| title | titleSuffix | description | keywords | author | ms.author | manager | ms.date | ms.topic | ms.service | ms.technology | ms.assetid | ms.reviewer | ms.suite | search.appverid | ms.custom | ms.collection |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
In development - Microsoft Intune |
Microsoft Intune features in development |
ErikjeMS |
erikje |
dougeby |
09/27/2019 |
conceptual |
microsoft-intune |
cacampbell |
ems |
MET150 |
seodec18 |
M365-identity-device-management |
To assist in your readiness and planning, this page lists Intune UI updates and features that are in development but not yet released. In addition:
- If we anticipate that you'll need to take action before a change, we’ll publish a complementary Office Message Center post.
- When a feature is launched in production, either as a preview or generally available, the feature description will move off this page and onto the What's New page.
- This page and the What's New page are updated periodically. Check back for additional updates.
- Refer to the M365 roadmap for strategic deliverables and timelines.
Note
These items reflect Microsoft’s current expectations about Intune capabilities coming in a future release. Dates and individual features may change. Not all items in development have a feature description on this page.
RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader: https://docs.microsoft.com/api/search/rss?search=%22in+development+-+microsoft+intune%22&locale=en-us
When creating an app configuration policy, you'll be able to include the AAD Device ID configuration variable as part of your configuration settings. In Intune, select Client apps > App configuration policies > Add. Enter your configuration policy details and select Configuration settings to view the Configuration settings blade.
Dark Mode is planned for the iOS Company Portal. Download company apps, manage your devices, and get IT support in the color scheme of your choice. For more information about the iOS Company Portal, see How to configure the Microsoft Intune Company Portal app.
For an Android Enterprise work profile device, it is never possible for end users to install apps from unknown sources into the work profile. You'll be able to optionally extend this restriction to the personal profile as well. If you enable this restriction, end users on Android Enterprise work profile devices will also be prevented from side-loading apps from unknown sources into the personal side of their device.
The UI to create and edit app protection policies and iOS app provisioning profiles in Intune will be updated. UI changes include:
- A simplified experience by using a wizard-style format condensed within one blade.
- An update to the create flow to include assignments.
- A summarized page of all things set when viewing properties, prior to creating a new policy or when editing a property. Also, when editing properties, the summary will only show a list of items from the category of properties being edited.
Policy sets allow you to create a bundle of references to already existing management entities that need to be identified, targeted, and monitored as a single conceptual unit. Policy sets do not replace existing concepts or objects. An admin can continue to assign individual objects as they do today. Individual objects are referenced by a Policy set. Therefore, any changes to those individual objects will be reflected in the Policy set. In Intune, you will select Policy sets > Create to create a new Policy set.
You'll be able to install and run Win32 apps on Windows 10 S mode-managed devices. You'll be able to create one or more supplemental policies for S mode using the Windows Defender Application Control (WDAC) PowerShell tools. Sign the supplemental policies with the Device Guard Signing Portal and then upload and distribute the policies via Intune. In Intune, you will find this capability by selecting Client apps > Windows 10 S supplemental policies.
As an admin, you'll be able to configure the start time and deadline time for a required app. At the start time, Intune management extension will start the app content download and cache it. The app will be installed at the deadline time. For available apps, start time will dictate when the app is visible in Company Portal. In Intune, select Client apps > Apps. Then, select a specific app from the list or select Add to add a new app. From the app blade, select Assignments > Add group. Set the Assignment type to Required and then select Included Groups. Set Make this app required for all users to Yes and select Edit to modify the End user experience options. In the End user experience blade, set the Software available time as needed. For more information about adding apps, see Add apps to Microsoft Intune.
You'll be able to require that a Win32 app must restart after a successful install. Also, you'll be able to choose the amount of time (the grace period) before the restart must occur.
The Company Portal app on Windows devices will be updated to display toast notifications to users, even when the application is closed. The update will only show notifications for available apps when the install status is completed or failed. The Company Portal app will not show notifications for required applications.
