Microsoft Intune Update Brings Smarter Controls and Multi-Admin Workflows

Microsoft has rolled out a range of new Intune capabilities for August 2025, including smarter app control, multi-admin approvals for sensitive actions, enhanced Apple update visibility, and more. These updates are designed to streamline IT management while strengthening security across organizations.

App Control targeting

Microsoft has made App Control for Business generally available to commercial customers. The feature lets administrators target pilot groups to safely test policies before organization-wide deployment. It enables IT teams to implement Zero Trust application control with more precision.

This new feature also brings a new UX wizard to simplify policy setup for administrators. Apps from trusted sources are auto-approved under the Intune controls for Windows Defender Application Control (WDAC).

Windows Autopilot automated patching

Windows Autopilot now allows administrators to apply critical Windows patches during the out-of-box experience (OOBE) on Microsoft Entra-joined devices. Administrators can enable/disable this setting based on their organizational needs. This update process typically takes around 30 minutes, although it may vary depending on the network and device hardware. Microsoft notes that existing quality update settings (including deferral options and pause policies) are synced directly with the Windows 11 device.

Apple device update reporting and other updates

Microsoft Intune now offers real-time reporting for Apple software updates through Declarative Device Management (DDM). This new feature allows IT administrators to monitor each stage of the update process, including download and installation. It also helps organizations prepare for the upcoming deprecation of MDM software updates in Apple OS 26.

Last but not least, Microsoft Intune now includes approval workflows for critical administrative actions such as role changes, scope tag updates, and device operations like wipe, retire, or delete. These workflows are designed to prevent accidental or unauthorized modifications by requiring multi-admin approval.