Microsoft regularly updates their Intune service, sometimes even every week, to make managing devices more secure and efficient. A new feature 2304 April update added called Windows LAPS Management. This will help IT admins keep devices even more secure.

The update will become available in the admin console. You can see the update number in the Tenant Status Blade. There are also more new features coming soon!

In the April (2304) service release, Microsoft significantly improved the security and user experience on three platforms – Windows, Android, and Mac. The Windows Local Administrator Password Solution (LAPS) is one of the most important changes. This provides enhanced security features of on-premises LAPS to the cloud. Additionally, IT professionals can now add Google accounts to Android Enterprise devices. They are personally owned, and new macOS software update policy settings offer more flexibility for users. Users can schedule updates while maintaining admin oversight.

As you explore these new features, do not hesitate to contact us to learn more about how you can try out these new features.

Windows Local Administrator Password Solution is now available

For a while, enterprises have depended on the Microsoft Local Administrator Password Solution (LAPS) on-premises solution to manage and store their local admin password via the MSFT directory. However, the major challenge for enterprises looking to move to the cloud is that LAPS has only been functional on-premises. The good news is that the new Windows LAPS is now available and overcomes this roadblock by enabling all the features and functionality of legacy LAPS to be supported in the cloud.

Windows LAPS offers several benefits to users, including protection against pass-the-hash and lateral-traversal attacks. It also provides enhanced security for remote help desk scenarios, enabling users to sign in and recover previously inaccessible devices. With these benefits, Windows LAPS provides users with an added security layer and convenience. The feature also provides a fine-grained security model that ensures the security of passwords stored in Windows Server Active Directory. This supports the Azure role-based access control model for securing passwords stored in the Azure Active Directory.

Windows LAPS is integrated into Windows, making it easier to maintain and support. There is no require installing a separate client. IT administrators can use Microsoft Intune’s management tools to set up cloud LAPS with new features. With Windows LAPS, administrators have the following capabilities:

  • Admins can set a backup directory for local admin passwords using a policy.
  • Password complexity and rotation rules can be applied to specific devices.
  • Microsoft Intune can be used to monitor the success of Windows LAPS.
  • Manual rotation of local admin passwords is possible outside of the regular schedule.
  • Admins can view the password and its rotation schedules with appropriate permissions.

Enrolling Google Accounts in Android Enterprise Personal Devices

IT professionals can now add Google accounts to Android Enterprise personally owned devices in Intune with a work profile for organizations using Google Workspace. With this integration, they can also customize the features and settings available on these devices as needed.

A new supplementary feature enables IT pros to create an “allow” list for the domains of Google accounts that can be added to the work profile. This update simplifies the process, eliminating the need for a separate Custom OMA-URI policy. This was difficult to troubleshoot and support. Future enhancements will integrate this allow list into the configuration profile creation experience.

These changes address the concerns of many customers requesting more flexibility in managing their devices, particularly those using Google Workspace. This development allows them to leverage Intune’s robust management capabilities fully. Once this capability is launched, it will be available to all Intune environments, including gov clouds.

Let’s compare the previous and current user experiences to see the changes.

Microsoft Intune - 2304 April Edition

Latest macOS software upgrade policy set up balance admin control and UX

Intune is rolling out new management capabilities for macOS, specifically addressing software update policies. These settings balance user experience and administrative control. They allow Intune admins to specify the maximum number of user deferrals and update scheduling priorities.

The new settings in Intune allow users greater flexibility in choosing when to update while administrators can still maintain control and set guardrails. These settings apply to non-critical updates, and the “all other updates” field in the macOS update policy can be set to “install later.” Upon release, this feature will be available in all Intune environments, including gov clouds. With these settings, users can have more control over their device’s update schedule, while administrators can ensure that updates are still being installed in a timely and secure manner.

Microsoft Intune 2304 edition (April)

Let’s compare the previous and current user experiences to see the changes.

Latest macOS software update policy settings balance admin control and UX

Intune is rolling out new management capabilities for macOS, specifically addressing software update policies. These settings balance user experience and administrative control. They allow Intune admins to specify the maximum number of user deferrals and update scheduling priorities.

With these new settings, users will have more flexibility in choosing when to update, while admins can maintain control and set guardrails. These settings apply to non-critical updates, and the “all other updates” field in the macOS update policy can be set to “install later.” This feature will be available upon release in all Intune environments, including gov clouds.

Stay in touch with us to avail our deployment services

At TECHOM Systems, we are committed to helping businesses achieve their goals through the efficient and seamless deployment of cloud solutions such as Microsoft Assets, Teams, etc. We understand that every business is different, which is why we work closely with our clients to provide tailored deployment services that meet their specific requirements.

With Windows LAPS, users can enjoy several benefits, including protection against pass-the-hash and lateral-traversal attacks, enhanced security for remote help desk scenarios, and the ability to sign in and recover previously inaccessible devices.

Choosing TECHOM Systems guarantees top-of-the-line deployment services that will take your business to the next level.

Stay in touch with us today to learn more about how we can help to transform your business communication and collaboration systems for the new era.