The Microsoft Intune November (2211) service release includes a new opportunity for user engagement, giving IT admins the ability to deliver key messages natively on Windows 11. Additionally, I know security is top of mind for customers, so we're adding an extra security option designed for admins to strengthen their security posture as part of their management solution. I hope you appreciate these enhancements as deployment wraps up for the month. I look forward to your feedback. Please comment on this post or connect with me on LinkedIn.
A better way to deliver organizational messages
For global organizations that have moved to hybrid work models, it has become clear that better tools were needed to onboard, connect, and engage users. With that in mind, we developed organizational messages for Windows 11, which is now in public preview.
Configurable through Intune, organizational messages provide IT admins with the capability to share key onboarding and informational updates delivered natively through Windows 11 to people within the organization.
These messages help IT admins deliver crucial information to assist users as they ramp up in new roles and learn about the organization, while providing information on new updates and trainings that need to be scheduled. IT admins can deliver messages in three places:
- Get Started app, which can appear the first time a user launches Get Started after enrollment to assist productivity in starting a role and learning about the organization.
- Above the taskbar, a setting which can be scheduled in advance, to deliver urgent notifications such as critical updates.
- Windows notification center messages, which can also be scheduled, are best suited for informational, non-disruptive messages, such as company-wide notifications, new available trainings, or optional updates.
Find more information on organizational messages see the blog post Deliver organizational messages with Windows 11 and Microsoft Intune and watch this video from Ignite featuring my colleague and partner-in-crime Steve Dispensa:
Multiple Administrator Approval
As part of our ongoing commitment to security, it is now possible to require a second approval for important administrator tasks which can be used to approve any change before it is applied.
Let's say your organization is preparing for an app deployment. Through it is possible to create a group of users who are "approvers." These approvers, who may be closer to the app than the IT admins, provide a second layer of security. This means that any changes that are made won't be applied until a member of the approvers group reviews the suggested change and provides an approval.
Approvers can also reject changes and provide notes as to why the change was either approved or rejected. Organizations may also consider requiring an additional administrator approval to help mitigate insider threats such as employees with compromised credentials or simply help prevent mistakes due to human error.
We believe this extra level of protection will provide some additional peace of mind. (Note: The documentation is live, but the capability will take about two weeks to be deployed worldwide.)
Here are two screen shots from the User Interface (UI) for multiple administrator approval. The first shows the familiar Microsoft Intune UI, and the second demonstrates the new UI and granularity for this approval UI.
A screenshot showing where Multi Admin Approval appears in the Tenant admin section of Intune
An example of what a multi admin approval request would look like. The example illustrates that the change requested is to update information about the Android App. The changes are highlighted and the admin has the ability to approve or reject the request, and add approver notes.
Let us know what you think
Please share your comments, questions, and feedback, so we can continue to improve the endpoint user experience and simplify IT administration. Simply comment on this post or connect with me on LinkedIn.