Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Cloud Computing

Microsoft Ignite – New Windows 10 Features Coming to Intune

Intune plays an important part in Microsoft’s modern desktop strategy, allowing organizations to deploy and manage Windows 10 without an on-premises Active Directory domain. Microsoft announced several new features that will make it easier to manage Windows 10 using Intune.

Deploy Win32 Apps with Intune

Currently in preview, Microsoft announced the ability to deploy ‘most’ legacy Win32 apps using the Intune Management Extension, including MSI, setup.exe, and MSP files. System administrators will also be able to use Intune to remove these apps. Intune already had the ability to install line-of-business (LOB) and Microsoft Store apps but this new capability will enable businesses to manage more legacy business apps using Intune. LOB applications are those that rely on a single MSI file with no external dependencies.

Microsoft says that this new feature was built by the same team that created the Windows app deployment capabilities in System Center Configuration Manager (SCCM) and that Intune will be able to evaluate requirement rules before an app starts to download and install, notifying users via the Action Center of install status and if a reboot is required. Legacy Win32 apps are packaged using the Intune Win32 application packaging tool, which converts installers into .intunewin files.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Security Baselines

Microsoft publishes security baselines for supported client and server versions of Windows as part of the Security Compliance Toolkit (SCT), which replaced the Security Compliance Manager. But the baselines are provided as Group Policy Object backups, which can’t be used with Intune because it relies on Mobile Device Management (MDM) rather than Group Policy.

For more information on SCT, see Microsoft Launches the Security Compliance Toolkit 1.0 on Petri.

To help organizations meet security requirements when using Intune to manage Windows 10, Microsoft will be making security baselines available in the Intune portal over the next couple of weeks. The baselines will be updated and maintained in the cloud and have been developed in coordination with the same team that develops the Group Policy security baselines.

Organizations will be able to deploy the baselines as provided or modify them to suit their own needs. But the best news is that Intune will validate whether devices are compliant and report if any devices aren’t meeting the required standards.

Third-Party Certification Authority Support

Finally, Microsoft announced that third-party certification authority (CA) support is coming to Intune. Third-party CAs, including Entrust Datacard and GlobalSign, have already signed up to deliver certificates to mobile devices running Windows, iOS, Android, and macOS using the Simple Certificate Enrollment Protocol (SCEP).

Microsoft is planning to add many new features to Intune, including a public preview for Android Enterprise fully managed devices, machine risk-based conditional access with threat protection for Microsoft 365 users, and deeper integration with Outlook mobile controls. For a complete list of the new features and improvements coming to Intune, Configuration Manager, and Microsoft 365, check out Microsoft’s blog post here.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: