What’s new in Microsoft Intune: January 2025

After any amount of time away from the office, there's a moment when my return to work becomes real: confronting my email inbox. Now, thanks to Microsoft Copilot, this is no longer the chore it once was. Rather, it's become an optimal time to reengage my work mind. This change reflects how we approach improvements to Microsoft Intune. Every new capability is meant to address the needs of the companies that rely on our service and the admins who sign in to the portal every day. This month I'm highlighting how we make that daily work more functional, user friendly, and secure.

Copilot insights for Microsoft Intune Endpoint Privilege Management

For IT professionals or help desk administrators responsible for responding to app elevation approvals with Intune Endpoint Privilege Management, granting privileges for a malicious app can have disastrous consequences. When an elevation request for a new or unfamiliar app is made, IT pros manually research whether it's safe to grant the request. Now, with the help of Microsoft Copilot in Intune, IT pros can get approval guidance to help identify potential app risks without the time and effort of a manual investigation. In addition:

• Every IT admin, especially new IT practitioners, can make well-informed decisions.
• Copilot will send the file hash from an elevation request to Microsoft Defender Threat Intelligence to detect possible malicious indicators.
• When malicious files are detected, the result contains a link to Microsoft Defender Threat Intelligence so that administrators can initiate an incident response.
• When files are determined to be safe, administrators can create rules directly from the request for future use.

See a demonstration from the 2024 Ignite Breakout session of this and other exciting capabilities of Copilot in Intune. Copilot insights for Intune Endpoint Privilege Management is now rolling out in public preview.

Beyond what's new: Windows Autopilot device preparation

As I was thinking about what we recently released in Intune that makes things more functional and user friendly, Windows Autopilot device preparation immediately came to mind. What began as a project to bring Autopilot to Government Community Cloud High (GCCH) and Department of Defense (DoD) environments grew into something much more. Based on updates made last year to address security requirements, Intune enhanced the architecture for device preparation. The team then explored what more they could do to create an experience to complement these Autopilot advancements.

What distinguishes the Autopilot device preparation experience is speed, consistency, reliability, and reporting. Users have a better onboarding experience and can be productive sooner thanks to a streamlined policy provisioning screen coupled with enrollment time grouping, which delivers configurations much sooner when compared to using dynamic device groups to enroll devices. Admins can configure critical line-of-business, Win32, and Microsoft Store applications as well as PowerShell scripts to be installed during the out-of-box experience (OOBE) to help ensure the device is secured before the user gets to the desktop. Deployment reporting is also significantly improved: deployment time, application status, and PowerShell scripts status details are now offered in near real time.

Additionally, for circumstances in which enrollment should be limited to specific company-owned devices, device preparation can use the corporate identifier enrollment feature in combination with enrollment restrictions to block personal enrollments. This helps ensure only trusted, preapproved devices are allowed to enroll in Intune.

If you would like to dive deeper into Windows Autopilot device preparation, check out the skilling snack our team put together on the Windows IT Pro Blog. Autopilot device preparation is available today for Windows 11, and it will be available for Windows 365 in the coming months. Enrollment time grouping for Windows is available today with iOS/iPadOS automated device enrollment, and Android support will release in the coming months.

Making work more engaging and reducing the amount of time and effort required for routine activities are just some of our goals for Intune. To achieve these goals, we need specific input from you about how you work and what your priorities are. I encourage you to leave comments and engage with our social handles to help us shape a product that serves you and your organizational needs.

Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.