You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The **App configuration policies** list has been modified in Intune. This list will no longer contain the **Assigned** column. To view whether an app configuration policy has been assigned, navigate to [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) > **Apps** > **App configuration policies** > *select a policy* > **Overview**.
69
+
70
+
#### Photo library data transfer support via app protection policies<!-- 9450163 -->
71
+
You can now select to include **Photo Library** as a supported application storage service. By selecting **Photo Library** in the **Allow users to open data from selected services** setting within Intune, you can allow managed accounts to allow *incoming* data from their device's photo library to their managed apps on iOS and Android platforms. In [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** > **App protection policies** > **Create Policy**. Choose either **iOS/iPadOS** or **Android**. This setting is available as part of the **Data protection** step and specifically for **Policy managed apps**. For related information, see [Data protection](../apps/app-protection-framework.md#data-protection-2).
72
+
73
+
#### Password complexity for Android devices<!-- 9321870 -->
74
+
The **Require device lock** setting in Intune has been extended to include values (**Low Complexity**, **Medium Complexity**, and **High Complexity**). If the device lock doesn’t meet the minimum password requirement, you can **warn**, **wipe data**, or **block** the end user from accessing a managed account in a managed app. This feature targets devices that operate on Android 11+. For devices operating on Android 11 and earlier, setting a complexity value of **Low**, **Medium**, or **High** will default to the expected behavior for **Low Complexity**. For related information, see [Android app protection policy settings in Microsoft Intune](..\apps\app-protection-policy-settings-android.md).
75
+
76
+
### Improvements to Win32 App Log collection<!-- 9978316 -->
77
+
Win32 App Log collection via Intune Management Extension has moved to the Windows 10 device diagnostic platform, reducing time to collect logs from 1-2 hours to 15 minutes. We've also increased the log size from 60mb to 250mb. Along with performance improvements, the app logs are available under the **Device diagnostics monitor** action for each device, as well as the managed app monitor. For information about how to collect diagnostics, see [Collect diagnostics from a Windows device](..\remote-actions\collect-diagnostics.md) and [Troubleshooting Win32 app installations with Intune](/troubleshoot/mem/intune/troubleshoot-win32-app-install).
78
+
79
+
### Device management
66
80
67
81
#### Windows 10 and Windows 11 Enterprise multi-session is generally available<!-- 14012240-->
68
82
@@ -71,7 +85,346 @@ In addition to the existing functionality, you can now:
71
85
- Configure profiles under Endpoint Security when you select **Platform** Windows 10, Windows 11, and Windows Server.
72
86
- Manage **Windows 10** and **Windows 11 Enterprise multi-session** VMs created in Azure Government Cloud in US Government Community (GCC) High and DoD.
73
87
74
-
For more information, see [Windows 10/11 Enterprise multi-session remote desktops](../fundamentals/azure-virtual-desktop-multi-session.md)
88
+
For more information, see [Windows 10/11 Enterprise multi-session remote desktops](../fundamentals/azure-virtual-desktop-multi-session.md).
89
+
90
+
#### Device actions available to Android (AOSP) users in Microsoft Intune app<!-- 12645718 -->
91
+
AOSP device users can now rename their enrolled devices in the Microsoft Intune app. This feature is available on devices enrolled in Intune as user-associated (Android) AOSP devices. For more information about Android (AOSP) management, see [Set up Intune enrollment for Android (AOSP) corporate-owned user-associated devices](../enrollment/android-aosp-corporate-owned-user-associated-enroll.md).
92
+
93
+
#### Support for Audio Alert on Andriod corporate owned work profiles and fully managed (COBO and COPE) devices<!-- 13499471 -->
94
+
You can now use the device action **Play lost device sound** to trigger an alarm sound on the device to assist in locating the lost or stolen Android Enterprise corporate owned work profile and fully managed devices. For more information, see [Locate lost or stolen devices](../remote-actions/device-locate.md).
95
+
96
+
### Device enrollment
97
+
98
+
#### New enrollment profile settings for Apple Automated Device Enrollment (public preview)<!-- 10111795 -->
99
+
We've added two new Setup Assistant settings that you can use with Apple Automated Device Enrollment. Each setting controls the visibility of a Setup Assistant pane shown during enrollment. Setup Assistant panes are shown during enrollment by default, so you have to adjust the settings in Microsoft Intune if you want to hide them. The new Setup Assistant settings are the following:<p>
100
+
-**Get Started** (preview): Show or hide the Get Started pane during enrollment. For devices running iOS/iPadOS 13 and later.
101
+
-**Auto Unlock with Apple Watch** (preview): Show or hide the Unlock Your Mac with your Apple Watch pane during enrollment. For devices running macOS 12 and later.
102
+
103
+
To configure Setup Assistant settings for Automated Device Enrollment, [create an iOS/iPadOS enrollment profile](../enrollment/device-enrollment-program-enroll-ios.md#create-an-apple-enrollment-profile) or [macOS enrollment profile](../enrollment/device-enrollment-program-enroll-macos.md#create-an-apple-enrollment-profile) in Microsoft Intune.
The **Attack Surface Reduction Rules (ConfigMgr)** profile for tenant attached devices is now in public preview. For more information, see [Tenant attach: Create and deploy attack surface reduction policies](../../configmgr/tenant-attach/deploy-asr-policy.md#bkmk_asr).
109
+
110
+
### Device configuration
111
+
112
+
#### Endpoint security profiles support filters<!-- 11889620 -->
113
+
There are some new features when using filters:
114
+
- When you create a device configuration profile for Windows devices, a per-policy report shows reporting information in the **Device and user check-in status** (**Devices** > **Configuration profiles** > Select an existing policy).
115
+
116
+
When you select **View report**, the report has an **Assignment Filter** column. Use this column to determine if a filter successfully applied to your policy.
117
+
118
+
- Endpoint Security policies support filters. So, when you assign an endpoint security policy, you can use filters to assign the policy based on rules you create.
119
+
120
+
- When you create a new endpoint security policy, it automatically uses the [new device configuration profile reporting](#new-reporting-experience-for-device-configuration-profiles). When you look at the per-policy report, it also has an **Assignment Filter** column (**Devices** > **Configuration profiles** > Select an existing endpoint security policy > **View report**). Use this column to determine if a filter successfully applied to your policy.
121
+
122
+
For more information on filters, see:
123
+
-[Use filters when assigning your apps, policies, and profiles](filters.md)
124
+
-[List of platforms, policies, and app types supported by filters](filters-supported-workloads.md)
#### Create a Settings Catalog policy using your imported GPOs with Group Policy analytics (public preview)<!-- 6379751 -->
135
+
Using Group Policy analytics, you can import your on-premises GPO, and see the settings that are supported in Microsoft Intune. It also shows any deprecated settings, or settings not available to MDM providers.
136
+
137
+
When the analysis runs, you see the settings that are ready for migration. There is a **Migrate** option (public preview) that creates a Settings Catalog profile using your imported settings. Then, you can assign this profile to your groups.
138
+
139
+
For more information, go to [Create a Settings Catalog policy using your imported GPOs in Microsoft Endpoint Manager (public preview)
#### New wired networks device configuration profile for Windows devices<!-- 1746923 -->
147
+
There is a new **Wired Networks** device configuration profile for Windows 10/11 devices (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **Wired networks** for profile type).
148
+
149
+
Use this profile to configure common wired network settings, including authentication, EAP type, server trust, and more. For more information on the settings you can configure, go to [Add wired network settings for Windows devices in Microsoft Intune](../configuration/wired-network-settings-windows.md).
150
+
151
+
Applies to:
152
+
- Windows 11
153
+
- Windows 10
154
+
155
+
#### "ADMX_" Policy CSP settings in Administrative Templates and Settings Catalog apply to Windows Professional editions<!-- 13812105 -->
156
+
The [Windows Policy CSP settings](/windows/client-management/mdm/policy-configuration-service-provider) that begin with "ADMX_" apply to Windows devices running Windows Professional edition. Previously, these settings were shown as **Not applicable** on devices running Windows Professional edition.
157
+
158
+
You can use Administrative Templates and Settings Catalog to configure these "ADMX_" settings in a policy, and deploy the policy to your devices (**Devices** > **Configuration profiles** > **Create profile** > **Windows 10 and later** for platform > **Templates** > **Settings catalog** or **Administrative Templates** or for profile type).
159
+
160
+
To use this set of "ADMX_" settings, the following updates must be installed on your Windows 10/11 devices:
-[Use Windows 10/11 templates to configure group policy settings in Microsoft Intune](../configuration/administrative-templates-windows.md)
168
+
-[Use the settings catalog to configure settings on Windows and macOS devices](../configuration/settings-catalog.md)
169
+
-[The latest in Group Policy settings parity in Mobile Device Management blog post](https://techcommunity.microsoft.com/t5/intune-customer-success/the-latest-in-group-policy-settings-parity-in-mobile-device/ba-p/2269167)
170
+
171
+
To see a list of all the ADMX settings that support Windows Professional edition, go to [Windows Policy CSP settings](/windows/client-management/mdm/policy-configuration-service-provider). Any setting that begins with "ADMX_" supports Windows Professional edition.
172
+
173
+
Applies to:
174
+
- Windows 11
175
+
- Windows 10
176
+
177
+
#### New macOS settings in Setting Catalog<!-- 13654614 -->
178
+
The Settings Catalog has new macOS settings you can configure (**Devices** > **Configuration profiles** > **Create profile** > **macOS** for platform >**Settings catalog (preview)** for profile type):
**Parental Controls > Parental Controls Game Center**:
266
+
- GK Feature Account Modification Allowed
267
+
268
+
**System Configuration > File Provider**:
269
+
- Allow Managed File Providers To Request Attribution
270
+
271
+
**System Configuration > Screensaver**:
272
+
- Ask For Password
273
+
- Ask For Password Delay
274
+
- Login Window Idle Time
275
+
- Login Window Module Path
276
+
277
+
**User Experience > Finder**:
278
+
- Prohibit Burn
279
+
- Prohibit Connect To
280
+
- Prohibit Eject
281
+
- Prohibit Go To Folder
282
+
- Show External Hard Drives On Desktop
283
+
- Show Hard Drives On Desktop
284
+
- Show Mounted Servers On Desktop
285
+
- Show Removable Media On Desktop
286
+
- Warn On Empty Trash
287
+
288
+
**User Experience > Managed Menu Extras**:
289
+
- AirPort
290
+
- Battery
291
+
- Bluetooth
292
+
- Clock
293
+
- CPU
294
+
- Delay Seconds
295
+
- Displays
296
+
- Eject
297
+
- Fax
298
+
- HomeSync
299
+
- iChat
300
+
- Ink
301
+
- IrDA
302
+
- Max Wait Seconds
303
+
- PCCard
304
+
- PPP
305
+
- PPPoE
306
+
- Remote Desktop
307
+
- Script Menu
308
+
- Spaces
309
+
- Sync
310
+
- Text Input
311
+
- TimeMachine
312
+
- Universal Access
313
+
- User
314
+
- Volume
315
+
- VPN
316
+
- WWAN
317
+
318
+
**User Experience > Notifications**:
319
+
- Alert Type
320
+
- Badges Enabled
321
+
- Critical Alert Enabled
322
+
- Notifications Enabled
323
+
- Show In Lock Screen
324
+
- Show In Notification Center
325
+
- Sounds Enabled
326
+
327
+
**User Experience > Time Machine**:
328
+
- Auto Backup
329
+
- Backup All Volumes
330
+
- Backup Size MB
331
+
- Backup Skip System
332
+
- Base Paths
333
+
- Mobile Backups
334
+
- Skip Paths
335
+
336
+
**Xsan**:
337
+
- San Auth Method
338
+
339
+
**Xsan > Xsan Preferences**:
340
+
- Deny DLC
341
+
- Deny Mount
342
+
- Only Mount
343
+
- Prefer DLC
344
+
- Use DLC
345
+
346
+
The following settings are also in Settings Catalog. Previously, they were only available in Templates:
347
+
348
+
**App Management > Associated Domains**:
349
+
- Enable Direct Downloads
350
+
351
+
**Networking > Content Caching**:
352
+
- Allow Cache Delete
353
+
- Allow Personal Caching
354
+
- Allow Shared Caching
355
+
- Auto Activation
356
+
- Auto Enable Tethered Caching
357
+
- Cache Limit
358
+
- Data Path
359
+
- Deny Tethered Caching
360
+
- Display Alerts
361
+
- Keep Awake
362
+
- Listen Ranges
363
+
- Listen Ranges Only
364
+
- Listen With Peers And Parents
365
+
- Local Subnets Only
366
+
- Log Client Identity
367
+
- Parent Selection Policy
368
+
- Parents
369
+
- Peer Filter Ranges
370
+
- Peer Listen Ranges
371
+
- Peer Local Subnets Only
372
+
- Port
373
+
- Public Range
374
+
375
+
**Restrictions**:
376
+
- Allow Activity Continuation
377
+
- Allow Adding Game Center Friends
378
+
- Allow Air Drop
379
+
- Allow Auto Unlock
380
+
- Allow Camera
381
+
- Allow Cloud Address Book
382
+
- Allow Cloud Bookmarks
383
+
- Allow Cloud Calendar
384
+
- Allow Cloud Desktop And Documents
385
+
- Allow Cloud Document Sync
386
+
- Allow Cloud Keychain Sync
387
+
- Allow Cloud Mail
388
+
- Allow Cloud Notes
389
+
- Allow Cloud Photo Library
390
+
- Allow Cloud Private Relay
391
+
- Allow Cloud Reminders
392
+
- Allow Content Caching
393
+
- Allow Diagnostic Submission
394
+
- Allow Dictation
395
+
- Allow Erase Content And Settings
396
+
- Allow Fingerprint For Unlock
397
+
- Allow Game Center
398
+
- Allow iTunes File Sharing
399
+
- Allow Multiplayer Gaming
400
+
- Allow Music Service
401
+
- Allow Passcode Modification
402
+
- Allow Password Auto Fill
403
+
- Allow Password Proximity Requests
404
+
- Allow Password Sharing
405
+
- Allow Remote Screen Observation
406
+
- Allow Screen Shot
407
+
- Allow Spotlight Internet Results
408
+
- Allow Wallpaper Modification
409
+
- Enforced Fingerprint Timeout
410
+
- Enforced Software Update Delay
411
+
- Enforced Software Update Major OS Deferred Install Delay
412
+
- Enforced Software Update Minor OS Deferred Install Delay
413
+
- Enforced Software Update Non OS Deferred Install Delay
414
+
- Force Classroom Automatically Join Classes
415
+
- Force Classroom Request Permission To Leave Classes
416
+
- Force Classroom Unprompted App And Device Lock
417
+
- Force Delayed App Software Updates
418
+
- Force Delayed Major Software Updates
419
+
- Force Delayed Software Updates
420
+
- Safari Allow Autofill
421
+
422
+
There isn't any conflict resolution between policies created using the Settings catalog and policies created using Templates. When creating new policies in the Settings Catalog, be sure there are no conflicting settings with your current policies.
423
+
424
+
For more information about configuring Settings catalog profiles in Intune, see [Create a policy using settings catalog in Microsoft Intune](../configuration/settings-catalog.md).
0 commit comments