In this post, You will get an overview of the new features in the Intune July Update. Microsoft Intune Service Release 2307 added more capabilities to extend the support for App management, Device configuration and security, and reporting.
Microsoft Intune Service Release 2307 July Update added the most awaited feature, the ability to uninstall Windows apps in the Intune Company Portal, a lot of addition and improvement specific to the reporting, and enhanced the macOS App managing capability by allowing support for unmanaged PKG apps.
Microsoft regularly releases updates, sometimes even every week, to improve the security and efficiency of device management. The addition of new features will drive productivity and allow the management of more complex scenarios for users and admins.
Each update brings enhancements and new capabilities, empowering you to experiment with functionalities and deliver the best user experience. Familiarizing yourself with the Intune service release new features can provide you with additional insights into updates and their benefits.
- Windows Driver Firmware Updates From Intune Policy
- Easy Method To Enable Tamper Protection for MacOS Using Intune
Check Intune Version in your Tenant
The steps guide you to check the latest version of Microsoft Intune for your tenant. Follow the steps below to check the Intune service release version for your tenant.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com.
- Navigate to Tenant Administration and select Tenant Status.
Navigate to the “Tenant Details” tab to view your current service version, which will be displayed under the “Service Release”. The latest released version by Intune Service Release 2307.
Note💡Intune Service Release Version numbers are named based on the YYMM format. Here you can see Intune service release 2307. It means this version is released in July 2023.
The Intune service release 2307 number provides access to the “What’s new in Intune” article on Microsoft docs, where you can find information about the latest features and updates to the Intune service.
You can also read, Past releases in the What’s New to get more information about what new features Intune service updates were released.
|Service Release||What’s New in Intune (Past Release)|
|Intune Service Release 2306||New Features In Intune Service Release 2306 June Update|
|Intune Service Release 2305||Intune Service Release 2305 May Update New Features|
|Intune Service Release 2304||Microsoft Intune 2304 April Update Windows LAPS Management|
New Features, Improvements in Microsoft Intune July Update Service Release 2307
The Intune service releases the 2307 July update, and some features may roll out over several weeks and might be available to all customers this week. Let’s check out the video walkthrough of Intune 2307 new features or updates as part of the July 2307 release.
Uninstalling Apps in Intune Company Portal for Windows
You can now able to uninstall Win32 apps and Microsoft Store apps using the Windows Company Portal if the apps were assigned as available and were installed on-demand by the end-users.
Before this release, standard users could not uninstall applications installed through the Company Portal without administrator rights, taking help from help desk admins. For Intune Win32 apps, you have the option to enable or disable this feature (off by default). For Microsoft store apps, it is always on and available for your end-users.
If an app can be uninstalled by the end user, the end user will be able to select Uninstall for the app in the Windows Company Portal. This functionality is slowly releasing, and we anticipate it’ll be fully available within the next week or two.
Tamper protection support for Windows on Azure Virtual Desktop
Tamper protection is a useful feature that safeguards security settings set by organizations on managed client devices, including virus and threat protection.
Intune now supports endpoint security Antivirus policy to manage Tamper protection for Windows on Azure Virtual Desktop multi-session devices. Support for Tamper protection requires devices to onboard to Microsoft Defender for Endpoint before applying the policy enabling Tamper protection.
Default Settings for Windows PowerShell Scripts
In Intune, when we add a Windows PowerShell script, there are script settings to configure for various settings. Previously these settings were auto-configured to No. To increase the secure-by-default behavior of Intune, the default behavior of the following settings has changed to Yes, This behavior applies to new scripts we add, not existing scripts.
- Run this script using the logged on credentials setting defaults to Yes.
- The Enforce script signature check setting defaults to Yes.
Add Unmanaged PKG-type Applications to Managed macOS Devices in Public Preview
Starting with Intune July Update 2307, You can now upload and deploy unmanaged PKG-type applications to managed macOS devices using the Intune MDM agent for macOS devices. This feature enables you to deploy custom PKG installers, such as unsigned apps and component packages.
Here’s how you can add a PKG app in the Intune admin center by selecting Apps > macOS > Add > macOS app (PKG) for app type.
App Report for Android Enterprise Corporate-owned Devices
Discovered apps are separate reports from the app installation reports. You can now view a report containing all apps found on a device for Android Enterprise corporate-owned scenarios, including system apps.
