With Intune’s October service release (2310), we have five new capabilities to talk about! Application management for Windows, previously in public preview, is now generally available. We’ve added the ability to install and uninstall line-of-business (LOB) apps for devices that run on Android Open Source Project (AOSP). Additionally, we’ve released two new capabilities for Apple devices: Software updates with Declarative Device Management (DDM) and web enrollment with Just in Time (JIT) registration.
Let me know what you think of these capabilities by commenting on this post or connecting with me on LinkedIn.
Application management for Windows
The highly anticipated application management for Windows is now generally available! With this capability, people can securely connect to enterprise resources from their personal BYO Windows device in a secure way. In September, we released support for Microsoft Edge for Business (watch this video to see it in action). In the October release of Intune, the ability to require app protection policy (APP) in Conditional Access is also available with Microsoft Entra ID.
Management for AOSP line-of-business required apps
This month’s release adds the ability to install and uninstall line-of-business (LOB) required apps on devices that run Android Open Source Project (AOSP), expanding our AOSP platform capabilities.
Previously admins needed third-party solutions for this, which meant adding overhead of managing multiple vendors and increasing complexity with solutions that are not integrated into their unified endpoint management solution. Admins can now leverage the existing LOB app flow in Intune, used to manage and protect applications used for all other devices, and select AOSP as the targeted platform after uploading the app. This is particularly useful for organizations who use specialty devices such as the Meta Quest family of immersive headsets and frontline wearables RealWear.
Declarative device management software updates
We’re excited about improvements Apple has made to the software update experience, now available in Microsoft Intune. This capability enables admins to time software updates to minimize interruptions, which can cause major disruption for users ranging from airline pilots to educational institutions.
The new capability, built using Apple’s declarative device management (DDM) protocol, allows managers to enforce Apple device updates to install by a specified time. Previously, admins manually changed update policies or relied on third-party software. However, they were unable to configure specific macOS updates; the only option was “latest update.” They also had no control over the timing of updates and couldn’t prevent them from interrupting users.
With the new capability, the device is aware of the update deadline set by the admin and natively handles the update’s download, preparation, and installation. Admins can also specify a help URL which is displayed with the update in System Settings. This allows organizations to provide helpful information, such as the specifics of the update, deadline, expected number of prompts, and instructions for saving data before a forced device restart.
Web enrollment with JIT registration
Our primary goal for enrollment has always been to provide users an easy and intuitive onboarding experience and get them productive as quickly as possible. Web enrollment with Just in Time (JIT) registration for personal devices is now available to help us achieve this result.
The capability reduces the number of authentication prompts users experience through the enrollment process by leveraging JIT registration, which establishes Single Sign-On (SSO) across the device and performs compliance checks and remediation. Enrollment takes place on the web version of Intune Company Portal, eliminating the need to download another app and switch back and forth between apps.
This capability also allows employees and students without managed Apple IDs to enroll devices and access volume-purchased apps. Web enrollment is available for devices running iOS/iPadOS 15+ in Intune. Admins can opt into this feature as an enrollment method for personal devices.
Let us know what you think!
We want to know how our releases are working for you. Share your input on our latest features by commenting on this post or connecting with me on LinkedIn.
