Skip to content

Enterprise Mobility + Security


We will be releasing the next service update for Microsoft Intune between January 6 and January 14. New features and enhancements will be made available as part of this service update including:

  • Support for new Windows 10 features:
    • You can now set an additional rule in the Compliance Policy for conditional access to require Windows 10 devices to be reported as healthy via the Health Attestation Service in order to access corporate data. Windows 10 devices will then be evaluated to ensure that the following items are enabled: BitLocker, code integrity, secure boot, early-launch antimalware (desktop only). In addition, you can view reports on Windows 10 health attestation data collected by Intune.
    • You can now set Microsoft Passport for Work policies (such as PIN or Windows Hello requirements) for Windows 10 devices enrolled in Intune as well as deploy certificates to Passport for Work container by specifying them as the Key Storage Provider in SCEP or PFX certificate profiles. Note: Microsoft Passport for Work policy is enabled by default, so all eligible Windows 10 and Windows 10 Mobile devices will have this policy enforced. Customers can choose to disable it, if needed.
    • You can now define a list of apps in a VPN profile for Windows 10, so that when an app from this list is launched, per-app VPN is triggered. In addition, you can lock the VPN connection to be only available for the apps defined on the list.
    • Additional policy settings for Microsoft Surface Hub devices can now be configured through the “General Configuration (Windows 10 Team and later)” template.
    • You can now perform a full remote wipe of Windows 10 desktop devices that are enrolled in Intune. Selective wipe of corporate data is already available in Intune.
  • Integration with Apple Volume Purchase Program (VPP) for Business: You can now sync, deploy, and track the installation of apps that were purchased through Apple VPP for Business in the Intune admin console.
  • Better support for corporate-owned device scenarios: You can now identify corporate-owned devices by pre-declaring their international mobile equipment identity (IMEI) numbers in Intune admin console. When a device from the list is enrolled in Intune, it is automatically set as Corporate. If necessary, a more restrictive device policy can be deployed to corporate-owned devices.
  • Microsoft MyApps support: Users can now access MyApps portal, a central hub for SaaS applications, directly from the Intune Managed Browser and take advantage of single sign-on to thousands of SaaS apps, self-service password reset, and more.
  • New setting for Android devices: You now have an option to configure Smart Lock setting for Android 5.X devices in order to prevent users from bypassing the lock screen on devices enrolled in Intune.
  • Intune Company Portal improvements on iOS devices:
    • A checkmark now indicates the user’s current device.
    • Users can now choose which mail app (including Microsoft Outlook) they would like to use to send diagnostic reports to help desk or IT. Previously, only the native mail app could be used.
    • Support has been improved for devices that were enrolled through Apple Device Enrollment Program (DEP).

The following new features were also recently released for customers using System Center Configuration Manager integrated with Intune (hybrid):

  • Conditional access based on the operating system version. Read more here. Note: This feature is also coming to Intune standalone (cloud only) soon.
  • Ability to deploy MSI apps to MDM managed Windows 10 devices. Read more here.

Also, as announced earlier, you can manage Office mobile apps using Intune Mobile Application Management (MAM) capabilities without requiring the device to be enrolled for management. You can view the full list of features being released to Intune standalone (cloud only) by visiting the what’s new in Intune page in the TechNet library. Additionally, you can view the list of features being released to System Center Configuration Manager integrated with Intune (hybrid) by visiting the what’s new for MDM in Configuration Manager page in the TechNet library.

Additional resources:

Note: To see the specific timeframe for when your tenant will be updated, please visit the Microsoft Intune status page. You can identify the Service Instance that your Intune subscription is running on by opening your Intune administration console, clicking on the Admin tab and then selecting View Service Status. Your Service Instance will then be displayed at the top of the Intune Service Dashboard.