Intune Settings Rundown - 2411

Intune Settings Rundown - 2411

Continuing my new regular feature to document interesting new or updated Intune policy settings and UI changes in an easily digestible format!

Note: UI changes can sometimes take time so may not be visible immediately in your tenant.


Configurations UI

Policies from the Endpoint Security blade that are Settings Catalog-backed now also show under Devices > %Platform% > Configuration.

Defender, BitLocker, PDE, Windows Firewall, EPM, ASR, LAPS all now show up as normal Settings Catalog configs, but when opened to edit are still only show the settings within their specific templates.

I'll admit, this change initially really threw me off as I thought policies had been duplicated. While it has since been confirmed this was apparently an intended change, it's not actually documented anywhere (edit: it is now) and this wouldn't be the first time it's happened. A while back Windows Update Rings all appeared in there and that was subsequently rolled back.

Keeping an eye on this one, as I personally don't think this is a good change if intended...


Template Deprecation

ℹ️
While this is not happening until 2412 I'm calling it out here just in case as lots of people seem to have missed it.

Communicated as part of MC925389 and in an official blog, upcoming changes will be removing and/or migrating some of the old Templates available in Intune, starting with the removal of the ability to create new "Administrative Templates".

This isn't as frightening as it sounds, as they've really been sort of redundant since Settings Catalog arrived.

As for some of those other templates, no currently published timelines, but I can't wait for them to disappear as they're some of Intune's own tech debt.


Enhanced Hardware Inventory

Announced in September and part of Intune Core, a new policy profile type will enable you to select a number of system properties to gather from endpoints which can then be viewed via the device object.

This functionality is being slow rolled-out to tenants and is expected to be fully available by mid-December.

Also announced at Ignite is it will be expanding to macOS, iOS/iPadOS and Android early next year. Woo!


Apple iOS & macOS

More new Settings Catalog options, found in the "Restrictions" category:

iOS/iPadOS

  • Allow Apps To Be Hidden
  • Allow Apps To Be Locked
  • Allow Call Recording
  • Allow Default Browser Modification
  • Allow External Intelligence Integrations
  • Allow External Intelligence Integrations Sign In
  • Allow Mail Summary
  • Allow RCS Messaging

macOS

  • Allow External Intelligence Integrations
  • Allow External Intelligence Integrations Sign In
  • Allow Mail Summary
  • Allow Media Sharing Modification
  • Force Bypass Screen Capture Alert

Compliance

Windows Subsystem for Linux (WSL)

A brand new section in the Windows Compliance Policy to change compliance state if using an unauthorised Distro or version within WSL.

Quite niche but an interesting addition!

Compliance for Windows Subsystem for Linux
Evaluate WSL attributes on a host device for compliance.

Windows 365

The "Disconnect On Lock" that were added as part of 2408 were only applicable to Windows 11, but have now been backported to be applicable on Windows 10, 10.0.19041.4474 or higher.


That's it for this month!

Massive thanks to Tom Plant in making these blogs far easier for me to write up!😊

And as always, thanks for reading!

James Robinson

James Robinson

With 20 years of experience, James is a Principal Consultant specialising in Modern Workplace and End User Compute technologies, with a focus on Modern Management and Cloud-Native endpoints.
Brighton(ish), United Kingdom