Back to School 2022-23 - Intune for Education
Published Sep 01 2022 09:43 AM 11.9K Views
Microsoft

Updated 05/22/2023: There is currently a known issue with the Azure AD bulk enrollment role check for roles scoped inside of an administrative unit. Users with the correct administrator roles scoped inside of an administrative unit are not able to create bulk enrollment tokens for provisioning packages. 

 

As summer in the northern hemisphere comes to an end and students, faculty, and staff prepare to return to school, weve updated Intune for Education to improve the experience for managing devices. Weve added a new Azure Active Directory (Azure AD) role check, incorporated a guided Windows Autopilot experience, added barcode scanning and CSV upload capability for bulk actions, and support for Google Chrome settings.   

 

Security improvements to bulk enrollment token 

Previously, anyone within the Azure AD tenant could create a bulk provisioning token in Set up School PCs (SUSPC) and Windows Configuration Designer (WCD). Were adding an Azure AD role check to only allow users with the Intune administrator, Cloud device administrator, and Password administrator roles to create a bulk provisioning token. These roles may be tied to an administrative unit to ensure admin permissions are scoped to a set of users, devices, and groups (or none, if you assign them to an empty administrative unit). We created a flow in Intune for Education to easily assign these roles to admins who should have the permissions to create a provisioning package as well as the option to specify an administrative unit. By restricting who can create a provisioning package, admins can have peace of mind that the correct set of people are enrolling the correct set of devices and configurations.  

 

Figure 1: A screenshot of the Intune for Education portal, Tenant Settings, Set up School PCs.Figure 1: A screenshot of the Intune for Education portal, Tenant Settings, Set up School PCs.

 

Windows Autopilot guided experience 

We took our familiar guided experience concept and extended it to Windows Autopilot! Now you can easily set up Windows Autopilot for device deployment. Start by creating a new group and associating devices in the group with a group tag or use an existing group. You can then customize the out-of-box experience, such as configuring user-driven vs self-deploying, user account type, and device naming template. Enable the optional enrollment status page to see how enrollment progresses and block device use until a set or all apps are installed. 

 

Figure 2: A screenshot of the Intune for Education portal, Tenant settings, Windows Autopilot with the options to choose a group, assign Autopilot profiles, and configure enrollment status page displayed.Figure 2: A screenshot of the Intune for Education portal, Tenant settings, Windows Autopilot with the options to choose a group, assign Autopilot profiles, and configure enrollment status page displayed.

 

Barcode Scanner and CSV upload for bulk actions 

We’ve brought you a new way to easily perform bulk actions with a barcode scanner or a CSV file of serial numbers on groups of devices with a guided experience in Intune for Education. You can use either method to: 

  • Add devices to a group
  • Sync
  • Restart
  • Rename devices
  • Autopilot reset 
  • Factory reset

 

Figure 3: A screenshot of the Intune for Education portal, Barcode scanner introduction that provides guidance on how to select devices and describes remote actions.Figure 3: A screenshot of the Intune for Education portal, Barcode scanner introduction that provides guidance on how to select devices and describes remote actions.

 

Managed Chrome Settings

We now support configuring Google Chrome browser settings right in Intune for Education! Chrome settings are combined with those of Microsoft Edge so that you can manage all browser settings in one place.

 

Figure 4: A screenshot of the Intune for Education portal, Windows device settings page with a list of Chrome and Edge customizations displayed.Figure 4: A screenshot of the Intune for Education portal, Windows device settings page with a list of Chrome and Edge customizations displayed.

 

New to Intune and Intune for Education? 

We have a video series that covers everything that you need to know when it comes to managing iOS and Windows with Intune for Education and Android with Intune. Check them out at Intune for Education Customer Acceleration Team - YouTube. 

 

Want to know about new features in Intune for Education? 

We strive to ensure that we build the right solutions that offer a streamlined way to deploy and manage classroom devices. If you want to stay up to date with what we’re working on, we have a page at What’s new in Intune for Education. Plus, we maintain a monthly What’s new in Microsoft Intune to give you information on new features and fixes and In development for Microsoft Intune for our soon to release updates. We’ve got a lot more in store as the school year progresses so make sure to keep up with our updates. 

 

Summary

The features in this post are just a sampling of what the team has delivered and continues to deliver to support institutions around the world with their device-management needs. These, as well as upcoming features, are driven by our customer feedback and engagements. If you have feedback or ideas for Intune for Education or Microsoft Endpoint Manager, please leave a comment below, share product ideas with our engineering team on UserVoiceforums and file your support cases. If you have questions or comments for the Intune team, reply to this post or reach out to @IntuneSuppTeam on Twitter. Stay tuned this semester as we deliver some exciting education driven, feature requests!

 

Post Updates:
5/22/23: Updated post with a known issue regarding Azure AD bulk enrollment role check for roles scoped inside of an administrative units.

Co-Authors
Version history
Last update:
‎Aug 09 2023 01:58 PM
Updated by: