Like all Swedes, summer means vacation mode for 4-5 weeks and that means not keeping up with what’s happening in the world.
So here is a recap of what’s been happening during the summer months.
MVP renewal
In the begning of July, the MVP renewals where announced and I’m happy to announce that I’ve been renewed as a Windows and Devices MVP for the 3rd time.
Big congratulation to all my fellow MVPs that got renewed for 2024!
Windows 365 updates
July was full of Windows 365 updates, there has been updates for Windows 365 each week since July 1st which is really awesome. A lot of great updates.
Here are some highlights, but if you want to see the full list check it out here.
Cross region disaster recovery
Windows 365 cross region disaster recovery is an optional service for Windows 365 Enterprise which protects the Cloud PCs and data against regional outages. This is a seperatly licensed service which can be purchased as an add-on to your existing service.
Cross region disaster recovery in Windows 365 | Microsoft Learn
Windows 365 Cloud PC gallery images use new Teams VDI
The new Teams for VDIs has been added to the Windows 365 image gallery, containing all the optimizations for Windows 365. All your newly previsioned Cloud PCs will containg the new optimizations.
Microsoft Teams on Cloud PCs | Microsoft Learn
Cloud PC support for FIDO devices and passkeys on macOS and iOS (preview)
Windows 365 Cloud PCs now support FIDO devices and passkeys for Microsoft Entra ID sign in on macOS and iOS.
Updated default settings for Windows 365 security baselines
Microsoft has released an updated version of the security baseline for Windows 365. You can find a full list of the updated settings here: List of the settings in the Windows 365 Cloud PC security baseline in Intune.
New GPU offerings for Cloud PCs are now generally available
Microsoft has finally released the new GPU offering! The GPU offerings are suitable for graphical intense workloads requiring a more optimized performance. The offering consists of three different SKUs called Standard, Super and Max with different configurations for different kinds of workloads.
GPU Cloud PCs in Windows 365 | Microsoft Learn
Uni-directional clipboard support is now generally available
The clipboard settings for Windows 365 and AVD has been in preview for a while, but have now been
moved into general availability with some pretty nice added functionallity. You can configure a lot of new different content type, and you can select to allow which direction clipboard should be allowed. This applies to both Windows 365 and Azure Virtual Desktop.
Configure the clipboard transfer direction in Azure Virtual Desktop | Microsoft Learn
Intune updates
The list for Windows 365 was long (in the aspect of Windows 365 updates), but there has been even more Intune updates.
If you want to read the full list of updates during the summer months, check out the full list here.
Update for Apple user and device enrollments with Company Portal
Microsoft has updated the registration process for Apples devices using the Intune Company Portal. The main change is that now the Entra ID registration happens after the enrollment, instead of during the enrollment. This applies for both iOS/iPadOs devices and macOS devices.
The change means that if you are using dynamic device Entra ID groups which rely on the device registration, you need to make sure that the users complete the whole process.
iOS/iPadOS device enrollment guide for Microsoft Intune | Microsoft Learn
New configuration capabilities for Managed Home Screen
If you are using managed home screen for Android, you can now enable the virtual app-switcher button to allow users to switch between apps on a kiosk device.
Configure the Microsoft Managed Home Screen app for Android Enterprise
Copilot in Intune now has the device query feature using Kusto Query Language (KQL) (public preview)
If you are using Copilot in Intune, you can now generate a KQL query using Copilot while asking in natural language. Great way to learn KQL or get inspiration for your querys!
New setting in the Device Control profile for Attack surface reduction policy
Microsoft has added the “Allow Storage Card” setting to the Attack surface reduction policy, which can also be found in the settings catalog.
New operatingSystemVersion
filter property with new comparison operators (preview)
There is a new filter property for operatingSystemVersion, which is available in a public preview.
This filter allows you to use operators like GreaterThan, GreaterThanOrEquals, LessThan and LessThanOrEquals to your oprating system version and is available for Android, iOS/iPadOS, macOS and Windows!
Consolidation of Intune profiles for identity protection and account protection
Microsoft has done some cleaning up around identity and account protection policies and added them all into a single profile called Account protection which can be found in the account protection policy node of endpoint security. This is the only template which will be available going forward for identity and account protection. The new profile also includes Windows Hello for Business and Windows Credential Guard.
Account protection policy for endpoint security in Intune
New Intune report and device action for Windows enrollment attestation (public preview)
There is a new report in public preview for finding out if a device has attested and enrolled securly while being hardware-backed.
Windows enrollment attestation
New support for Red Hat Enterprise Linux
Microsoft Intune now supports device management for Red Hat Enterprise Linux. You can enroll and manage Red Hat Enterprise Linux devices, and assign standard compliance policies, custom configuration scripts, and compliance scripts.
Deployment guide: Manage Linux devices in Microsoft Intune
Newly available Enterprise App Catalog apps for Intune
The Enterprise App Catalog has updated to include additional apps. For a complete list of supported apps.
Apps available in the Enterprise App Catalog.
New actions for Microsoft Cloud PKI
The Microsoft Cloud PKI has been updated with some new features.
- Delete: Delete a CA.
- Pause: Temporarily suspend use of a CA.
- Revoke: Revoke a CA certificate.
Delete Microsoft Cloud PKI certification authority
ACME protocol support for iOS/iPadOS and macOS enrollment
Microsoft has started a phased rollout of the infrastructure change to support the Automated Certificate Management Environment (ACME) protocol. When a new Apple devices enroll, the management profile from Intune receives an ACME certificate instead of a SCEP certificate. Existing OS and hardware eligible devices do not get the ACME certificate unless they re-enroll.
Windows updates
The realse of Windows 11 24h2 is getting closer and closer, and it could be guessed to be released in a September/October time frame looking at past releases.
One thing that is also important to highlight is that we are getting closer and closer to the Windows 10 EOS, which means that we really need to focus on getting those devices migrated or removed.
Leave a Reply