Thursday, September 30, 2021

What’s New in Microsoft Endpoint Manager - 2109 (September) Edition

New capabilities this month show our continued investment in improving workers’ productivity, endpoint experience and increasing security regardless of management type. Visit the complete list of What’s New in Endpoint Manager for 2109 (September) release for details. As usual, I appreciate your feedback. Comment on this post, connect with me on LinkedIn, or tag me @RamyaChitrakar on Twitter.


New platform-based productivity, security, and IT management capabilities

This fall, all three platforms – Android, Apple, and Windows – are releasing new operating systems with new productivity and IT management capabilities. Long before a general availability announcement, we test each beta or insider release in Endpoint Manager to plan for new features, evaluate changes that could affect our existing scenarios, and adjust our supportability plans, if needed. Our goal is to ensure that when the new OS releases, most scenarios you know and love work as expected, and we cover as many new capabilities as possible with or soon after the OS release. We prioritize capability development based on business/customer requests balanced with the development work needed to support each new feature.


Take our recent iOS/iPadOS and macOS platform management additions – both based on Apple developments, and layer on the additional customer-requested iOS/iPadOS/macOS features. IT admins can now:

  • Block users from erasing all content and settings on macOS devices. (Released in September with 2109.)
  • Increase security by controlling connections to external sources, such as servers or paired devices. For example, they can disable a device connection to the Siri servers for translation (iOS/iPadOS 15+) and dictation (iOS/iPadOS 14.5+). (Released in September with 2109.)
  • Apply a profile to iOS and iPadOS 14.5 + managed devices that can restrict users from booting their devices into recovery mode with unpaired devices. This setting enables administrators to prevent the risk of an unpaired device or host computer to erase the device data to restore the operating system. (Released in September with 2109.)
  • Review and edit the logic that Intune uses to detect whether an app is successfully installed (delivered in What’s New for 2108).

See Microsoft Endpoint Manager updates for new Apple systems for more on what’s been released or coming soon for Apple OS support. Be sure to also review Android 12 Day Zero Support with Microsoft Endpoint Manager for applicability prior to Android’s anticipated fall release.


Manage your Android device portfolio more effectively

This month we’re introducing two capabilities to manage frontline worker devices better and more efficiently. Often industry-specific devices used by workers require naming to help correlate devices to specific stores, factories, or facilities. And these devices often also need location services to find lost or missing devices. The first capability we’re delivering allows you to rename your Android Enterprise dedicated, fully managed, and corporate-owned work profile devices, individually or in bulk in the Endpoint Manager admin center.

Here’s a screen shot that combines both the bulk device action (left) and the individual rename action (right) from the Endpoint Manager admin center:


Here’s a screen shot that combines both the bulk device action (left) and the individual rename action (right) from the Endpoint Manager admin center.png


The second capability helps you to find a lost or stolen Android Enterprise dedicated device. A new remote action allows you to locate the device when it’s online or see the last known location of one that’s offline. If you attempt to locate a device that’s currently offline, you’ll see its last known location as long as the device was able to check-in with Intune within the last seven days. This feature is currently only available for Android devices enrolled as Android Enterprise dedicated devices and is particularly helpful for Frontline workers who share devices that can easily get lost between shift hand-offs or between different vehicles.


Here's what Locate device looks like for Android Enterprise managed devices in the admin center:


Locate device.png


And here’s an example of a located device in the UI:


Located Device.png


Protect tenant-attached devices with expanded security settings

Security is a priority for many organizations using Endpoint Manager. Security administrators have a dedicated experience in our Endpoint Security node to manage and deploy critical security configurations. To further their scope of management, we are expanding our supported settings for devices that are tenant-attached through Configuration Manager and adding per-device reporting for these devices.


Among the expanded support for tenant-attached devices is more functionality in the Windows Security experience profile. We previously introduced this profile with tamper protection and now include all the settings available for the Windows Defender Security Center. The changes to this profile and others expand the controls available for those critical devices that cannot yet be managed directly from the cloud, while keeping the configuration experience in the same surface as devices enrolled in cloud management.


Here’s what the expanded Windows Security experience experience profile now looks like from Endpoint Manager:


Create Profile.png


Share your feedback

We keep our customers’ needs top of mind and invest in areas that improve the user experience and simplify IT administration. Questions? Feedback? Comment on this post, connect with me on LinkedIn, or tag me @RamyaChitrakar on Twitter.

Posted at