In this post, You will get an overview of the new features in the Intune 2309 September Update. Microsoft Intune Service Release 2309 added more capabilities to extend the support for App management, Device configuration and security, and reporting.
Microsoft Intune Service Release 2309 September update added the Config Refresh will be available in the Settings Catalog, Introducing Remote Launch on Remote Help and Intune Endpoint security policies for Endpoint detection and response (EDR) now support macOS, and Linux.
Microsoft regularly releases updates, sometimes even every week, to improve the security and efficiency of device management. The addition of new features will drive productivity and allow the management of more complex scenarios for users and admins.
Each update brings enhancements and new capabilities, empowering you to experiment with functionalities and deliver the best user experience. Familiarizing yourself with the Intune service release new features can provide you with additional insights into updates and their benefits.
- Intune MAM For Personal Windows Devices Is Now Generally Available
- Intune Feature Support Approved Elevation For EPM Endpoint Privilege Management
How to Check Microsoft Intune Service Release Version
The steps guide you to check the version of Microsoft Intune. Here you can check the Intune service release version for your tenant.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com.
- Navigate to Tenant Administration and select Tenant Status.
Navigate to the “Tenant Details” tab to view your current service version, which will be displayed under the “Service Release”. The latest released version by Intune Service Release 2309.
Note Intune Service Release Version numbers are named based on the YYMM format. Here you can see Intune service release 2309. It means this version is released in September 2023.
You can also read, Past releases in the What’s New to get more information about what new features Intune service updates were released.
|Service Release||What’s New in Intune (Past Release)|
|Intune Service Release 2308||Intune August Update 2308 Features|
|Intune Service Release 2307||Intune July Update 2307 New Features Improvements|
New Features, Improvements in Microsoft Intune 2309 September Update Service Release
The Intune 2309 service releases a September update, and some features may roll out over several weeks and might be available to all customers this week.
Configuration Scripts for Unmanaged macOS PKG Apps
You can now configure pre-install and post-install scripts in unmanaged macOS PKG apps. This feature gives you greater flexibility over custom PKG installers.
You can optionally configure pre and post-install scripts on the Program tab to customize the app install, which requires the Intune agent for macOS devices v2309.007 or higher.
- Pre-install script: Provide a script that runs before the app is installed. The app proceeds to install only when the pre-install script returns zero (indicating success).
- Post-install script: Provide a script that runs after the app installs successfully. If provided, the post-install script runs after a successful app installation.
Managed Settings now available in the Apple Settings Catalog
The settings within the Managed Settings command are available in the Settings Catalog. In the Microsoft Intune admin center, you can see these settings at Devices > Configuration profiles > Create profile > iOS/iPadOS > Settings catalog for profile type.
- Managed Settings > App Analytics
- Managed Settings > Accessibility Settings
- Managed Settings > Software Update Settings
- Managed Settings > Time Zone
- Managed Settings > Bluetooth
- Managed Settings > MDM Options
Intune MAM for Windows Devices is now Generally Available, starting with Intune 2309. This MAM feature for Windows was in preview, and it was released back with Intune version 2306.
You can now enable protected MAM access to org data via Microsoft Edge on personal Windows devices. This capability uses the following functionality:
- Intune Application Configuration Policies (ACP) to customize the org user experience in Microsoft Edge
- Intune Application Protection Policies (APP) to secure org data and ensure the client device is healthy when using Microsoft Edge
- Windows Security Center threat defense integrated with Intune APP to detect local health threats on personal Windows devices
- Application Protection Conditional Access to ensure the device is protected and healthy before granting protected service access via Entra ID (AAD).
Management Certificate Expiration Date
Management certificate expiration date is available as a column in the Devices workload. You can filter on a range of expiration dates for the management certificate and also export a list of devices with an expiration date matching the filter.
In Microsoft Intune Admin Center, Click on Devices > All devices. If the Management certificate expiration date is not visible to you, you can click on Columns and select the option to appear.
