In this post, You will get details of the Microsoft Intune 2402 February Update new features. Intune Service Release 2402 added more features to Device configuration and security. Each update brings enhancements and new capabilities to deliver the best user experience.
With the Intune 2402 update, Windows Autopilot enhancements Pre-provisioning and self-deploying mode are moved from public preview to general availability; Intune extended the capability of importing custom ADMX and ADML to 20 and a new capability to approve driver updates in bulk.
The Intune 2402 addition of the general availability of await final configuration, a feature of the automated device enrollment process that prepares the device for users before they reach the desktop.
Microsoft regularly releases updates, sometimes even every week, to improve the security and efficiency of device management. The addition of new features will drive productivity and allow the management of more complex scenarios for users and admins.
- Microsoft Intune Extends Support To Android 10 And Later From October 2024
- Use Power Automate To Import Autopilot Devices Hash Via EMail For Intune Engineers
Where to Check Intune Service Release Version?
The steps guide you to check the service release version of Microsoft Intune. Here’s how you can check the Intune service release version for your tenant.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com.
- Navigate to Tenant Administration and select Tenant Status.
Navigate to the “Tenant Details” tab to view your current service version, which will be displayed under “Service Release”. The latest released version is Intune Service Release 2402.
Note Intune Service Release Version numbers are named based on the YYMM format. Here you can see Intune service release 2402. It means this version is released in February 2024.
| Service Release | What’s New in Intune (Past Release) |
|---|---|
| Intune Service Release 2401 | New Features In Intune 2401 January Update |
| Intune Service Release 2312 | Microsoft Intune 2312 December Update New Features |
Microsoft Intune 2402 February Update New Features, Improvements
The Intune 2402 service releases February update, and some features may roll out over several weeks and might be available to all customers this week. The order and duration vary. Each monthly update may take up to three days to roll out and will be in the following order.
- Day 1: Asia Pacific (APAC)
- Day 2: Europe, Middle East, Africa (EMEA)
- Day 3: North America
- Day 4+: Intune for Government
Update to Intune Management Extension on Windows
To support expanded functionality and bug fixes, use .NET Framework 4.7.2 or higher with the Intune Management Extension on Windows clients. If a Windows client continues to use an earlier version of the .NET Framework, the Intune Management Extension will continue to function.
The .NET Framework 4.7.2 is available from Windows Update as of July 10, 2018, which is included in Win10 1809 (RS5) and newer. Note that multiple versions of the .NET Framework can coexist on a device.
Additional App Configuration Permissions for Android Apps
Starting with the Intune 2402 February update, There are six new permissions that can be configured for an Android app using an app configuration policy. Application Configuration policies can be used to customize the application behaviour as per your organizational requirements. These include the following permissions:
- Allow background body sensor data
- Media Video (read)
- Media Images (read)
- Media Audio (read)
- Nearby Wifi Devices
- Nearby Devices
Read more – Additional App Configuration Permissions for Android Apps
Newly Available Protected Apps for Intune
The following protected apps are now available for Microsoft Intune, Starting with the Intune 2402 February update.
Use Assignment Filters on Endpoint Privilege Management (EPM) Policies
You can use assignment filters to assign a policy based on the rules you create. A filter allows you to narrow the assignment scope of a policy, like targeting devices with a specific OS version or a specific manufacturer. You can use filters on Endpoint Privilege Management (EPM) policies.
New Device Restriction Settings Available in Apple Settings Catalog
The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. There are new settings in the Settings Catalog. To see these settings, in the Microsoft Intune admin center, go to Devices > Configuration > Create > iOS/iPadOS or macOS for platform > Settings catalog for profile type.
iOS/iPadOS
- Restrictions
macOS
- Full Disk Encryption > FileVault > Force Enable In Setup Assistant
- Restrictions > Force Classroom Unprompted Screen Observation
Read more – New Device Restriction Settings Available in Apple Settings Catalog
let’s see how to configure FileVault Encryption Settings for macOS Devices using Intune. We will give a quick overview of how and why creating FileVault encryption settings for macOS devices is important.
Import up to 20 custom ADMX and ADML Administrative Templates
Starting with the Intune 2402 February update, You can import custom ADMX and ADML administrative templates in Microsoft Intune. Previously, you could import up to 10 files. Now, you can upload up to 20 files. For more information on this feature, go to Import Custom ADMX Administrative Templates In Intune Portal.
Turn Off Copilot in Windows Setting from Intune Settings Catalog
The Settings Catalog lists all the settings you can configure in a device policy, and all in one place. There is a new setting in the Settings Catalog. To see this setting, in the Microsoft Intune admin center, go to Devices > Configuration > Create > Windows for platform > Settings catalog for profile type.
- Windows AI > Turn Off Copilot in Windows (User)
New setting for updating MAC address randomization on Android Enterprise Devices
There is a new MAC address randomization setting on Android Enterprise devices (Devices > Configuration > Create > Android Enterprise for platform > Fully Managed, Dedicated, and Corporate-Owned Work Profile > Wi-Fi for profile type).
Starting with Android 10, when connecting to a network, devices present a randomized MAC address instead of the physical MAC address. Randomized MAC addresses are recommended for privacy, as tracking a device by its MAC address is harder. However, randomized MAC addresses break functionality that relies on a static MAC address, including network access control (NAC). Your options:
- Use device default: Intune doesn’t change or update this setting. By default, when connecting to a network, devices present a randomized MAC address instead of the physical MAC address. Any updates made by the user to the setting persist.
- Use randomized MAC: Enables MAC address randomization on devices. When connecting to a new network, devices present a randomized MAC address, instead of the physical MAC address. If the user changes this value on their device, it resets to Use randomized MAC on the next Intune sync.
- Use device MAC: Forces devices to present their actual Wi-Fi MAC address instead of a random MAC address. This setting allows devices to be tracked by their MAC address. Only use this value when necessary, such as for network access control (NAC) support. If the user changes this value on their device, it resets to Use device MAC on the next Intune sync.
Windows Autopilot Self-deploying Mode is now Generally Available
Windows Autopilot self-deploying mode is now generally available and out of preview. Windows Autopilot self-deploying mode enables you to deploy Windows devices with little to no user interaction. Once the device connects to network, the device provisioning process starts automatically: the device joins Microsoft Entra ID, enrolls in Intune, and syncs all device-based configurations targeted to the device.
Self-deploying mode ensures that the user can’t access desktop until all device-based configuration is applied. The Enrollment Status Page (ESP) is displayed during OOBE so users can track the status of the deployment.
Windows Autopilot for Pre-provisioned Deployment is now Generally Available
Windows Autopilot for pre-provisioned deployment is now generally available and out of preview. Windows Autopilot for pre-provisioned deployment is used by organizations that want to ensure devices are business-ready before the user accesses them.
With pre-provisioning, admins, partners, or OEMs can access a technician flow from the Out-of-box experience (OOBE) and kick off device setup. Next, the device is sent to the user, who completes provisioning in the user phase. Pre-provisioning delivers most of the configuration in advance so the end user can get to the desktop faster.
ESP Setting to Install Required Apps During Windows Autopilot Pre-provisioning
The setting Only fail selected blocking apps in technician phase is now generally available to configure in Enrollment Status Page (ESP) profiles. This setting only appears in ESP profiles that have blocking apps selected. For more information, Install Required Apps In Windows Autopilot Enrollment Status Page
New Local Primary Account Configuration for macOS Automated Device Enrollment
Configure local primary account settings for Macs enrolling in Intune via Apple automated device enrollment. These settings, supported on devices running macOS 10.11 and later, are available in new and existing enrollment profiles under the new Account Settings tab.
For this feature to work, the enrollment profile must be configured with user-device affinity and one of the following authentication methods:
Await final Configuration for macOS Automated Device Enrollment now Generally Available
Now generally available, await final configuration enables a locked experience at the end of Setup Assistant to ensure that critical device configuration policies are installed on devices. The locked experience works on devices targeted with new and existing enrollment profiles, enrolling via one of these authentication methods:
- Setup Assistant with modern authentication
- Setup Assistant (legacy)
- Without user device affinity
AOSP Devices Policy Refresh Interval
On devices enrolled with Android (AOSP) management, Intune attempts to check for new tasks and notifications approximately every 15 minutes. To use this feature, devices must be using the Intune app version 24.02.4 or newer.
Bulk Approval of Windows Drivers
Starting with the Intune 2402 February update, Bulk actions are now available for Windows Driver update policies. With bulk actions, multiple driver updates can be approved, paused, or declined at the same time, saving time and effort.
When bulk approving drivers, the date for when the drivers become available to applicable devices can also be set, enabling drivers to be installed together. You can find more information in the post, Efficient Management Of Windows Driver Firmware Updates From Intune Policy.
Intune Customization Pane Support for Excluding Groups
The Customization pane now supports selecting groups to exclude when assigning policies. You will find this setting in the Microsoft Intune admin center by selecting Tenant administration > Customization.
New Device Management Experience for Government Clouds in Microsoft Intune
In government clouds, there’s a new device management experience in the Intune admin center. The Devices area now has a more consistent UI, with more capable controls and an improved navigation structure, so you can find what you need faster.
If you want to try the new experience before your tenant is updated, go to Devices > Overview, select the Preview upcoming changes to Devices and provide feedback notification banner, and select Try it now.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.