Microsoft to Enhance Intune with Security Features and Device Cleanup Tools
Microsoft Intune is getting advanced app management, enhanced security features, and streamlined device cleanup tools.
Published: Jan 22, 2025
Key Takeaways:
- Microsoft Intune will support Enterprise App Catalog apps with Windows Autopilot.
- The multiple administrative approval (MAA) feature will ensure that sensitive remote actions require secondary administrator approval.
- IT admins can configure platform-specific device cleanup rules.
Microsoft is working on several new features for its Intune service. The company will introduce a new integration of Enterprise App Catalog apps with Windows Autopilot for enhanced deployment and management.
Microsoft Intune Enterprise App Management is a feature that helps administrators discover, deploy, and manage applications from the Enterprise App Catalog. It provides a comprehensive view of all apps that need updates.
“Using Windows Autopilot, you’ll be able to select blocking apps from the Enterprise App Catalog in the Enrollment Status Page (ESP) and the Device Preparation Page (DPP) profiles. This allows you to update apps more easily without needing to update those profiles with the latest versions,” Microsoft explained.
Additionally, Microsoft mentioned that the remote actions (such as Retire, Wipe, and Delete) will add support for multiple administrative approval (MAA). The MAA feature requires a second administrator to approve certain actions before they are executed. The upcoming update will help to ensure that any remote actions will require approval from a second administrator before they can be executed. This security feature is designed to prevent unauthorized access and mitigate compromised accounts.
Microsoft also plans to add a new feature that will let customers configure a specific rule for cleaning up devices for each platform. It will also be possible to customize Role Based Access Control Permissions (RBAC) for different actions. This capability helps to assign specific permissions to different roles.
Microsoft Intune to support platform level targeting of Device Cleanup rule
According to Microsoft, platform level targeting of the Device Cleanup rule will help IT admins remove devices that have been inactive for a certain number of days. For instance, IT admins might configure a rule to remove Windows devices that haven’t been active for 30 days, while setting a different rule for Android devices.
Lastly, Microsoft is working on an update that will add an Intune security baseline for Windows 11 version 24H2. The new version of the baseline will use the unified settings platform seen in the Settings Catalog, which offers an enhanced UI, reporting experience, and support for assignment filters for profiles.