Microsoft Intune Getting Driver and Mobile Controls for Windows Enterprise Devices

Microsoft Intune is getting driver management and mobile application management capabilities for Windows Enterprise edition devices, Microsoft announced this month.

Both capabilities were described as applying to "Windows Enterprise," so users of other Windows client operating system editions are apparently out of luck.

Windows Enterprise Driver and Firmware Management
Microsoft this week announced that Microsoft Intune is now getting the ability to manage driver and firmware updates for Windows Enterprise edition users, a capability that is getting rolled out gradually to Microsoft Intune users.

With the new driver and firmware management capabilities in Intune, Microsoft is promising to deliver "intelligent servicing," where IT pros can see which updates are available per their device policy settings. IT pros will see both the "recommended" and "optional" driver updates for devices. They can specify that recommended updates be automatically approved, or they can opt for manual approval. As usual, Microsoft vets "third-party"-issued drivers and firmware via its partner validation program.

IT pros will see reports in Intune on driver and firmware updates. It'll show "device status, alerts and recommendations for remediation." It'll be possible to pause these updates, if wanted, Microsoft indicated.

Some capabilities are still under development by Microsoft, such as "seeing all devices for which a driver is applicable" and "knowing the device model that a driver supports." Microsoft also is working on a "bulk editing" capability. It also plans to permit the alignment of "driver approvals with patch Tuesday," which would take advantage of any reboot periods that may be associated with security and quality update patching.

Intune's new driver and firmware management capability for Enterprise Windows devices was described as being "built on the Windows Update for Business deployment service." The Windows Update for Business Deployment Service is based on Windows Update for Business cloud-based policies for managing Windows client updates, but it is said to offer IT pros greater control over the scheduling and timing of updates.

To use the Windows Update for Business Deployment Service, organizations will need Windows 10 or Windows 11 Enterprise clients under E3- or E5-type licensing. Organizations also will need those clients to be Azure Active Directory joined or "hybrid Azure AD joined," per Microsoft's "Prerequisites" document.

Many of the driver and firmware update management capabilities coming to Intune apparently also will be available to organizations using Windows Autopatch, although Microsoft stated that "more granular controls" for Windows Autopatch will be "coming later this year."

Back in February, Microsoft had described releasing a Microsoft Graph API for managing driver and firmware updates, which suggests that other management solutions could tap into this capability, too.

Windows Enterprise MAM Preview
Microsoft also this month announced an Intune public preview of mobile application management (MAM) capabilities for Windows Enterprise devices. Intune has long had MAM capabilities for Android and iOS devices, and now Windows Enterprise support is getting added.

Microsoft suggested that MAM for Windows Enterprise, tied to Azure AD for identity management, will deliver the following capabilities:

  • App protection policies (APP) security features
  • Windows Defender protections for clients, and
  • Conditional access controls.

Specifically, Microsoft is previewing MAM capabilities for "Microsoft Edge for Business on Windows."

Microsoft Edge for Business was released as an early preview last month. The idea behind Microsoft Edge for Business is that end users, perhaps working remotely, can use a company-branded browser for work and have their data and permissions be separate from their personal Edge browser use. While the use of Edge for Business applies to managed devices, Microsoft is planning to add support for unmanaged devices at some point, too.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube