What’s New in Microsoft Intune – November 2023

Microsoft Intune updates on a weekly basis with new features and enhancements. As an MSP working with enterprise customers, it’s important to stay up-to-date on these changes so you can continue providing excellent service and support. In this comprehensive blog post, I’ll summarize all the key Intune developments over the past month and explain how they can benefit your customers.

Week of October 30, 2023

Device Security

  • Strict Tunnel Mode is now available for Microsoft Tunnel for MAM on Android and iOS/iPadOS devices. This allows admins to configure Microsoft Edge so internet traffic is blocked if the VPN disconnects. To enable, create an Edge app configuration policy and set “StrictTunnelMode” to True.

Week of October 23, 2023 (Service release 2310)

App Management

  • Android Company Portal users on versions below 5.0.5333.0 will be prompted to update to avoid enrollment issues with the Authenticator app.
  • The iOS Conditional Launch setting now includes a “warn” action for the Min SDK version requirement. This warns users if the requirement isn’t met.
  • Minimum OS for Apple LOB and store apps can now be set to the latest releases – iOS/iPadOS 17.0 and macOS 14.0.

Device Configuration

  • OEMConfig profiles over 350 KB that don’t deploy successfully no longer show as “pending” in the Intune portal.
  • Android Enterprise now supports installing/uninstalling mandatory LOB apps on AOSP devices.
  • Pre-install and post-install scripts can now be configured for unmanaged macOS PKG apps.
  • FSLogix settings from the Settings Catalog and ADMX templates can now be configured directly, without needing to import them.

Device Enrollment

  • Web enrollment with JIT registration is now generally available for personal iOS/iPadOS devices. Reduces prompts during Setup Assistant.

Device Management

  • The Intune addons page now shows enhanced details on licenses, capabilities, and billing.
  • Remote Help for Android is now generally available for Zebra and Samsung dedicated devices.

Device Security

  • Defender Update controls to deploy Defender updates is now generally available.
  • Elevation report by Publisher is a new Endpoint Privilege Management report showing elevations by app publisher.
  • Intune Endpoint Security policies for EDR now support macOS and Linux devices managed by Defender for Endpoint.

Week of October 16, 2023

Tenant Administration

  • The endpoint.microsoft.com URL now redirects to intune.microsoft.com.

Week of September 18, 2023 (Service release 2309)

App Management

  • Intune now supports MAM for Microsoft Edge for Business on personal Windows devices using APP and ACP.

Device Configuration

  • Android Enterprise OEMConfig apps version 11+ must use Zebra’s new OEMConfig app. Older versions use the Legacy app.
  • Config Refresh settings are available in the Windows Insider Settings Catalog.
  • New settings added to the Apple Settings Catalog for macOS and iOS/iPadOS.

Device Enrollment

  • Support for single sign-on during enrollment for Android Enterprise corporate-owned and fully managed devices.

Device Management

  • Introducing Remote Help for macOS devices.
  • The management certificate expiration date can now be viewed and filtered in the Devices list.
  • Windows Defender Application Control is renaming to App Control for Business.
  • Intune now supports iOS/iPadOS 15.x as the minimum version.

Device Security

  • Software updates and passcode policies can now be managed on Apple devices using the Settings Catalog.
  • Mvision Mobile is now named Trellix Mobile Security.

Intune Apps

  • New protected apps added: BuddyBoard and Microsoft Loop.

Monitor and Troubleshoot

  • Policy compliance and Setting compliance reports are now generally available.

Week of September 11, 2023

Device Configuration

  • Remote Launch introduced in Remote Help for Windows – launches sessions from the Intune portal.

Week of September 4, 2023

Device Management

  • Microsoft Intune is ending support for Android device administrator on GMS devices in August 2024. Customers should switch to another management method before then.

Key Takeaways

The last few months have seen important developments in Intune’s app management, device configuration, enrollment, security, and monitoring capabilities.

Some key highlights include Remote Help for Android and macOS to improve IT support, new endpoint security features like Defender Update controls and Endpoint analytics, and mobile management enhancements like support for latest OS versions and single sign-on.

As an MSP, staying up-to-date on Intune’s capabilities allows you to take full advantage of the platform and provide the best solutions to customers. Referring to this summary can help you quickly understand what’s changed recently. Let me know if you need any clarification or have additional questions!

How Microsoft 365 Copilot Uses Large Language Models and Your Data

Microsoft recently demonstrated how Microsoft 365 Copilot works by leveraging large language models that interact with your organizational data. Copilot transforms how we work by providing intelligent suggestions, summaries, and content generation within our everyday workflows. But how exactly does it work while also respecting privacy and security? Let’s break it down.

Where LLMs Get Their Knowledge

  • Large language models (LLMs) are trained on massive public datasets:
  • Books, articles, websites
  • Learn language, context, meaning
  • You interact with an LLM using a prompt – a statement or question
  • The LLM generates a response based on its training and the context from your prompt
  • As you chat, the conversation provides more context so the LLM can stay relevant
  • The chat history is wiped after each conversation

Providing Context to an LLM

To illustrate how providing context in a prompt works:

  • Asked Microsoft Bing Chat (powered by GPT) what color shirt I’m wearing without any context
  • It responded that it can’t see me to know
  • Asked again and described my outfit in the prompt
  • It then responded using the context I provided
  • In a new chat, asked again what color shirt I’m wearing
  • It responded the same as the first time, showing the context doesn’t persist

How Microsoft 365 Copilot Works

Copilot has several core components:

  • Large language models hosted in the Microsoft Cloud via Azure OpenAI
  • Powerful orchestration engine
  • Integrated into Microsoft 365 apps
  • Leverages Microsoft Search for information retrieval
  • Uses Microsoft Graph for organizational data and relationships
  • Respects per user access permissions to content and Graph data

For example, in Teams:

  • User asked: “Did anything happen yesterday with Fabrikam?”
  • Copilot orchestrator searched user’s accessible data for relevant context:
  • Email from Mona
  • Project files user had access to
  • Sharing notifications for contract review
  • Copilot combined this context into a prompt for the LLM
  • LLM generated a response summarizing the Fabrikam activities
  • Copilot cited each data source for transparency

Generating New Content

Copilot can also use your data to help generate new content, like proposals:

  • LLM is trained on proposal document structure and language
  • Copilot orchestrator retrieves relevant content from documents you select
  • This context is added to the LLM prompt
  • LLM generates a draft proposal leveraging your existing data
  • Generated content is a prompt response – not retained or used to train the LLM
  • All data retrieval respects user permissions

Maintaining Privacy and Security

  • Prompts to LLM with organizational data provide context but are not retained
  • LLM responses are not used to train the foundation models
  • All data retrieval follows user access permissions
  • Learn more about Microsoft’s responsible AI principles

Hope this breakdown demystifies how Copilot taps into large language models and your data while maintaining security and privacy. Stay tuned for more Copilot updates!

Boost Productivity with Copilot and DBGM

As an IT services firm focused on digital transformation, DBGM Consulting can help you prepare for Microsoft 365 Copilot. Our AI experts can:

  • Audit data sources Copilot will leverage
  • Refine content permissions and governance
  • Validate technical readiness
  • Develop change management plans
  • Provide user training

Contact us to maximize Copilot’s productivity benefits while safeguarding privacy and security. DBGM Consulting has the expertise to implement Microsoft’s latest innovations.

Simplify Endpoint Management with Intune and Windows Autopilot

Managing endpoints is growing ever more complex with remote work and proliferating device form factors. Legacy tools like Configuration Manager (MECM) can’t keep pace with today’s demands for automated, scalable management capabilities.

In this guide, we’ll explore how Microsoft’s modern Intune and Autopilot solutions can radically simplify endpoint management. By replacing fragmented tools with unified cloud services, IT teams can finally eliminate deployment hassles and secure any device.

Streamline Deployments with Autopilot

Windows Autopilot provides a game-changing, cloud-based approach to device deployment. Simply register new devices under your Azure AD tenant and assign desired profiles. When users power on the device, Autopilot fully configures Azure AD join, policies, apps, and settings automatically.

With Autopilot, there’s no need to physically touch or customize each device. Your team defines profiles centrally that get consistently applied to any auto-registered device, even remote units shipped directly to users. You can fully configure devices in minutes instead of hours or days.

Centralize Management with Intune

Microsoft Endpoint Manager (MEM) provides unified management capabilities spanning Intune for cloud-connected devices and Configuration Manager for traditional on-prem systems.

Intune delivers robust management for Windows, iOS, Android, macOS devices all from a unified cloud console. Key capabilities like conditional access policies, app/update deployments, and device compliance monitoring help secure and control endpoints centrally.

Migrate to Modern Management

For organizations with Configuration Manager already, Microsoft provides multiple options to begin shifting towards Intune’s modern approach. These include moving specific workloads like co-management for shared oversight of Windows 10 devices.

You can also migrate end-to-end to Intune while retaining access to ConfigMgr reports and data. Our consultants can help assess the optimal path forward based on your environment and needs. The future of endpoint management is in the cloud.

Adopt Cloud-First for Windows 11

Windows 11 introduces new security requirements like TPM 2.0 and Secure Boot that ConfigMgr can’t deliver. The upcoming Intune support for Windows Autopilot Reset will allow self-healing devices that automatically restore compliant states.

With cloud-first management via Intune and Azure AD, you gain identity-driven security and productivity. Simplify licensing as well by consolidating ConfigMgr and Intune licenses into Microsoft Endpoint Manager.

Drive Better Experiences and Security

Unifying endpoint management in the Microsoft cloud enables IT to securely support the new era of work from anywhere on any device. Intune and Autopilot reduce help desk tickets through self-service and automating deployments.

Users stay productive with seamless access to corporate resources. With robust cloud-based management, your organization can embrace BYOD and hybrid workstyles without compromising security. Don’t let legacy tools hold back your endpoint management capabilities. Engage with our Intune experts at DBGM to begin simplifying today.