The most resilient IT environments aren't just reactive, they're built with hardware-level contingencies, flexible deployment methods, and automation that works asynchronously. Behind every new capability is our team of Microsoft Intune engineers, who think about the real-world problems IT admins face every day.
They're the ones building solutions that address questions like, 'What if a device goes offline and you can't reach it?' or 'How can we make a complex app installation less likely to fail?' This month’s updates are the result of that ongoing work — updates that give you early access to offline Intel vPro devices, PowerShell scripts for those fragile app deployments, and day-zero compatibility for Apple’s new operating systems. We’re also excited to share new AI enhancements that can optimize Cloud PC experiences and reduce costs.
These aren't just new capabilities; they're our way of getting ahead of and solving challenges that impact customers’ business every day.
Hardware-level management adds business resilience
When a device won't boot, traditional remote management fails. Companies with Intel vPro devices now have a better option. Microsoft has worked with Intel vPro Fleet Services, bringing hardware-level management directly into the Intune admin center. IT admins can recover and troubleshoot devices even when they're powered off. With Microsoft Entra ID single sign-on, IT teams gain authenticated access without requiring additional infrastructure or licensing.
After gaining access, IT teams can use Intel Active Management Technology (AMT) to get out-of-band management independent of the primary operating system. Teams can perform BIOS and OS recovery of Intel vPro devices from 2018 or later. This capability can help to build resilience for an Intel-powered fleet of devices. When standard remote access fails, hardware-level management ensures IT teams can still reach and recover critical business devices, helping to restore availability and maximize user productivity.
Comprehensive Apple device management on day zero
Apple's iOS/iPadOS and macOS 26 releases bring new capabilities that organizations want to use immediately, but they can sometimes introduce configuration requirements that can't wait. Our Intune team has extensively evaluated existing Intune endpoint management functionality against the changes introduced with Apple’s new operating systems to ensure compatibility. We added new settings introduced in the latest Intune releases and updated our OS version support statement to align with Apple's recommendations, ensuring end users can safely use new capabilities from Apple on day zero. The settings catalog now supports new iOS/iPadOS and macOS settings, including audio accessory configuration, Safari controls, security restrictions, app defaults, and web filtering. For more information on these settings, read our recent blog on day zero support for iOS/iPadOS and macOS 26.
Updated Purebred derived credentials experience
Companies using Purebred-derived credentials for personal user affinity devices will benefit from Intune Company Portal support for the improved Purebred 3.0 experience available with iOS 26.* For devices without user affinity, we're maintaining our established support model: the three most recent OS versions receive full support, while older versions within range remain allowed with baseline functionality.
This approach helps to ensure that Apple device management doesn't create deployment delays. IT admins can confidently update to the latest Apple operating systems knowing that Intune capabilities will work as expected from day one.
Installer script support that delivers control for application deployment
Application deployment has traditionally been limited to command-line configurations, which can restrict customization and preparation work that complex installations often require. IT admins need the flexibility to configure environments, validate prerequisites, and perform post-installation tasks within a single deployment workflow.
Intune now supports PowerShell installer scripts for Enterprise Application Management (EAM) catalog apps, giving IT admins the option to use the command-line approach with flexible scripting capabilities.** Admins can upload PowerShell scripts for installation and uninstallation processes, with Intune executing these scripts using the same privileges and context specified by the app installer.
This capability enables IT teams to configure user environments before installation, validate that installation requirements are met, prepare the operating system for specific applications, and perform cleanup or configuration tasks after installation completes. These scripts can report success and failure through standard exit codes while maintaining the same deployment reporting that administrators expect.
With installer script support, administrators can build sophisticated deployment workflows and ensure applications are installed correctly across diverse environments. If you are not yet managing applications in Intune, read our blog on this exciting app packaging partner offer.
AI-powered insights optimize Cloud PC experiences
Copilot in Intune now can reason over data about Windows 365 Cloud PCs, enabling administrators to gain insights into connectivity trends, optimize license usage, identify and resolve performance issues, and detect deployment gaps in Cloud PCs through AI-powered analysis and recommendations.
This represents an evolution of endpoint management cloud-first scenarios where traditional device metrics sometimes can’t tell the complete story. By bringing AI-powered insights to Cloud PC management, organizations can ensure their virtual desktop investments deliver maximum value while maintaining optimal user experiences. For a deep dive into the specific Copilot in Intune capabilities, check out this blog.
From hardware-level recovery capabilities to cloud-based AI insights, this month's updates are all about making endpoint management more resilient, easier to update and deploy, and empowering IT admins to make more informed decisions more quickly and cost-effectively. And as always, we look forward to your feedback—let us know what you think in the comments below.
*If your company is planning to upgrade to the latest version of Purebred, the IT admin should update to Company Portal version 5.2509.0 to ensure compatibility.
**EAM catalog app script support is not yet available in Government Community Cloud High (GCCH) environments.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.
Microsoft