Two Intune signals deserve client action this quarter: MDOP is now out of extended support, and Microsoft’s Platform SSO field notes show where Mac rollouts can break. MSPs should inventory legacy MDOP dependencies, prioritize MBAM replacement, and pilot Platform SSO before pushing it broadly.
Copilot Cowork is GA, but MSPs should treat it as an operations change, not just another Copilot feature. The work now is permissions, billing controls, agent identity, audit trails, and deciding which client workflows are safe enough for long-running agents.
Claude Desktop ships with a shared API key in a local config file — no per-user identity, no MFA, no audit trail. For MSPs with regulated clients, that’s a non-starter. Microsoft just published an architecture that routes Claude Desktop through Entra ID and Azure API Management with zero custom backend code. Per-user identity, Conditional Access, auditable, and the config can be pushed via Intune. If your clients are asking for sanctioned AI desktop tools alongside their existing M365 stack, this closes a real governance gap.
Most MSPs can tell you which Azure VMs are running. Fewer can tell you which ones stopped sending Defender telemetry last week. A new Logic App automation from Microsoft closes that gap daily — and it is a compliance-monitoring service waiting to happen.
Stale files in SharePoint don’t just waste storage—they degrade Copilot’s answers by feeding it outdated content. Microsoft 365 Archive now supports file-level cold storage, and for MSPs, this is both a cost-control play and a Copilot-readiness service hiding in plain sight.
Most MSPs can’t answer which service principals are active in a client tenant, let alone which are over-privileged. Microsoft Defender now surfaces NHI inventory and governance—and that is a recurring-service opportunity hiding in plain sight.
Microsoft Defender for Linux now supports scheduled scans, and Edge Stable shifts to a two-week release cycle on August 27. MSPs need to make two configuration decisions now: close the Linux scan gap and choose the right Edge channel per client.
Microsoft demoed a working AI agent for a lumber company built in 20 minutes using Azure AI Foundry. BHP is running agentic AI at production scale to screen 500,000 chemical reagents for copper extraction. For MSPs and IT operators, the deployment speed has outpaced governance — here’s where to put the guardrails.
GitHub Copilot CLI can analyze exported Intune diagnostics. Dataverse MCP gives agents named tools that can create records. MSPs need one auditable policy for AI access before useful troubleshooting turns into shadow IT.
If your helpdesk still opens an Intune diagnostics bundle and starts grepping through files by hand, Stefan Röll has a useful shortcut: run GitHub Copilot CLI in the extracted log folder and ask it to build the first pass. The important part is the boundary. This is not a native Intune integration, and it is not autopilot for remediation. It is a faster way to turn a dense bundle into a timeline, likely root cause, and RCA draft that an admin still has to verify.
