30 Jul What’s New in the Microsoft Intune Service Update for July 2021
Week of July 26, 2021 (Service release 2107)
New app categories available to better target app protection policies
We have improved the UX of Microsoft Endpoint Manager by creating categories of apps that you can use to more easily and quickly target app protection policies. These categories are All public apps, Microsoft apps, and Core Microsoft apps. After you have created the targeted app protection policy, you can select View a list of the apps that will be targeted to view a list of the apps that will be affected by this policy. As new apps are supported, we will dynamically update these categories to include those apps as appropriate, and your policies will be automatically applied to all apps in your selected category. If needed, you can continue to target policies for individual apps as well. For more information, see How to create and assign app protection policies and Create and deploy Windows Information Protection (WIP) policy with Intune.
Improved policy support for iPadOS devices enrolled as Shared iPads for Business (public preview)
We’ve added support for user-assigned device configuration policies for Shared iPads for Business.
With this change, settings like the home screen layout and most device restrictions assigned to user groups apply to Shared iPad devices while a user from the assigned user groups is active on the device
Certificate Connector for Microsoft Intune combines separate certificate connectors
We’ve released the Certificate Connector for Microsoft Intune. This new connector replaces the use of separate certificate connectors for SCEP and PKCS, and includes the following features:
- Configure each instance of the connector to support one or more of the following capabilities:
- PFX imported certificates
- Certificate revocation
- Use a normal Active Directory account or the system account for the connector service.
- Based on your tenant location, select government vs. commercial environments.
- Removes the need to select a client certificate for SCEP integration with NDES.
- Auto-updates to the latest version of the connector. Manual update of this connector is also supported.
- Improved logging.
The previous connectors remain in support but are no longer available for download. If you need to install or reinstall a connector, install the new Certificate Connector for Microsoft Intune.
Use filters to assign Windows 10 update rings in Endpoint Manager admin center – public preview
In the Endpoint Manager admin center, you can create filters, and then use these filters when assigning apps and policies.
When assigning Windows 10 update ring policies, you can use filters (Devices > Windows > Windows 10 Update Rings). You can filter the devices that get the update rings policy based on a device property, such as the OS version, device manufacturer, and more. After you create the filter, use the filter when you assign the update rings policy.
- For more information on filters, see Use filters (preview) when assigning your apps, policies, and profiles in Microsoft Endpoint Manager.
- For more information on Windows 10 update rings policies, see Windows 10 update rings policy in Intune.
- Windows 10 and newer
Collect diagnostics remote action moved to general availability
The Collect diagnostics remote action lets you collect diagnostics from corporate devices without interrupting or waiting for the end user. Collected diagnostics include MDM, Autopilot, event viewers, registry key, Configuration Manager client, networking, and other critical troubleshooting diagnostics. For more information see Collect diagnostics from a Windows device.
Autopilot support for Microsoft HoloLens is now generally available
For more information, see Windows Autopilot for HoloLens 2.
Work from anywhere report
Endpoint analytics has a new report named Work from anywhere. The Work from anywhere report is an evolution of the Recommended software report. The new report contains metrics for Windows 10, cloud management, cloud identity, and cloud provisioning. For more information, see the Work from anywhere report article.
The Work from anywhere report will go live after the July service update. We expect it within the week after the 2107 release completes.
Improvements to SSO app extension screen for Company Portal for macOS
We’ve improved the Intune Company Portal authentication screen that prompts macOS users to log in to their account using single sign-on (SSO). Users can now:
- See the app that’s requesting SSO.
- Select Don’t ask me again to opt out of future SSO requests.
- Opt back in to SSO requests by going to Company Portal > Preferences and deselecting Don’t ask me to sign in with single sign-on for this account.
Newly available protected apps for Intune
The following protected apps are now available for Microsoft Intune:
- Webex for Intune by Cisco Systems, Inc.
- LumApps for Intune by LumApps
- ArchXtract (MDM) by CEGB CO., Ltd.
For more information about protected apps, see Microsoft Intune protected apps.
Week of July 5, 2021
Settings catalog support for Microsoft Defender for Endpoint on macOS
We’ve added the settings to manage Microsoft Defender for Endpoint on macOS to the Intune settings catalog to configure Microsoft Defender for Endpoint on macOS.
The new settings can be found as follows under the following four categories in the settings catalog. For information about these settings, see Set preferences for Microsoft Defender for Endpoint on macOS in the Microsoft Defender for Endpoint on Mac documentation.
Microsoft Defender – Antivirus engine:
- Allowed threats
- Enable passive mode
- Enable real-time protection
- Scan exclusions
- Threat type settings
Microsoft Defender – Cloud delivered protection preferences:
- Diagnostic collection level
- Enable – disable automatic sample submissions
- Enable – disable cloud delivered protection
Microsoft Defender – EDR preferences:
- Device tags
- Enable – disable early preview
Microsoft Defender – User interface preferences:
- Show – hide status menu icon
How does this affect me?
You will see the service release number updated in the Tenant Status blade of the Intune console soon. We’ve introduced some changes that we’re excited for you to try out.
What do I need to do to prepare for this change?
Click additional information below to learn more about what’s new in this service release. We’ll continue to update the What’s New page with any features that are released between now and the next monthly service update. Learn more by reviewing features highlighted in the latest Intune What’s New 2107(July) Blog and how the Intune service updates each month is described in the Microsoft Intune Service Updates Blog.