When it comes to Microsoft Endpoint Manager (MEM), there’s always a steady stream of new features that clients should be paying attention to.
Technology is constantly changing and the products that we use need to improve as well. Especially if we consider the recent surge in cybercrime as seen in the FBI’s 2020 internet crime report.
No business is immune and as such, technology companies have to consistently enhance their products to ensure that clients’ data is secure. With security in mind, let’s take a look at the exciting new features that Microsoft is bringing to the MEM platform.
Enhancing security through Microsoft Endpoint Manager filters
Microsoft Endpoint Manager has now made it possible for IT admins to use filters to target apps, policies, and other workload types to specific devices.
By utilizing these filters, IT admins get more flexibility and can better protect data within applications, simplify app deployments, and speed up software updates.
Furthermore, it is now easier for admins to comply with their organizational policies and compliance requirements by deploying:
- A Windows 10 device restriction policy only to the corporate devices of users in a particular department without including personal devices,
- An iOS app to only the iPad devices for users in another department,
- An Android compliance policy for mobile phones to all users in the company but exclude Android-based meeting room devices that don’t support the settings in that mobile phone policy.
To see how to make use of these filters, check out this video.
Windows 10 Enterprise multi-session support
Windows 10 Enterprise multi-session is a new Remote Desktop Session Host exclusive to Windows Virtual Desktop on Azure which allows multiple concurrent user sessions. Additionally, with this feature, users get the benefit of a familiar Windows 10 experience. In addition, IT can benefit from the cost savings that a multi-session allows and use existing per-user Microsoft 365 licensing.
By leveraging Intune, you can manage multi-session remote desktops with device-based configurations like a shared, user-less Windows 10 client. Moreover, you can enroll Hybrid Azure AD joined VMs in Intune automatically and target with OS scope policies and apps.
This means that now you can:
- Host multiple concurrent user sessions using the Windows 10 Enterprise multi-session SKU exclusive to Windows Virtual Desktop on Azure.
- Manage multi-session remote desktops with device-based configurations like a shared, user-less Windows 10 Enterprise client.
- Automatically enroll Hybrid Azure AD-joined virtual machines in Intune and target them with device scope policies and apps.
Policy management made simpler
Using the settings catalog simplifies the process of customizing, setting, and managing device and user policy settings. Remember, managing policy configuration through custom Open Mobile Alliance Uniform Resource Identifier (OMA-URI) policy is not the easiest of tasks to undertake.
Moreover, what the 2105 service release does is support your move from Group Policy Objects (GPO) or custom OMA-URI to cloud-based consolidated policies.
Clients will be happy to note that 5,000 settings have been added to the settings catalog for Edge, Office, and OneDrive, including additional settings for macOS and Windows.
Microsoft Tunnel Gateway changes
There are a couple of changes to note for the Microsoft Tunnel Gateway:
- Microsoft Tunnel Gateway (MTG) is now out of preview and thus is generally available. However, while the MTG server component is out of preview, the following Microsoft Tunnel apps are not – Microsoft Tunnel standalone app (for both Android and iOS) and Microsoft Defender for Endpoint with support for Microsoft Tunnel for Android.
- Custom setting support in VPN profiles for Microsoft Tunnel for Microsoft Defender for Endpoint for Android. New changes here mean that you can now use custom settings in the VPN Profile for Microsoft Tunnel to configure Microsoft Defender for Endpoint when using the Microsoft Defender for Endpoint as your Microsoft Tunnel client app for Android and as an MTD app.
Device security with Microsoft Endpoint Manager
Another update that is certain to make MEM clients happy is that conditional access on Jamf-managed macOS devices for Government Cloud is now available.
By using Intune’s compliance engine, you can now evaluate Jamf-managed macOS devices for Government Cloud.
All one has to do to achieve this is to activate the compliance connector for Jamf. The steps on how to do that can be found here.
New Microsoft Endpoint Manager settings available
There are new settings now available when creating a device restrictions policy for iOS/iPadOS (14.5 devices and newer). Moreover, these are the updates that have been introduced:
- Block Apple Watch auto unlock: You can set this to Yes and this will prevent users from unlocking their device with Apple Watch.
- Allow users to boot devices into recovery mode with unpaired devices: If you want to allow users to boot their device into recovery with an unpaired device, you can set this one to Yes.
- Block Siri for dictation: To disable connections to Siri servers so that users can’t use Siri to dictate text, set to Yes.
To view these settings you can go here.
Clients will now get new tiles that show the number of app installation failures for the tenant. You can find these in the Home, Dashboard, and Apps Overview panes. All one has to do is follow a few simple steps:
- Go to the Microsoft Endpoint Manager admin center,
- To view the Home pane select Home,
- Alternatively, if you want to view the Dashboard pane select Dashboard.
- And to view the Apps Overview pane, select Apps > Overview.
Microsoft Endpoint Manager has many different ways that various companies can use it. It gives you a fantastic platform to gather end-point information. Also, it gives you the ability to push out Microsoft Desktop apps, Microsoft Edge as well as several other apps. And by consistently updating the features, Microsoft can help your business to operate more efficiently and enhance your data security and privacy.