Hi ebpoulin​ , yes, we have a feature in progress to address this which will be available in the future.

ebpoulin​ - We're checking with the Autopilot team and will get back to you as soon as we can.

HeyHey16K​ Good question. Some of the features announced at WWDC will start rolling out in Q3 2026 (Jul-Aug-Sep) and Q4 (Oct-Nov-Dec) and some will be later. Best is to keep an eye on our roadmap page for the specific features you're interested in: Microsoft 365 Roadmap | Microsoft 365

EthanM1​ When you say Entra Joined devices, I assume that these are Intune managed, and will answer based on this assumption. Cloud-native scenarios have no built-in solution for drive mapping, and since you mention "future-proof" I also want to say that drive mapping isn't in the future. Take a look at our Cloud-native endpoints guide, specifically the Mapping Drives and Printers section: Tutorial - Set up cloud-native Windows endpoints with Microsoft Intune - Microsoft Intune | Microsoft Learn.

This will show you where we are investing in the future.

--Joe.

BallITGuy1​ We don't have any Azure Monitor SMEs in this group. Best to ask your question in the Azure Observability space: Azure Observability | Microsoft Community Hub

Rejina​ Similar to your question around Audit compliance, you should start with the Service Trust Portal, Service Trust Portal Home Page, and check out the link for "Resources for Your Organization." Individual controls like NIST and SOC 2 should also be available through this portal.

fuhr8g93ur8923u0tfe4tg​ - Feature updates are released in the second half of the calendar year. The best way to preview the improvements planned is to join the Windows Insider Program.

Rejina​ Start here, Service Trust Portal Home Page, and based on what your auditor needs you should be able to pull the correct reports. For instance, SOC 1 Type 2 Reports, SOC 2 Type 2 Reports, ISO certs, etc. The SOC 2 Type 2 explicitly lists several Defender services as in scope, including Microsoft Defender XDR, Microsoft Defender for Endpoint, etc. 

bigmanjohn​ This is a common question since browsers like Chrome and Firefox can install into the user's AppData folder without requiring admin rights. There are a couple of possible workarounds you can take with Intune:

1. App Control for Business: This is the modern application control solution in Windows. You can create policies in Intune under Endpoint Security > App Control for Business that only allow approved applications to run, blocking everything else including user-profile-installed browsers. You can use publisher rules, file path rules, or file hash rules. Here's the guide: Manage approved apps for Windows devices with App Control for Business policy and Managed Installers in Microsoft Intune - Microsoft Intune | Microsoft Learn.
2. Device Restriction settings: In a device configuration profile, you can set "Apps from Store only" to block │ installations from outside the Microsoft Store, which covers most user-profile browser installs. See: Device restriction settings for Windows devices in Microsoft Intune - Microsoft Intune | Microsoft Learn.

Hope this helps!

--Joe.

MEB2004​ - While we don't have any Azure folks "in the office" today, I've seen similar posts in the Azure discussion boards. Browser downloads can time out on large sign-in datasets so the general recommendation is to use the reporting API instead or export logs through diagnostic settings.

This happens to me regularly also. I ended up using a log analytics workspace to capture all the events, then I query that.