Microsoft Intune July 2025 Update Brings LAPS Support for macOS Device Enrollment

Microsoft has detailed all the new features and capabilities added to Microsoft Intune in July 2025. The company has announced that Local Admin Password Solution (LAPS) integration is now generally available for macOS automated device enrollment.

Local Administrator Password Solution (LAPS) is a security feature that helps organizations manage and protect local administrator account passwords on devices. It automatically generates a unique, complex password for each device’s local admin account and securely stores it in a central location like Microsoft Intune. Once a macOS ADE profile is configured, IT admins can now provision a local admin account with a randomized, encrypted password. This password is rotated every six months.

Administrators can also retrieve credentials securely from Microsoft Intune. Standard user accounts can be configured with dynamic variables (such as{{username}}, {{serialNumber}}, etc.) for better naming and security compliance.

Wildcard support simplifies Endpoint Privilege Management

To reduce the workload on admins, Microsoft has added wildcard support to Microsoft Intune Endpoint Privilege Management (EPM) for Windows endpoints. The Intune EPM service allows IT admins to manage and control elevated privileges for standard users.

This new feature eliminates the need to create separate rules for each version of the program. Administrators can use wildcards to create a single rule that matches multiple versions or variations of a file name.

Last but not least, Microsoft Intune now supports platform-specific device cleanup rules, which allow organizations to tailor inventory management for Windows, iOS/iPadOS, macOS, and Android devices. This release enhances visibility and control by enabling audit log tracking of devices affected by cleanup rules.