The July 2025 (2507) Microsoft Intune service release delivers major improvements in macOS device security, Apple OS update visibility, Windows elevation policy management, device cleanup precision, and AI-powered Intune Copilot assistance.
This month’s update highlights the most important changes in Intune, with clear explanations of what’s new, why it matters, and how Devicie can help you put it into action.
A: macOS LAPS now automates secure local admin account creation, password encryption, and rotation during Automated Device Enrollment.
Full details:
Secure local admin account created during Automated Device Enrollment.
Password encrypted, stored in Intune, rotated every 180 days or on demand.
Supports naming variables like or .
Why it matters:
Eliminates static admin passwords.
Makes temporary admin rights safer for help desks.
How Devicie helps:
Rapid deployment of LAPS policies across all macOS tenants.
Integrated into compliance-aligned templates (CIS, Essential Eight, ISO 27001).
A: Real-time OS update progress reporting now shows download, install, success, and failure events using Declarative Device Management (DDM).
Full details:
Live visibility into update status for Apple devices.
Works as Apple moves away from older MDM workflows.
Why it matters:
Identifies update issues before they impact end users.
Improves patch compliance monitoring.
How Devicie helps:
Surfaces Apple update data in unified reporting dashboards.
Supports proactive remediation when updates stall or fail.
A: Wildcard support lets one elevation rule apply to multiple file versions or names, reducing duplicate policy entries.
Full details:
Matches multiple versions without creating separate rules.
Cuts repetitive entries in policy creation.
Why it matters:
Speeds EPM policy deployment.
Reduces risk of missing coverage for new app versions.
How Devicie helps:
Pushes wildcard-based EPM rules to all tenants at once.
Maintains policy consistency after updates.
A: Platform-specific cleanup rules now allow different criteria for Windows, iOS/macOS, Android, and Linux, with full audit logging.
Full details:
Custom cleanup criteria per platform.
Audit logs for all actions taken.
Why it matters:
Removes unused devices without over-deleting.
Improves licensing and compliance accuracy.
How Devicie helps:
Deploys cleanup rules across platforms with one configuration.
Keeps tenant environments tidy without manual intervention.
A: Intune Copilot uses natural language to query devices, policies, compliance, and updates, plus troubleshoot, generate KQL queries, and assign policies.
Full details:
Provides summaries, troubleshooting, and automated suggestions.
Public preview also adds a Surface Management Portal for hardware insights.
Why it matters:
Speeds up admin workflows.
Reduces reliance on deep Intune expertise for basic tasks.
How Devicie helps:
Ensures Copilot works with accurate, standardised configurations.
Aligns Copilot’s actions with enforced security policies.
Stronger macOS security via automated LAPS.
Faster Apple OS updates with real-time progress.
Simplified Windows EPM with wildcard rules.
Cleaner inventory through platform-specific cleanup.
Smarter admin tools with Copilot AI.
Rapid feature adoption across tenants.
Automated compliance alignment with CIS, Essential Eight, ISO 27001.
Configuration drift prevention after updates.
Unified multi-platform reporting.
Scalable multi-tenant delivery for MSPs.
Talk to Devicie about automating Intune deployment, compliance, and drift prevention so your team spends less time configuring and more time delivering value.