Microsoft Intune Adds New RAC Feature for Seamless Device Troubleshooting

Key Takeaways:

• Microsoft Intune is set to introduce the Remove apps and configuration (RAC) feature in July.
• Microsoft is also adding Windows enrollment attestation support to enhance the security of device enrollment in Intune.
• The new granular endpoint security access controls offer specific permission sets for application control, attack surface reduction, and endpoint detection and response.

Microsoft Intune is set to introduce a new Remove apps and configuration (RAC) feature next month. The new troubleshooting tool allows IT admins to quickly diagnose and resolve issues by temporarily removing apps and configurations from managed mobile devices.

“Before RAC, removing settings involved excluding devices from policy assignments or removing users from groups, and then waiting for devices to check in. After diagnosing the device, those assignments and group memberships would need to be restored one by one,” Microsoft explained.

The new Remove apps and configuration (RAC) feature offers real-time monitoring capabilities to track the removal or restoration of specific policies and apps during troubleshooting. It also allows for the selective restoration of individual apps and policies, rather than requiring all settings to be restored at once.

With the RAC feature, IT admins can temporarily remove apps and policies from a device for 8 to 24 hours, automatically restoring them afterward. This capability helps in pinpointing problematic apps or policies.

Furthermore, the RAC feature safeguards the device’s policy assignments and group memberships, ensuring they remain unaffected during troubleshooting. Microsoft plans to launch the new RAC feature for Intune customers in early July, with support extended to iOS/iPadOS and Android corporate-owned devices.

Windows enrollment attestation preview

Microsoft Intune is enhancing the security of the device enrollment process by introducing support for Windows enrollment attestation. This feature ensures that device enrollment credentials are securely stored in the device’s hardware, specifically in the Trusted Platform Module (TPM) 2.0 chip. Microsoft Intune verifies these credentials to guarantee the secure enrollment of Windows devices.

The new Windows enrollment attestation feature will enter public preview by the end of this month. This feature introduces new reporting features and a Device Attest action, allowing IT admins to verify the attestation status of devices and take required actions as necessary.

Microsoft Intune enhances endpoint security controls with granular access

Last but not least, Microsoft has introduced enhanced granular endpoint security access controls in Microsoft Intune. This update introduces specific permission sets that offer increased flexibility for creating custom roles in application control, attack surface reduction, and endpoint detection and response. Microsoft intends to expand support for these new permission sets across all endpoint security workloads in the coming months.