What’s new in Intune – release 2006

What’s new in Intune – release 2006

Another blog post in my what is new Intune release 2006 series! Don’t forget that I have a strong focus on Windows 10 management and won’t be touching the Android/iOS/macOS updates a lot.

You can find the ‘What’s new in Intune’ page here.

The most interesting parts for me about the 2006:


1. Unified delivery of Azure AD Enterprise and Office Online applications in the Company Portal

On the Customization pane of Intune, you can select to Hide or Show both Azure AD Enterprise applications and Office Online applications in the Company Portal. Each end-user will see their entire application catalog from the chosen Microsoft service. By default, each additional app source will be set to Hide. This feature will first take effect in the Company Portal website, with support in the Windows Company Portal expected to follow. In the Microsoft Endpoint Manager admin center, select Tenant administration > Customization to find this configuration setting.


2. Use PKCS certificates with Wi-Fi profiles on Windows 10 and newer devices

You can authenticate Windows Wi-Fi profiles with SCEP certificates (Device configuration > Profiles > Create profile > Windows 10 and later for platform > Wi-Fi for profile type > Enterprise > EAP type). Now, you can use PKCS certificates with your Windows Wi-Fi profiles. This feature allows users to authenticate Wi-Fi profiles using new or existing PKCS certificate profiles in your tenant.


3. Bring-your-own-devices can use VPN to deploy

The new Autopilot profile Skip Domain Connectivity Check toggle lets you deploy Hybrid Azure AD Join devices without access to your corporate network using your own 3rd party Win32 VPN client. To see the new toggle, go to Microsoft Endpoint Manager Admin Center > Devices > Windows > Windows enrollment > Deployment profiles > Create profile > Out-of-box experience (OOBE).

Now this is a feature everyone has been waiting for! I can’t wait to start testing Windows Autopilot Hybrid Join with VPN!


4. Enrollment Status Page profiles can be set to device groups

Previously, Enrollment Status Page (ESP) profiles could only be targeted to user groups. Now you can also set them to target device groups. For more information, see {Set up an Enrollment Status Page](../enrollment/windows-enrollment-status.md).


5. Change primary user on co-managed devices

You can change a device’s primary user for co-managed Windows devices.


6. Setting the Intune primary user also sets the Azure AD owner property

This new feature automatically sets the owner property on newly-enrolled Hybrid Azure AD joined devices at the same time that the Intune primary user is set.

This is a change to the enrollment process and only applies to newly enrolled devices. For existing Hybrid Azure AD Joined devices, you must manually update the Azure AD Owner property. To do this, you can use the Change primary user feature or a script.

When Windows 10 devices become Hybrid Azure Azure Directory Joined, the first user of the device becomes the primary user in Endpoint Manager. Currently, the user isn’t set on the corresponding Azure AD device object. This causes an inconsistency when comparing the owner property from an Azure AD portal with the primary user property in Microsoft Endpoint Manager admin center. The Azure AD owner property is used for securing access to BitLocker recovery keys. The property isn’t populated on Hybrid Azure AD Joined devices. This limitation prevents set up of self-service of BitLocker recovery from Azure AD. This upcoming feature solves this limitation.


7. Admins no longer require an Intune license to access Microsoft Endpoint Manager admin console

You can now set a tenant-wide toggle that removes the Intune license requirement for admins to access the MEM admin console and query graph APIs. Once you remove the license requirement, you can never reinstate it.

This is something I’ve been waiting for since a long time, it was not very logical that you needed an EMS/Intune license to get access to the MEM admin console. I am so happy to read that this will be solved!


8. Use Endpoint analytics to improve user productivity and reduce IT support costs

Endpoint analytics aims to improve user productivity and reduce IT support costs by providing insights into the user experience. The insights enable IT to optimize the end-user experience with proactive support and to detect regressions to the user experience by assessing user impact of configuration changes. For more information, see Endpoint analytics preview.

9. Proactively remediate end user device issues using script packages

You can create and run script packages on end user devices to proactively find and fix the top support issues in your organization. Deploying script packages will help you reduce support calls. Choose to create your own script packages or deploy one of the script packages we’ve written and used in our environment to reduce support tickets. Intune allows you to see the status of your deployed script packages and to monitor the detection and remediation results.


So that’s it for the what’s new Intune release 2006!

I’ll update the what’s new Intune release 2006 blog post with the newly added released features!


More articles on What’s new: