What's new in Microsoft Intune: April 2025

When we make decisions about what to add to Microsoft Intune, we think about impact. What will unlock greater productivity or increase security? Sometimes the biggest impacts come from the smallest changes. Getting granular and having control over as many options as possible may seem trivial, but we've seen that closing the narrowest gaps can improve security, and enabling subtle control can boost effectiveness. This month, we're highlighting the seemingly small changes that can make a big difference.

Enhanced naming for Android enterprise devices

Early in my career, I shadowed a seasoned IT veteran on a customer visit, and I marveled at the speed with which he navigated file trees and directory logs. He noted my awe and assured me that I would soon be just as efficient, as he was relying on pattern recognition to spot anomalies.

Naming conventions are an important aspect of managing large amounts of information, so it is with grateful acknowledgement to my former mentor that I'm pleased to announce that Android Enterprise device enrollment profiles now allow for custom naming templates.

Previously, devices would have to be renamed after enrollment, creating the possibility of confusion or inconsistent reporting and inefficiencies from not adhering to naming conventions. The new templates allow for fixed strings of text or device-specific variables to be included in filenames, which unlocks the potential for consistency and for surfacing valuable device information at a glance.

Device type and serial number are among the variables that can be used alongside custom text in a template.

This capability will be generally available to eligible tenants by the end of April 2025, and it will be applicable to Android Open Source Project (AOSP) devices in a future release.

Learn more from this documentation:

• Set up enrollment for Android Enterprise fully managed devices
• Set up Intune enrollment for Android Enterprise dedicated devices
• Set up Android Enterprise work profile for corporate owned devices

New Apple controls

Our work to improve the management of Apple devices is something we love to highlight, and organizations looking to consolidate vendors love the improvements in Intune for Apple device management. We recently recapped some major themes of our macOS management, and now I'm going to look at some iOS management features aimed at extending security to unmanaged devices and enhancing productivity for Apple device administrators.

Apple Intelligence controls for unmanaged devices

We use the term mobile application management (MAM) to describe the protections Intune can extend to devices that are not managed by Intune. Via application protection policies (APP), Intune administrators can allow and deny actions from authorized apps to extend access to corporate resources to authenticated users. Apple Intelligence, an iOS tool for using AI on iPhones and iPads, is one such app that can be configured for increased control. We previously announced an initial set of controls, and now I'm highlighting a trio of additions releasing this month. The goal is to allow users to take advantage of AI productivity, while preventing data leaks through accidental or deliberate misuse.

A subtle but important change in this month's release is the introduction of iOS screen capture block from within the Apple Intelligence app. In January, we introduced the controls to allow or block screen capture for existing managed apps. Now, we're extending this control to allow or deny the screen capture functions in Apple Intelligence.

We are also extending the ability for organizations to block or allow the use of two additional Apple Intelligence tools in APPs: Writing Tools and Genmojis.

Access to improved Volume Purchase Program API

At organizations or institutions using Apple Business Manager or Apple School Manager accounts, the Apps and Books management experience would often bog down when making large requests. Imagine a school needing to relicense all of its apps for the start of the school year. If they needed to put 25 applications on 10,000 devices, the first version of the Apple Volume Purchasing Program (VPP) API would make 25,000 requests.

With this release of Intune, we are connecting to VPP API version 2.0. Instead of 25,000 requests in the scenario above, with version 2.0, applications would be updated with just 10 requests. This will make all requests faster, but the speed will be felt most in high-volume situations. Changes made in the Apple Business or School Manager will also now be reflected in Intune in near-real time, whereas the previous architecture would update only after a sync.

A small way of staying current

In the age of always-on push notifications and AI-generated content, writing a monthly blog post can sometimes seem too minor to make an impact. But I've learned that there's no one way to get a message to everyone who wants to hear it. I hope that each month this update does make an impact, and that it inspires someone working with Intune to become more efficient, to extend greater security to new use cases, or to generally improve their daily work within the console. If you've made an impact thanks to one of these posts, embraced a new feature, or have a new feature on wish list, I want to hear about it. Leave a comment below or follow us on LinkedIn or @MSIntune and @IntuneSupportTeam on X .

Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.