What's new in Microsoft Endpoint Manager - 2201 (January) edition
Published Jan 28 2022 11:00 AM 15.8K Views

This month, I want to highlight three exciting new developments from the January release. First, we are pleased to announce simpler mobile security for iOS users as Microsoft Tunnel client functionality is added to the Microsoft Defender for Endpoint iOS app. Second, our filters capability enters general availability enabling IT admins to filter faster and more easily by device type, app, user, or scenario. Third, we are streamlining the process for app installation on macOS devices by enabling .DMG app installation in preview.

As usual, I appreciate your feedback and I hope you enjoy these behind-the-scenes stories of features that are newly released or coming soon. Comment on this post or connect with me on LinkedIn.

Simpler mobile security for iOS users with the unified Microsoft Defender for Endpoint and Microsoft Tunnel

After last year’s announcement of the addition of Microsoft Tunnel client functionality to the Microsoft Defender for Endpoint app, we also saw huge interest and adoption when we released the Defender for Endpoint App for Android.

The iOS client version has been highly anticipated, and we’re excited to say that it’s now available in preview! This means that mobile devices—whether Android or iOS—will take another leap forward in VPN security.

Microsoft Defender for Endpoint with Tunnel is a secure, VPN connection for managed devices. So, employees that download the Defender for Endpoint app on their iOS device will get a more holistic mobile threat defense solution. This solution enables secure and productive remote work and is fully configurable from Endpoint Manager.

To use the new, Tunnel-enabled version of Defender for Endpoint, users can download it directly from the Apple App Store. After installing, you will be able to:

  • Use the same Microsoft Tunnel Gateway server environment—no network infrastructure changes are needed.
  • Deploy VPN profiles for Microsoft Tunnel for the new version of the Defender for Endpoint app.

Steps to migrate from the Microsoft Tunnel client app to the combined Defender for Endpoint client are at https://aka.ms/tunnelmigrate.

Try it out today and share your feedback! Watch the video linked below for a short demo:

Using filters to ensure the right policies are deployed to the right set of devices

I am beyond excited to announce the general availability of filters in Microsoft Endpoint Manager. It’s great to be able to bring filters to a broader audience, especially when our preview customers have said things like "the ability to easily include or exclude devices from policies and configurations based on device properties is extremely useful."

Filters can be used with apps, policies, and other Endpoint Manager workloads to achieve new granular targeting scenarios at lightning speed. They give IT admins more flexibility when managing a diverse fleet of users, devices, and scenarios. Filters also help IT admins protect data within apps, simplify app deployments, and accelerate first-time device setup.

Filters ensure that policies, updates and apps can be selectively deployed to a subset of devicesFilters ensure that policies, updates and apps can be selectively deployed to a subset of devices

Here are some of the ways that customers have leveraged filters to accomplish granular targeting:

  • Deploying Settings Catalog profiles to only a subset of Windows devices (e.g., only applying to corporate devices or devices stamped with an "engineering" device category.)
  • Managing Device Firmware Configuration Interface (DFCI) settings for specific Autopilot devices, using naming convention or operating system version.
  • Applying Enrollment Restrictions to users so they block enrollment of Windows 10 Home Edition devices.
  • Customizing the Windows setup experience for users with the Enrollment Status page, targeting a different experience for Windows 11 devices while keeping the existing page for Windows 10.
  • Applying Windows device restriction policy to just corporate devices (not personal devices) for users in a specific department such as Marketing.
  • Deploying an iOS app to only iPads (not iPhones) for users in a single group, such as Finance.
  • Defining a company-wide compliance policy for all Android mobile devices but excluding Android-based meeting room devices which require different compliance settings.
  • Deploying script packages to a subset of Windows devices for proactive remediation, reducing support calls, and improving security.

We continue to improve filters, so keep the feedback coming and we will bring you more amazing ways to target workloads in 2022.

Making it easier to add third-party apps on macOS with .DMG installations

One of the top requested features from customers using Endpoint Manager for macOS devices has been support for installations of .DMG files. At Ignite, we announced our plans to deliver this, and today, I’m pleased to say that this feature is going into public preview.

To provide some context: for PC users, installing new apps is straightforward, using a .EXE file extension. Equally, the management of 3rd party installs on PCs has always been easy with Endpoint Manager.

The equivalent on macOS has, up to now, required a painstaking process for IT admins. Endpoint Manager previously only supported the installation of files in .PKG format. For customers needing to install macOS files in .DMG format, a conversion was required, from .DMG to .PKG, sign the app, and then use the wrapping tool to convert it to .INTUNEMAC format.

Customers have shared with us that the conversion process was either time-consuming, or, at smaller firms, costly, as they lacked the capabilities in house. This became a growing issue in recent times as admins have had to manage a broader array of devices (including a greater mix of macOS) as employees worked from home on their personal devices. Enabling .DMG file extension installations for macOS is an important step forward; as one of the top requested customer additions it’s one of several enhancements we look forward to adding for macOS management.

If you are already using Endpoint Manager, this new capability will be updated in the 2201 release. You can now simply upload the .DMG app and it will be deployed.

Further operational details are available in this short video:

Let us know what you think

We’ve been rolling up key feature releases through these posts. Please share your feedback on the features so we can continue to improve the user experience and simplify IT administration. You can also share comments, questions, and feedback by commenting on this post or connecting with me on LinkedIn.

Version history
Last update:
‎Jan 28 2022 09:34 AM
Updated by: