improvements to how Intune handles Win32 apps, including:

• Delivering the ability to create dependency and supersedence relationships in the same set of targeted applications for more sophisticated application update scenarios.
• Allowing dependent applications to be uninstalled when parent applications are uninstalled.
• Providing more consistent applicability, requirement and detection checks during device check-in.
• Introducing support for application supersedence tracking in the Enrollment Status Page (ESP) and more enhancements to ESP app tracking.

We are in the process of rolling out the feature set for Win32 app supersedence. As the feature is enabled in your environment and you use it, please continue to provide feedback on the functionality. You can read more about these improvements to app management and the release timeline in the blog: Upcoming improvements to Win32 app supersedence - Microsoft Community Hub.

Let us know what you think 

Every month, we provide highlights from What's New in Intune. This calendar year will be filled with many customer-requested enhancements, and I'm looking forward to everything that's coming up. Please share your comments, questions, and feedback so we can continue to improve the user experience and simplify IT administration. Simply comment on this post or connect with me on LinkedIn.