Glad to publish today my second installment of my Intune Whats new series. This month was ignite and what you need to know that during this time very many are busy internally at microsoft through the Ignite. Nevertheless, the changes in the new service release are very noteworthy. In this blog I will show you the most important news which are related to the Workpalce management.

Use filters with app configuration policies for managed devices

Filters are an enormously helpful tool in Intune. Microsoft supports filters for more and more configurations. Also in this release a support was added namely for app configuration policies. How you can use them I will show you now:

• Open the MEM Portal and Navigate to Apps
• Select App configuration policies
• Click + Add -> Managed Devices
  • It supports only Managed Devices not managed apps
• Follow this Steps:

• In safari it looks like that this feature has an bug. The filter section is empty:

New network endpoints for Microsoft Intune

There are new network endpoints for the Intune Service. Update you proxy or firewall ruleset. A list of endpoints you can find here: Network endpoints for Microsoft Intune.

With he following powershelgl you get an list with all network endpoints:

(invoke-restmethod -Uri (“https://endpoints.office.com/endpoints/WorldWide?ServiceAreas=MEM&clientrequestid=” + ([GUID]::NewGuid()).Guid)) | ?{$_.ServiceArea -eq "MEM" -and $_.urls} | select -unique -ExpandProperty urls

Filter app and group policy assignments using Windows 11 SE operating system SKUs

There a now two new SKUs you can select in Filter Windows 11 SE and Windows 11 SE N.

• Open the MEM Portal and Navigate to Tenant Administration
• Select Filter
• Click + Create

New settings for Device Firmware Configuration Interface (DFCI) profiles on Windows devices

There are new DFCI (Device Firmware Configuration Interface) settings available. Cameras (Front camera, Infrared camera, Rear camera), Radios (WWAN, NFC) and Ports (SD). How you can select them I will show you know.

• Open the MEM Portal and Navigate to Devices
• Select Configuration profiles

Connect Chrome OS devices in Intune (public preview)

Now in public preview, you can establish a connection between the Google Admin console and Microsoft Endpoint Manager admin console. You will see some basic informations and you can trigger actions like restart, wipe or lost mode.

• You can create the connection in the Tenant Administration in the Chrome Enterprise section.

Manage macOS software updates with Intune

This is a realy new feature. You can now configure the software update behaviour for Mac Automated Device Enrollment (ADE). There is an support for the following update types: Critical updates, Firmware updates, Configuration file updates, All other updates (OS, built-in apps). I will show you how you can configure this:

• Open the MEM Portal and navigate to Devices
• Select Update policies for macOS (preview)
• Cllick + Create Profile

For information from Apple about managing macOS software updates, see Manage software updates for Apple devices – Apple Support in the Apple’s Platform Deployment documentation. 

Use the $null value in filters

The second new feature for Intune filter. Now it is possible to check for NULL values. I will show you how you can use this with one example:

• Open the MEM Portal and Navigate to Tenant Administration
• Select Filter
• Click + Create

(device.deviceName -ne $null)