What’s new in Microsoft Intune March 2024

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

I’m Scott Sawyer, a Director of Engineering for Intune, and I’ll be your guide to what’s new in Microsoft Intune going forward. As you might have heard, Ramya Chitrakar has moved to a new role driving product strategy and engineering execution for Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity. Please join me in thanking Ramya for penning this series, her leadership, and myriad of contributions to the Intune engineering team over the last 17 years.

I’m excited to start highlighting Intune’s new capabilities! Like many in the management space, I see that the lines between security operations and IT operations are often blurry. You often tell us that the ability to share information and capabilities between security and administrative functions is one of Microsoft Intune’s most compelling features, and we’ve got some announcements in this area (and others) this month. So, let’s get started!

A streamlined endpoint security experience

We hear from customers that they want easier access to vital endpoint security and device status. In response, we’re releasing a revamped Overview page under the Endpoint security blade, aimed at centering important information, like device security status, making it easier to configure and deploy Microsoft Defender for Endpoint.

Highlights of this new experience include:

  1. Connector status at-a-glance: Get a clear indication that Defender for Endpoint and Intune are connected tenant-wide.
  2. Windows device Endpoint detection and response (EDR) status and actions: Quickly see the status of Windows devices and get one-click access to deployment options.
  3. New preconfigured policy: A streamlined workflow helps administrators deploy Defender for Endpoint and EDR in just a few clicks.
  4. Antivirus agent status and monitoring report shortcuts: Visualize key antivirus data and get easy access to Firewall and Malware reports plus a handy shortcut to the Defender portal.

Screenshot of the Overview page with numbers 1 to 4 labeling the highlights of this new experience.Screenshot of the Overview page with numbers 1 to 4 labeling the highlights of this new experience.

The EDR blade itself is getting a refresh too, including:

  1. A Summary tab recapping the EDR reporting as seen on the Overview page.
  2. A dedicated EDR Onboarding Status tab that shows device Defender sensor state and EDR onboarding status.
  3. The Deploy preconfigured policy option that lets admins quickly onboard devices to EDR.

Screenshot of the EDR page with numbers 1 to 3 labeling the highlights of this new experience.Screenshot of the EDR page with numbers 1 to 3 labeling the highlights of this new experience.

These features will be available to all customers, including those with Government Community Cloud High (GCC High) and Department of Defense (DoD) tenants as the update rolls out. For a deep dive into this capability, read more here.

Secure and manage BIOS for Dell devices

Given the increasing sophistication of hardware-based attacks, IT administrators need the ability to secure and manage device BIOS. And coming later this month, thanks to a collaboration with Dell, a BIOS configuration file generated with their Dell command tool can be delivered to Intune managed devices. Additionally, Intune admins can generate unique BIOS passwords. This represents a huge opportunity for efficiency, especially for widely dispersed hybrid workforces. Read more about this exciting new capability on Dell’s blog, Streamline Endpoint Security and Manageability with BLOBs.

More granular policy targeting for Windows Mobile Application Management (MAM)

We got a lot of great feedback when we released assignment filters for iOS and Android devices. I’m pleased to announce that managed app assignment filters are now applicable to Windows devices to give IT pros more control over application protection policies and application configuration policies. With these assignment filters, policies can now be targeted with more granularity. For example, specific device models can be excluded from application protection policies and application configuration policies, or you can make a policy so that Windows devices have the latest security updates for their installed OS, be it Windows 11 or Windows 10. The rule builder streamlines the filter property definition process and a filter preview lets you see the endpoints that will be affected. This capability will also be available to Intune customers who use Intune with GCC High and DoD levels of security.

Screenshot of the Create filter page for apps, showing the rule builder streamlining the filter property definition process.Screenshot of the Create filter page for apps, showing the rule builder streamlining the filter property definition process.

What do you think of these new features? Join our Intune community and let us know!

Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.