Intune Settings Rundown - 2501
Continuing my new regular feature to document interesting new or updated Intune policy settings and UI changes in an easily digestible format!
Note: UI changes can sometimes take time so may not be visible immediately in your tenant.
Recall
Now that Recall has found it's way into Insider builds, the much needed enterprise controls around the feature are configurable!
Some really great options here including blocking snapshots of not only specific applications, but also individual websites, as well as retention period configuration.
But, before everyone gets over-excited and immediately starts deploying these policies to block it, firstly, these aren't currently useful unless you're running preview builds, and secondly, I'm going to highlight this very important information:
In-market commercial devices are defined as devices with an Enterprise (ENT) or Education (EDU) SKU or any premium SKU device that is managed by an IT administrator (whether via Microsoft Endpoint Manager or other endpoint management solution), has a volume license key, or is joined to a domain. Commercial devices during Out of Box Experience (OOBE) are defined as those with ENT or EDU SKU or any premium SKU device that has a volume license key or is Microsoft Entra joined.
Source: https://learn.microsoft.com/en-us/windows/client-management/manage-recall
Oh, and unless you've specifically got a Copilot+ PC with an NPU, Recall isn't a thing anyway. I fully expect a bunch of false information to continue to fly around about this, but please don't encourage it.
Two other options in the CSP, DisableCocreator and DisableGenarativeFill for image generation in the Paint app are missing from Intune, but I imagine we'll see them soon.
Defender Device Control
Device Control included as part of Defender for Business/Defender for Endpoint can now be applied to non-MDM, MDE Enrolled devices!
denisebmsft
MacOS & iOS
DDM Math Settings
DDM continues to get love with settings to control the Apple Intelligence Calculator and Math Notes being available for both MacOS and iOS/iPadOS.
iOS Wallpaper
Some new Managed Settings config to deploy a custom wallpaper to Supervised (i.e. non-User Enrolment, cos they're all considered BYOD) iOS/iPadOS devices:
Edge
A bunch of new policies for Edge v130 and v131, including restrictions around Copilot access when signed in with an Entra profile:
Additionally, the Security Baseline for Microsoft Edge has been update to Version 128 (even though, you know, we're currently on v132...)
Office
There's a new setting for something that bugs me all the time: File links opening in the web rather than in the Desktop app!
| Policy Name | File links open preference default selection as Desktop App (User) |
| Policy Location | Microsoft Office 2016/Miscellaneous |
| Policy Tooltip | his policy setting controls which file links open preference is set as the default for users’ who has not make their selection. For more information about file links handling and open preference in Office, see https://go.microsoft.com/fwlink/?linkid=2277074. User can manually change the default selection anytime. If you enabled this policy setting, file open preference in Word, Excel, PowerPoint, and Outlook will be defaulted to open in Desktop App. If you disable this policy setting, file open preference in Word, Excel, PowerPoint, and Outlook will be defaulted to open in web browser.\ Note: This policy setting only applies to subscription version of Office. |
| Available Settings | Enabled / Disabled |
| Policy Scopes | (User) |
Windows 365
The "Disconnect On Lock" that were added as part of 2408 were only applicable to Windows 11, but have now been backported to be applicable on Windows 10, 10.0.19041.4474 or higher.
That's it for this month!
Massive thanks to Tom Plant in making these blogs far easier for me to write up!😊
And as always, thanks for reading!
Comments ()