Microsoft Ignite 2020

Microsoft Ignite 2020

This year, Microsoft Ignite was different, but in a good way!

I know we all missed the in-person experience talking and exchanging ideas with each other over lunch, breakfast, a coffee or beer(s) 🙂

But despite being cooped up in my chair in front of my screen until 2AM every night. I think Microsoft managed to make this an awesome Ignite. I even managed to get in some motorcycle riding in while listening to sessions, I call that a win!

And of course it was a firework of announcements for MEM. Some that I have been wanting for a long time. So let’s dig into it.

Microsoft Tunnel

Oh. My. God. It’s finally here. While most other UEM vendors has had built in tunnels for mobile for a long time we had to rely on 3rd party vendors such as Cisco for per-app VPN on Android/iOS.

Microsofts aim is to provide as solution with as little maintenance as possible so that’s why

  • All configurations are made in the MEM console and pushed to all servers
  • Rolling automatic updates
  • Logs are sent to the cloud for a centralised troubleshooting experience , you can integrate with your own SIEM tool

One key feature is that conditional access is built in to the solution for additional security so you can restrict access to the tunnel for only compliant and managed devices. It’s also fully integrated with Microsoft 365 and uses Azure AD SSO capabilities.

I like the fact that it’s built on Linux and Docker containers. I have tested it in my lab and it’s super easy to setup and the user experience is flawless. Maybe I will get a chance to write a post about installing Microsoft tunnel 🙂 (I did)

Docs link

macOS Custom Attributes

As MEM continues to update it’s capabilities for macOS management, this is a great addition and something I have talked about before. It’s not yet available so I cannot yet give my take on it but it will work as follows.

  • Define a custom attribute in the MEM Console
    • Name
    • Data type, integer, date or string
    • A shell script that echoes the custom attribute to terminal
  • MEM MDM agent reports values echoed by the shell script
  • Custom attribute scripts run every 8 hours and report back
  • Aggregated custom attribute view per device

My hope is that we will be able to use these attributes with for example dynamic device groups for dynamic assignment of apps and configs.

Custom Compliance Policies

Using Powershell scripts you will be able to create your own compliance policies. The possibilities here are endless, you can set what ever you want as a policy. I really hope this comes for macOS as well.

Windows Managed App Config

In the era of remote working this is something everyone should look at. First out will be configuration of Edge on unmanaged devices. Just like App Protection on Android/iOS you will be able to secure work data accessed with a work account in Edge. The user will be able to use Edge as normal with their own account and have policies in place with their work account. Awesome!

GPO Analytics

Now in public preview, you can upload your GPOs to MEM and automatically get a report which policies is supported by MDM and then automatically migrate them. This is a great tool for those looking to move management to the cloud.

Day 0 Support for macOS Big Sur

Again delivering on the promise that MEM is Enterprise ready for macOS management, MEM will have day 0 support for macOS Big Sur. This includes

  • Native Company Portal support for Apple Silicon
  • Supervision of User Approved Enrolments
  • Skip Accessibility screen in setup assistant
  • Direct download settings for associated domains
  • Defer non-OS software updates up to 90 days
  • Managed VPP and Custom apps
  • Managed App conversion
  • Managed App removal
  • Managed App configuration
  • Managed LOB apps

Azure AD Shared Device Mode

With the Managed Home Screen on Android you will be able to use a sign in/sign out experience. This is another feature I have wanted for a long time . This will make the setup for Health Care and firstline workers where we often see multiple users on one device a nice experience. As long as the apps you use have the MSAL authentication library it will be a global sign out of all apps when the user signs out.


Since the day WVD was released I have been wanting to manage WVD in MEM and now it’s finally here. As organisations has to support more remote working WVD is a great solution, and having them managed in MEM will greatly help you configuring them.

This is just a handful of all things that came out of Microsoft Ignite 2020 but some that will be very useful for my customers.

What was your favourite announcement at Ignite?

Share Tweet Share
You've successfully subscribed to almen's Intune corner
Great! Next, complete checkout for full access to almen's Intune corner
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.