Updated 05/22/2023: There is currently a known issue with the Azure AD bulk enrollment role check for roles scoped inside of an administrative unit. Users with the correct administrator roles scoped inside of an administrative unit are not able to create bulk enrollment tokens for provisioning packages. We are currently working on a fix.
As in the northern hemisphere comes to an end and students, faculty, and staff prepare to return to school, we’ve updated Intune for Education to improve the experience for managing devices. We’ve added a new Azure Active Directory (Azure AD) role check, incorporated a guided Windows Autopilot experience, added barcode scanning and CSV upload capability for bulk actions, and support for Google Chrome settings.
Previously, anyone within the Azure AD tenant could create a bulk provisioning token Set up School PCs (SUSPC) We’re adding an Azure AD role check to only allow users with the Intune administrator, Cloud device administrator, and Password administrator roles to create a bulk provisioning token. These roles may be tied to an to ensure admin permissions are scoped to a set of users, devices, and groups (or none, if you assign them to an empty administrative unit). We created a flow in Intune for Education to easily assign these roles to admins who should have the permissions to create a provisioning package as well as the option to specify an administrative unit. restricting who can create a provisioning package, admins can have peace of mind that the correct set of people are enrolling the correct set of devices and configurations.
Figure 1: A screenshot of the Intune for Education portal, Tenant Settings, Set up School PCs.
Windows Autopilot guided experience
We took our familiar guided experience concept and extended it to Windows Autopilot! Now you can easily set up Windows Autopilot for device deployment. Start by creating a new group and associating devices in the group with a group tag or use an existing group. You can then customize the out-of-box experience, such as configuring user-driven vs self-deploying, user account type, and device naming template. Enable the optional enrollment status page to see how enrollment progresses and block device use until a set or all apps are installed.
Figure 2: A screenshot of the Intune for Education portal, Tenant settings, Windows Autopilot with the options to choose a group, assign Autopilot profiles, and configure enrollment status page displayed.
Barcode Scanner and CSV upload for bulk actions
We’ve brought you a new way to easily perform bulk actions with a barcode scanner or a CSV file of serial numbers on groups of devices with a guided experience in Intune for Education. You can use either method to:
- Add devices to a group
- Rename devices
- Autopilot reset
- Factory reset
Figure 3: A screenshot of the Intune for Education portal, Barcode scanner introduction that provides guidance on how to select devices and describes remote actions.
Managed Chrome Settings
We now support configuring Google Chrome browser settings right in Intune for Education! Chrome settings are combined with those of Microsoft Edge so that you can manage all browser settings in one place.
Figure 4: A screenshot of the Intune for Education portal, Windows device settings page with a list of Chrome and Edge customizations displayed.
New to Intune and Intune for Education?
We have a video series that covers everything that you need to know when it comes to managing iOS and Windows with Intune for Education and Android with Intune. Check them out at Intune for Education Customer Acceleration Team - YouTube.
to know about new features in Intune for Education?
We strive to ensure that we build the right solutions that offer a streamlined way to deploy and manage classroom . If you want to stay up to date with what we’re working on, we have a page at What’s new in Intune for Education. Plus, we maintain a monthly new in Microsoft Intune to give you information on new features and fixes and In development for Microsoft Intune for our soon to release updates. We’ve got a lot more in store as the school year progresses so make sure to keep up with our updates.
The features in this post are just a sampling of what the team has delivered and continues to deliver to support institutions around the world with their device-management needs. These, as well as upcoming features, are driven by our customer feedback and engagements. If you have feedback or ideas for Intune for Education or Microsoft Endpoint Manager, please leave a comment below, share product ideas with our engineering team on UserVoice, forums and file your support cases. If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter. Stay tuned this semester as we deliver some exciting education driven, feature requests!
5/22/23: Updated post with a known issue regarding Azure AD bulk enrollment role check for roles scoped inside of an administrative units.