This month, I want to share three highlights from the February 2022 release. Each of these capabilities extend the platforms supported or simplify the management experience for you and your users. First, we’ve added support for macOS policies in our settings catalog, which now provides richer capability to configure and deploy macOS policies. Second, we’ve improved the Windows Autopilot enrollment status page, making administration simpler. Finally, we’ve streamlined the terms of use experience for Apple’s Automated Device Enrollment (ADE) for iOS and iPadOS.
I hope you enjoy these behind-the-scenes stories as the deployment wraps up for the month, and I look forward to your feedback. Comment on this post or connect with me on LinkedIn.
Configure macOS devices with new settings catalog additions
As part of our continued investment in macOS platform management, I’m pleased to announce that we have added support for macOS policies in our settings catalog and added support for new payload settings. These improvements will be helpful for IT administrators to easily find, configure, deploy, and monitor macOS settings.
Previously, customers would have to create a custom configuration profile, using information from Apple’s developer documentation. Due to the manual entry required, this process was prone to errors. IT admins were dependent on scripting for certain scenarios, increasing the challenge of managing macOS devices.
We realized we could mirror the extensible technology of the Windows settings catalog to make macOS administration easier. The settings approach would follow a similar pattern, whether they were Windows or macOS devices. We developed a data-driven model that allows you to more quickly add and update macOS payloads as they are made available by Apple, while providing a simpler management experience for admins.
A Settings catalog example with printing options selected
We plan to add additional macOS payloads in the future. For this first release, the macOS settings catalog will include four previously unsupported payloads that were commonly requested and often prone to error when configuring using custom configuration profile:
- Domains (more information is here)
- Global HTTP Proxy (more information is here)
- Printing (more information is here)
- Profile Removal Password (more information is here)
This video provides a walk through on how to set up and configure this new functionality:
Further reading:
- Create a policy using settings catalog in Microsoft Intune | Microsoft Docs
- Preview Microsoft Endpoint Manager’s settings catalog to more easily customize and manage policy - Microsoft Tech Community
Better searching for apps in Windows Autopilot
This month, we are also addressing a common request – the need to search and find the apps that are blocking the enrollment status experience in Windows Autopilot. With this release, administrators can use a search bar to easily find the apps they want, rather than having to scroll through potentially hundreds of apps. IT admins can also tell whether an app is in online or offline mode, and what version of the app is deployed, making selecting the right app far easier. In short, IT admins can now:
- Search for an application with the new search box functionality
- See in the title whether and app is online or offline
- See the version of an application via a new column
This new capability was based on feedback from several customers using Windows Autopilot daily with thousands of applications. This is a highly welcomed and a significant improvement in the IT experience for those that spend time daily configuring, testing, and deploying using Windows Autopilot.
For more information on Enrollment Status Pages, see Set up the Enrollment Status Page.
The new search bar helps you more easily select apps in Windows Autopilot
Simplifying enrollment and sign-in experiences
Finally, we are pleased to announce the release of a new capability that enables IT admins to require users to accept Azure Active Directory (Azure AD) terms of use during enrollment and/or during the Company Portal app sign-in. This will be especially important to IT admins at organizations where security and transparency of terms of use are important, such as government customers.
Admins can use this feature to add Azure AD terms of use when creating a Conditional Access policy for ADE devices enrolling with Setup Assistant with modern authentication. In the Conditional Access policy, you can include the Microsoft Intune cloud app or the Microsoft Intune Enrollment cloud app as the method for accepting the terms of use.
Previously, only the Microsoft Intune cloud app worked for Azure AD terms of use acceptance, and admins had to require it twice: once during enrollment and again during initial sign into the Company Portal (via the Microsoft Intune app). Customer feedback showed that many admins wanted terms of use acceptance during enrollment only. This update improves the user flow.
The Azure AD terms of use acceptance experience is built into the modern authentication enrollment flow in Setup Assistant.
Setup Assistant with modern authentication is the Apple-supported and Endpoint Manager-recommended enrollment method for devices with user affinity. This feature is a great example of prioritizing improvements to the user experience.
We continue to improve the experience for users with enhancements to the Setup Assistant experience. Please continue to follow the monthly updates on this blog for more announcements. Further details on how to configure the Conditional Access policy can be found in the Azure AD Terms of Use.
Let us know what you think
We’ve now been announcing key feature releases through these blog posts for the past year. Please share your comments, questions, and feedback so we can continue to improve the endpoint user experience and simplify IT administration. Simply comment on this post or connect with me on LinkedIn.
Microsoft
