As is usually the case, there are a few new features in October, including updates to Conditional Access, Android for Work support, Lookout integration, Android fingerprint reader support and more. One of the things that you do need to be aware of is that newly provisioned tenants that leverage the updated grouping and targeting features for the Android for Work features.

What’s new

Conditional access for mobile application management

You will be able to restrict access to Exchange Online so that access can come only from apps that support Intune mobile application management policies such as Outlook. This new feature pairs up perfectly with Intune mobile app management (MAM) policies as you can block access to built-in mail clients or other apps that have not been configured with the Intune MAM policies. This ensures your users are accessing your organization’s data with apps that can be protected using Intune MAM. You can get started in Intune mobile app management via the Azure portal. Look for the new Conditional Access section in the “Settings” blade.

Conditional access for Windows PCs

You can now create conditional access policies through the Intune admin console to block Windows PCs from accessing Exchange Online and SharePoint Online. You can also create conditional access policies to block access to Office desktop and universal applications. 

Android for Work support

Intune is now part of the Android for Work (AfW) program. We will begin rolling out support for AfW features starting this month and continuing over the next few months. Note that available app deployment of AfW leverages the new grouping and targeting experience. Newly provisioned Intune Service accounts will be able to use this feature once AfW is available to them. 

Existing Intune customers can use this feature in production once their tenant has been migrated. Existing customers are welcome to create a trial Intune account to plan for and test this feature until their tenant has been migrated. Any questions on grouping and targeting timelines, please contact our migration team.+

Read Microsoft’s announcement about Intune support for Android for Work. 

The following Intune topics are new, or updated with Android for Work information: 

For IT professionals: 

For end users: 

Lookout integration to protect iOS devices

In October, Microsoft is integrating with Lookout’s mobile threat protection solution to protect iOS mobile devices by detecting malware, risky apps, and more, on devices. Lookout’s solution helps you determine the threat level, which is configurable. You can create a compliance policy rule in Intune to determine device compliance based on the risk assessment by Lookout. Using conditional access policies, you can allow or block access to company resources based on the device compliance status. 

End users of noncompliant iOS devices will be prompted to enroll, and will be required to install the Lookout for Work app on their devices, activate the app, and remediate threats reported in the Lookout for Work application to gain access to company data. Learn how to Configure and deploy Lookout for Work apps 

Intune App Wrapping Tool for Android

You can enable your apps to use Intune mobile application management (MAM) policies by using the Intune App Wrapping Tool. Support for Intune MAM policies without requiring device enrollment is now available.+

Manage printing from apps managed using MAM policies

You can now prevent printing company data from apps that have MAM policies. This setting is available on the Azure portal and is supported on both iOS and Android devices. +

Support for fingerprints on Android devices

Android mobile app management (MAM) policies now allow users to access an app with their fingerprint instead of typing out their PIN. See this and other mobile app management policy settings for Android here.+


Android Samsung KNOX compatibility with Intune

Certain models of the Samsung Galaxy Ace phone cannot be managed by Intune as Samsung KNOX devices. When you enroll these devices with Intune, they will instead be managed as standard Android devices.+

The model numbers affected are:+

    • SM-G313HU
    • SM-G313HY
    • SM-G313M
    • SM-G313MY
    • SM-G313U

  You and your end users need take no further action. For more information, visit the Samsung KNOX website.

Company Portal app for Windows 8 is deprecated; support for Windows Phone 8 and Windows RT platforms are being deprecated

Starting in October 2016, Microsoft Intune will deprecate support for the Windows 8 Company Portal. Microsoft Intune will also deprecate support for the Windows Phone 8 and Windows RT platforms. As a consequence, you will not be able to enroll or update any Windows Phone 8 or Windows RT devices.+

You can continue to manage Windows Phone 8, Windows RT and Windows 8 devices that are already enrolled. Update Windows Phone 8 and Windows 8 devices to Windows 8.1 and Windows Phone 8.1, and use the corresponding Windows 8.1 and Windows Phone 8.1 Company Portal apps to continue distributing apps to these devices without disruptions.+

Starting in November 2016, we will deprecate support for the Windows Phone 8 Company Portal. +

What’s coming

New Microsoft Intune Company Portal available for Windows 10 devices

Microsoft is releasing a new Microsoft Intune Company Portal for Windows 10 devices. This app, which leverages the new Windows 10 Universal format, will provide the user with an updated user experience within the app and identical experiences across all Windows 10 devices, PC and Mobile alike, while still enabling all the same functionality that they are using today.+

The new app will also allow users to leverage additional platform features like single sign-on (SSO) and certificate-based authentication on Windows 10 devices. The app will be made available as an upgrade to the existing Windows 8.1 Company Portal and Windows Phone 8.1 Company Portal installs from the Windows Store. For more details, go to +

See also


To submit product feedback, please visit Intune Feedback