Updated: Mar 4
Week of January 24, 2022 (Service Release 2201)
Deploy DMG-type applications to managed macOS devices
You can upload and deploy DMG-type applications to managed Macs from Microsoft Endpoint Manager using the required assignment type. DMG is the file extension for Apple disk image files. DMG-type apps are deployed using the Microsoft Intune MDM agent for macOS. You can add a DMG app from Microsoft Endpoint Manager admin center by selecting Apps > macOS > Add > macOS app (DMG). For more information, see Add a macOS DMG app to Microsoft Intune.
Choose either user or device scope when creating Windows VPN profiles
You can create a VPN profile for Windows devices that configures VPN settings (Devices > Configuration profiles > Create profile > Windows 10 and later for platform > Templates > VPN for profile).
When you create a profile, use the Use this VPN profile with a user/device scope setting to apply the profile to the user scope or the device scope:
User scope: The VPN profile is installed within the user's account on the device.
Device scope: The VPN profile is installed in the device context and applies to all users on the device.
Existing VPN profiles will apply to their existing scope, and aren't impacted by this change. All VPN profiles are installed in the user scope except for the profiles with device tunnel enabled, which requires device scope.
For more information on VPN settings you can currently configure, see Windows device settings to add VPN connections using Intune.
Filters are Generally Available (GA)
You can use filters to include or exclude devices in workload assignments (like policies and apps) based on different device properties. Filters is now generally available (GA).
For more information on filters, see Use filters when assigning your apps, policies, and profiles.
Automatic device clean-up rules support for Android Enterprise devices
Intune supports the creation of rules to automatically remove devices that appear to be inactive, stale, or unresponsive. You can now use these clean-up rules with Android Enterprise devices that previously did not support them. These rules are now supported for:
Android Enterprise Fully Managed
Android Enterprise Dedicated
Android Enterprise Corporate-Owned with Work Profile
To learn more about clean-up rules, see Automatically delete devices with cleanup rules.
Use Collect diagnostics to collect additional details from Windows 365 devices through Intune remote actions
Intune’s remote action to Collect diagnostics now collects additional details from Windows 365 (Coud-PC) devices. The new details for Windows 365 devices include the following registry data:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\WebRTC Redirector
For information about remote actions supported for Windows 365 devices, see Remotely manage Windows 365 devices.
Tenant attach features are Generally Available (GA)
The following tenant attach features are now generally available:
BitLocker Recovery Keys
New Account protection policy to configure users in local groups on devices in public preview
In public preview, you can use a new profile for Intune Account protection policies to manage the membership of the built-in local groups on Windows 10 and 11 devices.
Each Windows device comes with a set of built-in local groups. Each local group contains a set of users that have rights within that group. With the new Local user group membership (preview) profile for endpoint security Account protection policies, you can manage which users are members of those local groups.
To configure local group memberships, you select the built-in local account to modify and then choose the users to add, remove, or replace in the group with other users. Each device that receives the policy the updates the membership of those local groups. Modification of the group membership on each device is done by using the Policy CSP - LocalUsersAndGroups.
To learn more, see Manage local groups on Windows devices.