Here are my three favorite additions to the Microsoft Endpoint Manager May 2022 release. First off, we're introducing a co-management experience for Windows Autopilot so that organizations can now use this collection of technologies more efficiently to set up and pre-configure new devices including those co-managed by Configuration Manager, getting them ready for productive use. Next, we're adding an updated user experience to remote help. Finally, you knew I couldn't not mention macOS - we're bringing even more macOS management features you can use!
Please note the 2205 user interface (UI) started releasing on Tuesday, May 31. Our What's new documentation will be updated when the UI is available for most customers. I hope you enjoy these behind-the-scenes stories as deployment wraps up for the month, and I look forward to your feedback. Please comment on this post or connect with me on LinkedIn.
Windows Autopilot for co-managed devices
Windows Autopilot ensures users can quickly be productive on their devices and reduces the time IT admins spend on deploying, managing and retiring devices. Customers previously used the Windows Autopilot platform for co-managed devices, but the enrollment experience wasn't optimized for concurrent management. There was an extra step of manually deploying the Configuration Manager agent which could lead to component timing issues and policy delays.
In the 2205 release, we now support a streamlined experience for using Autopilot on co-managed devices. IT admins now have an orchestrated Windows Autopilot device enrollment path specific to co-managed devices. Organizations that have developed extensive application installation logic and sequencing can use existing task sequences while still benefiting from the advantages of using a cloud-based device setup for Windows 10 and Windows 11 devices. For more on Windows Autopilot for co-managed devices, see the documentation: How to enroll with Windows Autopilot.
This month we've made several additions to the user experience while still maintaining the security IT admins want when allowing helpdesk/support to access a user's Windows device.
We heard your feedback that logging off the user during every session was impactful to end users. To remediate that experience, while maintaining a secure session, we've updated the experience this month. If a helper has the elevation role-based access control (RBAC) permission and selects the just in time (JIT) button on the toolbar, they will receive a message informing them that they should close any processes they opened with elevated permissions.
However, if the sharer tries to end the session, then they are informed that they will be logged off if they continue. This model provides a better user experience while also ensuring security. Thank you for the feedback!
Here's a screen shot of one of the new UI prompts:
Screenshot of a prompt in the remote help interface showing that the user has requested access to the UAC prompt for the device that they are helping. The options are to select Ok or select Cancel.
You have asked for additional macOS management capabilities and we’ve been delivering them, as demonstrated by our additions to the 2201, 2202, 2203, and 2204 releases. We’ve seen triple digit growth in macOS management as customers adopt the macOS capabilities we’ve been integrating into Endpoint Manager.
In January, we announced the public preview of support for the installation of .DMG files, and this month, that capability is now generally available. You can now fully deploy macOS line-of-business (LOB) apps by uploading PKG-type installer files to Microsoft Intune.
In addition, this month, we’ve added over 40 more network, security, and useability settings to the settings catalog discussed in the April release. You’ll find a list of the settings when the What's new in Microsoft Intune updates are published for 2205. We will continue to monitor custom settings used by multiple organizations to add even more in upcoming releases.
Let us know what you think
Please share your comments, questions, and feedback so we can continue to improve the endpoint user experience and simplify IT administration. Simply comment on this post or connect with me on LinkedIn.