The days in my part of the world have been long and hot. Often my emails are met with out-of-office replies as my colleagues and friends are taking time to recharge outside of work. It reminds me of just how valuable time is—in regard to both productivity at work and intentionality about disconnecting and prioritizing other parts of life. Fortunately for us all, improvements to Microsoft Intune don’t take summer holidays—and I’m highlighting three new capabilities this week that will help IT admins and users alike to allocate less time to endpoint management and more time to their other priorities, like adding value in the enterprise or enjoying family and friends.
Use Copilot to help create Kusto queries for device query
In January this year, we announced a device query capability for Microsoft Intune Advanced Analytics that enables you to get near-real time access to data about the state and configuration of devices. Device queries are authored in the Kusto Query Language (KQL), which isn’t a skill all IT administrators have developed, but I’m pleased to announce that, thanks to Microsoft Copilot in Microsoft Intune, getting device information and context is becoming simpler. This new capability, now in public preview, lets administrators ask Copilot for device data. If the question can be answered with device query, Copilot will generate a KQL string that can be pasted into Intune Advanced Analytics to get the answer. This equips admins without comprehensive knowledge of KQL to get the data they need more quickly—and is an ideal example of how Copilot can and will continue to empower IT admins of all skill levels to perform advanced tasks with ease, thus improving the endpoint management experience.
You can find more about this new capability in the Copilot in Intune documentation.
Users can install macOS apps on demand via Intune
We’re proud of the advances we’ve made in macOS device management over the last year—especially how we’ve been able to address the requests from you. Our newest improvement introduces options admins can offer to users for downloading unmanaged applications (in PKG and DMG format) via the Intune Company Portal app. We have added the “available” assignment type alongside the familiar “required” type, so you won’t need to rely on the line-of-business app workflow or third-party tools to deploy optional applications. This is a time-saver for administrators and users alike, and it is one of the most requested features from Mac device administrators, so I am especially pleased to see this capability available. More information can be found in the documentation on unmanaged PKG apps and LOB DMG apps.
Windows 365 Cloud PC security baseline updates
Configuring security settings can be time consuming, and for those who aren’t experienced, it might be confusing. Security baselines are policy templates you deploy with Intune to establish Microsoft Security–recommended settings in just a few clicks, and we’re pleased to announce the first update to the Windows 365 security baseline. We recommend adopting this baseline to help protect against security threats. Because this baseline is built with new technology, you’ll also get:
- Faster deployment of baseline version updates
- Improved user interface and reporting experience (such as per-setting status reports)
- More consistent naming across Intune portal
- Elimination of setting “tattooing”
- Ability to use assignment filters for profiles
These baselines can be customized to meet your specific needs. In the case of this upgrade, you’ll need to manually update your customizations, if any, from the previous baseline. See Deploy security baselines for Windows 365 for more details.
Your input is vitally important to our continuous product development—let us know what features you want to see next through our feedback portal.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.