Microsoft Intune April 2025 Update: What’s New & Why It Matters

Enhanced App Protection Policies for iOS/iPadOS

• Intune app protection policies now include standalone settings to block screen capture, Genmojis, and Writing tools on iOS/iPadOS devices. These settings are supported by apps updated to version 19.7.12 or later for Xcode 15 and 20.4.0 or later for Xcode 16 of the Intune App SDK and App Wrapping Tool.

Endpoint Privilege Management: File Argument Support

• Endpoint Privilege Management (EPM) now supports command-line file arguments in elevation rules. This allows for more granular control over which files can be run with elevated privileges, enhancing security by ensuring only specified arguments are permitted.

Apple VPP API v2.0 Integration

• Intune has updated its integration with Apple's Volume Purchase Program (VPP) to use API version 2.0. This new API offers improved performance and scalability over the deprecated version 1.0, ensuring more efficient app and book management for iOS/iPadOS and macOS devices.

Additional Org Data Storage Options for Mobile Apps

• Intune app protection policies for Android and iOS now support additional storage services, including iManage and Egnyte. Administrators can allow users to save copies of organizational data to these services by configuring the appropriate settings in the app protection policies.

Updated Windows Delivery Optimization Template

• The device configuration template for Windows Delivery Optimization has been updated to align with the Settings Catalog format. This change provides a more consistent and comprehensive approach to configuring Delivery Optimization settings across Windows 10 and Windows 11 devices.

Additional Update: Windows Hotpatch Now Generally Available

Although not part of the April service release, it’s worth highlighting that Windows Hotpatch has now been made generally available during the month for broader use across eligible Windows devices.

Windows Hotpatch allows systems to install important security updates without requiring a reboot, significantly reducing downtime and disruption for end users. This is particularly valuable for organizations aiming to maintain high system availability while staying secure.

For environments using Microsoft Intune, this unlocks opportunities to:

• Maintain critical security compliance without impacting user productivity.

• Reduce the complexity and planning typically associated with patch cycles.

• Strengthen endpoint resilience with minimal operational overhead.

Devicie is designed and works to complement and enhance the new features introduced in Intune:

🚀Advanced Policy Management: We offer an in-depth range of configuration templates and runbooks that simplify the creation and management of complex policies, ensuring consistent security configurations across all devices.

📊Comprehensive Reporting Dashboards: We provide dashboards that consolidate data from Intune and devices, offering a unified view of device health, update status and more.

🔒Enhanced Update Management: Our templates include advanced policies for managing Windows Delivery Optimization settings and patching configurations, enabling more efficient and secure update deployments.  

Check out Microsoft’s official Intune updates for the latest enhancements and improvements, or for further information to this specific service release, click here.