August 29, 2025
Blog
What’s New in Microsoft Intune – August 2025
Microsoft Intune continues to evolve with features designed to solve real challenges IT teams face every day. The August 2025 release delivers improvements in four core areas: application control, device patching during setup, Apple software update visibility, and multi-admin approval.
In parallel, Apple has introduced a game-changing capability in macOS 26 and iOS/iPadOS 26 that enables seamless device migration into Intune without factory resets — a first in enterprise device management.
This blog unpacks each of these updates with the technical depth admins need.
App Control for Business Goes Enterprise-Ready
Granular targeting replaces tenant-wide enforcement. Policies can now be assigned to groups and rolled out gradually.
Built on Windows Defender Application Control (WDAC) with automatic trust for apps from approved sources.
A wizard-driven UX reduces the risk of misconfigured policies.
This enables Zero Trust application control at scale without risking productivity:
Windows Autopilot: Patching During Setup
Devices now install Windows quality updates during OOBE.
End-users receive laptops already patched, avoiding day-one interruptions.
Admins can still control deferrals and pause options, which sync directly to devices.
While setup takes about 30 minutes longer, the trade-off is smoother onboarding and better security compliance from the start.
Real-Time Apple Update Visibility
Based on declarative device management (DDM).
Admins now see real-time status for update download, install, and failures.
This replaces older MDM-based update methods, which Apple is deprecating with OS 26.
Without adopting DDM reporting, organizations risk losing visibility into Apple device patching in 2025.
Multi-Admin Approval for Critical Changes
Sensitive operations like device wipe, retire, RBAC changes, and scope tags now support multi-admin approval.
Acts as a safety net against accidental or unauthorized actions.
Provides stronger governance without slowing routine management.
Apple OS 26 Enables Seamless Migration to Intune:
One of the most significant announcements this month comes from Apple: native MDM migration built into ABM/ASM.
Previously, moving devices from platforms like Workspace ONE or Jamf into Intune required factory resets, manual re-enrollment, and policy rebuilds. Now, devices can be reassigned directly to Intune without wiping or interrupting users.
Technical flow:
Admins assign devices to Intune via ABM/ASM.
Users receive a notification to approve management change.
If ignored, enforced migration occurs at deadline with a non-dismissible prompt.
The device downloads the new Intune profile — no reboot required.
Combined with Intune’s new features, this allows organizations to consolidate onto a single management platform with far less friction.
Conclusion:
August 2025 marks a milestone for Intune and Apple device management:
Granular App Control brings Zero Trust policies to production scale.
Windows Autopilot now delivers patched, work-ready devices out of the box.
DDM-based reporting closes the visibility gap for Apple updates.
Multi-admin approval reduces the risk of catastrophic mistakes.
And Apple’s MDM migration feature makes large-scale transitions to Intune practical for the first time.
For IT teams, these updates mean fewer surprises, stronger governance, and smoother user experiences across platforms.