Export (0) Print
Expand All

What's new in Microsoft Intune

 

Updated: June 23, 2015

In an effort to learn from you, the Intune community, about how we can improve Intune, we've set up a new feedback site powered by UserVoice. The feedback link at the bottom of the Admin console will take you to UserVoice where you can provide feedback to Microsoft on existing Intune features and content, request new features or content, and vote on submissions (help us prioritize!).

Intune feedback.1

You can use a mobile app management (MAM) policy to manage the new Outlook app for iOS and Android. For a full list of apps you can apply a MAM policy to, see Managed apps for Microsoft Intune mobile application management policies.

This app is also supported by conditional access to Exchange email. To learn more, see Manage access to email and services with conditional access for Microsoft Intune.

Endpoint Protection malware workspace now displays recent detection paths
The All Malware page of the Protection workspace now includes a column that displays Recent Detection Paths. This column lists the last ten locations of the specified malware found on the computer. See Help secure your computers with Endpoint Protection and Windows Firewall policy for Microsoft Intune for more information.

Windows Defender management for Windows 10 Technical Preview
Intune adds management settings for Windows Defender. Windows Defender provides malware protection and replaces Endpoint Protection in Windows 10 Technical Preview. See Help secure your computers with Endpoint Protection and Windows Firewall policy for Microsoft Intune for more information.

Conditional access

  • A simplified email message is sent to the end-user when their mobile device is blocked.

  • The number of steps the end-user needs to go through to unblock their email has been reduced.

The following changes have been made to the company portal apps in this release:

Windows and Windows Phone

  • Administrators can use a PowerShell script to sign the Windows Phone 8.1 Company Portal appx package with their own Symantec code-signing certificate in order to help sideload the Company Portal App. The script is distributed as part of the WinPhoneSSPBootstrapper.exe that is available in the Download Center.

  • Bug fixes

iOS

  • The Microsoft Intune Company Portal app for iOS has been updated to support iOS version 7.1 and later. This update means that end users can enroll new devices in Intune only if the device is running iOS version 7.1 or later. Devices that are running iOS version 7.0 or earlier cannot be enrolled. Users who have already enrolled devices that are running on an unsupported version of iOS can continue to use the Company Portal app that is on their device.

  • Improved app catalog experience for discovering and installing company apps

  • Bug fixes

Name

Details

Managed apps for Microsoft Intune mobile application management policies

Updated with the latest managed apps you can use with mobile application management policies.

Manage access to email and services with conditional access for Microsoft Intune

Updated with the latest apps that support conditional access to Exchange email and SharePoint Online.

Control apps using mobile application management policies with Microsoft Intune

Updated with details about apps that support ‘multi identity’ which allows you to manage only corporate data for the app and not the user’s personal data.

Keep informed about upcoming developments for Intune with the Cloud Platform roadmap.

The new Microsoft Intune App Wrapping Tool for Android lets you modify the behavior of in-house Android apps so that you can control them with mobile application management policies. For details, see Prepare Android apps for mobile application management with the Microsoft Intune App Wrapping Tool.

Deploy Google Play Store apps as Required. You can now deploy Android apps from the Google Play store as Required installations. When the app is deployed, the end user will see a notification that the app is required. When the user taps the notification, they will be brought to the Google Play Store to install the app. From the Microsoft Intune console, you can monitor whether the user has installed the app.

Publish and deploy iOS apps without the manifest file. When you publish or deploy an iOS app, you now only need to specify an app installation file. The associated manifest file (.plist) is no longer required.

  • Settings from the mobile device security policy have now been separated into configuration policies for each device platform. Although you can still use the mobile device security policy, and existing policies you deployed will still work, the new configuration policies contain the most up to date settings, and you should plan to migrate to using these. The new policies are:

    • Android configuration policy

    • iOS configuration policy

    • Windows configuration policy

    • Windows Phone configuration policy

    • Exchange ActiveSync policy

  • The Windows Phone OMA-URI policy is now called the Windows Phone custom policy.

  • A new policy, the Windows 10 custom policy, lets you create and deploy OMA-URI settings to control settings on enrolled Windows 10 devices.

    For details, see Use Windows 10 custom policies to manage device settings with Microsoft Intune. For a list of settings you can use, see Custom URI settings for Windows 10 devices.

When you apply the Helpdesk – Groups Node designation to an Intune service administrator, that administrator can only see a limited view of the Intune console and perform limited tasks like running malware scans, or resetting passwords. For details, see Manage access levels in the Microsoft Intune admin console.

Subscribe to RSS feeds on the Intune Service Status page to be notified about problems with the service and upcoming maintenance.

Changes to improve the flow that end-users must navigate to make their device compliant and access email.

The following changes have been made to the company portal apps in this release:

Windows and Windows Phone

When end users are installing an app from the Windows Phone Company Portal, they can see the status of their installation in the App Details view. The three possible statuses that display are:

  • Installing

  • Installed

  • Failed to install

iOS

  • Bug fixes to improve security

Android

  • Bug fixes

Name

Details

Use iOS configuration policies to manage device settings in Microsoft Intune

Use Android configuration policies to manage device settings in Microsoft Intune

Use Windows configuration Policies to manage device settings in Microsoft Intune

Use Windows Phone configuration policies to manage device settings in Microsoft Intune

Use Exchange ActiveSync policies to manage device settings in Microsoft Intune

Contain details about the new platform-specific configuration policies that let you control security, kiosk mode, and app compliance settings.

Use Windows 10 custom policies to manage device settings with Microsoft Intune

This new policy lets you control certain device settings by using OMA-URI settings.

Custom URI settings for Windows 10 devices

Contains a list of the OMA-URI settings that you can deploy using a Windows 10 custom policy.

Prepare Android apps for mobile application management with the Microsoft Intune App Wrapping Tool

This tool lets you modify the behavior of in-house Android apps so that you can control them with mobile application management policies.

Manage access levels in the Microsoft Intune admin console

Explains the preset designations you can apply to service administrators such as staff who work on the helpdesk. These can help you delegate administrative tasks while still ensuring the security of your Intune infrastructure.

Name

Details

Configure security policy for mobile devices in Microsoft Intune

Added information to help you choose the right security policy to use.

Use policies to manage computers and mobile devices with Microsoft Intune

Updated to list all new Intune policies. Additionally, the procedures in the topic are updated to include the latest information.

Mobile Device Management Capabilites in Microsoft Intune [replacement]

Updated to include information about the latest product capabilities.

End user app experience

Describes how IT Pros can now deploy Android apps from the Google Play Store as Required installations.

  • Conditional access for On-Premises Exchange now supports devices that run Android.

  • You can now specify the account that will be used to send notification emails about device blocking for a conditional access policy for On-premises Exchange.

  • Updates to the conditional access documentation to incorporate the latest information.

See Manage access to email and services with conditional access for Microsoft Intune for more information.

You can now deploy software to Windows Phone 8.1 devices in .appx bundle format. For details, see Deploy apps to mobile devices in Microsoft Intune.

Intune adds management settings for Windows Defender. Windows Defender provides malware protection and replaces Endpoint Protection in Windows 10 Technical Preview. See Help secure your computers with Endpoint Protection and Windows Firewall policy for Microsoft Intune for more information.

The following changes have been made to the company portal apps in this release:

  • Users can now access license terms from within the app

  • The Profile view has been redesigned

  • Bug fixes to improve security

Intune mobile device management can now manage iOS devices purchased through Apple’s Device Enrollment program. This allows for over-the-air management of corporate-owned iOS mobile devices. For details, see Enroll corporate-owned iOS devices in Microsoft Intune.

Administrators can limit the number of devices each user can enroll to be managed with Intune. For details, see “Set device enrollment limits” in Enable mobile device enrollment with the Microsoft Intune Account Portal.

You can now deploy software to Windows Phone 8.1 devices in .appx format. For details, see Deploy apps to mobile devices in Microsoft Intune.

The following changes have been made to the company portal apps in this release:

  • Improved login experience on the Windows and Windows Phone Company Portal apps by using Active Directory Authentication Library (ADAL) Integration

  • Bug fixes

  • Added support for Wi-Fi profiles with passkeys when Intune is used with Configuration Manager

  • Added Support for Remote Lock and Passcode Reset features when Intune is used with Configuration Manager

  • Added a Verbose Logging setting to improve troubleshooting

  • Improved performance of SCEP certificate profiles

  • Bug fixes

  • The new SharePoint Online policy lets you prevent apps from accessing SharePoint Online when the device is not compliant.

Use the new Windows Wi-Fi Import Policy to import a set of Wi-Fi settings (for Windows 8.1 and later) that you can then deploy to device and user groups in your organization.

For details, see Help users connect to company networks using Wi-Fi profiles with Microsoft Intune.

Per-app VPN connections are now supported for iOS devices when the connection type is Cisco AnyConnect.

The following functionality has changed for mobile device security policy settings:

  • When you enable the setting Require automatic updates, you can now also select the minimum category of updates you want to automatically install.

  • The Require encryption on mobile devices setting now supports Windows 8.1. When you enable this setting, users must connect their Microsoft Account to the device.

For details, see Configure security policy for mobile devices in Microsoft Intune.

Added information about the latest apps you can manage by using mobile application management policies to the Control apps using mobile application management policies with Microsoft Intune topic.

Conditional access, introduced in the November 2014 release now contains the following new capabilities:

  • Conditional access policies can now be used to control access to Exchange Online.

  • Create compliance policies that define the rules and settings that a device must comply with to access Exchange On-premises and Exchange Online.

For details, see Manage access to email and services with conditional access for Microsoft Intune.

Enroll corporate-owned iOS devices in Microsoft Intune. With this enrollment method users cannot un-enroll or factory reset the device. The administrator preconfigures iOS devices in one of two ways:

  • Sets up the devices for enrollment and then distributes each device to a single user, also known as “choose your own device” (CYOD)

  • Enrolls the device to be user-less and shared amongst a group of users such as point-of-sale devices in a restaurant

Managed mobile apps work with mobile application management policies to restrict certain app operations such as copy and paste, or screenshot functionality.

For mobile device settings that cannot be configured by a mobile device security policy, you can create custom policies for iOS devices that you have exported from the Apple Configurator tool. For details, see Use iOS custom policies to manage device settings with Microsoft Intune.

For devices that run Windows Phone, you can create and deploy a policy that contains OMA-URI settings to control features on the device.

A new report, Device History, lets you view a record of retire, wipe and delete actions. You can use this report to see who initiated actions on devices in the past.

In addition to the following, review Requirements for Microsoft Intune for recent changes.

With this release, Windows Intune is now called Microsoft Intune.

A number of improvements have been made to the Intune admin console including a new Dashboard page that provides quick access to status details that help you manage Intune and find details about your managed devices. For details about the admin console, see Reference for the Microsoft Intune administrative consoles.

Configuration policies provide the following capabilities:

  • Compliant and noncompliant apps – Lets you specify a list of apps that users can, and cannot install.

  • Kiosk mode - Lets you to lock a device to only allow certain features to work. For example, you can allow a device to only run one managed app that you specify, or you can disable the volume buttons on a device.

For details, see Use iOS configuration policies to manage device settings in Microsoft Intune.

  • When you publish terms and conditions, your users will see these when they first use the company portal from any device, whether or not that device is already enrolled. Users will have to accept those terms to access the portal. For details, see About Terms and Conditions.

Email profiles help you create, deploy and monitor Exchange ActiveSync email settings on devices. This lets user’s access corporate email on their personal devices without any required setup on their part. For more information, see Enable access to corporate email using email profiles with Microsoft Intune.

New policy settings have been added to help you manage more features on your managed mobile devices. For more information, see Mobile device management capabilities in Microsoft Intune.

Windows Phone 8.1 is now supported. Windows Phone 8.1 which comes with support for new policy settings.

Android Samsung KNOX is now supported and supports selective wipe.

You can now wipe EFS-enabled content such as content relating the Mail app for Windows. For more information, see Help protect your data with remote wipe, remote lock, or passcode reset using Microsoft Intune.

You can lock mobile devices remotely and also reset the passcode. For more information, see Help protect your data with remote wipe, remote lock, or passcode reset using Microsoft Intune.

Intune now allows you to configure an app as a featured app. This app will then be displayed prominently in the company portal. For more information, see Deploy apps to mobile devices in Microsoft Intune.

In the previous release of Intune, Microsoft Intune Endpoint Protection was only installed if a policy was created to require this installation on newly enrolled clients. In the current release of Intune, the endpoint protection client is installed on computers with Intune, unless a policy is created to prevent this installation. This change was made in response to customer feedback, and to better secure computers running Intune. For more information, see Help secure your computers with Endpoint Protection and Windows Firewall policy for Microsoft Intune.

New policy settings have been added to help you manage more features on your inventoried mobile devices. For more information, see Manage mobile devices with Microsoft Intune.

A new report type has been added specifically to report on inventoried mobile devices in your organization. For more information, see Manage reports in Microsoft Intune.

Intune now allows you to deploy a shortcut to an application on the Web to your devices. For more information, see Get started with app deployment in Microsoft Intune.

Intune now lets you enroll Android devices for direct management. For more information, see Start managing Android devices with Microsoft Intune.

Intune now supports Windows 8.1 devices, including Windows Professional, Surface, Surface Pro, and Windows Phone.

Devices running Windows 8.1 and Windows RT 8.1 can now enable Device Management and automatically enroll and install apps. For more information, see Enable mobile device enrollment with the Microsoft Intune Account Portal.

The default “Ungrouped Devices” group, which was removed in a previous version, is back. Newly enrolled devices are automatically assigned to this group.

iOS devices can now use their own fully featured company portal app, instead of the mobile web app.

Two new policy settings have been added to help administrators streamline client agent updates:

  • Prompt user to restart Windows during Microsoft Intune client agent mandatory updates.

  • Microsoft Intune client agent mandatory updates installation schedule, with the parameters Day scheduled, and Time scheduled.

A new value has been added to the Intune Agent policy setting Install Endpoint Protection. The new value is No, and is the default value.

System_CAPS_noteNote

This behavior is different than previous version of Intune, where Intune Endpoint Protection was installed automatically during client installation. After upgrading, you may need to create a new policy to ensure that new clients will have Endpoint Protection installed, and that existing clients will continue to receive updates. .

With this update, you can now configure the Intune Exchange Connector to connect directly from your Intune service to your hosted Exchange environment, without downloading additional software. .

This tool makes it easy to try out Windows Phone 8 device management using Microsoft System Center 2012 Configuration Manager during your Intune subscription trial period, without having to procure a Symantec certificate. This tool contains:

  • A script that populates a sample Application Enrollment token.

  • A sample Windows Phone 8 company portal app.

  • Two sample applications that can be used for Windows Phone 8 software distribution scenarios.

The Support Tool for Intune Trial Management of Window Phone 8 can be downloaded from the Download Center.

With this security update, once you log in to the Intune administrator console, your session will become invalid after eight hours and you will be prompted to log in again.

With this update, you can now scan a Microsoft Tag or bar code and automatically navigate to the app details page in the Windows 8 or Windows RT company portal app. If the company portal app is not installed, you will be prompted to install it.

With this update, you can now configure the Intune Exchange connector to connect to your hosted Exchange environment in Office 365. For more information, see Set up mobile device management using Exchange ActiveSync in Microsoft Intune

With this update you can share an app with another person by selecting Share from the app details page. This will send an email with a direct link to the app details page. You do not need to have the app installed yourself to share the app.

With this update, you can now scan a Microsoft Tag or bar code and automatically navigate to the app details page in the Windows Phone 8 company portal app. If the company portal app is not installed, you will be prompted to install it.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft