What's New in Microsoft Intune: August 2024 Update (Service Release 2408)

The August 2024 release of Microsoft Intune (Service Release 2408) brings a host of new features and enhancements designed to streamline device management, improve security, and enhance user experience across a wide range of platforms. Whether you’re managing Windows, Android, or Apple devices, these updates offer valuable tools for IT administrators. Let’s dive into the key features introduced in this release.

1. Endpoint Privilege Management Enhancements

One of the key features in this release is the simplified creation of Endpoint Privilege Management (EPM) elevation rules. Administrators can now create rules directly from a support-approved elevation request or the EPM Elevation report. Instead of manually identifying specific file details, you can select a file from the report, open its elevation detail pane, and create a rule with just a few clicks.

This makes managing privilege escalation smoother and more efficient, especially in large environments where multiple applications require different permissions.

Applies to: Windows 10, Windows 11

2. Resource Performance Report in Advanced Analytics

Another valuable addition is the Resource Performance Report for physical devices, available through Intune Advanced Analytics. This report provides insights into the performance of CPU and RAM, helping IT admins monitor device health and make better hardware purchase decisions. The performance data can inform decisions around upgrades, replacements, or optimization, balancing user experience with hardware costs.

For more information, refer to the Resource Performance Report.

3. Managed Home Screen for Android Enterprise Fully Managed Devices

The Managed Home Screen (MHS) feature now supports Android Enterprise Fully Managed Devices. This feature allows organizations to provide a streamlined and secure user interface on corporate-owned devices. The Managed Home Screen limits access to only the apps and settings necessary for the end user, improving security and usability, especially in single-user environments.

For more details, see Managed Home Screen for Android Enterprise.

4. Updates to the Discovered Apps Report

Microsoft has enhanced the Discovered Apps report, which now includes publisher information for Win32 apps. Previously, this information was only available for Store apps or in exported reports. By making publisher data available directly in the UI, IT admins can easily view all necessary information about the applications installed on Intune-enrolled devices without additional steps.

5. Improvements to Intune Management Extension Logs

A significant improvement has been made to Intune Management Extension (IME) logs. A new log file, called AppWorkload.log, now consolidates logging information related to Win32 app deployments managed by Intune. This centralized log makes it easier for admins to troubleshoot issues and monitor app deployment activities across devices.

6. New Apple Settings Catalog Features

Intune’s Settings Catalog for Apple devices (iOS, iPadOS, and macOS) has been expanded with new configurations. These include updates to Declarative Device Management (DDM) for managing Safari Extensions, software update policies, and disk management. Admins can now apply more granular restrictions and configurations, improving device security and compliance across Apple devices.

Notable new settings include:

• Safari Extensions: Control allowed and denied domains.
• Software Update Settings: Automate update downloads and installations.
• FileVault Policy: Manage encryption and authentication settings for macOS.

7. Multi Administrative Approval Enhancements

The Multi Administrative Approval feature has been enhanced to give organizations more control over application access policies. Admins can now limit these policies to Windows applications, non-Windows applications, or both. This added flexibility reduces the risk of unauthorized changes while providing clearer control over different environments.

8. Account-driven Apple User Enrollment for iOS/iPadOS

Now generally available, Account-driven Apple User Enrollment simplifies the enrollment process for devices running iOS/iPadOS 15 and later. This method removes the need for the Company Portal app and allows users to initiate enrollment directly from the Settings app, improving efficiency and user experience.

Microsoft recommends transitioning from profile-based enrollment to account-driven enrollment, especially as Apple plans to end support for profile-based enrollment with the release of iOS/iPadOS 18.

For setup instructions, see Account-driven Apple User Enrollment.

9. New Android Enterprise Management Options

Intune now allows the use of Microsoft Entra accounts to manage Android Enterprise devices, replacing the need for an enterprise Gmail account to connect to the managed Google Play store. This update improves the security and integration of Android device management in enterprise settings.

10. 21Vianet Support for Mobile Threat Defense

For organizations operating in China with Intune operated by 21Vianet, this release introduces support for Mobile Threat Defense (MTD) connectors. IT administrators can now enhance the security of Android and iOS/iPadOS devices through MTD solutions that are supported within this environment.

Applies to: Android, iOS/iPadOS

11. CPU Architecture Device Property Filter

A new device property filter based on CPU architecture is now available when assigning apps and policies. This allows admins to target specific devices based on their processor architecture (e.g., x86, ARM), making it easier to deploy the correct apps and configurations across a diverse device landscape.

For more details, check out filters in Intune.

12. Windows Platform Name Changes for Endpoint Security Policies

In this release, the platform names for endpoint security policies have been simplified to Windows and Windows (ConfigMgr). These changes only affect how options are presented in the UI, with no impact on the actual functionality or policies applied.

For example:

• "Windows 10 and later" is now simply "Windows."
• "Windows 10, Windows 11, and Windows Server (ConfigMgr)" is now "Windows (ConfigMgr)."

13. Target Date Time Settings for Apple OS Updates

The Target Date Time setting for Apple OS updates has been enhanced to allow scheduling based on a device’s local time zone. Previously, updates were enforced based on the time zone of the admin's browser. This update ensures that updates happen at the correct time, regardless of where the devices are located.

14. Newly Available Protected Apps for Intune

Several new protected apps are now available for Microsoft Intune, including:

• Singletrack for Intune (iOS) by Singletrack.
• Island Browser for Intune (Android) by Island Technology, Inc.
• 365Pay by 365 Retail Markets.

These apps offer improved security and management options for corporate devices.

15. Organizational Messages Moved to Microsoft 365 Admin Center

The Organizational Messages feature has now moved from the Microsoft Intune admin center to the Microsoft 365 admin center. This transition provides additional features, including the ability to create custom messages and deliver them through Microsoft 365 apps.

For more information, visit the Microsoft 365 admin center.

---

Conclusion

The August 2024 update of Microsoft Intune (Service Release 2408) brings several powerful features and enhancements that make managing devices across platforms easier than ever. From streamlined Endpoint Privilege Management and enhanced Apple device settings to new tools for Android and Windows, this release continues to refine the Microsoft Intune experience. As always, staying on top of these updates ensures that your organization benefits from the latest security, management, and performance improvements.

---

FAQs

1. How does the new Endpoint Privilege Management feature work?

The new feature allows IT admins to create elevation rules directly from a support-approved elevation request or from the EPM Elevation report, streamlining the process of managing privilege elevations on Windows 10 and Windows 11 devices.

2. What is the Resource Performance Report?

The Resource Performance Report provides insights into CPU and RAM performance for physical devices, helping organizations make data-driven decisions about hardware management and upgrades.

3. What is Managed Home Screen (MHS) for Android Enterprise devices?

MHS allows IT admins to restrict Android Enterprise Fully Managed devices to a limited set of apps and settings, providing a secure and focused experience for corporate users.

4. What are the new Apple settings in this release?

New settings in the Apple Settings Catalog include controls for Safari Extensions, software update policies, and disk management under Declarative Device Management.

5. How does Account-driven Apple User Enrollment differ from profile-based enrollment?

Account-driven enrollment removes the need for the Company Portal app and allows users to initiate enrollment directly from the Settings app, simplifying the process and improving the user experience.