Over the last few weeks I’ve been talking to quite a few people who have started using the Intune preview in the Azure Portal for more of their day to day management tasks, and it’s always interesting to hear the things that most people are excited about. For a while the typical response was “No more Silverlight”, but over time this has changed as people are seeing more functionality light up, as well as new functionality that is being rolled in. Some of the more exciting ones for me are the Windows 10 ones that are opening up scenarios that target education, which is obviously setting the stage for Intune for Education when that becomes available. That’s not to say the Android and iOS updates aren’t welcome, because they certainly are, it’s just that for the next few months that’s the segment I’ll be heavily focused on.
Below is the full list of updates from docs, and as you can see it’s a pretty big list this month, with plenty of links for further information.
Android apps in the Play store that support managed configuration options can now be configure by Intune. This feature lets IT view the list of configuration values supported by an app, and provides a guided, first-class UI to allow them to configure those values.+
Intune now uses the TeamViewer software, purchased separately, to enable you to give remote assistance to your users who are running Android devices. For more information see Remote control Android devices using TeamViewer.+
You can now set a required password type of Numeric complex in an Android device profile for devices that run Android 5.0 and above. Use this setting to prevent device users from creating a PIN that contains repeating, or consecutive numbers, like 1111, or 1234.+
This new Android for Work device restriction policy now lets you manage password and work profile settings on Android for Work devices you manage.
This Android for Work device restriction profile now has new options to help you configure data sharing between work and personal profiles.+
A new custom device profile for Android for Work devices now lets you restrict whether copy and paste actions between work and personal apps are allowed.
You can now use an Intune device profile to configure iOS devices to run specified apps in autonomous single app mode. When this mode is configured, and the app is run, the device is locked so that it can only run that app. An example of this is when you configure an app that lets users take a test on the device. When the app’s actions are complete, or you remove this policy, the device returns to its normal state.+
You can now assign iOS volume-purchased (VPP) apps as Available installs to end users. End users will need an Apple Store account to install the app.+
Devices that run Samsung KNOX Standard are now supported for multi-user management by Intune. This means that end users can sign in and out of the device with their Azure Active Directory credentials, and the device is centrally managed whether it’s in use or not. When end users sign-in, they have access to apps and additionally get any policies applied to them. When users sign out, all app data is cleared.+
We’ve added support for additional Windows device restriction settings like additional Edge browser support, device lock screen customization, start menu customizations, Windows Spotlight search set wallpaper, and proxy setting.+
We’ve added support for multi-user management for devices that run the Windows 10 Creators Update and are Azure Active Directory domain-joined. This means that when different standard users log onto the device with their Azure AD credentials, they will receive any apps and policies that were assigned to their user name. Users cannot currently use the Company Portal for self-service scenarios like installing apps.+
A new Fresh Start device action for Windows 10 PCs is now available. When you issue this action, any apps that were installed on the PC are removed, and the PC is automatically updated to the latest version of Windows. This can be used to help remove pre-installed OEM apps that are often delivered with a new PC. You can configure if user data is retained when this device action is issued.+
You can now join large numbers of devices that run the Windows 10 Creators update to Azure Active Directory and Intune with Windows Configuration Designer (WCD). To enable bulk MDM enrollment for your Azure AD tenant, create a provisioning package that joins devices to your Azure AD tenant using Windows Configuration Designer, and apply the package to corporate-owned devices you’d like to bulk enroll and manage. Once the package is applied to your devices, they will Azure AD join, enroll in Intune, and be ready for your Azure AD users to log on. Azure AD users are standard users on these devices and receive assigned policies and required apps. Self-service and Company Portal scenarios are not supported at this time.+
Two new app settings are now available to help you with mobile application management (MAM) scenarios:+
List of supported storage location services: