Whats New Intune 2505: Updates in Security & Control

Discover whats new in Intune 2505: Deny rules for elevation, Linux AV exclusions, Android root detection, RBAC changes, and more cross-platform features.

MICROSOFT INTUNE

5/30/20252 min read

🔄 Microsoft Intune Update: Week of May 26, 2025 (Service Release 2505)

Greetings, fellow IT professionals and Intune admins!
Microsoft just rolled out the 2505 service release, and it's packed with updates that enhance endpoint security, improve cross-platform device management, and give you even more control over enrollment and app protection. Here's a breakdown of what’s new and why it matters:

🔐 Endpoint Privilege Management: Now with Deny Rules

Intune's Endpoint Privilege Management (EPM) now allows you to explicitly deny elevation for specific files. This means you can block known malicious or unwanted applications from ever being executed with elevated privileges—adding a powerful layer of protection to your environment.

❗ Deny rules support the same configuration options as other elevation types, except for child process handling.

Learn more: Endpoint Privilege Management overview

📱 New Protected Apps for Intune

These apps are now protected by Intune’s app protection policies:

  • Windows App by Microsoft (Android)

  • Microsoft Clipchamp (iOS)

  • 4CEE Connect by 4CEE Development

  • Mobile Helix Link for Intune by Mobile Helix

App protection continues to expand across platforms to help secure your data wherever your users are.

More info: Protected apps documentation

🤖 Custom Naming Templates for AOSP Devices

You can now configure custom device naming templates for Android AOSP devices during enrollment. Combine static text and dynamic variables like device type, serial number, or username to keep naming consistent and useful.

Guides:

🔐 RBAC Update: Restricted Access to Enrollment Limits

Intune is tightening up role-based access control (RBAC). Users with the “Policy and Profile Manager” role now have read-only access to device enrollment limit policies. Only Intune Administrators can create or edit them.

📊 Cross-Platform Device Inventory Improvements

Intune now collects:

  • 74 default inventory properties from Apple devices

  • 32 from Android devices

This boosts visibility across platforms and simplifies compliance and asset management.

More info: View device details in Intune

🆘 Enhanced Security for Remote Help (Android)

Remote Help sessions on Zebra and Samsung corporate-owned dedicated devices now block the screen and notify users during unattended sessions—enhancing transparency and trust.

Details: Remote Help for Android

👥 Remote Actions Now Require Multiple Admin Approvals

Security just got smarter. The actions Retire, Wipe, and Delete now support Multiple Administrative Approval (MAA). This prevents unauthorized use by requiring a second admin to confirm sensitive actions.

Learn more: Use multiple admin approvals in Intune

🛡️ Detect Rooted Android Enterprise Devices

New compliance settings now let you detect if corporate-owned Android devices are rooted. These devices can automatically be marked as noncompliant.

Supported for:

  • Fully managed devices

  • Dedicated devices

  • Work profile (corporate-owned)

Details: Device compliance for Android Enterprise

🐧 Linux: New AV + EDR Exclusions Profile

For Linux devices managed via Microsoft Defender for Endpoint, you can now configure global exclusions (file, folder, or process) that apply to both Antivirus and EDR. This is critical to avoid unnecessary alerts and fine-tune protection.

⚠️ Not supported for Linux devices managed directly in Intune.

Details: Configure security on Linux

🧩 SimInfo Collection for Windows Devices

Enhanced device inventory on Windows now includes SimInfo data, giving admins even more detailed information when managing Windows endpoints.

More: Intune Data Platform

✅ Final Thoughts

This update reinforces Microsoft’s focus on security, usability, and multi-platform support. Whether you're protecting Android fleets, managing Linux exclusions, or enforcing strict role-based access — Intune keeps evolving to meet enterprise needs.

Stay tuned for more expert breakdowns, and be sure to subscribe to stay ahead of the curve!

Subscribe to our newsletter

Stay in the Loop – Join Our Newsletter