Week of July 5, 2021
We’ve added the settings to manage Microsoft Defender for Endpoint on macOS to the Intune settings catalog to configure Microsoft Defender for Endpoint on macOS.
The new settings can be found as follows under the following four categories in the settings catalog. For information about these settings, see Set preferences for Microsoft Defender for Endpoint on macOS in the Microsoft Defender for Endpoint on Macdocumentation.
Microsoft Defender - Antivirus engine:
- Allowed threats
- Enable passive mode
- Enable real-time protection
- Scan exclusions
- Threat type settings
Microsoft Defender - Cloud delivered protection preferences:
- Diagnostic collection level
- Enable - disable automatic sample submissions
- Enable - disable cloud delivered protection
Microsoft Defender - EDR preferences:
- Device tags
- Enable - disable early preview
Microsoft Defender - User interface preferences:
- Show - hide status menu icon
The new Update cellular data plan (preview) action lets you remotely activate the eSIM cellular plan on iOS/iPadOS devices that support it. This feature is currently in public preview. For more information, see Update cellular data plan.
We've added some improvements to how Intune displays status information about the managed apps that have deployed to users or devices.
Intune now displays only the apps that are specific to the platform of the device you’re viewing. We’ve also introduced performance enhancements and additional support for the Android and Windows platforms.
When you create a new assignment for a Apple Volume Purchase Program (VPP) app, the default license type is now "device". Existing assignments remain unchanged. For more information about Apple VPP apps, see How to manage iOS and macOS apps purchased through Apple Business Manager with Microsoft Intune.
The following protected apps are now available for Microsoft Intune:
- Secrets Confidential File Viewer by Hitachi Solutions, Ltd.
- AventX Mobile Work Orders by STR Software
- Slack for Intune by Slack Technologies, Inc.
- Dynamics 365 Sales by Microsoft
- Leap Work for Intune by LeapXpert Limited
- iManage Work 10 For Intune by iManage, LLC
- Microsoft Whiteboard by Microsoft (Android version)
For more information about protected apps, see Microsoft Intune protected apps.
When creating a device restriction policy for iOS/iPadOS devices, you can manage cookies in the Safari app (Devices > Configuration profiles > Create profile > iOS/iPadOS for platform > Device restrictions for profile > Built-in Apps).
The Safari cookies setting is updated to help manage cookies and cross site tracking. For more information on this setting, see Built-in Apps for iOS/iPadOS devices.
- iOS/iPadOS versions 4 and newer
Browser access is now automatically turned on during new enrollments of the following devices:
- Android Enterprise dedicated devices enrolled with Azure AD Shared device mode
- Android Enterprise fully managed devices
- Android Enterprise corporate-owned work profile devices
Compliant devices can use the browser to access resources protected by conditional access.
This change has no impact on devices that are already enrolled.
Intune support for Android Enterprise corporate-owned devices with a work profile is now generally available. For more information, see Announcing general availability of Android Enterprise corporate-owned devices with a work profile
Use filters on Settings Catalog configuration profiles, and Risk Score and Threat Level compliance policy settings
When you use filters to assign your policies, you can:
- Use filters on compliance policies that use the Risk Score and Threat Level settings.
- Use filters on configuration profiles that use the Settings Catalog profile type.
For more information on what you can do, see List of platforms, policies, and app types supported by filters.
- Android device administrator
- Android Enterprise
- Windows 10 and newer
In Endpoint Manager, you can create filters to target devices based on different properties, including device name, manufacturer, and more. On iOS/iPadOS and Windows 10 and newer devices, you can create a filter using the enrollment profile name. The enrollment profile name property is available for Android Enterprise devices.
To see the filter properties you can configure, go to Device properties, operators, and rule editing when creating filters.
- Android Enterprise
Proactive remediations are script packages that can detect and fix common support issues on a user's device before they even realize there's a problem. To help you easily analyze returned outputs, an Export option was added that allows you to save the output as a
.csv file. For more information, see Proactive remediations.
The Certificates report, which shows the current device certificates in use, has been updated to include better capabilities to search, page, sort, and export the report. In the Microsoft Endpoint Manager admin center, select Devices > Monitor > Certificates. For more information about reports in Intune, see Intune reports.
The Microsoft Defender for Endpoint app that supports Microsoft Tunnel functionality on Android is now out of preview and generally available for use. With this change:
- You no longer need to opt in to use Defender of Endpoint as the tunnel app on Android.
- The standalone app for Android is now deprecated and will be removed from the Google app store when support ends on August 14, 2021.
Plan to download and use the updated Microsoft Defender for Endpoint app for Microsoft Tunnel app for Android. If you participated in the preview, update your devices with the new version of Defender for Endpoint from the Google Play store. If you are still using the standalone tunnel app, plan to migrate to the Microsoft Defender for Endpoint app before support for the standalone app ends.
The standalone tunnel app for iOS remains in preview.
While we know customers get enormous value by enabling tenant attach, there are rare cases where you might need to offboard a hierarchy. For example, you may need to offboard following a disaster recovery scenario where the on-premises environment was removed. To remove your Configuration Manager hierarchy from the Microsoft Endpoint Manager admin center, select Tenant administration, Connectors and tokens then Microsoft Endpoint Configuration Manager. Choose the name of the site you would like to offboard, then select Delete. For more information, see Enable tenant attach.
The Android Company Portal app and the Android Intune app now support Portuguese from Portugal (language code pt-PT). Intune already supports Portuguese from Brazil.