Week of December 13, 2021 (Service release 2112)
Device management
Launch Remote help from within the admin center
You can now launch remote help from within the Microsoft Endpoint Manager admin center. To do so, in the admin center go to All devices and select the device on which assistance is needed. Then select New remote help session, which is available from the remote actions bar across the top of the devices view.
Endpoint analytics filtering
You can now add filters to the tables in Endpoint analytics reports. Using filters enables you to discover trends in your environment or spot potential issues.
Use filters to assign Endpoint analytics proactive remediations scripts in admin center - public preview
In the Endpoint Manager admin center, you can create filters, and then use these filters when assigning apps and policies. You'll be able to use filters to assign the following policy:
Endpoint analytics proactive remediations Windows PowerShell scripts (Reports > Endpoint analytics > Proactive remediations)
For more information on filters, see Use filters (preview) when assigning your apps, policies, and profiles.
Applies to:
Windows 10 and newer
Device configuration
New option to see the number of profiles with an error or conflict in device configuration profiles
In the Endpoint Manager admin center, there's a new "X policies with error or conflict" option. When you select this option, you automatically go to the Devices > Monitor > Assignment Failures report. This report helps you troubleshoot errors and conflicts.
This new option is available in the following locations in the Endpoint Manager admin center:
Home page
Dashboard
For more information, see Monitor device profiles in Microsoft Intune and Assignment failures report.
Applies to:
Windows 10 and newer
New Timeout and Block iCloud Private Relay settings for iOS/iPadOS and macOS devices
On iOS/iPadOS and macOS devices, you can create a device restrictions policy that manages features on the device (Devices > Configuration Profiles > Create profile > iOS/iPadOS or macOS for platform > Device restrictions).
There are new settings:
iOS/iPadOS:
Block iCloud Private Relay: On supervised devices, this setting prevents users from using the iCloud Private Relay (opens Apple's web site).
macOS
Block iCloud Private Relay: On supervised devices, this setting prevents users from using the iCloud Private Relay (opens Apple's web site).
Timeout: Users can unlock their devices using a Touch ID, such as a fingerprint. Use this setting to require users to enter their password after a period of inactivity. The default inactivity period is is 48 hours. After 48 hours of inactivity, the device prompts for the password, instead of Touch ID.
Applies to:
iOS/iPadOS 15 and newer
macOS 12 and newer
New device restrictions settings for Android Enterprise corporate-owned devices with a work profile
On Android Enterprise devices, you can configure settings that control features on devices (Devices > Configuration Profiles > Create profile > Android Enterprise for platform > Device restrictions for profile type > General).
For Android Enterprise corporate-owned devices with a work profile, there are new settings:
Search work contacts and display work contact caller-id in personal profile
Copy and paste between work and personal profiles
Data sharing between work and personal profiles
For more information on the settings you can currently configure, see Android Enterprise device settings to allow or restrict features using Intune.
Applies to:
Android Enterprise corporate-owned work profile (COPE)
Settings Catalog is supported on U.S. Government GCC High and DoD
Settings Catalog is available and supported on U.S. Government GCC High and DoD.
For more information on Settings Catalog, and what it is, see Use the settings catalog to configure settings on Windows and macOS devices.
Applies to:
macOS
Windows 10 and newer
Enter the certificate common name in Wi-Fi profiles for Android Enterprise fully managed, dedicated, and corporate-owned work profile devices
On Android Enterprise devices, you can create a Wi-Fi profile that configures enterprise Wi-Fi settings (Devices > Configuration Profiles > Create profile > Android Enterprise for platform > Fully Managed, Dedicated, and Corporate-Owned Work Profile > Wi-Fi for profile type).
When you select Enterprise, there's a new Radius server name setting. This setting is the DNS name used in the certificate presented by the Radius Server during client authentication to the Wi-Fi access point. For example, enter Contoso.com, uk.contoso.com, or jp.contoso.com.
If you have multiple Radius servers with the same DNS suffix in their fully qualified domain name, then you can enter only the suffix. For example, you can enter contoso.com.
When you enter this value, user devices can bypass the dynamic trust dialog that's sometimes shown when connecting to the Wi-Fi network.
What you need to know:
New Wi-Fi profiles targeting Android 11 or later may require this setting to be configured. Otherwise, the devices may not connect to your Wi-Fi network.
For more information on the settings you can currently configure, see Android Enterprise Fully Managed, Dedicated, and Corporate-Owned Work Profile Wi-Fi settings.
Applies to:
Android Enterprise corporate-owned work profile (COPE)
Android Enterprise corporate owned fully managed (COBO)
Android Enterprise dedicated devices (COSU)
New Administrative Templates settings for Microsoft Edge 96, 97, and Microsoft Edge updater on Windows devices
In Intune, you can use Administrative Templates to configure Microsoft Edge settings (Devices > Configuration profiles > Create profile > Windows 10 and later for platform > Templates > Administrative Templates for profile type).
There are new Administrative Templates settings for Microsoft Edge 96, 97, and the Microsoft Edge updater, including Target Channel override support. Use Target Channel override so users get the Extended Stable release cycle option, which can be set using Group Policy or through Intune.
For related information, see:
Configure Microsoft Edge policy settings in Microsoft Intune
Overview of the Microsoft Edge channels
Microsoft Edge Browser Policy Documentation
Applies to:
Windows 10 and newer
Microsoft Edge
Intune apps
Newly available protected apps for Intune
The following protected app is now available for Microsoft Intune:
Groupdolists by Centrallo LLC
For more information about protected apps, see Microsoft Intune protected apps.
BlackBerry – New mobile threat defense partner
You can now use BlackBerry Protect Mobile (powered by Cylance AI) as an integrated mobile threat defense (MTD) partner with Intune. By connecting the BlackBerry Protect Mobile MTD connector in Intune, you can control mobile device access to corporate resources using conditional access that's based on risk assessment.
For more information, see:
Mobile threat defense integration with Intune
BlackBerry UES documentation