Microsoft Intune Suite Gets New Security Tools to Protect Windows Endpoints
Microsoft Intune Suite's latest security updates introduce granular privilege controls and seamless hotpatching.
Published: Mar 24, 2025
Key Takeaways:
- Microsoft Intune introduces advanced Endpoint Privilege Management (EPM) capabilities.
- New capabilities like guided update supercedence for Enterprise Application Management and expanded Remote Help for Azure Virtual Desktop simplify IT workflows and enhance user support.
- Hotpatching for Windows 11 Enterprise enables security updates without reboots.
Microsoft has announced this morning a slew of new features for its Intune Suite to enhance the security of Windows endpoints. Updates include enhanced capabilities for Endpoint Privilege Management (EPM), Enterprise Application Management, and Remote Help.
Microsoft Intune EPM supports a Zero Trust security model by allowing a broad user base to operate with the least privileges, while still allowing necessary tasks to be performed. This release offers granular control over elevation rules, allowing IT admins to specify allowable command parameters and deny elevation for unauthorized arguments.
Additionally, EPM will introduce the ability to specify deny rules to block specific files from elevation. Microsoft will also update the EPM page in the Intune admin center to include new reports and dashboards, which provide IT admins with better insights into elevation trends and unmanaged elevations. Microsoft Intune EPM now offers expended support for Windows on Arm-based PCs, including Windows 11 Copilot+ PCs.
Microsoft Intune has enhanced Enterprise Application Management with a feature called guided update supercedence. This capability helps IT admins keep applications updated and compliant by automating the update process, reducing manual work, and ensuring timely security updates. Microsoft plans to add Arm64 support in the Enterprise App Catalog for broader app deployment.
Microsoft Intune Remote Help now supports multisession Azure Virtual Desktop environments. This feature enables IT teams to help multiple users on a single virtual machine (VM) at the same time. It streamlines the process of troubleshooting, updates, as well as user support in shared VM environments.
Manage Windows updates in Microsoft Intune with hotpatch
Microsoft has announced that hotpatching support is currently available in public preview for Windows 11 Enterprise client devices. This capability allows administrators to apply security updates without requiring a reboot. The hotpatch feature is expected to become generally available for commercial customers this spring.
Furthermore, Microsoft is bringing the enrollment time grouping feature to Android and iOS/iPadOS devices by late June. It allows administrators to apply security policies and access controls during device setup. Additionally, Microsoft Intune provides integration with Defender for Endpoint to let IT admins manage Defender security settings on devices not enrolled with Intune.
In April, Microsoft will expand security settings configuration support for devices managed by Defender for Endpoint, including new policies for Linux devices. Administrators will be able to manage security policies through the Defender for Endpoint portal.
Lastly, Microsoft announced that Windows 365 Link will become generally available for purchase in select markets next month. It’s a purpose-built hardware device that connects directly to a Windows 365 Cloud PC.