What's new in Microsoft Intune at Ignite

Microsoft

Nov 18, 2025

Welcome to Microsoft Ignite, where the future of IT is being reimagined. Today we’re unveiling how Microsoft Intune is transforming endpoint management by putting AI at its core, with assistive chat-based and agentic experiences to help you streamline operations, unify cross-service insights, and enable scalable action, tailored to your organization's needs. With Security Copilot chat embedded across Intune, you gain expert assistance to help guide you through daily operations while new AI agents help scale your team to tackle your most time-consuming tasks.

These AI experiences will be available for even more IT professionals with the announcement that Security Copilot is being included in Microsoft 365 E5. We're entering a new era in how IT teams manage, secure, and scale operations for their organizations.

Alongside these AI-powered innovations, we're also announcing foundational platform improvements that help IT teams act with confidence — centralizing critical tasks, reducing rollout risk, and strengthening recovery and update control for a more resilient environment.

Streamline operations with agentic AI

A new wave of Security Copilot agents in Intune is here to help make complex tasks easier and security stronger. From transforming requirements into policies, to identifying devices for removal, to assessing changes before they impact productivity — these agents help deliver smarter decisions, better compliance, and reduced risk through intelligence and automation.

Every change that IT admins make matters. From app deployments to policy updates, even small adjustments can ripple across your environment impacting productivity or security. The new Change Review Agent uses advanced AI to analyze each change in context, checking for risks, conflicts, and compliance. It provides detailed insights and clear recommendations, so you can move forward with confidence knowing your decision is informed. Initially the Change Review Agent will handle Multi-Admin Approval script requests, and we will continue to add more types of change requests over time.

The Change Review Agent provides detailed insights into the request, its purpose, history, and potential impacts.

Configuring Intune policies is a job where every choice can shape your organization's security, productivity, and compliance. The Policy Configuration Agent is here to help. By using natural language input, it translates your organization’s requirements into clear, actionable configurations and provides guidance on settings. IT admins can now create and validate policies easily — making security and productivity goals easier to achieve.

For organizations operating under strict compliance frameworks such as PCI, HIPAA, DISA STIG, or other industry-specific mandates, regulatory compliance is critical. The Policy Configuration Agent is designed to complement your existing compliance efforts. It checks for alignment with these standards and continuously audits your environment to support ongoing monitoring. The agent adds expertise and efficiency — helping flag deviations before they become risks so IT teams can continue to maintain a secure, compliant posture with greater agility and scalability. 

The Policy Configuration Agent reviews a document and recommends steps to fulfill unmatched requirements in Intune.

Unused or outdated devices aren’t just clutter — they’re a security risk. Every unmanaged endpoint increases the chance of vulnerabilities and compliance gaps. The Device Offboarding Agent takes the guesswork out of cleanup by scanning your entire digital estate to identify devices that no longer belong. It offers an efficient, straightforward way to offboard those devices from your organization, helping maintain the hygiene of the digital estate and helping reduce the attack surface.

The Device Offboarding Agent provides a summary including reasoning for removing devices and recommended actions to offboard them.

All three agents are currently rolling out to preview and can be found under “Agents” on the left side of the Intune portal once rolled out.

To make the agents easily accessible and teams get started more quickly, we are excited to announce that Security Copilot will be available to all Microsoft 365 E5 customers.

Rollout starts today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers. Customers will receive 30 day advanced notice before activation. Learn more: https://aka.ms/SCP-Ignite25

Explore data with assistive AI

Copilot is there to assist you in your daily IT work — delivering guidance when and where you need it. You can use everyday language with Copilot chat to gain deep insights and get actionable recommendations, making it even easier to manage your environments. Copilot chat enables you to quickly access and manage all your endpoints including Windows 365 Cloud PCs.

When you need to dive deeper into your data and take action on it, Copilot is there to help. The explorer experience allows you to interact with data using natural language queries and view customized data sets. There's even more flexibility in the data queries you can explore, and we are consistently broadening the range of data available for Copilot to reason over, which now includes your Autopilot, Endpoint Privilege Management (EPM), and Advanced Analytics data.

Build the foundation for secure AI deployments

Every action and rollout must be secure, compliant, and predictable. Intune is building that foundation with two capabilities that keep IT in control today and prepare for agentic workflows tomorrow.

