Microsoft Intune is a very powerful endpoint management tool powered by the cloud. It enables organizations to manage their devices and applications across various operating systems, including Windows, Android, Linux, iOS, macOS, and more. IT admins also leverage it to implement zero trust security models and to enroll devices within their infrastructure. Now, Microsoft has detailed all the new features that it added to Intune during the month of July 2025.
For starters, a major boost to IT productivity this month was automatic device enrollment for macOS thanks to the general availability of Local Admin Password Solution (LAPS) for the operating system. Devices are now provisioned quickly with a local admin account and a strong, encrypted password that gets rotated every six months. This is particularly beneficial for IT help desks since the person in this department can simply retrieve the password from Intune, perform required activities on the device, rotate the password, and return the hardware. Similarly, the user account can now also be configured through dynamic variables that meet the standards defined by an organization.
Next, Microsoft is rolling out real-time insights for updates that are being pushed to Apple devices. This allows IT personnel to monitor the live progress of update installation, starting from the download stage. They will also be able to diagnose failures and check how users interact with updates. This enhanced reporting solution is built on declarative device management (DDM) since Apple recently deprecated legacy mobile device management (MDM) software update configurations.
Windows admins are receiving some benefits this month too. Support for wildcard has been added to Microsoft Intune Endpoint Privilege Management (EPM) for Windows endpoints, which empowers IT personnel to write simplified and flexible rules that perform dynamic matching rather than mandating separate elevation rules for each new installer.
Finally, device cleanup rules have been made more granular so that they can be applied on a per-platform basis through different criteria. Microsoft hopes that organizations will use this capability in tandem with audit logs to maintain device management hygiene.