This month, we have three exciting additions to our Microsoft Endpoint Manager April 2022 release. First, we have two capabilities focused on simplifying your management experience that reached general availability: a built-in multi-session manageability for your virtual desktops and a more holistic mobile threat defense solution for iOS. In addition, we are continuing to deliver on customer asks for more macOS manageability with over 185 new macOS management and security settings integrated into Endpoint Manager.
I hope you enjoy these behind-the-scenes stories as deployment wraps up for the month, and I look forward to your feedback. Please comment on this post or connect with me on LinkedIn.
With the shift to hybrid workplaces, more organizations are adopting virtual desktop solutions, such as Azure Virtual Desktop, and need to be able to manage and secure them. Azure Virtual Desktop multi-session VMs help reduce cost and are often used for shared scenarios, such as help desk or call centers. For example, a customer can enable 20 help desk employees, regardless of physical location, to use the same secured VM at the same time without disrupting each other's work while also saving on VM usage costs. In this release, we're announcing general availability of Endpoint Manager device configuration for Azure Virtual Desktop multi-session virtual machines (VMs). You can now manage your multi-session VMs using the same management experience you use to manage your physical Windows 10 and 11 devices—without the need to create and maintain custom OS images. This capability is now also available in Microsoft Intune Government Community Cloud (GCC High) and Department of Defense environments.
You can also leverage Azure security features in addition to Microsoft 365 security features for your VMs, such as Conditional Access, and you can apply Defender Tamper Protection and granular antivirus policies too. Using secured VMs ensures that users can connect to a secure environment from any device. Conditional Access policies support both user and device-based configurations for Windows 10 or Windows 11 Enterprise multi-session.
To get started with multi-session VM management in Endpoint Manager, see the following resources:
Customers have asked for a simplified, secure mobile VPN connections for managed devices. Back in January, we announced the preview release, and today we're announcing that Microsoft Tunnel VPN capabilities with Microsoft Defender for Endpoint will be generally available early May as an integrated solution in the Microsoft Tunnel app for iOS. Users can now enjoy a simpler mobile experience with just one app, and your organization gains a more holistic mobile threat defense solution that enables secure and productive remote work.
The solution is fully configurable in Endpoint Manager and provides connectivity and security into one app, integrates with Conditional Access, and combines risk signals from Microsoft Defender and other compliance settings to stay up to date. For example, a common scenario the solution is built to mitigate is when a user accesses corporate email and unknowingly opens a phishing email. Microsoft Defender stops the attack from happening and blocks the site, while still allowing access to other safe internal sites.
Customers appreciate how much easier it is to configure the integrated solution as opposed to multiple stand-alone solutions. One of our customers in preview was able to migrate from the standalone client to the combined Microsoft Defender and Tunnel for Endpoint earlier than expected due to experience in preview using the solution–they appreciated not having to choose between security and connectivity.
Review the content below to learn more about the secure mobile VPN experience for iOS:
To learn more about the settings integrated into macOS:
Please share your comments, questions, and feedback so we can continue to improve the endpoint user experience and simplify IT administration. Simply comment on this post or connect with me on LinkedIn.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.