Protection on shared devices, Setup Assistant with modern authentication, and insights into OS health - What’s New in Microsoft Endpoint Manager - 2104 (April) Edition
This month, we’re releasing new capabilities that update the user experience across multiple platforms. You can view the complete list of What’s New in the 2104 (April) release for details. I previewed a few of these new capabilities at Ignite; now, they are here for you to use! As usual, I appreciate your feedback. Please feel free to comment on this post, connect with me on LinkedIn, or tag me @RamyaChitrakar on Twitter.
Protect privacy and data on Android Enterprise-managed devices shared by frontline workers
Frontline workers that share dedicated devices perform critical jobs like maintaining supply chains, serving as first responders, and caring for patients. This month we’re announcing general availability for IT to configure and enable users to enroll Android Enterprise dedicated devices into Azure AD Shared device mode. Organizations can now protect privacy and data on Android Enterprise managed devices shared between workers. I’m excited for the value the team is delivering to ensure that frontline workers have access to the tools and technology they need with the appropriate level of security, regardless of the device they may be on.
Shared device mode on Android Enterprise devices offers single sign-in, single sign-out, and data clearing across applications written to support multiple users. This manageability provides privacy between users and reduces the number of steps frontline workers need to take to work in their apps. Today, Microsoft applications optimized for Shared device mode include Microsoft Teams and Managed Home Screen.
Here's a frontline worker day in the life shared device experience from starting their shift to ending their day, all the while collaborating on Microsoft Teams:
More apps are coming soon; this is just the beginning. You can optimize your company’s private applications for Shared device mode by following our guide. When you configure an Android device with Shared device mode, you can also apply additional security measures such as Conditional Access policies to reduce the risk of unauthorized access to company data from shared devices while optimizing the experience for users. For example, you can manage the requirement for multi-factor authentication for users who may not carry their primary device during shifts.
Setup Assistant with modern authentication for Automated Device Enrollment on iOS/iPadOS/macOS
Many of you shared that you want a quick, secure, and easy authentication method that won’t stop employees from immediately starting to work for your purpose-driven iOS/iPadOS and macOS devices. This month, we released a public preview of Setup Assistant with modern authentication for Automated Device Enrollment. This new enrollment method allows your employees to start using these managed devices right after enrollment without waiting for the Company Portal to install on a locked down device.
With the security that comes with modern authentication, you can now configure your Azure AD settings within a Conditional Access policy to require multi-factor authentication either during enrollment in the Setup Assistant or upon authentication in the Company Portal. For apps that support it, you have a single sign-on experience while layering on your security and compliance requirements, if desired. Additionally, as part of this secure enrollment flow, if your user lands on the home screen post-enrollment and tries to open a resource protected by Conditional Access before signing into the Company Portal, we’ve added a user experience that will guide them through authentication. You can read more on how to configure these scenarios in this post.
Let’s look at Setup Assistant with modern authentication:
Windows restart frequency report in Endpoint Analytics
Finally, I previewed the Windows restart frequency feature in the Ignite Edition of What’s New. Since this is such a frequently asked for feature, I thought it important to share that this capability is generally available now for you to fully configure.
Use Endpoint analytics to measure and review device start-up time, restart frequency, and drill down on disruptive restarts, such as those caused by blue screens. The full power of analytics can also help you determine if a user has an abnormally high number of unexpected restarts, enabling you to more quickly troubleshoot and take appropriate action.
Here’s what the restart frequency looks like in the Microsoft Endpoint Manager admin center, and the following screen shot shows additional OS restart history:
We are always working with our customers’ needs top of mind. We listen to your feedback and make changes and investments based on your goals to improve the user experience as well as help simplify IT administration. Next month I expect you’ll see more focus on capabilities that improve the administrator experience. Questions? Feedback? Comment on this post, connect with me on LinkedIn, or tag me @RamyaChitrakar on Twitter.