Microsoft has been hard at work developing and improving features in Microsoft Intune, read below for details.
Support for new Windows 10 features
- You can now set an additional rule in the Compliance Policy for conditional access to require Windows 10 devices to be reported as healthy via the Health Attestation Service in order to access corporate data. Windows 10 devices will then be evaluated to ensure that the following items are enabled: BitLocker, code integrity, secure boot, early-launch antimalware (desktop only). In addition, you can view reports on Windows 10 health attestation data collected by Intune.
- You can now set Microsoft Passport for Work policies (such as PIN or Windows Hello requirements) for Windows 10 devices enrolled in Intune as well as deploy certificates to Passport for Work container by specifying them as the Key Storage Provider in SCEP or PFX certificate profiles. Note: Microsoft Passport for Work policy is enabled by default, so all eligible Windows 10 and Windows 10 Mobile devices will have this policy enforced. Customers can choose to disable it, if needed.
- You can now define a list of apps in a VPN profile for Windows 10, so that when an app from this list is launched, per-app VPN is triggered. In addition, you can lock the VPN connection to be only available for the apps defined on the list.
- Additional policy settings for Microsoft Surface Hub devices can now be configured through the “General Configuration (Windows 10 Team and later)” template.
- You can now perform a full remote wipe of Windows 10 desktop devices that are enrolled in Intune. Selective wipe of corporate data is already available in Intune.
Integration with Apple Volume Purchase Program (VPP) for Business
You can now sync, deploy, and track the installation of apps that were purchased through Apple VPP for Business in the Intune admin console.
- Better support for corporate-owned device scenarios: You can now identify corporate-owned devices by pre-declaring their international mobile equipment identity (IMEI) numbers in Intune admin console. When a device from the list is enrolled in Intune, it is automatically set as Corporate. If necessary, a more restrictive device policy can be deployed to corporate-owned devices.
- Microsoft MyApps support: Users can now access MyApps portal, a central hub for SaaS applications, directly from the Intune Managed Browser and take advantage of single sign-on to thousands of SaaS apps, self-service password reset, and more.
- New setting for Android devices: You now have an option to configure Smart Lock setting for Android 5.X devices in order to prevent users from bypassing the lock screen on devices enrolled in Intune.
- Intune Company Portal improvements on iOS devices:
- A checkmark now indicates the user’s current device.
- Users can now choose which mail app (including Microsoft Outlook) they would like to use to send diagnostic reports to help desk or IT. Previously, only the native mail app could be used.
- Support has been improved for devices that were enrolled through Apple Device Enrollment Program (DEP).