Config Refresh Settings are in the Settings Catalog for Windows Insiders
In the Windows Settings Catalog, you can configure Config Refresh. This feature lets you set a cadence for Windows devices to reapply previously received policy settings, without requiring devices to check-in to Intune.
- Enable config refresh
- Refresh cadence (minutes)
SSO support during Enrollment for Android Enterprise Fully Managed and corporate-owned Devices with Work Profile
Starting Intune 2309, update supports single sign-on (SSO) on Android Enterprise devices that are fully managed or corporate-owned with a work profile. With the addition of SSO during enrollment, end users enrolling their devices only need to sign in once with their work or school account.
Windows Defender Application Control (WDAC) References will update to App Control for Business
Windows has renamed Windows Defender Application Control (WDAC) as App Control for Business. With this change, the references in Intune docs and the Intune admin center will be updated to reflect this new name.
Microsoft Intune ending support for Android device administrator on devices with GMS access in August 2024
Microsoft Intune is ending support for Android device administrator management on devices with access to Google Mobile Services (GMS) on August 30, 2024. After that date, device enrollment, technical support, bug fixes, and security fixes will be unavailable.
You can check your Intune reporting to see which devices and users may be affected. Navigate to the ‘Devices‘ section, then select ‘All devices‘. Apply a filter to the ‘OS‘ column, specifically choosing ‘Android (device administrator)’. This will provide you with a comprehensive list of relevant devices.
Endpoint Privilege Management Support for Windows 365 Devices
Elevation Report by Publisher for Endpoint Privilege Management
Intune 2309 September update released a new report named Elevation report by Publisher for Endpoint Privilege Management (EPM). With this new report you can view all managed and unmanaged elevations, which are aggregated by the publisher of the app that is elevated.
You will find the report in the Report node for EPM in the Intune admin center. Navigate to Endpoint Security> Endpoint Privilege Management and then select the Reports tab.
Intune Supported iOS/iPadOS 15.x as the Minimum Version
The Intune minimum supported version change, As the changes from Apple’s side with the release of iOS/iPadOS version 17 release. Now, the minimum version supported by Intune is iOS/iPadOS 15.x.
As an Intune admin, you need to plan to pass on this message to managed mobile users within your organization. If the iOS or iPad OS version is less than 15.x, then Intune won’t be able to support the devices from both device and application management (Intune App Protection or MAM) perspective.
Windows and Android Support for 4096-bit key Size for SCEP and PFX Certificate Profiles
Intune SCEP certificate profiles and PKCS certificate profiles for Windows and Android devices now support a Key size (bits) of 4096. This key size is available for new profiles and existing profiles you choose to edit.
- SCEP profiles have always included the Key size (bits) setting and now support 4096 as an available configuration option.
- PKCS profiles don’t include the Key size (bits) setting directly. Instead, an admin must modify the certificate template on the Certification Authority to set the Minimum key size to 4096.
Introducing Remote Launch on Remote Help
With the addition of Remote Launch, the helper can launch Remote Help seamlessly on the helper and user’s device from Intune by sending a notification to the user’s device. This allows both the helpdesk and the sharer to be connected to a session quickly without exchanging session codes.
macOS Linux Support with Intune Endpoint Security Policies for Endpoint Detection and Response
Intune Endpoint security policies for Endpoint detection and response (EDR) now support macOS and Linux. To enable this support, the Intune 2309 September update added a new EDR template profile for macOS, and Linux that you can use with macOS, and Linux devices enrolled with Intune and devices managed through the opt-in public preview of the Defender for Endpoint security settings management scenario.
The EDR template for macOS, Linux includes the following settings for the Device tags category from Defender for Endpoint:
- Type of tag – The GROUP tag, tags the device with the specified value. The tag is reflected in the admin center on the device page and can be used for filtering and grouping devices.
- Value of tag – Only one value per tag can be set. The Type of a tag is unique and shouldn’t be repeated in the same profile.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.