Microsoft Intune gets support for new Windows 10 features, and more

Reading time icon 3 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

windows-10-fall-update

On Wednesday, Microsoft announced some exciting new features for Intune. The company is rolling out a new update for Intune until January 14 which will add new features like support for new Windows 10 features, integration with Apple Volume Purchase Program for Business, support for Microsoft’s MyApps, better support for corporate-owned device scenarios, and more. Here is what’s new:

  • Support for new Windows 10 features:
    • You can now set an additional rule in the Compliance Policy for conditional access to require Windows 10 devices to be reported as healthy via the Health Attestation Service in order to access corporate data. Windows 10 devices will then be evaluated to ensure that the following items are enabled: BitLocker, code integrity, secure boot, early-launch antimalware (desktop only). In addition, you can view reports on Windows 10 health attestation data collected by Intune.
    • You can now set Microsoft Passport for Work policies (such as PIN or Windows Hello requirements) for Windows 10 devices enrolled in Intune as well as deploy certificates to Passport for Work container by specifying them as the Key Storage Provider in SCEP or PFX certificate profiles. Note: Microsoft Passport for Work policy is enabled by default, so all eligible Windows 10 and Windows 10 Mobile devices will have this policy enforced. Customers can choose to disable it, if needed.
    • You can now define a list of apps in a VPN profile for Windows 10, so that when an app from this list is launched, per-app VPN is triggered. In addition, you can lock the VPN connection to be only available for the apps defined on the list.
    • Additional policy settings for Microsoft Surface Hub devices can now be configured through the “General Configuration (Windows 10 Team and later)” template.
    • You can now perform a full remote wipe of Windows 10 desktop devices that are enrolled in Intune. Selective wipe of corporate data is already available in Intune.
  • Integration with Apple Volume Purchase Program (VPP) for Business: You can now sync, deploy, and track the installation of apps that were purchased through Apple VPP for Business in the Intune admin console.
  • Better support for corporate-owned device scenarios: You can now identify corporate-owned devices by pre-declaring their international mobile equipment identity (IMEI) numbers in Intune admin console. When a device from the list is enrolled in Intune, it is automatically set as Corporate. If necessary, a more restrictive device policy can be deployed to corporate-owned devices.
  • Microsoft MyApps support: Users can now access MyApps portal, a central hub for SaaS applications, directly from the Intune Managed Browser and take advantage of single sign-on to thousands of SaaS apps, self-service password reset, and more.
  • New setting for Android devices: You now have an option to configure Smart Lock setting for Android 5.X devices in order to prevent users from bypassing the lock screen on devices enrolled in Intune.
  • Intune Company Portal improvements on iOS devices:
    • A checkmark now indicates the user’s current device.
    • Users can now choose which mail app (including Microsoft Outlook) they would like to use to send diagnostic reports to help desk or IT. Previously, only the native mail app could be used.
    • Support has been improved for devices that were enrolled through Apple Device Enrollment Program (DEP).

The latest update should make Intune work better with Windows 10. AS we noted previously, the update is currently rolling out to users, and all users should have it by January 14th. If you want to know more about the update, head over to Microsoft’s official blog.

User forum

0 messages