We’ve added the settings to manage Microsoft Defender for Endpoint on macOS to the Intune settings catalog to configure Microsoft Defender for Endpoint on macOS.
The new settings can be found as follows under the following four categories in the settings catalog. For information about these settings, see Set preferences for Microsoft Defender for Endpoint on macOS in the Microsoft Defender for Endpoint on Macdocumentation.
Microsoft Defender - Antivirus engine:
Microsoft Defender - Cloud delivered protection preferences:
Microsoft Defender - EDR preferences:
Microsoft Defender - User interface preferences:
The new Update cellular data plan (preview) action lets you remotely activate the eSIM cellular plan on iOS/iPadOS devices that support it. This feature is currently in public preview. For more information, see Update cellular data plan.
We've added some improvements to how Intune displays status information about the managed apps that have deployed to users or devices.
Intune now displays only the apps that are specific to the platform of the device you’re viewing. We’ve also introduced performance enhancements and additional support for the Android and Windows platforms.
When you create a new assignment for a Apple Volume Purchase Program (VPP) app, the default license type is now "device". Existing assignments remain unchanged. For more information about Apple VPP apps, see How to manage iOS and macOS apps purchased through Apple Business Manager with Microsoft Intune.
The following protected apps are now available for Microsoft Intune:
For more information about protected apps, see Microsoft Intune protected apps.
When creating a device restriction policy for iOS/iPadOS devices, you can manage cookies in the Safari app (Devices > Configuration profiles > Create profile > iOS/iPadOS for platform > Device restrictions for profile > Built-in Apps).
The Safari cookies setting is updated to help manage cookies and cross site tracking. For more information on this setting, see Built-in Apps for iOS/iPadOS devices.
Applies to:
Browser access is now automatically turned on during new enrollments of the following devices:
Compliant devices can use the browser to access resources protected by conditional access.
This change has no impact on devices that are already enrolled.
Intune support for Android Enterprise corporate-owned devices with a work profile is now generally available. For more information, see Announcing general availability of Android Enterprise corporate-owned devices with a work profile
When you use filters to assign your policies, you can:
For more information on what you can do, see List of platforms, policies, and app types supported by filters.
Applies to:
In Endpoint Manager, you can create filters to target devices based on different properties, including device name, manufacturer, and more. On iOS/iPadOS and Windows 10 and newer devices, you can create a filter using the enrollment profile name. The enrollment profile name property is available for Android Enterprise devices.
To see the filter properties you can configure, go to Device properties, operators, and rule editing when creating filters.
Applies to:
Proactive remediations are script packages that can detect and fix common support issues on a user's device before they even realize there's a problem. To help you easily analyze returned outputs, an Export option was added that allows you to save the output as a .csv file. For more information, see Proactive remediations.
The Certificates report, which shows the current device certificates in use, has been updated to include better capabilities to search, page, sort, and export the report. In the Microsoft Endpoint Manager admin center, select Devices > Monitor > Certificates. For more information about reports in Intune, see Intune reports.
The Microsoft Defender for Endpoint app that supports Microsoft Tunnel functionality on Android is now out of preview and generally available for use. With this change:
Plan to download and use the updated Microsoft Defender for Endpoint app for Microsoft Tunnel app for Android. If you participated in the preview, update your devices with the new version of Defender for Endpoint from the Google Play store. If you are still using the standalone tunnel app, plan to migrate to the Microsoft Defender for Endpoint app before support for the standalone app ends.
The standalone tunnel app for iOS remains in preview.
While we know customers get enormous value by enabling tenant attach, there are rare cases where you might need to offboard a hierarchy. For example, you may need to offboard following a disaster recovery scenario where the on-premises environment was removed. To remove your Configuration Manager hierarchy from the Microsoft Endpoint Manager admin center, select Tenant administration, Connectors and tokens then Microsoft Endpoint Configuration Manager. Choose the name of the site you would like to offboard, then select Delete. For more information, see Enable tenant attach.
The Android Company Portal app and the Android Intune app now support Portuguese from Portugal (language code pt-PT). Intune already supports Portuguese from Brazil.