Microsoft Endpoint Manager
Announced at Ignite 2019, this is a product which allows you to manage hybrid Intune / Configuration Manager environments from the cloud. It introduces visibility over which applications are being managed by Intune, whether devices are being managed by Intune or Config. Manager, insights into system events such as application crashes, whether devices are corporate or personal, and much more.
Along with Endpoint Manager, Microsoft announced that any organisation that has a Configuration Manager deployment is now able to integrate it with Intune for free. You no longer need to worry about ensuring you have the right licensing for it or additional licensing costs.
Perspicuity View: This change makes it much easier for organisations to work with Intune moving forward. Not only is it simpler for the customer to understand and license, it will unify the entire experience by merging the capabilities. It also makes keeping track of updates simpler with the unified experience in Endpoint Manager.
Windows 10 feature Updates are now in public preview
Now available in Pubic Preview is the capability to push Windows 10 feature updates to Windows 10 devices. This is a new policy type and is used in conjunction with existing Windows 10 update rings. Once this policy is assigned to a device, it will remain at that version of Windows until the policy has been updated or removed. Devices on a specific version still allow for security and quality updates.
Perspicuity View: This policy allows for a greater level of control over feature updates for all Intune managed devices and will provide IT Admins with the peace of mind that they can choose when the latest feature release is applied. This provides time for testing and ratification of the latest build before deploying to the rest of the business. As Windows will remain on the version applied until the policy is updated or removed, it will also allow for IT Admins to deploy different versions to different departments or regions, depending on their needs. This will keep continuity with Device Management and ensure that all devices are compliant with currently supported versions of Windows.
Intune Reporting and Support
Reporting in Intune has recently been improved, introducing new report classifications:
- Operational - timely and targeted reports aimed at Admins, subject matter experts, and helpdesk employees to take quick action to resolve issues. These are the types of reports which are generated when an issue arises
- Organisational - reports targeted at Admins and managers, providing summaries of your device management ecosystem to help spot common issues and trends
- Historical - outlines trends and patterns to issues which occur over time, targeted towards Admins and managers
- Specialist - allows you to use raw data to create bespoke reports to suit your needs
In addition to these new report classifications, Microsoft are in the process of rolling out a new Help and Support experience in Azure:
- Start by selecting the service you are having issues with and provide a description of the issue. This will present a list of Microsoft articles which relate to the issues you are experiencing
- You can also raise a service request through this window, which also provides real-time estimations as to how long it will take for a support representative to contact you
- You can also use this console to view service requests you have raised previously
Perspicuity View: A change to reporting in Intune has been long overdue. With the increased capabilities around Windows 10 deployment through Intune, this was most definitely needed to allow organisations to report back to the business with much more accurate information regarding the condition of their device estate. This new reporting should provide the information IT departments need in order to be able to make more informed decisions.
BitLocker key rotation
Introduced with Windows 10 1909, Intune can now be used to remotely rotate BitLocker recovery keys for managed devices. For this to be activated, the devices must first be enabled to support the recovery key rotation process. This setting can be changed through an Intune device configuration policy.
Perspicuity View: This change now allows for an IT Admin to force a password key rotation from within the Intune Portal. This keeps the Recovery password secure. This process will also clean up (delete) all previous recovery key passwords within Azure AD / Intune for the device and store on the new single recovery password. The key is written to both Intune and Azure AD.