Updated 05/22/2023: There is currently a known issue with the Azure AD bulk enrollment role check for roles scoped inside of an administrative unit. Users with the correct administrator roles scoped inside of an administrative unit are not able to create bulk enrollment tokens for provisioning packages.
As summer in the northern hemisphere comes to an end and students, faculty, and staff prepare to return to school, we’ve updated Intune for Education to improve the experience for managing devices. We’ve added a new Azure Active Directory (Azure AD) role check, incorporated a guided Windows Autopilot experience, added barcode scanning and CSV upload capability for bulk actions, and support for Google Chrome settings.
Previously, anyone within the Azure AD tenant could create a bulk provisioning token in Set up School PCs (SUSPC) and Windows Configuration Designer (WCD). We’re adding an Azure AD role check to only allow users with the Intune administrator, Cloud device administrator, and Password administrator roles to create a bulk provisioning token. These roles may be tied to an administrative unit to ensure admin permissions are scoped to a set of users, devices, and groups (or none, if you assign them to an empty administrative unit). We created a flow in Intune for Education to easily assign these roles to admins who should have the permissions to create a provisioning package as well as the option to specify an administrative unit. By restricting who can create a provisioning package, admins can have peace of mind that the correct set of people are enrolling the correct set of devices and configurations.
We took our familiar guided experience concept and extended it to Windows Autopilot! Now you can easily set up Windows Autopilot for device deployment. Start by creating a new group and associating devices in the group with a group tag or use an existing group. You can then customize the out-of-box experience, such as configuring user-driven vs self-deploying, user account type, and device naming template. Enable the optional enrollment status page to see how enrollment progresses and block device use until a set or all apps are installed.
We’ve brought you a new way to easily perform bulk actions with a barcode scanner or a CSV file of serial numbers on groups of devices with a guided experience in Intune for Education. You can use either method to:
We now support configuring Google Chrome browser settings right in Intune for Education! Chrome settings are combined with those of Microsoft Edge so that you can manage all browser settings in one place.
We have a video series that covers everything that you need to know when it comes to managing iOS and Windows with Intune for Education and Android with Intune. Check them out at Intune for Education Customer Acceleration Team - YouTube.
We strive to ensure that we build the right solutions that offer a streamlined way to deploy and manage classroom devices. If you want to stay up to date with what we’re working on, we have a page at What’s new in Intune for Education. Plus, we maintain a monthly What’s new in Microsoft Intune to give you information on new features and fixes and In development for Microsoft Intune for our soon to release updates. We’ve got a lot more in store as the school year progresses so make sure to keep up with our updates.
The features in this post are just a sampling of what the team has delivered and continues to deliver to support institutions around the world with their device-management needs. These, as well as upcoming features, are driven by our customer feedback and engagements. If you have feedback or ideas for Intune for Education or Microsoft Endpoint Manager, please leave a comment below, share product ideas with our engineering team on UserVoice, forums and file your support cases. If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter. Stay tuned this semester as we deliver some exciting education driven, feature requests!
Post Updates:
5/22/23: Updated post with a known issue regarding Azure AD bulk enrollment role check for roles scoped inside of an administrative units.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.