Microsoft Intune April 2026: App Inventory and SSO

Introduction

Microsoft Intune’s April 2026 updates target several long-standing admin priorities: more current device data, stronger cross-platform identity integration, and easier management for specialized Apple devices. For IT administrators, these additions can improve visibility, reduce sign-in friction, and simplify large-scale endpoint operations.

What’s new in Intune for April 2026

Faster Windows app inventory

Intune has generally released enhanced app inventory in the All Apps tab for Windows devices.

Key improvements include:

• App inventory refreshes for most active, healthy Windows devices multiple times per day
• Change-only uploads to help reduce network usage
• New inventory details such as install path, install date, uninstall command, estimated size, architecture, per-user install scope, store identifiers, and supported languages
• Collection across all users who accessed the device, not only the currently signed-in user

To use this feature, admins need to create a new Properties Catalog device configuration policy and assign it to corporate-owned Windows 11 devices enrolled in Microsoft Entra ID.

Modernized SSO for Linux

Intune now supports a new Linux sign-in experience using the Microsoft Identity Broker, replacing the legacy Java broker.

Benefits include:

• A more integrated Microsoft Entra ID trust model
• Full device join for device-bound authentication tokens
• Support for phishing-resistant MFA, including certificate-based auth, smart cards, and PIV-enabled security keys
• Fewer credential prompts through issuance of a Primary Refresh Token (PRT)
• Reduced package size and no Java runtime dependency

Microsoft also notes that the same SSO flow now works on iOS as on Windows and macOS for apps using MSAL APIs.

Expanded Apple device management

Intune expanded support for visionOS and tvOS automated device enrollment (ADE), including government cloud environments.

New capabilities include:

• Userless ADE for shared and unattended devices
• Bulk or individual remote actions such as delete, retire, restart, rename, and sync
• Configuration profile delivery through custom file upload
• Enrollment restrictions for supported Apple operating systems
• Enrollment time grouping in the new ADE policy experience

Intune also added tighter control over Managed Apple Accounts, allowing organizations to limit them to organization-owned devices only.

Why this matters for IT admins

These updates improve three critical areas:

• Visibility: fresher Windows app data helps with software auditing and troubleshooting
• Security: Linux SSO enhancements strengthen Conditional Access and phishing-resistant authentication
• Scalability: new Apple enrollment options make it easier to manage shared, kiosk, retail, and specialty devices

Microsoft also introduced a new Intune: Myth vs. Reality segment, highlighting that 90% of device changes are processed in less than an hour, rather than the commonly repeated eight-hour assumption.

Next steps

Admins should:

• Review and deploy the new Windows app inventory policy
• Evaluate Linux SSO with Microsoft Identity Broker for Entra ID-joined devices
• Update Apple ADE enrollment policies for visionOS and tvOS scenarios
• Reassess Managed Apple Account restrictions for regulated environments

Overall, the April 2026 release gives Intune administrators stronger telemetry, modern identity foundations, and better control over emerging device platforms.