This report is available in the Microsoft Intune admin center by selecting Apps > Monitor > Discovered apps. You will see the Application Name, Application Version, and Device count for all apps detected as installed on the device. App information may take up to 24 hours to populate the report.
Settings Insight within Intune Security Baselines is Generally Available
The Settings Insight feature adds insights to security baselines, giving you confidence in configurations that similar organizations successfully adopt.
Starting with Intune Service Release 2307, Settings Insight In Intune Security Baselines is now in Generally Available (GA). By leveraging Settings Insight within Intune Security Baselines, admins can ensure that devices are properly configured and aligned with the organization’s security requirements.
Once you create baseline policies, These insights are available as a light bulb when you create and edit the workflow.
New Settings Available for iOS/iPadOS Web Clip App Type
In Intune, you can pin web apps to your iOS/iPadOS devices (Apps > iOS/iPadOS > Add > iOS/iPadOS web clip). When you add web clips, there are new settings available:
Read more about the List Of Supported Intune Application Types
- Full screen: If configured to Yes, launches the web clip as a full-screen web app without a browser. Additionally, there’s no URL or search bar, and no bookmarks.
- Ignore manifest scope: If configured to Yes, a full screen web clip can navigate to an external web site without showing Safari UI. Otherwise, Safari UI appears when navigating away from the web clip’s URL. This setting has no effect when the Full screen is set to No. Available in iOS 14 and later.
- Precomposed: If configured to Yes, prevents Apple’s application launcher (SpringBoard) from adding “shine” to the icon.
- Target application bundle identifier: Enter the application bundle identifier that specifies the application that opens the URL. Available in iOS 14 and later.
Introducing Support for Microsoft Azure Attestation (MAA) Service for Windows 11 devices
Starting with Intune Service Release 2307, Intune is introducing support for Microsoft Azure Attestation (MAA) service for Windows 11 devices. Windows 11 devices assigned an Intune Windows Compliance policy with any of the Device Health settings (BitLocker, Code Integrity, Secure Boot) set to “Require” will use the MAA service.
Intune uses the Windows Device Health Attestation (DHA) service for Windows 10/11 Compliance policy – Device Health settings. DHA is a reporting service used to ensure a device boots to a trusted state.
However, Windows 10 devices, and GCCH/DOD environments will continue to use Device health attestation (DHA ) and are not impacted by this change.
Endpoint Privilege Management Support to Manage Elevation Rules for Child Processes
With Intune Endpoint Privilege Management (EPM) you can manage which files and processes are allowed to Run as Administrator on your Windows devices. Now, EPM elevation rules support a new setting, Child process behavior.
With Child process behavior, your rules can manage the elevation context for any child processes created by the managed process. These options include with Intune July Update:
- Allowing all child processes created by the managed process always to run as elevated.
- Allow a child process to run as elevated only when it matches the rule that manages its parent process.
- Deny all child processes from running in an elevated context, in which case they run as standard users.
Updated Reports for Setting Compliance and Policy Compliance are in Public Preview
Starting with Intune July Update Service Release 2307, We will get two new reports as a public preview for Intune device compliance. You can get a list of all the devices that are noncompliant, review device compliance trends, and see the device names and their individual noncompliant settings.
You can find these new preview reports in the Intune admin center at Reports > Device compliance >Reports tab, Click on the below reports to get more details.
- Setting compliance (preview) – See the number of devices in various compliance state for settings.
- Policy compliance (preview) – See the number of devices in various compliance state for policies.
New Updates to Intune App Configuration Policy Reporting
Intune July Update, Service release 2307 introduced several user interface (UI) changes that have been made for Intune app configuration policy reporting. The UI has been updated with the following updates to app configuration policy reporting.
- There is no longer a User status tile or a Not applicable device tile on the Overview section of the App configuration policies.
- There is no longer a User install status report on the Monitor section of the App configuration policies.
- The Device install status report under the Monitor section of the App configuration policies workload no longer shows the Pending state in the Status column.
Quick Recap Video on Intune 2307 Release
Intune July Update Month Service Release and New Features in Intune Service Release 2307 July Update. Let’s check out the quick overview of the released feature with HTMD Community within a minute.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.