IT admins face a flood of requests across multiple portals. Soon, those requests won’t just come from people — they’ll come from agents recommending actions. That’s why we’re introducing admin tasks, a centralized view for high-priority items, so admins can act quickly on what matters most. Today, that includes critical approvals like elevation requests, multi-admin approvals, and security tasks. Expected in the first quarter of calendar year 2026, agent-driven approval needs will appear here too, keeping control firmly in IT’s hands.

Admin tasks is a consolidated list helping IT admins focus on what matters most from a centralized place.

Changes to the environment should start small, validate stability and impact, and then scale with confidence. Intune introduces deployments, a controlled, phased approach to rollouts. This capability brings ring-based deployments — already proven in Windows Autopatch — into application workloads, helping IT apply changes safely across the fleet. Looking ahead, deployments will play a critical role in rolling out AI-driven experiences, ensuring every change is rolled out in phases, minimizing risks and downtime. Deployments is now in limited private preview.

Discover improved operational recovery and resilience

Recovering a Windows device boot failure used to mean hands-on, one-at-a-time fixes. Intune introduces a new feature, recovery, for remote management of the Windows Recovery Environment (WinRE) at scale. IT admins can respond to mass outages or tailor recovery with custom scripts, all without being physically present. IT admins gain fleet-wide visibility into which devices are in WinRE and their recovery readiness, making it possible to act quickly and confidently. Security is included, with actions authenticated and authorized using hardware-bound recovery certificates. Recovery is in limited, private preview.

Keeping devices secure and up to date often means balancing update schedules with the end user experience and mission-critical operations. Intune introduces maintenance windows for cloud-managed devices, giving IT precise control over when updates — including OS, drivers, and firmware — can run. This capability helps minimize disruption and improve patch compliance while delivering the agility and security of a cloud-based management platform, without the complexity and cost of on-prem infrastructure. Maintenance windows is expected to roll out to preview in the first quarter of calendar year 2026.

Windows Autopatch introduces proactive update readiness capabilities that help IT teams identify blockers before deployment begins. With tenant-wide inventory views, admins can see their Windows fleet update posture across OS, drivers, and firmware. Readiness checkups surface “at risk” devices early, highlighting issues like connectivity gaps, safeguard holds, or hotpatch prerequisites. These capabilities reduce surprises and accelerate compliance. Update readiness is now available in preview as part of Windows Autopatch. Read the blog for more information.

Endpoint Privilege Management empowers IT administrators to enable users to run elevated applications under the current user's identity, improving the user experience by preserving personal data and settings. Support for elevation requests from non-primary device users has been added, ensuring users utilizing shared devices can leverage the value of EPM and elevate critical applications. The new EPM readiness dashboard offers comprehensive oversight of rollouts and provides rule recommendations. Additionally, expected to roll out in the first quarter of calendar year 2026, IT administrators will be able to create elevation rules that allow users to change certain network configuration settings, supporting productivity without compromising security.

We’re also excited to announce several previewed capabilities are now generally available. Installer script support for Enterprise App Catalog apps gives IT admins the flexibility to include PowerShell scripts when deploying apps through Intune — ideal for handling prerequisites, custom parameters, or post-install steps at scale. Support for Win32 apps is expected in the first quarter of calendar year 2026. App Control for Business with Managed Installer allows IT admins to designate the Intune Management Extension as a managed installer so apps deployed through Intune are recognized as trusted when your policy allows managed installers — helping reduce the risk of unapproved or malicious code. Finally, Windows Backup for Organizations, configurable through Intune, enables IT to back up and restore user settings and Microsoft Store app lists during enrollment or recovery, helping minimize downtime and helping users return to a known-good state fast.

Learn how Intune is driving impact for customers

Intune delivers impact at enterprise scale: at PepsiCo, unified endpoint management helped cut device build time by 50% and drove a 99% drop in sign-in time for shift workers, reducing costs while boosting reliability across a global fleet. Read the full story.

As organizations modernize on Intune, they’re also positioned to harness emerging AI-powered capabilities like Copilot in Intune to surface risk insights faster, guide troubleshooting, and automate routine work. LTI Mindtree integrated Microsoft Security Copilot with Microsoft Intune, Defender XDR, Threat Intelligence, and Sentinel to automate and enhance threat detection and response. Chandan Pani, Chief Information Security Officer says “Microsoft Security Copilot is our true AI partner in cyber defense. It provides AI-enabled automated incident response, integrated threat intelligence, and advanced threat analysis. With adaptive detection engineering, it improves future responses and generates more accurate detection rules.” Read the full story to learn more.