Blog Post

Intune Customer Success
6 MIN READ

Staying up to date on Intune new features, service changes, and service health

Intune_Support_Team's avatar
Jan 07, 2021

It’s been a few years since we blogged about this topic, so we thought we’d share a few updates with you. Below we’ve provided options and tips for you to consume new feature, service change, and service health notices for Microsoft Intune. Let us know what questions you have by replying on this post or asking us out on Twitter @IntuneSuppTeam.

 

Message center posts

Intune aligns to the Modern Lifecycle Policy and we communicate planned service changes through the Message center, such as:

  • New major features (communicated at release)

  • Changes to existing service behavior (typically communicated 30 days in advance)

  • Planned maintenance (at a minimum 5 days prior)

  • End of Support statements (if an entire service, typically a year; if an OS or large feature typically 90 days in advance)

You can see all of your Intune Message center posts in the Microsoft Endpoint Manager admin center on the tenant status blade. Here’s a screen shot from my Message center:

 

Microsoft Endpoint Manager admin center - Service health and message center blade

 

We do our best to make sure that you only see Message center posts that affect your organization, particularly when there are changes that will affect a specific scenario. For example, the top message shown in the screen shot above - about Apple updating their T&C’s - went to customers with managed Apple devices. If the scope is broader or indeterminate, we’ll post to all customers and explain how you could be impacted in the “How does this affect my organization” section of the post.

 

If you are interested in other Microsoft 365 service messages outside of Intune, then head to the Microsoft 365 admin portal. It’s the same Intune messages posted there – we use the Office 365 Management API’s to pull Intune messages from the Microsoft 365 admin center to Endpoint Manager. Within the Microsoft 365 admin portal, you can then set preferences for the messages you see – for example if you administer Exchange and Intune you can select both and view them in the Microsoft 365 admin portal. We’ve linked from the Microsoft Endpoint Manager admin center on the tenant status blade to the Microsoft 365 admin center to make it easy for you to go from one to the other without having to reauthenticate.

 

Microsoft 365 admin center - Message center preferences.

 

Message center FAQ:

  • How do I get access to read service change messages? Global Administrators, by default, have access. Many of the service admin roles do as well. There is even a message center reader role you can assign to other roles. You can read more about the roles needed to access messages here: Message center - Microsoft 365 admin.

  • How do I access messages when I’m not in the console? There are several alternatives listed below, including email notifications, Microsoft 365 admin app, or Office 365 APIs. Keep reading for more details.

  • How do I translate messages? Read Language translation for Message center posts - Microsoft 365 admin for more information.

 

Intune In development/What’s new

Intune also publishes a list of UI updates and features In development (expect to ship in the next monthly release) and in What’s new (what ships in the monthly service release). Items move from In development to What’s new as we ship each release. There are times a feature gets pulled back into development after it ships or a feature misses our readiness documentation process. We work back with our PM and engineering teams to ensure the documentation and communication process is followed.

 

In development/What’s new FAQ:

  • Does every What’s new item get it’s own Message center post? No, we do a single message center post to inform customers of the latest What’s new release where you can then go and read about each new feature. A good way to think about the distinction between the Message center and What’s new is that we prefer to use the Message center more for targeted service changes, especially where action may be required in a specific time period. New features are updated on What’s new.

  • I saw something on In development but now it’s gone. What happened? Rarely items are pulled out of our pre-production, but it does happen from time-to-time. Or the item released and moved to What’s new.

  • How do I know when In development/What’s new updates? Three options – follow @IntuneSuppTeam out on Twitter, check your Message center for a notice that they’ve been updated, or follow the docs RSS feed on those pages.

 

Service Health Dashboard

You can see service incidents for Intune over in Microsoft Endpoint Manager admin center. They are in the same spot as the Message center on the Tenant Administration > Tenant Status > Service health and message center.

 

Microsoft Endpoint Manager admin center - Service health and message center blade.

 

Service health notices will stay active on the Microsoft Endpoint Manager admin center for 5-7 days after the incident closed. Over in the Microsoft 365 admin center, you can see archived notices for up to 30 days.

 

How to check Microsoft 365 service health - Microsoft 365 Enterprise | Microsoft Docs.

 

Email notifications for Message center and Service health dashboard posts

If you prefer to receive notifications via email, you can opt in through the Microsoft 365 admin center. Navigate to the Service health blade and click Preferences > Email and check the box to receive email notifications. Enter 1-2 email addresses that you’d like notifications to be sent to and select your preferences. You’ll likely want to pick advisories and incidents. You can read more on the distinction here: How to check Microsoft 365 service health - Microsoft 365 Enterprise.

 

Microsoft 365 admin center - Message center email preferences pane.

 

For Message center posts, repeat these steps on the Message center blade where you can sign up for "Major" or "Data Privacy" emails. If you select the Send me a Weekly Digest > Microsoft Intune you’ll get a once-a-week summary of everything posted for Intune into your Message center. If you're not in console often, the weekly digests are quite helpful to see what service changes posted over the past week.

 

Note that email is a onetime setup and the only sign-up for Intune service change emails today is from the Microsoft 365 admin center.

 

Using the Microsoft 365 admin mobile app

You can see notices from the Microsoft 365 admin mobile app. When you open the app, the Home page will automatically show the Health dashboard where you can tap into the Message center or Service Health notices. You can also access both Message center and Service health from the hamburger menu.

 

Microsoft 365 admin mobile app - Home screen. Microsoft 365 admin mobile app - Message center option.

 

Turn on push notifications for both Service Health and Message center by going to Settings > Notifications and tapping the toggles to green for all notifications or tap the arrows next to each and turn on notifications for specific services or notices.

 

Figure 1. Microsoft 365 admin app - Notifications screen. Figure 2. Microsoft 365 admin app - Notifications screen.

Service communications API

You can use the service communications API in Microsoft Graph to access incident and message center posts from Microsoft Intune. The API relies on Azure Active Directory (Azure AD) and OAuth2 so you will need to register and configure your application within Azure AD before being able to access the API. The following steps will walk you through the process of registering your application and running the PowerShell script to call the API.

  1. Navigate to the Azure Active Directory admin center.

  2. Click Azure Active Directory > App registrations > New registration.

  3. Fill out the fields and click Create. Copy the Application ID for later.

  4. Note: Make sure Web is selected for URI, the domain will be used later.

    Registering a new application in the Azure Active Directory portal.

  5. Select the newly created App > API Permissions > Add > Microsoft Graph APIs.

    Adding the Microsoft Graph API to the newly created app registration in Azure Active Directory.

  6. Click Delegated permissions and select "ServiceHealth.Read.All”, repeat with Application permissions and click "Add permissions".

    Adding the ServiceHealth.Read.All permission to the newly created app registration in Azure Active Directory.

  7. Next, click Certificates & secrets > New client secret > Enter name and select expiration > Add.

    1. Copy the "Client secrets" Value for later.

      Azure Active Directory > Certificates & secrets pane with the secret highlighted under the "Value" column.


Microsoft 365 Message center and Service health Power App

You can also leverage the Microsoft 365 Message center notifications and Office 365 APIs to build a Power App to display service health and communication messages accessible right from your phone. To learn more, see: Courtenay Bernier's (PM | Microsoft Endpoint Manager - Intune) blog here.

 

Additional Notes

There are multiple ways to receive message center notices, whether it’s in the admin center, email, Microsoft 365 app, using the service API’s, or building your own Power App, choose the one that works best for you.

 

As always, we want to hear from you! If you have any suggestions, questions, or comments, just let us know through comments on this post or tagging @IntuneSuppTeam on Twitter.

 

Blog post updates

  • 01/13/2021 - Updated with additional clarification on emails from the Message Center.
  • 02/1/2021 - Updated to include Courtenay Bernier's blog on building a Power App to allow quick access from your phone to filter/search on Intune service notifications and availability.
  • 02/11/2021 - We're working on moving the "GetMessages.ps1" script this to its new home (previously on TechNet Gallery).
  • 01/04/2022 – Updated to include the new service communications API in Microsoft Graph (the legacy version of the Service Communications API has been retired).
Updated Dec 01, 2023
Version 25.0
  • Hi MMelkersen_MVP, thank you for the feedback!

     

    We were able to replicate the same 401 error behavior experienced and were able to resolve this by validating both the "Delegated" and "Application" Office 365 Management APIs were added with the "ServiceHealth.Read" permissions with admin consent granted on behalf of your organization.

     

    Note: Once permissions have been granted, please note that it may also take up to an hour for permissions to apply to the created App registration.

     

    You can validate the correct permissions have been applied via the steps below:
    Contoso > App registrations > Office 365 Communications API > API permissions > "Grant admin consent for Contoso".

     

    Note: If granted, you should see a Green checkmark with the text "Granted for Contoso" under the Status column.

     

    Hope this helps!

  • Hi team
    Great post. I am getting error when trying to fetch data. Any ideas? Check API permissions twice and made sure I followed the guide.

     

  • Ashish Chadha's avatar
    Ashish Chadha
    Copper Contributor

    Hi Team,

     

    Brilliant post! I already use a PowerShell script to fetch data from the O365 API. I’d like to highlight that, there are multiple posts for Microsoft Windows too. But for some reason, I am unable to fetch the post for Microsoft Windows Service. Not sure why? Or are there any other/additional permissions required for it? Everything else works just fine.

     

    With the addition of Windows release health blade in the M365 admin portal, how can we fetch this data using the API? It will good to stay up to date on the issues reported and resolved for W10 1909, 20H2 and the recently released 21H1.

     

    Would be great if you can verify this. 

    Thanks,

    Ashish Chadha