Innovation is in the air this spring (or fall for our friends in the Southern Hemisphere). I'm pleased to highlight some new capabilities we're bringing to Intune this month. We're adding features that increase secure productivity. Read on to learn what's new and notable this month, then put these features to work for your organization.
Getting down to business
We have three major enhancements to highlight this month that help users get down to business:
Platform single sign-on (SSO) has arrived for macOS device enrollment: This capability helps users with macOS devices get to work faster, with a single sign in and password for their device and apps. Additionally, it enables users to automatically sign in to their Microsoft 365 productivity apps. To learn more, see this article about the rest of the Mac management news.
Windows Autopilot device preparation: Built from the ground-up with an improved architecture, this new Windows Autopilot option offers faster and more configurable self-deployment capabilities. The original, existing Windows Autopilot architecture is still in place and its existing capabilities are all still available to admins. Read more about the new and improved Windows Autopilot.
Enhanced frontline worker (FLW) device management: New capabilities make FLW devices easier to use and manage. One of the biggest improvements is updates to the Managed Home Screen. Get the whole story in this blog post.
More secure and more efficient
We're also introducing capabilities to Intune focused on making it easier to improve security and efficiency.
New security baseline
First is an update to the Microsoft Defender for Endpoint security baseline. Security baselines are one-click collections of policies that can be applied to devices (and device groups) in Intune. This latest update is a super-efficient way to apply configurations recommended by the Microsoft Defender for Endpoint team. It's also based on the Windows unified settings platform, which brings some additional benefits like:
- Quicker turnaround for updates.
- Improved reporting, including per-setting status reports.
- Assignment filter support.
- Improved UI.
- Consistent names across Intune.
We recommend updating baselines to the latest version by selecting the check box for test baseline when they're released:
BitLocker recovery key
The second addition is to the BitLocker recovery key workflow. Traditionally, if a user gets locked out of their BitLocker-encrypted device, they call the Help Desk. With the capability we're rolling out, end users can access their BitLocker recovery key directly from the Company Portal web site, providing a more intuitive and streamlined path to recovery, reducing the burden on support teams.
Admins can disable this feature for users without admin rights and access to logs. For more information, see the documentation on Get recovery key for Windows.
Corporate identifiers
The third capability is an update to the Windows corporate identifiers feature. This can be used as part of any Windows deployment, including the new Windows Autopilot device preparation process.
This change is meant to help you and security teams ensure that only devices that are explicitly authorized can be marked as corporate-owned devices. Organizations can upload a comma-separated, values-formatted (.csv) list of devices, specifying manufacturer, model, and serial number (for Windows devices only). Details will be available in the documentation when this feature is released as it's rolling out apart from the May 2024 update.
Enrollment time grouping
You know that device groups are powerful tools for managing lots of devices. Before the introduction of this new capability, enrollment time grouping, new Windows devices would get policies only once the device's properties are discovered and group memberships are evaluated. The result would have unpredictable wait times before devices were ready to use. The enrollment time grouping feature accelerates the process of group assignment and the time of productivity for end users by skipping the inventory discovery and dynamic membership evaluation phases. Enrollment time grouping is currently available as part of Windows Autopilot device preparation, which is being released at the end of May 2024 and will be expanded to other enrollment methods and platforms in the months ahead. To learn more, read this article on enrollment time grouping and Windows Autopilot device preparation.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.