In this post, You will get details of the Microsoft Intune 2312 December Update new features. Intune Service Release 2312 added more capabilities to extend the support for Win32 App management, Device configuration and security.
With the Intune 2312 December update, two settings to the Microsoft Defender Antivirus profile for endpoint security Antivirus policy added, Intune released a new version of the Intune security baseline for Microsoft Edge, macOS unmanaged package moved in GA, and enhancement for Win32 App size limit extended to 30 GB.
Each update brings enhancements and new capabilities, empowering you to experiment with functionalities and deliver the best user experience. Familiarizing yourself with the Intune service release new features can provide you with additional insights into updates and their benefits.
Microsoft regularly releases updates, sometimes even every week, to improve the security and efficiency of device management. The addition of new features will drive productivity and allow the management of more complex scenarios for users and admins.
- Intune Cloud PKI To Deliver SSL Code Signing Certificates
- Top 75 Latest Intune Interview Questions And Answers
How do you Check Intune Service Status?
The steps guide you to check the status of Microsoft Intune. Here you can check the Intune service release version for your tenant.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com.
- Navigate to Tenant Administration and select Tenant Status.
Navigate to the “Tenant Details” tab to view your current service version, which will be displayed under “Service Release”. The latest released version is Intune Service Release 2312.
Note Intune Service Release Version numbers are named based on the YYMM format. Here you can see Intune service release 2312. It means this version is released in December 2023.
You can also read, Past releases in the What’s New to get more information about what new features Intune service updates were released. Intune provides several ways to stay current with the latest updates:
Service Release | What’s New in Intune (Past Release) |
---|---|
Intune Service Release 2311 | Intune 2311 November Update New Features Improvements |
Intune Service Release 2310 | New Features In Microsoft Intune 2310 October Update |
Microsoft Intune 2312 December Update New Features, Improvements
The Intune 2312 service releases December update, and some features may roll out over several weeks and might be available to all customers this week. The order and duration vary. Each monthly update may take up to three days to roll out and will be in the following order.
- Day 1: Asia Pacific (APAC)
- Day 2: Europe, Middle East, Africa (EMEA)
- Day 3: North America
- Day 4+: Intune for Government
To get the latest information on device management technologies, Watch out for HTMD Daily Coverage.
Support to Add unmanaged PKG-type Applications for macOS devices is now Generally Available
You can now upload and deploy unmanaged PKG-type applications to managed macOS devices using the Intune MDM agent for macOS devices. This feature enables you to deploy custom PKG installers, such as unsigned apps and component packages.
You can add a PKG app in the Intune admin center by selecting Apps > macOS > Add > macOS app (PKG) for app type. For more information, see Add an unmanaged macOS PKG app to Microsoft Intune.
Windows MAM Supported in Government Cloud Environments and in 21 Vianet in China
Customer tenants in US Government Community (GCC), US Government Community (GCC) High, and Department of Defense (DoD) environments are now able to use Windows MAM.
Updated Security Baseline for Microsoft Edge
The Microsoft Intune 2312 released a new version of the Intune security baseline for Microsoft Edge, version 117. The Microsoft Edge baseline can help you rapidly deploy configurations to Edge that meet the security recommendations of Microsoft security teams.
As with all baselines, the default baseline represents the recommended configurations. You can modify the default baseline to meet the requirements of your organization.
Support for Variables in noncompliant Email Notifications
Use variables to personalize email notifications that are sent when a user’s device becomes noncompliant. The variables included in the template, such as {{username}}
and {{devicename}}
, are replaced by the actual username or device name in the email that users receive. Variables are supported with all platforms.
Updated report visualization for Microsoft Defender for Endpoint connector
Intune 2312 release updated the reporting visualization for the Microsoft Defender for Endpoint connector. This report visualization displays the count of devices that have onboarded to Defender for Endpoint based on status from the Defender CSP, and visually aligns to other recent report views that use a bar to represent the percentage of devices with different status values.
New settings for scheduling Antivirus scans added to Antivirus policy for Windows devices
Intune 2312 December Update added two settings to the Microsoft Defender Antivirus profile for endpoint security Antivirus policy that applies to Windows 10 and Windows 11 devices. These two settings work together to first enable support for a random start time of a device’s antivirus scan, and to then define a range of time during which the randomized scan start can begin.
These settings are supported with devices managed by Intune and devices managed through the Defender for Endpoint security settings management scenario.
- RandomizeScheduleTaskTimes – This setting enables randomization of the scan start time on devices.
- SchedulerRandomizationTime – This setting this setting, you can set boundaries for the random start time.
Microsoft Tunnel Support for Direct Proxy Exclusion list in VPN profiles for Android Enterprise
Intune now supports configuration of a Proxy exclusion list when you configure a VPN profile for Microsoft Tunnel for Android devices. With an exclusion list, you can exclude specific domains from your proxy setup without requiring the use of a Proxy Auto-Configuration (PAC) file. The proxy exclusion list is available with both Microsoft Tunnel and Microsoft Tunnel for MAM
The proxy exclusion list is supported in environments that use a single proxy. The exclusion list isn’t suitable or supported when you use multiple proxy servers, for which you should continue to use a .PAC file.
Microsoft Tunnel Server Health Metric to Report on TLS Certificate Revocation
Intune 2312 December Update added a new health metric for Microsoft Tunnel named TLS certificate revocation. This new health metric reports on the status of the Tunnel Servers TLS certificate by accessing the Online Certificate Status Protocol (OCSP) or CRL address as defined in the TLS certificate.
You can view the status of this new check with all the health checks in the Microsoft Intune admin center by navigating to Tenant administration > Microsoft Tunnel Gateway > Health status, selecting a server, and then selecting that servers Health check tab.
This metric runs as part of the existing Tunnel Health checks, and supports the following status:
- Healthy: The TLs certificate is not revoked
- Warning: Unable to check if the TLS certificate is revoked
- Unhealthy: The TLS certificate is revoked, and should be updated
Configure offline caching in Microsoft 365 (Office) for Android devices
You can enable or disable offline caching when Save As to Local Storage is blocked by the app protection policy, you can use a configuration key in an app configuration policy to enable or disable offline caching. This setting is only applicable to the Microsoft 365 (Office) app on Android.
Key | Value |
---|---|
com.microsoft.intune.mam.IntuneMAMOnly.AllowOfflineCachingWhenSaveAsBlocked | false (default) disables offline caching when Save As to local storage is blocked true enables offline caching when Save As to local storage is blocked |
Win32 App Grace Period Settings on Device
Starting with Intune 2312 December Update, On a device where a Win32 app with grace period settings has been deployed, low-rights users with non-administrative privileges can now interact with the grace period UX. Admins on the device will continue to be able to interact with the grace period UX on the device.
Let’s check how to Enable Device Restart Grace Period for Win32 App. This configuration will ensure that the device will restart after the Win32 app installation.
Intune Win32 App Size Limit Increased to 30 GB
The Windows Application Size limit has increased to 30 GB per app. You can use Win32 app management to deploy the application size up to 30 GB.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.