Microsoft Intune Gets Big Update to Enhance Device Management and Security

Key Takeaways:

• Microsoft introduces a re-engineered Windows Autopilot experience with faster, more configurable self-deployment capabilities.
• Microsoft now allows users to retrieve their BitLocker recovery keys directly from the Company Portal website.
• Microsoft introduces enrollment time grouping to accelerate the assignment of app policies and scripts for new Windows devices.

Microsoft is set to enhance its Intune solution with a suite of new capabilities designed to optimize both administrative and user experiences across various platforms. Key features include the next-generation Windows Autopilot experience, advanced management tools for shared devices, improved security baselines, and streamlined device enrollment processes.

Windows Autopilot device preparation

Microsoft has launched the next-generation Windows Autopilot experience, known as device preparation. This new Windows Autopilot option features a completely re-engineered architecture, providing faster and more customizable self-deployment capabilities.

“We based this new capability on re-engineered architecture that will allow us to accommodate more devices, deliver more efficient results, and allow provisioning of cloud instances like Windows 365 and Azure Virtual Desktops,” Microsoft explained.

The new device preparation experience will be available alongside the existing Windows Autopilot technology. Microsoft plans to eventually unify these experiences under the new architecture, though there is no ETA yet.

Enhanced frontline worker (FLW) device management

Microsoft has announced new features to help administrators manage shared devices for frontline workers. The release includes enhancements for the Managed Home Screen application, which allows IT admins to customize and standardize user experiences on Android devices. These improvements include a new top bar, permissions flow, autorotation control, session inactivity Pin timer, as well as a brightness slider and adaptive brightness control.

Platform single sign-on (SSO) for macOS

Furthermore, Microsoft has introduced Platform Single Sign-On (SSO) in public preview to simplify macOS device enrollment. This enhanced SSO feature enables users to conveniently sign in to Microsoft Teams, Outlook, and other Microsoft 365 applications.

New security baseline

Microsoft has released a new update for the Defender for Endpoint security baseline. A security baseline is a set of recommended configuration settings designed to help organizations secure their devices. This new security baseline offers various benefits such as an improved reporting experience, assignment filter support, and quicker turnaround for updates.

BitLocker recovery key

Previously, users had to reach out to Help Desk agents to regain access to their locked BitLocker-encrypted device. Microsoft has now introduced a new feature that lets users retrieve their BitLocker recovery key directly from the Company Portal website. However, IT admins can choose to disable this feature for users lacking administrative privileges.

Corporate identifiers

Microsoft has started the rollout of upgrades to the Windows corporate identifiers feature for Intune customers. This capability ensures that only devices explicitly authorized can be designated as corporate-owned. Administrators can now easily create and upload a list of Windows devices via a .csv file, including details like manufacturer, model, and serial number.

Enrollment time grouping

Last but not least, Microsoft has replaced dynamic grouping with enrollment time grouping to speed up the assignment process of app policies and scripts for new Windows devices. This feature will be available as a part of Windows Autopilot device preparation later this month. Microsoft also plans to add support for additional enrollment methods and platforms in the coming months.