The Company Portal app will show additional app installation status messages to end users. The following conditions will apply to new Win32 dependency features:
- App failed to install. Dependencies defined by the admin were not met.
- App installed successfully but requires a restart.
- App is in the process of installing, but requires a restart to continue.
You'll be able to add and assign the latest version of Microsoft Edge beta to Intune for macOS devices. From Intune, select Client apps > Apps > Add app > Microsoft Edge - macOS. Then, assign Microsoft Edge beta to the intended groups. Microsoft AutoUpdate (MAU) keeps Microsoft Edge up-to-date. For more information about Microsoft Edge, see Manage web access by using Microsoft Edge with Microsoft Intune.
Intune app protection policies (APP) on Android and iOS devices will allow you to control app notification content for Org accounts. This feature will require support from applications and may not be available for all APP enabled applications. For more about APP, see What are app protection policies?.
For available app installs on Android work profile devices, you can view app installation status and the installed version of managed Google Play apps. For more information, see How to monitor app protection policies, Manage Android work profile devices with Intune and Managed Google Play app type.
On iOS and iPadOS devices, you can create a profile to restrict features and settings on devices (Device configuration > Profiles > Create profile > iOS/iPadOS for platform > Device restrictions for profile type). There will be new settings you can control:
- Access to network drive in Files app
- Access to USB drive in Files app
- Wi-Fi always turned on
To see the current settings, go to iOS device settings to allow or restrict features using Intune.
Applies to:
- iOS 13.0 and newer
- iPadOS 13.0 and newer
On Android and Android Enterprise devices, you can create a Wi-Fi profile to configure different settings (Device configuration > Profiles > Create profile > Android or Android Enterprise for platform > Wi-Fi for profile type). The Connect automatically setting will be removed, as it's not support by Android.
If you use this setting in a Wi-Fi profile, you may notice that Connect automatically won't work. You don't need to take any action, but be aware this setting is removed in the Intune user interface.
To see the current settings, go to Android Wi-Fi settings or Android Enterprise Wi-Fi settings.
Applies to:
- Android
- Android Enterprise
On Android Enterprise devices, you can create a VPN profile with different VPN clients (Device configuration > Profiles > Create profile > Android Enterprise for platform > Device owner > Device restrictions for profile type > Connectivity). You'll be able to configure a global HTTP proxy to meet your organization's web browsing standards. All apps that go to HTTP web sites use this proxy.
Applies to:
- Android Enterprise Device Owner
On Windows 10 and later, you can create a device configuration profile to control settings and features (Device configuration > Profiles > Create profile > Windows 10 and later for platform). There will be a new device firmware configuration interface profile type that allows Intune to manage UEFI (BIOS) settings.
To see an overview of all the settings you can configure, see Apply features and settings on your devices using device profiles in Microsoft Intune.
Applies to:
- Windows 10 RS5 (1809) and newer on some OEMs
We'll be adding full support for PKCS certificates on devices that run macOS. Users will be able to deploy user and device certificates with customization subject and subject alternative name fields. We also will have a new setting Allow All Apps Access, which by enabling gives all associated apps access to the private key. For more details on this setting, visit the following Apple documentation: https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf.
We’ll be adding support for Derived Credentials, which support the National Institute of Standards and Technology (NIST) 800-157 standard for deploying certificates to devices. Derived credentials rely on the use of a Personal Identity Verification (PIV) or Common Access Card (CAC) card, like a smart card. Users authenticate with their smart card on a computer, and then submit a request for a certificate for their managed device following the process required by the derived credential provider.
The process to use Derived Credentials to get a certificate is different than using SCEP or PKCS certificate profiles, but the end result is the same – mobile devices with certificates for authentication that can be used for app authentication, VPN, Wi-Fi, or email profiles.
For more information, see Derived PIV Credentials at www.nccoe.nist.gov.
The initial release of derived credentials will support Entrust Datacard, Intercede, and DISA Purebred on iOS. Additional platforms and derived credential providers will be supported in later releases.
Specify which Android device operating system versions enroll with work profile or device administrator enrollment
Using Intune device type restrictions, you'll be able to use the device's OS version to specify which user devices will use Android Enterprise work profile enrollment or Android device administrator enrollment. To do so, go to Intune > Device enrollment > Enrollment restrictions > Create restriction > Device type restriction > Platform settings.
You'll be able to edit the Device Name value for Azure AD Joined Autopilot devices. To do so, go to Intune > Device enrollment > Windows enrollment > Windows Autopilot > Devices > choose the device > change the Device Name value in the right pane > Save.
Using markdown, you'll be able to customize the Company Portal's privacy screen that end users see during iOS enrollment. Specifically, you'll be able to customize the list of things that your organization can't see or do on the device.
You'll be able to edit the Group Tag value for Autopilot devices. To do so, go to Intune > Device enrollment > Windows enrollment > Windows Autopilot > Devices > choose the device > change the Group Tag value in the right pane > Save.
We’ll be rolling out an updated create and edit UI experience for Windows 10 Update Rings for Intune. Changes to UI will include:
- Simplify the existing experience by using a wizard-style format condensed within one blade. This UI update will do away with blade sprawl that requires IT Pros to drill down into deep blade journeys.
- Revise the create flow to include Assignments.
- The addition of a summarized page of all things set when viewing Properties, prior to creating a new update ring, and when editing a property. When editing, the summary will only show the list of items set within the one category of properties being edited.
We’ll be rolling out an updated create and edit UI experience for iOS Software Updates to Intune. Changes to UI will include:
- Simplify the existing experience by using a wizard-style format condensed within one blade. This UI update will do away with blade sprawl that requires IT Pros to drill down into deep blade journeys.
- The iOS Software Update policy create flow will update to include Assignments
- The iOS Software Update policy will include a summarized page of all things set when viewing Properties, prior to creating a new policy and when editing a property. When editing, the summary will only show the list of items set within the one category of properties being edited.
You’ll be able to target specific groups of users to require that their macOS devices are managed by Jamf. This targeting will enable you to apply the Jamf compliance integration to a subset of macOS devices while other devices continue to be managed by Intune. It will also let you gradually migrate users' devices from one MDM to the other.
Device names will have to follow these rules:
- 15 characters or less (must be less than or equal to 63 bytes, not including trailing NULL)
- Not null or empty string
- Allowed ASCII: Letters (a-z, A-Z), numbers (0-9), and hyphens
- Allowed Unicode: characters >= 0x80, must be valid UTF8, must be IDN-mappable (RtlIdnToNameprepUnicode succeeds; see RFC 3492)
- Names must not contain only numbers or start with a number
- No spaces in the name
- Disallowed characters: { | } ~ [ \ ] ^ ' : ; < = > ? & @ ! " # $ % ` ( ) + / , . _ *)
You'll be able to deploy Software Updates to groups of macOS devices. This feature includes critical, firmware, configuration file, and other updates. You'll be able to send updates on the next device check-in or select a weekly schedule to deploy updates in or out of time windows that you set. This feature helps when you want to update devices outside standard work hours or when your help desk is fully staffed. You'll also get a detailed report of all macOS devices with updates deployed. You can drill into the report on a per-device basis to see the statuses of particular updates.
We'll be adding a new report to the Devices overview page that displays how many Android devices have been enrolled in each device management solution. This chart will show work profile, fully managed, dedicated, and device administrator enrolled device counts. To see the report, choose Intune > Devices > Overview.
A new report will detail each device deployed through Windows Autopilot. This data will be available for 30 days after deployment. To see the report, go to Intune > Device enrollment > Monitor > Autopilot deployments.
As part of continuing improvements, we’ll be updating the in-console support experience for Intune. We’ll be improving the in-console search and feedback for common issues, and streamlining the workflow to contact support.
[!INCLUDE Intune notices]
See What’s New in Microsoft Intune for details on recent developments.