What's New in Microsoft Intune – Microsoft Ignite 2025

Published on November 24, 2025 • 12 min read

Microsoft Ignite 2025 brought significant innovations to Microsoft Intune, focusing on AI-powered management, enhanced security, and improved operational efficiency. This comprehensive overview covers all Intune-related announcements from the conference.

AI-Powered Security Copilot Agents

Change Review Agent

Now in preview - analyzes change requests in context to help IT admins make informed decisions:

  • Checks for risks, conflicts, and compliance issues
  • Provides detailed insights and clear recommendations
  • Initially handles Multi-Admin Approval script requests
  • Additional change request types will be added over time
  • Enables confident decision-making with AI-powered analysis

Discussed in: BRK341, BRK1700

Policy Configuration Agent

Now in preview - accelerates policy creation with intelligent automation:

  • Captures intent from uploaded documents or natural language requirements
  • Maps requirements to recommended settings automatically
  • Allows admins to review, discuss, and refine configurations before deployment
  • Reduces time spent on manual policy configuration
  • Ensures policies align with organizational requirements

Discussed in: BRK341, BRK1700

Device Offboarding Agent

Now in preview - uses AI to identify devices that should be removed:

  • Analyzes activity signals to suggest devices for removal
  • Provides simple way to offboard devices from the environment
  • Improves operational efficiency
  • Strengthens security by removing inactive or obsolete devices
  • Reduces manual device lifecycle management overhead

Discussed in: BRK341, BRK1700

Remote Windows Recovery at Scale

Industry-first capability now in preview - enables remote management of Windows Recovery Environment (WinRE) at scale:

  • Recover Windows devices remotely even if device can't boot
  • Works when user is not present
  • Dramatically reduces downtime and IT support burden
  • Eliminates need for physical access to troubleshoot boot issues
  • Centralizes recovery operations through Intune console

Discussed in: BRK345, BRK341

Enhanced Admin Controls

Admin Tasks

Now in preview - centralized, prioritized task list for IT teams:

  • Identifies and prioritizes what matters most
  • Accelerates vulnerability remediation
  • Simplifies daily management workflows
  • Surfaces actionable insights across the environment
  • Reduces time spent searching for critical tasks

Discussed in: BRK341

Maintenance Windows

Expected in preview January 2026 - unified way to schedule and orchestrate updates:

  • Minimize disruption to end users
  • Improve patch compliance across organization
  • Coordinate update timing across device groups
  • Reduce unexpected downtime during business hours
  • Better control over when updates are applied

Discussed in: BRK341

Deployments with Pause and Resume

Expected in preview January 2026 - deployment control options to reduce risk:

  • Pause deployments if issues are detected
  • Resume deployments after validation
  • Creates pathway for future AI-driven automation
  • Reduces impact of problematic updates
  • Provides safety net for large-scale rollouts

Discussed in: BRK341

Expanded Copilot Support in Intune

Now generally available - unlock more Intune data for natural language exploration:

  • Autopilot: Query and manage device provisioning with natural language
  • Endpoint Privilege Management: Explore privilege elevation policies and approvals
  • Advanced Analytics: Ask questions about device health and compliance trends
  • Custom Data Views: Navigate and analyze data using conversational queries
  • Group Management: Create new groups or add to existing ones directly from query results

Discussed in: BRK341

Windows Update & Autopatch

Autopatch Update Readiness

Now in preview - represents a significant innovation marking a shift from reactive troubleshooting to proactive management:

  • Real-time visibility into entire device estate showing which devices are ready for updates
  • Actionable insights with clear remediation guidance
  • Prevents issues before they disrupt work
  • Unified dashboard in Microsoft Intune to identify failing devices
  • Understand why devices might fail updates and remediate within Windows Autopatch
  • Early flagging of compliance issues and policy conflicts
  • Detailed telemetry ensures every device provides needed data

Discussed in: BRK1741

Zero Trust & Endpoint Security

Zero Trust with Intune

Intune plays a central role in Zero Trust architecture:

  • Cloud-connected endpoints with continuous compliance validation
  • Secure, managed devices ready for AI workloads
  • Integration with Microsoft Entra for identity-driven access
  • Conditional access policies based on device health
  • Data protection and information governance

Discussed in: BRK340

Integration with Windows 365

Intune provides comprehensive management for Windows 365 Cloud PCs:

  • Pre-install organizational apps, settings, and security policies
  • Manage Windows 365 Reserve Cloud PCs for temporary access scenarios
  • Configure and deliver Windows 365 Cloud Apps
  • Apply consistent policies across physical and cloud devices
  • Enable seamless user experience across device types

Discussed in: BRK343, BRK342

Management of MCP Agent Connectors

IT admins can manage policies for agent connectors and agent workspaces:

  • Control which apps can be accessed by AI agents on devices
  • Manage basic policies for Model Context Protocol (MCP) on Windows
  • Configure agent workspace settings for enterprise security
  • Integration with Microsoft Entra and Group Policy for comprehensive governance
  • Ensure agents run in contained, compliant, and auditable environments

Discussed in: BRK332, BRK1700

Sustainability & Modern Management

Intune enables more sustainable IT operations:

  • Cloud-based management reduces need for on-premises infrastructure
  • Extends device lifecycle through modern management capabilities
  • Integration with Windows 365 can reduce carbon emissions
  • Remote management reduces travel and physical support needs
  • Efficient update management reduces wasted resources

Discussed in: OD1319

Key Session References

For deeper dives into Intune innovations, watch these Microsoft Ignite 2025 sessions:

Session watched

  • BRK341 - What's new in Intune: empower IT, protect endpoints & optimize with AI ✅
    Core Intune announcements including Security Copilot agents, admin controls, and enhanced capabilities
  • BRK1741 - The future of managing updates on Windows ✅
    Autopatch update readiness and proactive update management
  • BRK1700 - Innovation Session: Windows & Microsoft 365 Copilot – Secure AI & agent productivity ✅
    AI agents in Intune and broader Windows management innovations
  • BRK345 - Resilient by design: How Windows has evolved with new recovery tools
    Remote Windows recovery at scale and resilience features
  • BRK340 - Demystify Zero Trust with Intune: cloud-connected, secure, and AI-ready endpoints ✅
    Zero Trust architecture and endpoint security with Intune
  • BRK343 - Unlock the full power of Windows 365 ✅
    Windows 365 management through Intune
  • BRK342 - Unlock efficiencies with Windows 365 Frontline & Cloud PC devices
    Windows 365 Cloud Apps and Frontline management
  • BRK332 - Unlock agentic workflows for your apps using MCP on Windows
    Agent connector management and governance
  • OD1319 - Windows & Intune: Enabling the Sustainable Enterprise of the Future ✅
    Sustainability benefits of modern management

This summary was compiled from announcements at Microsoft Ignite 2025 and the official Book of News. For complete details on any announcement, please refer to the official Microsoft documentation and session recordings.