In this post, You will get an overview of the Intune 2311 November Update new features. Microsoft Intune Service Release 2311 added more capabilities to extend the support for App management, Device configuration and security, and reporting capabilities.
Each update brings enhancements and new capabilities, empowering you to experiment with functionalities and deliver the best user experience. Familiarizing yourself with the Intune service release new features can provide you with additional insights into updates and their benefits.
With the Intune 2311 November update, Defender for Endpoint security settings management enhancements and support for Linux and macOS are generally available. Microsoft Defender Firewall profiles are renamed to Windows Firewall. Additionally, Intune released a new version of the Intune security baseline for Microsoft 365 Apps for Enterprise.
Microsoft regularly releases updates, sometimes even every week, to improve the security and efficiency of device management. The addition of new features will drive productivity and allow the management of more complex scenarios for users and admins.
- Manage Microsoft Intune Devices Using ControlUp Enrich Monitoring Tool
- Zero Touch Enrolment For Corporate-Owned Android Devices In Intune
Intune 2311 New Features and Updates
Intune 2311 New Features and Updates. Recording of Nov 2023 HTMD Community User Group event by Jitesh Kumar. New Intune MAM Enabled Apps Hey DAN, Microsoft Azure, and KeePassium for Intune, new grace period status added in apps for Android, Android AOSP, Enrollment for iOS/iPadOS devices in shared device mode is GA’d.
How to Check Microsoft Intune Service Release
The steps guide you to check the version of Microsoft Intune. Here you can check the Intune service release version for your tenant.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com.
- Navigate to Tenant Administration and select Tenant Status.
Navigate to the “Tenant Details” tab to view your current service version, which will be displayed under “Service Release”. The latest released version is Intune Service Release 2311.
Note Intune Service Release Version numbers are named based on the YYMM format. Here you can see Intune service release 2311. It means this version is released in November 2023.
You can also read, Past releases in the What’s New to get more information about what new features Intune service updates were released.
| Service Release | What’s New in Intune (Past Release) |
|---|---|
| Intune Service Release 2310 | New Features In Microsoft Intune 2310 October Update |
| Intune Service Release 2309 | Intune 2309 September Service Release New Features Improvements |
| Intune Service Release 2308 | Intune August Update 2308 Features |
Microsoft Intune 2311 November Update New Features, Improvements
The Intune 2311 service releases November update, and some features may roll out over several weeks and might be available to all customers this week. The order and duration vary. Each monthly update may take up to three days to roll out and will be in the following order.
- Day 1: Asia Pacific (APAC)
- Day 2: Europe, Middle East, Africa (EMEA)
- Day 3: North America
- Day 4+: Intune for Government
To get the latest information on device management technologies, Watch out for HTMD Daily Coverage.
New Grace Period Status added in Apps for Android, Android AOSP
The Intune Company Portal app for Android and Microsoft Intune app for Android AOSP now show a grace period status for devices that don’t meet compliance requirements but are still within their given grace period.
Users can see the date by which devices must be compliant and the instructions for how to become compliant. If users don’t update their device by the given date, the device is marked as non-compliant.
Settings to Manage Windows Subsystem for Linux are now available in the Intune Settings Catalog
Intune 2311 service release added settings to the Windows settings catalog for Windows Subsystem for Linux (WSL). These settings enable Intune integration with WSL so admins can manage deployments of WSL and controls into Linux instances themselves.
To find these settings, in the Microsoft Intune admin center go to Devices > Configuration profiles > Create > New Policy > Windows 10 and later for platform > Settings catalog for profile type, Windows Subsystem for Linux:
- Allow kernel debugging
- Allow custom networking configuration
- Allow custom system distribution configuration
- Allow kernel command line configuration
- Allow custom kernel configuration
- Allow WSL1
- Allow the Windows Subsystem for Linux
- Allow the Inbox version of the Windows Subsystem For Linux
- Allow user setting firewall configuration
- Allow nested virtualization
- Allow passthrough disk mount
- Allow the debug shell
Enrollment for iOS/iPadOS Devices in Shared Device mode now Generally Available
Starting with Intune 2311 updates, Now generally available to configure in the Microsoft Intune admin center, set up automated device enrollment for iOS/iPadOS devices that are in shared device mode.
Shared device mode is a feature of Microsoft Entra that enables your frontline workers to share a single device throughout the day, signing in and out as needed.
Improvements to New Device Experience in Intune Admin Center
The Intune 2311 release made the following changes to the new Devices experience in the Microsoft Intune admin center:
- Additional entry points to platform-specific options: Access the platform pages from the Devices navigation menu.
- Quick entry to monitoring reports: Select the titles of the metrics cards to go to the corresponding monitoring report.
- Improved navigation menu: We added icons back in to provide more color and context as you navigate.
Additional Settings for the Linux Antivirus Policy Template
Microsoft Intune 2311 release expanded support for Linux by adding the following settings to the Microsoft Defender Antivirus template for Linux devices:
- cloudblocklevel
- scanarhives
- scanafterdefinitionupdate
- maximumondemandscanthreads
- behaviormonitoring
- enablefilehashcomputation
- networkprotection
- enforcementlevel
- nonexecmountpolicy
- unmonitoredfilesystems
Updated Security Baseline for Microsoft 365 Apps for Enterprise
The Microsoft Intune 2311 released a new version of the Intune security baseline for Microsoft 365 Apps for Enterprise, version 2306.
The Microsoft 365 Office Apps baseline can help you rapidly deploy configurations to your Office Apps that meet the security recommendations of the Office and security teams at Microsoft. As with all baselines, the default baseline represents the recommended configurations. You can modify the default baseline to meet the requirements of your organization.
Deprecation and replacement of two settings found in the Linux and macOS Endpoint Security Antivirus Policies
The Microsoft Intune 2311 November update deprecated two settings in the Antivirus engine category of Microsoft Defender Antivirus profiles for macOS and Linux. These profiles are available as part of Intune’s endpoint security Antivirus policies.
For each platform, the two deprecated settings are replaced by a single new setting that aligns with how Microsoft Defender for Endpoint manages device configurations. The following are the two deprecated settings:
- Enable real-time protection now appears as Enable real-time protection (deprecated)
- Enable passive mode now appears as Enable passive mode (deprecated)
The new setting that replaces the two deprecated settings:
- Enforcement level – By default, Enforcement level is set to Passive and supports options of Real time and On demand.
These settings are also available from the Intune settings catalog for each platform, where the old settings are also marked as deprecated and replaced by the new setting. The changes for Linux are now available. The macOS settings are marked as deprecated, but the Enforcement level setting will not be available until December.
Microsoft Defender Firewall profiles are renamed to Windows Firewall
Starting from the Intune 2311 update, To align with Firewall branding changes in Windows, updated the names of Intune profiles for endpoint security Firewall policies. In profiles that have Microsoft Defender Firewall in the name replaced with Windows Firewall.
The Windows 10 and later (ConfigMgr), Windows 10, Windows 11, and Windows Server platforms have profiles that are affected, with only the profile names being affected by this change.
New Endpoint Security Firewall policy profile for Windows Hyper-V Firewall Rules
Microsoft Intune 2311 released a new profile named Windows Hyper-V Firewall Rules that you can find through the Windows 10, Windows 11, and Windows Server platform path for endpoint security Firewall policy. Use this profile to manage the firewall settings and rules that apply to specific Hyper-V containers on Windows, including applications like the Windows Subsystem for Linux (WSL) and the Windows Subsystem for Android (WSA).
Use Endpoint Security Firewall policy for Windows Firewall to manage firewall settings for Windows Hyper-V
Intune Service release 2311 added new settings to the Windows Firewall profile (formerly Microsoft Defender Firewall) for endpoint security Firewall policy. The new settings can be used to manage Windows Hyper-V settings.
Windows Hyper-V Firewall Rules allow administrators to define granular Firewall rules. Define firewall rules with specific ports, protocols, applications and networks, to allow or block network traffic to virtualized guests.
To configure the new settings, in the Microsoft Intune admin center, go to Endpoint security > Firewall > Platform: Windows 10, Windows 11, and Windows Server > Profile: Windows Firewall. The following settings have been added to the Firewall category:
- Target – When Target is set to Windows Subsystem for Linux, the following child settings are applicable:
Minimum version update for iOS Company Portal
Users are required to update to v5.2311.1 of the iOS Company Portal. If you have enabled the Block installing apps using App Store device restriction setting, you will likely need to push an update to the related devices that use this setting. Otherwise, no action is needed. If you have a helpdesk, you may want to make them aware of the prompt to update the Company Portal app.
In most cases, users have app updates set to automatic, so they receive the updated Company Portal app without taking any action. Users that have an earlier app version will be prompted to update to the latest Company Portal app.
Defender for Endpoint security settings management enhancements and support for Linux and macOS are generally available
The improvements that were introduced in the Defender for Endpoint security settings management opt-in public preview are now generally available.
With this change, the default behavior for security settings management includes all the behavior added for the opt-in preview – without having to enable support for preview features in Microsoft Defender for Endpoint. This includes the general availability and support for the following endpoint security profiles for Linux and macOS:
Feature updates and reports support Windows 11 Policies
The new setting on Feature update policies enables an organization to deploy Windows 11 to those devices that are eligible for the upgrade, while ensuring devices not eligible for the upgrade are on the latest Windows 10 feature update with a single policy. As a result, admins do not need to create or manage groups of eligible and non-eligible devices.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.