Intune March upgrades

Microsoft published the March Intune roundup on March 31, 2026, in a Microsoft Tech Community post authored by Scott Sawyer. (techcommunity.microsoft.com) Intune now complements the Windows Notification Service by using the same notification protocol that powers Microsoft Teams, and Microsoft identified trouter.communications.svc.cloud.microsoft as a new endpoint administrators may need to allow in firewall rules. (techcommunity.microsoft.com) A new "de‑union" permission behavior keeps scope tags from multiple role assignments discrete instead of merging, and Microsoft added a Permissions Assessment report so teams can preview the impact of role/permission changes before enabling the setting. (techcommunity.microsoft.com) The Managed Installer policy now runs during Windows Autopilot device preparation (OOBE), which marks Win32, Microsoft Store, and Enterprise App Catalog apps trusted earlier in the setup flow so deployed apps are available before users reach the desktop. (techcommunity.microsoft.com) Intune’s expanded use of Apple’s Declarative Device Management makes iOS and iPadOS line‑of‑business apps report installation status proactively and adds macOS Recovery Lock management that lets administrators set and rotate recovery OS passwords via MDM. (petri.com) Microsoft posted a message/roadmap item (ID 558252) showing Outlook for iOS will support multiple Intune MAM‑managed accounts with a GA target in May CY2026 and a reminder that only one MDM account is supported per device at a time. (m365admin.handsontek.net) Outlook’s Intune integration continues to depend on Intune App Protection Policies and Conditional Access to ensure an app receives access tokens only when an account is assigned the appropriate policies and device compliance requirements are met. (learn.microsoft.com)