What's New in Microsoft Intune July 2025 Update

The July 2025 (Service Release 2507) Microsoft Intune service update introduces significant advancements such as LAPS for macOS, enhanced visibility for Apple OS updates, wildcard support for EPM elevation rules, platform specific device clean up rules, and the Intune Copilot integration.

The updates should be automatically rolled out to all the tenants across major regions such as APAC, NASA, and EMEA. For more information on previously released updates, read the article on Intune monthly updates.

For more details, refer to Microsoft documentation on New Features in Intune July 2025 Update.

The following are the new features and enhancements included in Intune service release 2507 released in July 2025:

1. New Microsoft Graph permissions for API calls to device management endpoints​

Calls to several Microsoft Graph APIs now require one of two newer DeviceManagement permissions that replace the use of previously supported permissions.

2. Endpoint Privilege Management support for wildcards in elevation rules​

The service release 2507 of Intune allows you to use wildcards in the file name and file path of elevation rules you defined for Endpoint Privilege Management (EPM). Wildcards allow for more flexible rule creation with broader matching capabilities, enabling file elevations for trusted files that have names that might change with subsequent revisions.

3. New settings available in the Apple settings catalog​

For macOS, the Microsoft Edge category is updated with new settings within the settings catalog. The Apple settings catalog includes the following new settings for iOS and iPadOS in Intune 2507 release.

Cellular Private Network

Cellular Data Preferred CSG Network Identifier Data Set Name Enable NR Standalone Geofences Network Identifier Version Number

4. Platform support for Device Cleanup rules​

Using clean up rules, you can configure Intune to automatically clean up devices that appear to be inactive, stale, or unresponsive. With this feature, you can:

1. Configure individual device cleanup rules per platform, like Windows, iOS/iPadOS, macOS, and Android.
2. Use role-based access control (RBAC) to customize the user roles that can create device cleanup rules.
3. Use the Audit logs to see the devices that the device cleanup rules conceal from the Intune reports.

5. macOS support for local administrator account configuration with LAPS​

macOS automated device enrollment (ADE) profiles can configure newly enrolled macOS devices that run macOS 12 or later with both a local administrator and local user account, along with support for the Microsoft Local Admin Password Solution (LAPS).

6. Experience Microsoft Copilot in Intune​

You can now use Microsoft Copilot in Intune to explore your Intune data using natural language, take action on the results, manage policies and settings, understand your security posture, troubleshoot device issues, and view insights about enrolled Surface devices.

7. Export device query results to CSV file​

You can now export up to 50,000 results from a multi-device query directly to a CSV file.