Microsoft Ignite brings lots of exciting news about our innovations in Microsoft Endpoint Manager, via keynote addresses, digital breakout sessions, on-demand content, technical skilling sessions, and more.
To help you stay on top of all of the announcements, this blog post provides a summary, so you have all the announcements related to Microsoft Endpoint Manager in one place. In addition, check out aka.ms/MEMatIgnite to navigate to the most relevant Ignite content for Microsoft Endpoint Manager.
Let's dive into all the news that show the expanding capabilities of Microsoft Endpoint Manager:
Microsoft Endpoint Manager adds management and compliance checks for Linux desktops
To help you move closer to a Zero Trust security model, Microsoft Endpoint Manager is adding Linux workstations to our unified endpoint management solution, with preview functionality to be released in early 2022. IT Administrators can use the same unified solution they use to manage other endpoints (Microsoft Endpoint Manager) to also manage Linux desktops. By extending conditional access policies to Linux devices, a single set of protection policies and configurations can be used to ensure secure access to company resources across even more device types. Aka.ms/LinuxMgmt
Introducing custom compliance for Windows
Compliance plays a critical role in your Zero Trust story by protecting your data through device posture signals sent to Azure Active Directory. Custom compliance for Windows enables administrators to write a PowerShell script to detect almost any setting, such as the BIOS version, and report that back to Microsoft Endpoint Manager's device compliance engine. Administrators can provide a JSON definition file for each custom compliance setting. This file includes remediation messages, which help users learn how to get compliant again. Custom compliance provides more flexible and better security across your Windows digital estate, and will be in public preview in the November release (2111) of Microsoft Endpoint Manager. Aka.ms/MEMcustomcomplianceWindows
Manage security policies for unenrolled Microsoft Defender for Endpoint devices
We're gradually rolling out the public preview of the ability to manage the security policies of devices onboarded to Microsoft Defender for Endpoint that are not managed in Microsoft Endpoint Manager. With Microsoft Defender for Endpoint and Endpoint Manager, you can bring devices that have been traditionally unable to enroll in Microsoft Endpoint Manager into the same security management control surface as your other managed devices. This increases your ability to deploy and monitor security management policies in a consistent, unified way. Aka.ms/MEMDefenderChannel
General availability of Microsoft Connected Cache
To help offset the burden caused by downloads of Microsoft content at office locations with limited bandwidth, we are making Microsoft Connected Cache for Microsoft Configuration Manager generally available this month. Adding Microsoft Connected Cache to a distribution point requires just a few clicks, and your devices managed by Configuration Manager will automatically begin downloading cloud content from Microsoft Connected Cache. When Microsoft Configuration Manager version 2111 becomes available, you can join the organizations from around the world who, in preview, freed up bandwidth. These approximately 1,000 organizations saw up to 98% of their Microsoft content come from Microsoft Connected Cache or devices that shared content via the native delivery optimization peering capabilities in Windows. To learn more about Microsoft Connected Cache, read the documentation here and check out this blog post.
Deploy DMG type applications to managed Macs
At Ignite, we announced the expansion of the set of apps that Microsoft Endpoint Manager can deploy to Macs. This expansion will allow you to upload DMG app-type and Intune will store and deploy it. The ability to deploy DMG app-type consolidates earlier enhancements, such as the ability to review macOS line-of-business application content. This change made intunemac files more transparent and app installation issues easier to troubleshoot. The new DMG deployment workflow will support "required", "uninstall" and "available with enrollment" assignment types. "Required" and "uninstall" assignment types will be available in preview in Q1 CY22. DMG deployment will be made possible with a new app deployment workflow that is orchestrated by using the Intune MDM agent for Macs. Learn more about reviewing macOS line-of-business application content and our listening to our technical skilling session at Ignite.
Just-in-time registration for iOS/iPadOS Setup Assistant with modern authentication (automated device enrollment)
At Ignite, we announced an improvement to the iOS/iPadOS Setup Assistant with modern authentication workflow, called just-in-time registration. This new capability makes the original Setup Assistant with modern authentication flow simpler and quicker by reducing the authentication prompts needed to register the device with Azure Active Directory. A preview is planned for the first half of 2022. "Just-in-time" registration will streamline the modern auth automated device enrollment flow by Azure Active Directory (Azure AD), reducing authentication prompts to include only two in total: one authentication to enroll, and one authentication in a Microsoft 365 app to complete Azure AD registration. The two end user authentications will ensure that the device is fully enrolled, registered with Azure AD, and device compliance is assessed and reported back to the admin. We are using Apple's single sign-on (SSO) extension functionality to handle Azure AD registration within the Office app itself, which also ensures that SSO is established across the device.
Announcing a new Microsoft managed service to update Windows devices
Microsoft has announced a new managed service for Windows updates, Microsoft Managed Desktop Plan 1. With this new monthly subscription service, organizations can offload the routine tasks of managing Windows 10 and Windows 11 environments to Microsoft engineers, allowing IT teams to focus on other priorities. Microsoft Managed Desktop Plan 1 service complements the existing Microsoft Modern Desktop offering. The existing service for complete IT outsourcing will now be called Microsoft Managed Desktop Plan 2. Learn more aka.ms/MMDIgnite21
Microsoft adds Android Open Source Project support
In October 2021, we announced the ability to manage devices that run on Android Open Source Project (AOSP) in Microsoft Endpoint Manager. This functionality is now available in public preview. These devices do not have access to Google Mobile Services (GMS) – such as the Google Play store and capabilities delivered in Google's Android Enterprise management offering -- and therefore require a new management approach in Microsoft Endpoint Manager. The launch of AOSP management for corporate devices further expands the platforms that can be managed in Microsoft Endpoint Manager. Importantly, it extends our capabilities with specialty or purpose-built devices, often used by frontline workers, meaning even more types of endpoints can be managed on one cloud connected platform. Endpoint Manager starts with supporting RealWear as the first device running AOSP.Learn more at aka.ms/MEMAOSP
Microsoft Endpoint Manager empowers Amedisys to provide better in-home care
We are always excited to learn how our customers use Microsoft solutions to make an impact every day. We are pleased that Amedisys has allowed Microsoft to publish their story about how they use Microsoft Endpoint Manager to protect endpoints used by 21,000 in-home care clinicians. Amedisys wanted to keep the experience for their frontline clinicians as seamless as possible, without sacrificing security. Mobile devices managed by Microsoft Endpoint Manager empowered them to achieve this goal and provide superior in-home care.
We are improving Microsoft Endpoint Manager continually, and make announcements often, not just during Ignite. If you are interested in ongoing news about Microsoft Endpoint Manager, we invite you to follow the Microsoft Endpoint Manager Blog and @MSIntune on Twitter.