We often hear feedback about the balance between optimizing for productivity and security. The choice to prioritize experience or protection shows up in device provisioning, support processes, and day-to-day administration. In this spirit, I’m happy to share a few updates to Intune that will help IT admins balance security and productivity for their end users. For a comprehensive view of updates, visit the documentation.
More unified cross-platform endpoint management
We use the metaphor “single pane of glass” to describe the ideal management environment: one that enables visibility into all your devices and platforms and reduces the need for switching tools (and its associated costs in time and attention). Last year, we declared that macOS device management with Microsoft Intune was entering a new era of capability, and with this month’s additions, the view is getting clearer and wider. I’m pleased to share the general availability of “await final configuration,” a feature of the automated device enrollment process that prepares the device for users before they reach the desktop.
The new “await final configuration” for macOS Automated Device Enrollment (ADE) provides the Setup Assistant experience for end users while company device configuration policies are downloaded and applied. The intent is for the device to be set up with the correct policies such as VPN and WiFi profiles, before end users land on the Home Screen, so there is no confusion or gaps to get productive and be secure. This capability is covered in detail in the new guide to macOS device enrollment.
Autopilot enhancements
On the same lines of delightful end user experiences, we’re adding a new setting in Autopilot deployments, which gives admins flexibility to install critical applications and get their users to be productive as soon as possible.
Previously, required applications could be installed under one of two conditions: block for all apps, where any application install failures during the technician phase would cause the entire deployment to fail, or block for some apps, which would only install specified apps during the technician phase and leave the rest for the user phase.
The new setting allows administrators to block only for selected apps and continue if other applications fail to install during the technician phase. For those non-blocking applications, the installation will be tried again when the user signs in for the first time. This new option is based on our customer feedback and will lead to better and more efficient provisioning experiences for end users and administrators.
More efficient updating
We saw a tremendous response from organizations when we introduced driver and firmware updating capabilities to Intune last June. We’re excited to announce a new capability to approve driver updates in bulk. This is especially helpful for those who want to retain manual approval over driver deployment, but have a diverse set of devices to manage. We hear from organizations who need to edit 50 or even 100 drivers at a time, so we know this will increase their productivity greatly. For those who use automatic approval, this bulk editing capability will help you with drivers that aren’t included in automatic approvals. This includes most firmware updates, saving even more effort. For those who previewed the functionality found it especially helpful to be able to schedule driver and firmware updates at the same time as quality updates. This reduces the number of reboots that may be needed by end users. For more details, look for updated documentation on Windows Driver update management in Microsoft Intune.
Hopefully we’ve given you reasons to be excited and keep your focus. How do you anticipate using these new Intune features? Let me know by reaching out to me on LinkedIn or in the comments below.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.