Blog Post

Microsoft Intune Blog
4 MIN READ

What’s new in Microsoft Endpoint Manager - 2202 (February) edition

Ramya_Chitrakar's avatar
Feb 24, 2022

This month, I want to share three highlights from the February 2022 release. Each of these capabilities extend the platforms supported or simplify the management experience for you and your users. First, we’ve added support for macOS policies in our settings catalog, which now provides richer capability to configure and deploy macOS policies. Second, we’ve improved the Windows Autopilot enrollment status page, making administration simpler. Finally, we’ve streamlined the terms of use experience for Apple’s Automated Device Enrollment (ADE) for iOS and iPadOS.

I hope you enjoy these behind-the-scenes stories as the deployment wraps up for the month, and I look forward to your feedback. Comment on this post or connect with me on LinkedIn.

Configure macOS devices with new settings catalog additions

As part of our continued investment in macOS platform management, I’m pleased to announce that we have added support for macOS policies in our settings catalog and added support for new payload settings. These improvements will be helpful for IT administrators to easily find, configure, deploy, and monitor macOS settings.

Previously, customers would have to create a custom configuration profile, using information from Apple’s developer documentation.  Due to the manual entry required, this process was prone to errors. IT admins were dependent on scripting for certain scenarios, increasing the challenge of managing macOS devices.

We realized we could mirror the extensible technology of the Windows settings catalog to make macOS administration easier. The settings approach would follow a similar pattern, whether they were Windows or macOS devices. We developed a data-driven model that allows you to more quickly add and update macOS payloads as they are made available by Apple, while providing a simpler management experience for admins.

A Settings catalog example with printing options selected

We plan to add additional macOS payloads in the future. For this first release, the macOS settings catalog will include four previously unsupported payloads that were commonly requested and often prone to error when configuring using custom configuration profile:

  • Domains (more information is here)
  • Global HTTP Proxy (more information is here)
  • Printing (more information is here)
  • Profile Removal Password (more information is here)

This video provides a walk through on how to set up and configure this new functionality:

Further reading:

Better searching for apps in Windows Autopilot

This month, we are also addressing a common request – the need to search and find the apps that are blocking the enrollment status experience in Windows Autopilot. With this release, administrators can use a search bar to easily find the apps they want, rather than having to scroll through potentially hundreds of apps. IT admins can also tell whether an app is in online or offline mode, and what version of the app is deployed, making selecting the right app far easier. In short, IT admins can now:

  • Search for an application with the new search box functionality
  • See in the title whether and app is online or offline
  • See the version of an application via a new column

This new capability was based on feedback from several customers using Windows Autopilot daily with thousands of applications. This is a highly welcomed and a significant improvement in the IT experience for those that spend time daily configuring, testing, and deploying using Windows Autopilot.

For more information on Enrollment Status Pages, see Set up the Enrollment Status Page.

The new search bar helps you more easily select apps in Windows Autopilot

Simplifying enrollment and sign-in experiences

Finally, we are pleased to announce the release of a new capability that enables IT admins to require users to accept Azure Active Directory (Azure AD) terms of use during enrollment and/or during the Company Portal app sign-in. This will be especially important to IT admins at organizations where security and transparency of terms of use are important, such as government customers.

Admins can use this feature to add Azure AD terms of use when creating a Conditional Access policy for ADE devices enrolling with Setup Assistant with modern authentication. In the Conditional Access policy, you can include the Microsoft Intune cloud app or the Microsoft Intune Enrollment cloud app as the method for accepting the terms of use.

Previously, only the Microsoft Intune cloud app worked for Azure AD terms of use acceptance, and admins had to require it twice: once during enrollment and again during initial sign into the Company Portal (via the Microsoft Intune app). Customer feedback showed that many admins wanted terms of use acceptance during enrollment only. This update improves the user flow.

The Azure AD terms of use acceptance experience is built into the modern authentication enrollment flow in Setup Assistant.

Setup Assistant with modern authentication is the Apple-supported and Endpoint Manager-recommended enrollment method for devices with user affinity. This feature is a great example of prioritizing improvements to the user experience.

We continue to improve the experience for users with enhancements to the Setup Assistant experience. Please continue to follow the monthly updates on this blog for more announcements. Further details on how to configure the Conditional Access policy can be found in the Azure AD Terms of Use.

Let us know what you think

We’ve now been announcing key feature releases through these blog posts for the past year. Please share your comments, questions, and feedback so we can continue to improve the endpoint user experience and simplify IT administration. Simply comment on this post or connect with me on LinkedIn.

 

Published Feb 24, 2022
Version 1.0
  • giladkeidar's avatar
    giladkeidar
    Brass Contributor

    Ramya_Chitrakar regarding ESP - it is a nice addition - from one hand it shows you think of big customers with many apps, but on the other hand, this addition is so minimal due to the following:

    For example, how can I tell which apps have already been selected?

    Let's say I have a list of 500 apps, I select 50, now I want to edit that list, it means that I need to scroll up and down to look for the apps I selected (by comparing the list on the right to the one to the left - screenshot attached) - why can't I filter the apps by "selected apps" and then sort it by any of the existing fields like the application or publisher name (that way the system will show me all selected apps first).

    It is really disappointing that you add a feature w/o thinning 1 step further - sorting and filtering "table view" is a very basic UIX requirement for any product (it is amazing how the UIX for sorting and filtering are so inconsistent on MEM - I have more examples for that if interested).

     

    Having said that, I'm still using and loving MEM as an MDM/MAM solution for many of our enterprise-scale customers :).

     

     

  • Andrew_Woo's avatar
    Andrew_Woo
    Iron Contributor

    The MAC OS X Antivirus configuration is everywhere and it is very easy to get conflict.

     

    Solving conflict is another headache.

  • SarahGarfinkle's avatar
    SarahGarfinkle
    Copper Contributor

    Hello, 

    One big frustration I have with Endpoint manager is how relatively difficult it is to generate reports based on actual device hardware. For instance, I can easily filter by which computers have which apps installed on the portal, but to get reports on how much RAM is installed on a computer requires a PowerShell script that also links GraphAPI, not something all sysadmins have access to, and which is only documented on non Microsoft blogs. Being able to generate a report in the actual Endpoint Manager GUI based on things like CPU models, amount of RAM, etc would be enormously useful when trying to determine what devices need to be refreshed, upgraded, etc. 

     

    Is this something that your team is considering adding to future releases? 

     

    Thank you, 

  • Managing macOS software updates is a critical scenario that we plan to support in the future to the extent that macOS MDM allows. There could be platform-specific differences but we will strive to attain as much consistency across platforms as possible based on feedback.

  • Thank you for your feedback giladkeidar. I’ve shared this with my team and we’re looking at this use scenario (shorter term) and consistent patterns across the UI for ease of admin use (longer term). Glad you’re enjoying using Microsoft Endpoint Manager!

  • smaug_ca1520's avatar
    smaug_ca1520
    Copper Contributor

    Thanks for the MacOS management enhancements they are much appreciated!

    Is there a roadmap somewhere that I can find out planned enhancements for MacOS support? In particular I am hoping to be able to control MacOS patching like we can with Windows.

    Thanks!

     

  • smaug_ca1520's avatar
    smaug_ca1520
    Copper Contributor

    giladkeidar that is close but not quite what control you have for Windows patching. With Windows you can set update rings that control what gets patched and when it gets patched and if and when to force reboots. The controls so far in MacOS only control if you can DELAY making a patch visible. That is not patch enforcement, it is really the opposite.  My goal is to get it to the same state as Windows to make sure endpoints patch at least security patches and force reboots if necessary ASAP.