New Microsoft Intune features help secure your Windows devices
Published Nov 15 2023 08:00 AM 12.9K Views

In today's rapidly evolving digital landscape, security matters are a major concern for every enterprise. The need for comprehensive security measures has become urgent with the increasing complexity of technology and expanding responsibilities for safeguarding data. As businesses strive to adapt to these dynamic challenges, the role of Microsoft Intune in configuring and managing the latest security updates for Windows devices is more crucial than ever.

Head of Digital Workplace, IT Automation and Quality at SEB sums it up well:

"Microsoft Intune and Windows within Microsoft 365 is helping us to empower our employees with collaboration, communication, and productivity tools, which can streamline work processes, enhance team collaboration, and strengthen the security posture by leveraging an Always Verify [Zero Trust] framework within SEB."

More secure productivity for end users and Intune admins

The tension for IT admins between keeping devices and data secure and reducing friction in daily operations for users has been easing. This progress will continue thanks to these recently announced and forthcoming innovations.

Recent updates

Local Admin Password Service (LAPS) is now cloud-based

Screenshot of the Local Admin Password Service in the Microsoft Intune admin center.png

Once exclusive to on-premises management, Intune now enables admins to manage, rotate, backup, and report on the local admin accounts of Windows devices more efficiently.

  • No on-premises management needed.
  • Improve security and remote help outcomes for devices.
  • UI-based management removes the need for PowerShell or Graph API calls.

To learn more about cloud-based LAPS, see Microsoft Intune support for Windows LAPS.

Mobile Application Management (MAM) for Windows is now generally available

Users of unenrolled Windows devices can now securely access company resources by signing in to and using the Microsoft Edge browser, encouraging productivity and meeting users where they are while maintaining security.

  • Relieve password fatigue while avoiding inadvertent or malicious data leakage.
  • Allow users signed into Microsoft Edge for Business browser on their personal Windows devices to access business resources.
  • Only healthy and protected devices will get access.
  • No enrollment of devices required.

For a quick demo, watch MAM for Microsoft Edge for Business on Windows.

Coming in early 2024

We'll continue to announce previews and general availability dates through our upcoming blog posts and social media channels.

Configuration refresh

Mitigate the impact of malicious or inadvertent changes by enabling a refresh of a settings catalog configuration. Enabling will overwrite the policy in question on a fixed schedule with a minimum of 30 minutes.

Screenshot of ConfigRefresh is enabled in the Configuration settings with a 90 minute refresh cadence.png

  • Undo changes to registry keys and other configurations.
  • Scheduled cadence with no check-in required.
  • All configurations are deployed through policy configuration service provider (CSP)-eligible.
  • Coming Q1 2024.

New Windows security baseline

  • Preconfigured settings to take advantage of the latest OS capabilities.
  • Windows 11 and Windows 10 supported.
  • Coming Q1 2024.

To check for Windows security baseline updates, see Available security baselines.

Windows hardware-backed device attestation report

  • For easier discovery, search, sort, and filter more settings, including those available in Microsoft Azure Attestation for Windows 11 devices.
  • Enhanced scaling and paging improve the experience, especially with many Windows devices to manage.
  • Export in the background to stay productive.
  • Scope tags will limit visibility to authorized admins.
  • Updated presentation improves consistency with other reports and UI across Admin Center.
  • Import and export unified settings platform (aka settings catalog) policies.
  • Reuse and adapt existing configuration profiles.
  • JSON file format makes editing and adapting easy.
  • Coming Q1 2024.

Windows Subsystem for Linux (WSL)

  • Manage from Intune.
  • Control access to WSL, WSL commands, and WSL settings.
  • Administer key WSL security settings.

Microsoft Tunnel upgrades

  • Expand secure access to company resources with improved capacity and enhanced reporting.
  • Support up to 20,000 devices per Microsoft Tunnel Gateway server.
  • Easier Microsoft Tunnel Gateway troubleshooting, including centralized log capture.

See Upgrade Microsoft Tunnel for Microsoft Intune to watch out for any updates.

Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.

1 Comment
Version history
Last update:
‎Nov 14 2023 12:01 PM
Updated by: