Microsoft Endpoint Manager's June (2206) release includes capabilities intended to empower admins by reducing the time it takes to administer and manage devices while improving end user experience. Here are my three favorite additions. We're providing even more macOS management capabilities including the first of many device actions for macOS and in-service configuration of Office apps. Second, we're introducing more flexibility for app security on Android user-less devices so users have the apps and policies they need on these devices. And third, we're bringing several new capabilities to Endpoint analytics, which will give you insights to optimize the security and user experience on your devices.
I hope you enjoy these behind-the-scenes stories as deployment wraps up for the month, and I look forward to your feedback. Please comment on this post or connect with me on LinkedIn.
New app configurations and remote management controls for macOS devices
Now in our sixth consecutive month of highlighting in What's New expanded macOS management capabilities, we're bringing two great new capabilities to you in 2206. As shared last month, usage of macOS management in Endpoint Manager has tripled. Using one tool to manage and secure your entire device portfolio enables admins to be more productive without compromising on security or user experience.
We heard your request to simplify using Property list files and, this month, we've added support to configure Office apps in the Endpoint Manager admin center using the settings catalog. Property list (.plist) files are configurations managed by the operating system. Using .plist requires manual coding, editing, updating, and uploading files, which can lead to time-consuming troubleshooting to fix coding errors throughout the app lifecycle when the configurations don't work as expected. With these updates, you can now easily and intuitively set your Office app configurations, including Outlook, in the admin center.
As hybrid work continues to grow, your users may not be in the same location as you, which is where remote actions are helpful. In 2206 we've introduced two of the most common remote actions taken on devices. You can now remotely restart or shut down managed macOS devices, which will help you apply updates or troubleshoot a device remotely. We'll continue to add additional remote actions in future updates.
Here is a video we've created to walk through these new capabilities:
Frontline worker shared device mobile app management improvements
Many of the 2 billion frontline workers in the world use devices that are shared between employees, to accomplish core business activities, such as vehicle returns at a car rental agency. Often, these individuals may have different app security policies and necessities when using shared devices. For example, the supervisor at a car rental agency may have different app policies from a check-in agent, but both could use the same device throughout the day.
In the 2206 release, we've enhanced how organizations can apply app protection policies (APP, also known as MAM) based on user identities for Android Enterprise dedicated devices enrolled with Azure Active Directory (Azure AD) shared mode and Android (AOSP) devices. IT admins can now specifically target APP to users with specific apps on these device types separately from other Android device types. In addition, IT admins can continue to set app policy by user, and it will now apply to AOSP and Android Enterprise dedicated devices enrolled with Azure AD shared mode. This capability provides more granular protection policies while taking into account shared Android devices.
The experience is built into the Microsoft Endpoint Manager admin center. You can learn more about this new capability in the following blog post: https://aka.ms/APP_shareddevice.
Keep Windows devices protected and productive
Endpoint analytics empowers you to proactively identify and address issues and anomalies that may impact user experiences and help you make improvements before users generate a help desk ticket. It extends this capability to devices regardless of whether it is connected to the cloud and co-managed or is already fully managed in the cloud with Microsoft Intune.
This month we are very pleased to announce preview release of Windows app and update compatibility reports:
Windows feature update device readiness report (Preview) - This report provides per-device information about compatibility risks that are associated with an upgrade or update to a chosen version of Windows.
Windows feature update compatibility risks report (Preview) - This report provides a summary view of the top compatibility risks across your organization for a chosen version of Windows, which you can then use to understand which compatibility risks impact the greatest number of devices in your organization.
These reports are available under Windows Update Reports in the admin center:
We are also introducing device model scores:
Device model scores (coming soon after the 2206 release) - Application reliability and other insights contribute to a device/model level score to help give you visibility into which models are the most performant. With these insights, you can project and prioritize the new hardware refresh cycles or identify specific device types and models that need proactive improvements.
Please share your comments, questions, and feedback so we can continue to improve the endpoint user experience and simplify IT administration. Simply comment on this post or connect with me on LinkedIn.