Let’s check the new features added in the Intune August Update. Microsoft Intune Service Release 2308 August Update added more capabilities to extend the support for Win32 App management, Device configuration and security, and reporting.
Microsoft Intune Service Release 2308 August Update added a feature, an important development for frontline workers to help resolve device issues faster and more efficiently, Remote Help for Android is now available, and a lot of additions to the policies and improvements are made to the reporting and enhanced the App.
Microsoft regularly releases updates, sometimes even every week, to improve the security and efficiency of device management. The addition of new features will drive productivity and allow the management of more complex scenarios for users and admins.
Each update brings enhancements and new capabilities, empowering you to experiment with functionalities and deliver the best user experience. Familiarizing yourself with the Intune service release new features can provide you with additional insights into updates and their benefits.
- Windows Driver Firmware Updates From Intune Policy
- Easy Method To Enable Tamper Protection for MacOS Using Intune
Video – Intune 2308 Updates New Features
Let’s check Intune 2308 August New Features Updates in the following video. The following are some of the new updates with the 2308 version.
Remote Help for Android, Just-in-time Registration and Compliance Remediation for iOS/iPadOS Setup Assistant with modern authentication is now Generally Available, and Group Policy Analytics is Generally Available.
How to Check Microsoft Intune Version
The steps guide you to check the latest version of Microsoft Intune for your tenant. Follow the steps below to check the Intune service release version for your tenant.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com.
- Navigate to Tenant Administration and select Tenant Status.
Navigate to the “Tenant Details” tab to view your current service version, which will be displayed under the “Service Release”. The latest released version by Intune Service Release 2308.
Note💡Intune Service Release Version numbers are named based on the YYMM format. Here you can see Intune service release 2308. It means this version is released in August 2023.
The Intune service release 2308 number provides access to the “What’s new in Intune” article on Microsoft docs, where you can find information about the latest features and updates to the Intune service.
You can also read, Past releases in the What’s New to get more information about what new features Intune service updates were released.
|Service Release||What’s New in Intune (Past Release)|
|Intune Service Release 2307||Intune July Update 2307 New Features Improvements|
|Intune Service Release 2306||New Features In Intune Service Release 2306 June Update|
New Features, Improvements in Microsoft Intune August Update Service Release 2308
The Intune service releases the 2308 August update, and some features may roll out over several weeks and might be available to all customers this week.
Remote Help for Android
Remote Help for Android empowers IT admins to support frontline workers’ Android Enterprise dedicated devices from anywhere in real time. This Intune Suite capability can resolve issues quickly, reducing downtime and boosting worker productivity. This feature also offers enhanced control and insight, allowing admins to manage endpoints better.
With Remote Help for Android, you can unlock and control devices for faster fixes, even when the devices are unattended. Role-based access enables admins to assign appropriate levels of control for helpdesk workers. Session reporting and audit logs offer insights to help organizations identify trends, know when to update devices, and keep an eye out for suspicious activity.
Just-in-time Registration and Compliance Remediation for iOS/iPadOS Setup Assistant with modern authentication now Generally Available
Starting with Intune August update, Just in time registration and compliance remediation for Setup Assistant with modern authentication are now out of preview and generally available. With just in time (JIT) registration, the device user doesn’t need to use the Company Portal app for Azure Active Directory registration and compliance checking.
JIT registration and compliance remediation is embedded into the user’s provisioning experience, so they can view their compliance status and take action within the work app they’re trying to access.
Group Policy Analytics is Generally Available
Group Policy analytics is generally available (GA). Use Group Policy analytics to analyze your on-premises group policy objects (GPOs) for their migration to Intune policy settings, Read more Migrate Group Policies GPOs To Intune Settings Catalog Policy.
Configure Win32 App Installation Time
In Intune, you can set a configurable installation time to deploy Win32 apps. This time is expressed in minutes. If the app takes longer to install than the set installation time, the system will fail the app install. The max timeout value is 1440 minutes (1 day).
Now generally available, awaiting final configuration enables a locked experience at the end of Setup Assistant to ensure that critical device configuration policies install on devices. The locked experience works on devices targeted with new and existing enrollment profiles. Supported devices include:
- iOS/iPadOS 13+ devices enrolling with Setup Assistant with modern authentication
- iOS/iPadOS 13+ devices enrolling without user affinity
- iOS/iPadOS 13+ devices enrolling with Azure AD shared mode
This setting is applied once during the out-of-box automated device enrollment experience in Setup Assistant. The device user doesn’t experience it again unless they re-enroll their device. Awaiting final configuration is enabled by default for new enrollment profiles.
Changes to Android Notification Permission Prompt Behavior
Intune August updated how our Android apps handle notification permissions to align with recent changes made by Google to the Android platform. As a result of Google changes, notification permissions are granted to apps as follows:
- On devices running Android 12 and earlier: Apps are permitted to send notifications to users by default.
