If you manage devices with Microsoft Intune, whether as a managed service provider (MSP)or an enterprise IT team, keeping up with each monthly release is key to staying secure, compliant, and efficient.
This May 2025 Intune update (service release 2505) introduces powerful security enhancements, cross-platform device management improvements, and operational upgrades. Below, we break down the highlights, why they matter, and how Devicie’s Intune automation helps you adopt them faster without adding manual overhead.
Admins can now require a second approval for sensitive actions like retire, wipe, or delete. This means fewer accidental wipes, better accountability, and a full audit trail. Approvers can add notes, and requesters may need to include justifications, making change control stronger.
For Samsung and Zebra corporate devices, remote sessions can now run without broadcasting actions on-screen. The device displays a session-active message, while the user’s view stays private, improving security during sensitive troubleshooting.
New endpoint security profiles let you exclude trusted files or processes from scans, reducing false positives and improving performance. Works even if Linux devices are managed solely through Microsoft Defender for Endpoint.
Intune now collects more hardware details for Android (32 properties) and Apple (74 properties) devices, covering SIM, serial numbers, and more. This data is available in Resource Explorer and for Advanced Analytics queries.
Intune will now flag and mark corporate-owned or work-profile devices as non-compliant if they’re rooted, helping prevent compromised devices from accessing corporate resources.
Block risky or malicious files from running with elevated privileges via a new Deny rule in Endpoint Privilege Management. This gives admins more granular control over privilege escalation.
Prevent costly mistakes: Multiple admin approvals add a safeguard for high-impact actions.
Protect sensitive sessions: Unattended Remote Help keeps private information private.
Cut down false positives: Linux exclusions focus security scans where they matter most.
Improve asset tracking: Expanded inventory data gives deeper visibility into hardware fleets.
Stop compromised devices early: Rooted device detection enforces compliance automatically.
Control privilege escalation: Deny rules help block unauthorized software before it causes harm.
Microsoft may deliver the features but Devicie ensures you can use them to their full potential.
Stay current without rework: Our Intune automation rolls out new settings quickly and consistently.
Apply secure baselines across devices: Windows, macOS, Android, and Linux—all configured to best-practice standards.
Centralized visibility across tenants: View key metrics in one dashboard, no matter how many environments you manage.
Compliance made simple: Map Intune’s new capabilities to CIS, Essential Eight, or other frameworks without manual upkeep.
Faster, safer change management: Reduce misconfiguration risks with automated policy deployment.
Read Microsoft’s official release notes for the full 2505 update details.
Contact Devicie to see how we can help you implement these features faster and more securely.