Week of July 26, 2021 (Service release 2107)
Device configuration
Improved policy support for iPadOS devices enrolled as Shared iPads for Business (public preview)
We've added support for user-assigned device configuration policies for Shared iPads for Business.
With this change, settings like the home screen layout and most device restrictions assigned to user groups apply to Shared iPad devices while a user from the assigned user groups is active on the device
Certificate Connector for Microsoft Intune combines separate certificate connectors
We’ve released the Certificate Connector for Microsoft Intune. This new connector replaces the use of separate certificate connectors for SCEP and PKCS, and includes the following features:
- Configure each instance of the connector to support one or more of the following capabilities:
- SCEP
- PKCS
- PFX imported certificates
- Certificate revocation
- Use a normal Active Directory account or the system account for the connector service.
- Based on your tenant location, select government vs. commercial environments.
- Removes the need to select a client certificate for SCEP integration with NDES.
- Auto-updates to the latest version of the connector. Manual update of this connector is also supported.
- Improved logging.
The previous connectors remain in support but are no longer available for download. If you need to install or reinstall a connector, install the new Certificate Connector for Microsoft Intune.
Windows Autopilot diagnostics page (public preview)
Available settings on the Enrollment Status Page are updated from Allow users to collect logs about installation errors to Turn on log collection and diagnostics page for end users to support the Windows Autopilot diagnostics page, available in Windows 11. For more information, see Windows Autopilot: What's new.
Device management
Use filters to assign Windows 10 update rings in Endpoint Manager admin center - public preview
In the Endpoint Manager admin center, you can create filters, and then use these filters when assigning apps and policies.
When assigning Windows 10 update ring policies, you can use filters (Devices > Windows > Windows 10 Update Rings). You can filter the devices that get the update rings policy based on a device property, such as the OS version, device manufacturer, and more. After you create the filter, use the filter when you assign the update rings policy.
Applies to:
Collect diagnostics remote action moved to general availability
The Collect diagnostics remote action lets you collect diagnostics from corporate devices without interrupting or waiting for the end user. Collected diagnostics include MDM, Autopilot, event viewers, registry key, Configuration Manager client, networking, and other critical troubleshooting diagnostics. For more information see Collect diagnostics from a Windows device.
Autopilot support for Microsoft HoloLens is now generally available
For more information, see Windows Autopilot for HoloLens 2.
Device security
Work from anywhere report
Endpoint analytics has a new report named Work from anywhere. The Work from anywhere report is an evolution of the Recommended software report. The new report contains metrics for Windows 10, cloud management, cloud identity, and cloud provisioning. For more information, see the Work from anywhere report article.
Intune apps
Improvements to SSO app extension screen for Company Portal for macOS
We've improved the Intune Company Portal authentication screen that prompts macOS users to log in to their account using single sign-on (SSO). Users can now:
- See the app that's requesting SSO.
- Select Don't ask me again to opt out of future SSO requests.
- Opt back in to SSO requests by going to Company Portal > Preferences and deselecting Don't ask me to sign in with single sign-on for this account.
Newly available protected apps for Intune
The following protected apps are now available for Microsoft Intune:
- Webex for Intune by Cisco Systems, Inc.
- LumApps for Intune by LumApps
- ArchXtract (MDM) by CEGB CO., Ltd.
For more information about protected apps, see Microsoft Intune protected apps.
