The endpoint manager's guide to what's coming in Windows 11
Published Apr 05 2022 08:00 AM 19.8K Views

From the chip-level configuration of devices to keep them secure to curating the experiences of end-users, endpoint management is essential to deliver the best possible experience for Windows. Hybrid work is driving change and even more responsibility and complexity in managing the health and performance of your end user computing landscape – which is why Microsoft Endpoint Manager is designed to make it simple and cost-effective to manage the Windows experience (and why it is one of the most widely-used platforms.)

The capabilities we are adding to Endpoint Manager now and in the future for Windows 11 are aimed at making management simpler – with more automation, insights, protection, and enabling more productivity.

Today we shared vision for Windows in the digital event "Windows Powers the Future of Hybrid Work" and here in this article we highlight the innovations that demonstrate the intrinsic connection between Windows and Endpoint Manager and the value that connection will bring in the now and in the future.

Keep focus on the user experience

The superpowers that IT teams have demonstrated to support the abrupt transition to remote work (and now to Hybrid work) could not have been accomplished without the tools to be laser-focused on the end user experience. Microsoft will continue to empower IT to keep end users in the center of everything they do.

For example, application management for Edge in Endpoint Manager will help ensure that employees can securely work from virtually anywhere and access company information. Even from their unmanaged personal computers, we will enable them to use Microsoft Edge for Windows to securely access company resources. With app protection policies applied to Edge, administrators will be able to configure how data flows in and out of the organization as well as define allowable threat levels. Giving control to administrators to set these parameters empowers them to keep users' needs in focus.

Creation of an app protection policy to enable users to allow access to company resources on unmanaged devices though Microsoft EdgeCreation of an app protection policy to enable users to allow access to company resources on unmanaged devices though Microsoft Edge

Also, to send not-to-be missed messages to people with Windows 11 devices, we will enable IT administrators to use Endpoint Manager to target messages to specific users. Whether on a user's lock screen, right to their desktop, or just above the taskbar, administrators can be sure their organizational messages land right where their users need them.

In the coming months, we will introduce Universal Print settings in Endpoint Manager. This will enable configuration by Client-Side-Policy (or CSP), and provide a Universal Print specific user experience to allow policy configuration, all with no CSV files to manage. These enhancements will make Universal Print even easier to manage, helping organizations move away from print servers and local print drivers and get more value from cloud management and cloud printing.

Manage your upgrade to the cloud and Windows 11

For extra insights before upgrading to Windows 11 and rolling out updates, the new Update Readiness toolset enables application and driver reporting at the device level. For administrators that already use Endpoint analytics or Desktop analytics, this capability will be available in preview in the April release of Endpoint Manager. The "compatibility risks report" will help admins avoid downtime by addressing potential blockers like safeguard holds before pushing out an update. After consulting the ";device readiness report" IT can rollout updates to devices with confidence.

Update readiness report for Windows in Endpoint ManagerUpdate readiness report for Windows in Endpoint Manager

Windows works smoothly with the cloud management capabilities of Endpoint Manager to help you efficiently and securely manage your IT environment. That includes the lifecycle and protection for all endpoints, whether physical or in the cloud. To make it easier to migrate your endpoints to cloud management, organizations will soon be able to use Group Policy Analytics capabilities to import Group Policy objects (GPOs) from your on-premises system into the Settings catalog. This can make the translation of on-prem group policy to online management easier, faster, and give administrators greater assurance that the settings they rely on will follow them to the cloud.

For a more detailed discussion on planning and managing your transition to cloud management, visit this blog post and watch the Microsoft Mechanics video here.

Improve Windows device security and IT productivity

Chip-level endpoint management – specifically related to drivers and firmware – is getting more robust. In a future release, you will be able to actually install drivers and firmware through Windows Update for Business. This will bring the same tools used for software updates with the same safeguards, approval, and scheduling abilities to firmware and driver updates, enabling device updates to enhance protection or improve performance.

Also coming in the future is intelligent rollout prediction functionality to help IT target updates to only the devices that are likely to have a high success rate – before pushing an update. With more successful updates comes more bandwidth for admin, and predictive reporting lets admins address issues and remediate. (Editor's note: If this is exciting, be sure to check out the Windows Autopatch announcement!)

With the future release of Windows 11, more comprehensive driver and firmware management capabilities will be added to Endpoint Manager. A scanning function will allow for the identification of endpoint drivers and firmware versions that have been installed- ideal for troubleshooting. Approval tools will give control to administrators over what drivers and firmware can be changed. Deployment and monitoring features will give endpoint managers visibility into rollouts and the ability to manage installation.

An additional way Endpoint Manager helps to improve an organization's security is through the introduction of dual administration approval. For tasks that warrant explicit verification, involve sensitive systems, or are otherwise high-risk, we will introduce the ability to require two admins to approve changes or administrator actions such as app or script deployments. This will not only guard against careless or inadvertent actions but also protect against any malicious intent or bad actors and will be included in the April release of Endpoint Manager.

We are excited to bring new endpoint management capabilities for Windows to Endpoint Manager on a regular basis and continue to help simplify how you can manage and protect your digital estate. With future releases of Windows 11, on premises, in the cloud on an Azure Virtual Desktop or a Windows 365 Cloud PC, all can be provisioned and protected with Microsoft Endpoint Manager. To learn more about these developments and more, please be sure to watch the keynote and breakout sessions at the digital event, Windows Powers the Future of Hybrid Work, as well as the articles and resources provided below.

Further reading

Return to the Microsoft Endpoint Manager blog home. Join the conversation on Twitter at @MSIntune and LinkedIn.


Version history
Last update:
‎Apr 04 2022 05:43 PM
Updated by: