Enhanced Reporting and Microsoft Home Page via Intune August 2024 Update 3 New Capabilities. The Microsoft Intune August 2024 Updates are new features and improvements being added to Microsoft Intune, a cloud-based service that helps organizations manage and protect their devices and apps.
In the August update, Microsoft Intune introduces many new features. First, there is expanded support for Microsoft Managed Home Screen, which helps improve productivity. Second, there is a new resource reporting tool that focuses on performance, making it easier to track and manage resources.
Apple devices have enhanced settings, improving functionality and making them more available. This post provides detailed information about Microsoft’s new capabilities in Microsoft Intune.
These updates are designed to help you stay focused and productive. We will cover how each feature enhances productivity, performance, and functionality, making managing your devices and applications easier.
Table of Contents
What is the Managed Home Screen Capability in Intune?
The Managed Home Screen is a feature in Intune that allows IT administrators to manage and customize the home screen on mobile devices.
Enhanced Reporting and Microsoft Home Page via Intune August 2024 Updates
Let’s discuss the Microsoft Intune August 2024 Updates. This latest release brings critical enhancements to improve your experience. All the features are explained in detail below.
- Microsoft Intune 2407 New Features Early July Update
- Managing Activation Lock on Apple Devices with Intune
- How to Use Intune Assignment Filters Comparison Property gt ge lt le with OS Version
- Fix Error Code 0x87d1fde8 Remediation Failed Intune Configuration Profiles | Chrome | Setting Error
New Actions for Microsoft Cloud PKI
The following actions have been added for Microsoft Cloud PKI issuing and root certification authorities (CA):
- Delete: Delete a CA.
- Pause: Temporarily suspend the use of a CA.
- Revoke: Revoke a CA certificate.
Microsoft Managed Home Screen
Managed Home Screen (MHS) is now available for Android Enterprise Fully Managed devices. Organizations can use MHS on devices assigned to a single user, making controlling and managing the device easier.
The expanded support for Microsoft Managed Home Screen in Intune helps IT departments keep users focused on essential applications and tasks. This capability allows IT admins to use a customizable launcher to control and simplify the user experience, ensuring that devices are used efficiently and remain focused on critical operations.
Managed Home Screen is now available on Android Enterprise fully managed devices!
- Managed Home Screen, previously limited to user-less kiosks or shared devices, will now be available for deployment to a specific user on corporate-owned, fully managed devices.
- This expansion enables IT departments to apply the Managed Home Screen to various devices and scenarios.
- With this update, more use cases and applications can benefit from the Managed Home Screen’s focused, simplified experience.
- Enforce Users to use Intune Approved Apps with App Protection Policies using Conditional Access Policies
- Issue on Minimum PIN Length for Startup in Disk Encryption Policies in Intune
New Resource Reporting for Windows PCs
The new reporting feature in Intune Advanced Analytics allows IT admins to monitor device performance, identify issues caused by CPU or RAM spikes, and compare performance across different models. This data-driven approach helps resolve slow machine problems, make informed decisions about hardware replacements, and even negotiate with manufacturers.
- The report is available through both the Microsoft Intune Suite and the Advanced Analytics standalone add-on.
Read more – New Intune Reporting Changes and Details about Data Platform coming to you by 2024
- Microsoft Added New 160+ Apps on Intune Enterprise App Catalog
- MS Intune Stop Supporting User Enrollment with Company Portal for iOS iPadOS
New Settings for macOS and iOS/iPadOS Devices Now Available
With the release of macOS 15 and iOS/iPadOS 18, Microsoft provides complete settings management. They have used Apple’s GitHub repository to update settings for device management policies, including new restrictions for Apple Intelligence features. These updates will be ready for configuration as soon as the new versions are available.
Creating Endpoint Privilege Management (EPM) Elevation Rules from Elevation Requests or Reports
You can now easily create Endpoint Privilege Management (EPM) elevation rules directly from an approved elevation request or the EPM Elevation report. Instead of manually identifying file details for the rules, you can select a file from the Elevation report or the approved request.
Then, open the file’s elevation details and choose “Create a rule with these file details.” This simplifies the process of setting up elevation rules. Using this option, you can add the new rule to an existing elevation policy or create a new one with just the new one. This policy applies to Windows 10 and 11 devices.
Discovered Apps Report
The Discovered Apps report shows publisher information for both Win32 and Store apps directly in the report. Previously, publisher data was only available in the exported report. This change makes it easier to see who the publisher is without needing to export the data.
- Apps > Monitor > Discovered Apps
New AppWorkload.log for Better App Management Troubleshooting
Microsoft improved logging for Win32 apps and the Intune Management Extension (IME). The new AppWorkload.log file now tracks all details about IME-managed app deployments. These updates make troubleshooting and analysing app management issues on client devices easier.
- Intune Management Extension logs are usually found in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs on the client machine.
- You can view these logs using CMTrace.exe.
- The AppWorkload.log file is handy for troubleshooting and analyzing Win32 app management events, as it includes detailed information about app deployment activities handled by the IME.
Logs | Details |
---|---|
IntuneManagementExtension\Logs | This is the main client log file. It includes details on agent check-ins, policy requests, policy processing, and reporting activities. |
AgentExecutor.log | This log tracks the execution details of PowerShell scripts. |
ClientHealth.log | This log monitors the health activities of the sidecar agent. |
New Settings in the Apple Settings Catalog
The Settings Catalog shows all the settings you can adjust for device policies in one place. To find new settings in the catalog, follow these steps in the Microsoft Intune admin center.
- Go to Devices. Select Manage Devices.
- Click on Configuration, Choose Create, and then New Policy.
- Pick iOS/iPadOS or macOS as the platform.
- Select Settings catalog for the profile type.
- The below table helps you to show the settings for iOS/iPadOS and macOS devices
Platform | Category | Setting | Details |
---|---|---|---|
iOS/iPadOS | Declarative Device Management (DDM) | Safari Extension Settings | Managed Extensions, Allowed Domains, Denied Domains, Private Browsing, State |
Software Update Settings | Automatic Actions: Download, Install OS Updates, Deferrals: Combined Period In Days, Notifications: Rapid Security Response: Enable, Enable Rollback, Recommended Cadence | ||
Restrictions | Allow ESIM Outgoing Transfers | Allow Personalized Handwriting Results, Allow Video Conferencing Remote Control, Allow Genmoji, Allow Image Playground, Allow Image Wand, Allow iPhone Mirroring, Allow Writing Tools | |
macOS | Authentication | Extensible Single Sign On (SSO) | Platform SSO, Authentication Grace Period, FileVault Policy, Non Platform SSO Accounts, Offline Grace Period, Unlock Policy |
Extensible Single Sign On Kerberos | Allow Password, Allow SmartCard, Identity Issuer Auto Select Filter, Start In Smart Card Mode | ||
Declarative Device Management (DDM) | Disk Management | External Storage, Network Storage | |
Safari Extension Settings | Managed Extensions, Allowed Domains, Denied Domains, Private Browsing, State | ||
Software Update Settings | Allow Standard User OS Updates, Automatic Actions: Download, Install OS Updates, Install Security Update, Deferrals: Major Period In Days, Minor Period In Days, System Period In Days, Notifications: Rapid Security Response: Enable, Enable Rollback | ||
Restrictions | Allow Genmoji | Allow Image Playground, Allow iPhone Mirroring, Allow Writing Tools | |
System Policy | System Policy Control | Enable XProtect Malware Upload |
Enhanced Multi-Administrative Approval for Application Access Policies
The multi-administrative approval feature now allows you to limit application access policies to Windows applications, all non-Windows applications, or both. Microsoft introduced a new access policy that enables approvals for changes to multiple administrative approvals, enhancing control and security over application access.
New Account-Driven Apple User Enrollment for iOS/iPadOS Devices
Intune now supports account-driven Apple User Enrollment for devices running iOS/iPadOS 15 and later. This updated enrollment method uses just-in-time registration and eliminates the need for the Company Portal app. Users can start enrollment directly from the Settings app, leading to a faster and smoother onboarding process.
Apple has announced that it will end support for profile-based Apple User Enrollment and is making the following changes.
- Microsoft Intune will also end support for Apple User Enrollment with Company Portal shortly after the release of iOS/iPadOS 18.
- Microsoft recommends switching to account-driven Apple User Enrollment for similar functionality.
- The new method provides an improved user experience with a more straightforward process.
- Devices > Enrollment > Apple > Enrollment Options-Enrollment type
Microsoft Entra Account to Enable Android Enterprise Management in Intune
Previously, you needed to connect your Intune account to a managed Google Play account using an enterprise Gmail account. This process is necessary for managing Android devices enrolled in Intune. You can now set up this connection using a corporate Microsoft Entra account instead.
This change applies to new Intune tenants and would not affect those who have already set up the connection using a Gmail account.
- Devices > Enrollment > Android > Prerequisites > Managed Google Play
Mobile Threat Defense (MTD) Connectors Supported in Intune Operated by 21Vianet
Intune, operated by 21Vianet, now supports Mobile Threat Defense (MTD) connectors for Android and iOS/iPadOS devices. If your MTD partner is supported, you will see these connectors available when you sign in to a 21Vianet tenant. This feature helps you to enhance device security by integrating with supported MTD vendors.
Read more – Use MTD to Protect iOS and Android Devices with Microsoft Defender for Endpoint
New cpuArchitecture Filter for App and Policy Assignments in Intune
When assigning apps, compliance policies, or configuration profiles, you can use a new cpuArchitecture filter. This lets you choose devices for Windows and macOS based on their processor type, such as Intel or ARM. This helps you target specific devices more accurately.
- This applies to –Windows 10, Windows 11 and macOS
- Tenant administration > Filters > Create
- Managed Devices and Managed apps
Updated Platform Options for Endpoint Security Policies in Intune
When you create an endpoint security policy in Intune, you can choose the Windows platform. Now, there are two options – Windows and Windows (ConfigMgr). This makes it easier to pick the right template for your security settings. You need to know about the changes to endpoint security policies in Intune.
- Affected Policies: The changes apply to policies for Antivirus, Disk Encryption, Firewall, Endpoint Privilege Management, Endpoint Detection and Response, Attack Surface Reduction, and Account Protection.
- The update affects how admins see options when creating new policies. It doesn’t change how policies work or affect the devices.
- The functionality remains the same as before despite the updated platform names.
- There are no extra tasks or actions required for existing policies.
- These updates are designed to simplify the policy creation process but do not impact the existing setup or functionality.
Windows | Details |
---|---|
Windows 10 and later | Windows |
Windows 10 and later (ConfigMgr) | Windows (ConfigMgr) |
Windows 10, Windows 11, and Windows Server | Windows |
Windows 10, Windows 11, and Windows Server (ConfigMgr) | Windows (ConfigMgr) |
Apple Software Update Scheduling Now Uses Device Local Time
You can now set OS update times based on the devices’ local time zones. This change applies to new policies created from the August 2408 release onwards.
This setting can be found in the settings catalog under Devices > Manage devices > Configuration > Create > New policy > iOS/iPadOS or macOS > Settings catalog > Declarative Device Management > Software Update.
- The UTC text will be removed from this setting in a future update.
- This setting is applied to iOS/iPadOS and macOS.
New Protected Apps Now Available in Intune
Let’s discuss the new Protected Apps in Intune. Microsoft Intune now supports the following new protected apps, which enhance the range of applications you can manage and protect using Intune.
- Singletrack for Intune (iOS) by Singletrack
- 365Pay by 365 Retail Markets
- Island Browser for Intune (Android) by Island Technology, Inc.
- Recruitment.Exchange by Spire Innovations, Inc.
- Talent.Exchange by Spire Innovations, Inc.
Organizational Messages Moved to Microsoft 365 Admin Center
The organizational message feature has been moved from the Microsoft Intune admin center to the Microsoft 365 admin center. You can now view and manage all your organizational messages in the new location. The updated experience offers new features, including creating and delivering custom messages through Microsoft 365 apps.
Read more – Organizational Messages Now Available on Microsoft 365 Admin Center
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.