- On devices running Android 13 and later: Notification permissions vary depending on the API the app targets.
- Apps targeting API 32 and lower: Google has added a notification permission prompt that appears when the user opens the app. Management apps can still configure apps so that they’re automatically granted notification permissions.
- Apps targeting API 33 and higher: App developers define when the notification permission prompts appear. Management apps can still configure apps so that they’re automatically granted notification permissions.
Defender Update Controls to Deploy Updates for Defender is now Generally Available
The profile Defender Update controls for Intune Endpoint security Antivirus policy, which manages update settings for Microsoft Defender, is now generally available. This profile is available for the Windows 10, Windows 11, and Windows Server platform.
The profile includes settings for the rollout release channel by which devices and users receive Defender Updates that are related to daily security intelligence updates, monthly platform updates, and monthly engine updates.
This profile includes the following settings, which are all directly taken from Defender CSP – Windows Client Management. These settings are also available from the settings catalog for Windows 10 and later profile.
Elevation Report by Applications for Endpoint Privilege Management
A new report named Elevation report by applications for Endpoint Privilege Management (EPM). With this new report you can view all managed and unmanaged elevations, which are aggregated by the application that elevated. This report can aid you in identifying applications that might require elevation rules to function properly, including rules for child processes.
You will find the report in the Report node for EPM in the Intune admin center. Navigate to Endpoint security > Endpoint Privilege Management and then select the Reports tab.
Anomaly detection device cohorts in Intune Endpoint analytics is now generally available
Device cohorts are identified in devices associated with a high or medium severity anomaly. Devices are correlated into groups based on one or more factors they have in common like an app version, driver update, OS version, device model. A correlation group will contain a detailed view with key information about the common factors between all affected devices in that group. You can also view a breakdown of devices currently affected by the anomaly and ‘at risk’ devices, those that haven’t yet shown symptoms of the anomaly.
Improved User Experience for Device Timeline in Endpoint Analytics
The user interface (UI) for device timeline in Endpoint analytics is improved and includes more advanced capabilities (support for sorting, searching, filtering, and exports). When viewing a specific device timeline in Endpoint analytics, you can search by event name or details. You can also filter the events and choose the source and level of events that appear on the device timeline and select a time range of interest.
Updates for Compliance Policies and Reports
The Intune August update made several improvements to the Intune compliance policies and reports. With these changes the reports more closely align to the experience in use for device configuration profiles and reports. We’ve updated our compliance report documentation to reflect the available compliance report improvements.
Compliance report improvements include:
- Compliance details for Linux devices.
- Redesigned reports that are up-to-date and simplified, with newer report versions beginning to replace older report versions, which will remain available for some time.
- When viewing a policy for compliance, there is no more left-pane navigation. Instead, the policy view opens to a single pane that defaults to the Monitor tab and its Device status view.
- This view provides a high-level overview of device status for this policy, and supports drilling in to review the full report, as well as a per-setting status view of the same policy.
- The doughnut chart is replaced by a streamlined representation and count of the different device status values returned by devices assigned the policy.
- You can select the Properties tab to view the policy details and review and edit its configuration and assignments.
- The Essentials section is removed, with those details appearing in the policy’s Properties tab.
- The updated status reports support sorting by columns, the use of filters, and search. Combined, these enhancements enable you to pivot the report to display specific subsets of details you want to view at that time. With these enhancements, we have removed the User status report, as it has become redundant. Now, while viewing the default Device status report, you can focus the report to display the same information that was available from User status by sorting on the User Principal Name column or searching for a specific username in the search box.
- When viewing status reports, the count of devices that Intune displays now remains consistent between different report views as you drill in for deeper insights or details.
Turn off the Store application setting to disable end user access to Store apps, and allow managed Intune Store Apps
In Intune, you can use the new Store app type to deploy Store apps to your devices. Using the Turn off the Store application policy to disable end users’ direct access to Store apps. When it’s disabled, end users can still access and install Store apps from the Windows Company Portal app and through Intune app management. Don’t configure this policy if you want to allow random store app installs outside of Intune.
The previous Only display the private store within the Microsoft Store app policy doesn’t prevent end users from directly accessing the store using the Windows Package Manager
winget APIs. So, if your goal is to block random unmanaged Store application installs on client devices, then it’s recommended to use the Turn off the Store application policy. Don’t use the Only display the private store within the Microsoft Store app policy.
New Intune RBAC Permission for Android Device Enrollment Profiles
Introducing a new role-based access control (RBAC) permission under the resource Android for work. The permission Update Enrollment Profile allows the admin to manage or change both AOSP and Android Enterprise Device Owner enrollment profiles that are used to enroll devices.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.