What’s new in Intune – release 2008

What’s new in Intune – release 2008

Another blog post in my what is new Intune release 2008 series! Don’t forget that I have a strong focus on Windows 10 management and won’t be touching the Android/iOS/macOS updates a lot.

You can find the ‘What’s new in Intune’ page here.

The most interesting parts for me about the 2008:


1. More Protected Extensible Authentication Protocol (PEAP) options for Windows 10 Wi-Fi profiles

On Windows 10 devices, you can create Wi-Fi profiles using the Extensible Authentication Protocol (EAP) to authenticate Wi-Fi connections (Devices > Configuration profiles > Create profile > Windows 10 and later for platform > Wi-Fi for profile > Enterprise).

When you select Protected EAP (PEAP), there are new settings available:

  • Perform server validation in PEAP phase 1: In PEAP negotiation phase 1, the server is verified by the certificate validation.
    • Disable user prompts for server validation in PEAP phase 1: In PEAP negotiation phase 1, user prompts asking to authorize new PEAP servers for trusted certification authorities aren’t shown.
  • Require cryptographic binding: Prevents connections to PEAP servers that don’t use cryptobinding during the PEAP negotiation.


2. Deploy endpoint security Antivirus policy to tenant attached devices (preview)

As a preview, you can deploy endpoint security policy for Antivirus to devices you manage with Configuration Manager. This scenario requires you to configure a tenant attach between a supported version of Configuration Manager and your Intune subscription. The following versions of Configuration Manager are supported:

  • Configuration Manager current branch 2006

For more information, see the [requirements for Intune endpoint security policies](../protect/tenant-attach-intune.md# requirements-for-intune-endpoint-security-policies) to support Tenant Attach.


3. Changes for Endpoint security Antivirus policy exclusions

We’ve introduced two changes for managing the Microsoft Defender Antivirus exclusion lists you configure as part of an Endpoint Security Antivirus policy. The changes help you to prevent conflicts between different policies and resolve exclusion list conflicts that might exist in your previously deployed policies.

Both of the changes apply to policy settings for the following Microsoft Defender Antivirus Configuration Service Providers (CSPs):

  • Defender/ExcludedPaths
  • Defender/ExcludedExtensions
  • Defender/ExcludedProcesses

The changes are:

  • New profile type: Microsoft Defender Antivirus exclusions – Use this new profile type for Windows 10 and later to define a policy that is focused only on Antivirus exclusions. This profile helps simplify management of your exclusion lists by separating them from other policy configurations.

    The exclusions you can configure include Defender processesfile extensions, and files and folders that you don’t want Microsoft Defender to scan.

  • Policy merge – Intune now merges the list of exclusions you’ve defined in separate profiles into a single list of exclusions to apply to each device or user. For example, if you target a user with three separate policies, the exclusion lists from those three policies merge into a single superset of Microsoft Defender Antivirus exclusions, that then apply to that user.


4. Import and export lists of address ranges for Windows firewall rules

We’ve added support to Import or Export a list of address ranges using .csv files to the Microsoft Defender Firewall rules profile in the Firewall policy for Endpoint security. The following Windows firewall rule settings now support import and export:

  • Local address ranges
  • Remote address ranges

We’ve also improved validation of both local and remote address range entry to help prevent duplicate or invalid entries.

5. Custom brand image now displayed in the Windows Company Portal profile page

As a Microsoft Intune administrator, you can upload a custom brand image to Intune which will be displayed as a background image on the user’s profile page in the Windows Company Portal app.


6. The Company Portal adds Configuration Manager application support

The Company Portal now supports Configuration Manager applications. This feature allows end users to see both Configuration Manager and Intune deployed applications in the Company Portal for co-managed customers. This new version of the Company Portal will display Configuration Manager deployed apps for all co-managed customers. This support will help administrators consolidate their different end user portal experiences.


7. Tenant attach: Install an application from the admin center

You can now initiate an application install in real time for a tenant attached device from the Microsoft Endpoint Manager admin center.


8. Power BI compliance report template V2.0

Power BI template apps enable Power BI partners to build Power BI apps with little or no coding, and deploy them to any Power BI customer. Admins can update the version of the Power BI compliance report template from V1.0 to V2.0. V2.0 includes an improved design, as well as changes to the calculations and data that is surfaced as part of the template.


So that’s it for the what’s new Intune release 2008!

I’ll update the what’s new Intune release 2008 blog post with the newly added released features!


More articles on What’s new: