What’s new in Microsoft Intune – March

March Intune updates improve notification reliability, tighten role scope behavior, speed Autopilot app trust, advance Windows update readiness, and extend Apple device protections with DDM app reporting and macOS Recovery Lock for stronger endpoint management and troubleshooting.

Microsoft released a set of Microsoft Intune updates in March 2026. The changes improve notification delivery, role scope controls, and Apple device management.

Main feature/change and impact

Intune now complements Windows Notification Service with the Teams notification protocol for Windows. This supports more timely notification delivery and improves traceability for troubleshooting. Remote Help for Windows uses this protocol to reduce stalled session starts. Admins should update firewall rules to allow *.trouter.communications.svc.cloud.microsoft. Additional features include de-union role scope behavior and Managed installer policy during Autopilot OOBE.

Practical implications

Admins gain clearer compliance visibility and tighter permission boundaries. The Permissions assessment report helps preview role changes before enforcement. Managed installer policy trusts Win32, Store, and Enterprise App Catalog apps earlier during setup. Windows Autopatch update readiness provides tenant and device-level visibility, alerts, and remediation guidance for proactive update management. Apple DDM now reports LOB app install status proactively, improving app lifecycle reporting on iOS and iPadOS.

“When I think of a month like this, I don’t think about any one of those new capabilities in isolation.” “I think about the IT admins who have greater visibility into whether a device action reached its destination, or the help desk professionals who don’t have to wonder whether a policy applied.”

Microsoft also added macOS Recovery lock support to set recovery OS passwords on Apple Silicon devices. This blocks bypass via recovery mode and supports scheduled or on-demand password rotation. DDM adoption continues to expand for day zero configuration and assignment filters. Admins should review Intune Management Extension logs and Remote Help documentation to validate changes and troubleshooting traces. Next steps: update firewall rules, run the Permissions assessment report, and enable Managed installer during Autopilot where required. Track Windows Autopatch readiness dashboards and plan Apple DDM rollout for LOB apps. Provide feedback to the Intune team and monitor documentation updates.

Key points from the article:

Teams-based notifications improve Windows device check-in reliability.

De-union role scopes prevent unintended permission expansion.

Managed installer trusts apps during Autopilot OOBE.

Windows Autopatch update readiness provides tenant and device visibility.

DDM enables proactive iOS LOB app install reporting.

Related Coverage:

• Windows 365 available in US Gov Texas for Government Community Cloud customers
• Tune in, skill up: Windows at Tech Takeoff 2026
• Windows 365 Frontline in shared mode expands to Norway East, France Central and Spain Central

From the Microsoft Intune Blog articles

---