What's new in Microsoft Intune

Linda Avraamides

Learn what’s new in this release of Microsoft Intune. You can also find out about upcoming changes that you should be planning for, as well as information about past releases.

All of these features will eventually be supported for hybrid customers' deployments (Configuration Manager with Intune). For more information about new hybrid features, check out our hybrid What’s New page.

July 2016

App management

Improve the app provisioning profile update experience

Apple iOS line of business mobile apps are built with a provisioning profile included and code signed with a certificate. When the app runs on an iOS device, iOS confirms the integrity of the iOS app and enforces policies defined by the provisioning profile.

The enterprise signing certificate you use to sign apps typically lasts for 3 years. However, the provisioning profile expires after 1 year. With this update, Intune gives you the tools to proactively deploy a new provisioning profile policy to devices that have apps that are near expiry while the certificate is still valid. For more information, see Use iOS mobile provisioning profile policies to keep your line of business apps up to date.

Xamarin SDK for Intune apps is available

The Intune App SDK Xamarin component allows you to enable the Intune mobile app management features in your mobile iOS and Android apps built with Xamarin. You can find the component in the Xamarin store or on the Microsoft Intune Github page.

Device management

Increased device enrollment limits

Intune increased the maximum configurable device enrollment limit from 5 to 15 devices per user.

Company Portal updates

Company Portal website

  • Improved end-user experience when enrolling Windows devices
    When you are using conditional access, the enrollment steps for Windows 8.1, Windows 10 Desktop, and Windows 10 Mobile have been clarified in the Company Portal website. Users will now see separate “Device enrollment” and “Workplace Join” steps, making it easier for them to see the status of their device and to complete the process if they experience a Workplace Join (WPJ) failure. The separate steps are also expected to simplify the troubleshooting process for IT administrators. Previously, when end users tried to enroll and all enrollment steps succeeded except for WPJ, the enrolled device would not appear on the list of devices for users to identify, causing confusion for users.


  • Android Company Portal app
    If Android end users see an error message that says their device is missing a required certificate, they can tap a "How to resolve this" button to get steps for installing the missing certificate. If users complete the steps, but see an additional "missing certificate" error message, they are asked to contact their IT administrator and provide this link, which contains steps that IT administrators can use to fix the certificate issue.

  • Restrict side-loaded app installations to enrolled devices
    Android devices can no longer install applications through the Company Portal website unless the devices have been enrolled in Intune by using the Intune Company Portal app for Android.


  • Changes to Device Enrollment Managers accounts in the iOS Company Portal app
    To improve performance and scale, Intune no longer displays all Device Enrollment Managers (DEM) devices in the My Devices pane of the iOS Company Portal app. Only the local device running the app is displayed, and only if it is enrolled via the Company Portal app.

    The DEM user may perform actions on the local device, but remote management of other enrolled devices can only be performed from the Intune admin console. Additionally, Intune is deprecating use of DEM accounts with either the Apple Device Enrollment Program or the Apple Configurator tool. Both these enrollment methods already support user-less enrollment for shared iOS devices.

    Only use DEM accounts when user-less enrollment for shared devices is unavailable. For more information, see Enroll corporate-owned devices with the Device Enrollment Manager in Microsoft Intune.

Change of names for Windows features

What's coming

Intune Groups transitioning to Azure Active Directory Groups beginning in August 2016

Intune is creating a new group management experience that uses Azure Active Directory (AAD) security groups. These Azure AD based security groups can contain both users and devices, and will be used for all group management, policy deployment, and profile deployment when we introduce the new Azure-based Intune admin portal.

This new experience will:

  • Free you from having to duplicate groups between services.
  • Allow you access to some new Azure Active Directory Premium (AADP) group features.
  • Provide extensibility using PowerShell and Graph.
  • Unify the group management experience across enterprise mobility management.

To enable the move to Security Groups, the experience in the current admin console will undergo some modifications. These changes, and the use of Azure AD security groups, will be recorded in the Intune documentation.

Customers who are new to Intune will see some of the security group changes before current tenants do.

In addition to changes in group management, the following functionality will be deprecated:

  • Excluding members or groups while creating a new group
  • Ungrouped Users and Ungrouped Devices groups
  • Manage Groups in the Service Admin role
  • Custom group-based alerts for Notification Rules
  • Pivoting with groups in reports

More information on how these deprecations can be mitigated will be released in August.

Addition of 'Notifications' to the Company Portal for Android

We are releasing an update to the Company Portal for Android in August that will introduce a new Notifications icon on the homepage. Tapping this icon will access the Notifications page that will show your end user all the items that require attention in the Company Portal app such as device non-compliance, enrollment update, and enrollment activation. If you also use the iOS Company Portal app, you’ll already see the notifications experience. With the introduction of the Notifications page, you will not see the Company Access Setup page every time you launch or resume the Company Portal for Android as long as the device is already enrolled. We hear many of you have created end-user guidance and appreciate advanced notice when your guidance/screen shots may need updating. Please update your documentation to reflect the upcoming change in experience. Find updated screenshots here: https://aka.ms/androidcpupdate.

Cloud roadmap

Keep informed about upcoming developments for Intune with the Cloud Platform roadmap.

Service deprecation

  • Changes in support for the iOS Company Portal app
    In July, all users of the Microsoft Intune Company Portal app for iOS will be required to use its latest version. New users will only be able to download the latest version and current users will be required to update to it. The latest version requires iOS 8.0 or later, so devices running older iOS versions won’t be able to use the Company Portal or enroll until they update their device to iOS 8.0 or later and then update the Company Portal app to the latest version. Enrolled devices running versions below iOS 8.0 will continue to be managed and listed in the Intune Admin Console.

  • Minimum iOS Managed Browser version updated to 8.0
    In August, Intune will release an updated Microsoft Intune Managed Browser app for iOS that will only support devices running iOS 8.0 or later. While iOS 7.1 devices will still be able to use the existing Managed Browser app, please encourage your users to update to iOS 8.0 or later to access and take full advantage of new Managed Browser features.

  • Company Portal apps for Windows 8 and Windows Phone 8 are being deprecated from Sept, 2016
    Starting in Sept 2016, Microsoft Intune will end support for the Microsoft Intune Company Portal apps for Windows Phone 8 and Windows 8 platforms. Update devices to Windows 8.1 and Windows Phone 8.1 and use the corresponding Windows 8.1 and Windows Phone 8.1 Company Portal apps to continue distributing apps to these devices.

  • Intune Viewer apps
    With the release of the new RMS sharing app, we are removing the following Intune Viewer apps, beginning August, 2016:

    • Intune AV Viewer
    • Intune PDF Viewer
    • Intune Image Viewer for Android from Google Play

    Instead of using the Intune Viewer apps, we recommend using the new Rights Management app (RMS sharing) for Android, which allows you to deploy one app instead of three separate apps to securely view corporate files on Android devices. When the Intune viewer app is no longer supported, it will be removed from the Google Store and will not be available for future use.

Previous Intune releases

If you want to see what's released in Intune during the last six months, they are listed in the Previous Intune releases article.

See also

To submit product feedback, please visit Intune Feedback