Support tip: Organizational messages is moving to Microsoft 365 admin center

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.

The Intune experience for managing organizational messages will be removed no earlier than August 2024.  You can now view and manage your messages created in Intune in the new experience within the Microsoft 365 admin center. The new experience includes new, top requested features such as the ability to author custom messages and message delivery on Microsoft 365 apps. To learn more about the new experience, review: Introducing organizational messages (preview) in the Microsoft 365 admin center.

 

Key points: What this means for messages created in Intune

If you’re using organizational messages in Intune, there are several key things to be aware of with the experience moving to Microsoft 365:

  • There’s no impact to your users unless you choose to cancel or delete messages.
  • Existing messages that you have created in Intune will be available in the new experience in Microsoft 365 admin center for you to continue viewing and managing.
  • Get Started messages cannot be created in Microsoft 365 admin center. Existing Get Started messages will continue to work until they are cancelled or deleted (which can be done in either Intune or the Microsoft 365 admin center).
  • All Intune role-based access control (RBAC) roles with organizational messages permissions will no longer work and you will have to create new roles (or custom roles) in Microsoft Entra.
  • Scope tags are only available in Intune and will not be applicable after this change.

Update RBAC assignments for organizational messages

Intune RBAC roles won’t work once the experience has been removed from Intune. You’ll want to update your Intune roles to the Microsoft Entra roles before August 2024 to ensure your admins are able to continue managing organizational messages.

 

To create organizational messages in Microsoft 365 admin center, create a new custom role or use one of the built-in roles in Microsoft Entra:

  • Organizational Messages Approver
  • Organizational Messages Writer
  • Microsoft Entra Global Administrator (not recommended as security best practice)

 

For instructions on creating custom roles or assigning roles in Entra, review the following documentation:
Create and assign a custom role in Microsoft Entra ID

Assign Microsoft Entra roles to users

 

Common questions

Will I be able to access organizational messages from Intune?

 You can continue to access and manage organizational messages in Intune until the experience is removed no earlier than August 2024. After that, the organizational messages user interface within the Intune admin center (Tenant administration > Organizational messages) will be removed.

 

What will happen to messages I have created in Intune organizational messages?

Your entire messages history and all active messages from Intune’s organizational messages will be available to view, cancel, or delete in the Microsoft 365 admin center. All active messages from Intune will continue to be delivered until the expiration date you have specified.

 

What will change for my organization and users?

The following functionality will be impacted:

  • Scope tags will not be supported in or migrated to Microsoft 365 admin center. Any scope tags created in Intune will no longer be honored.
  • Any automated scripts for managing organizational messages in Intune will not work.
  • Any Intune RBAC roles will not be honored. You must enable the Entra RBAC roles highlighted above or create a custom role to create and manage organizational messages.
  • The authoring of new Get Started messages will not be available in Microsoft 365 admin center. These messages don’t expire and won’t be canceled until you take action to cancel or delete. Admins may cancel or delete any existing Get Started messages at any time.

 

How will an admin distinguish messages authored from Intune in the Microsoft 365 admin center?

Under the Message Detail pane, the Source field will indicate messages authored from Intune or other entry points.

 

What happens to audit logs of organizational messages in Intune?

Intune audit logs can be viewed in the Intune admin center for the last 30 days or up to 1 year when using Graph API.

 

How will this impact the existing setting which allows you to block Microsoft messaging?

There’ll be no changes to the existing management of Microsoft messaging policy within Intune before August 2024. If you currently block messages that come from Microsoft, you can continue to do so while also allowing organizational messages to come through. Later, after August 2024, this functionality will migrate to organizational messages in the Microsoft 365 admin center.

  1. Sign in to the Microsoft Intune admin center.
  2. Go to Tenant administration > Organizational messages.
  3. In the Overview tab, go to step 2 under “Before you create a message”.
  4. Decide whether to block messages directly from Microsoft, while allowing admin messages to display by:
    1. Switching the toggle to Allow to allow both Microsoft messages and organizational messages.
    2. Switching the toggle to Block to block Microsoft messages and allow organizational messages.

Stay tuned to this post for updates on the exact timing of this change! If you have any questions, leave a comment below or reach out to us on X @IntuneSuppTeam.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.