Microsoft Intune June 2026: EAM, EPM, and ADE Updates

Introduction

Microsoft Intune’s June 2026 release is centered on a practical goal for IT teams: keeping devices secure, compliant, and ready from day one. As organizations rely more on automation and AI-driven workflows, endpoint health and policy enforcement become even more important.

What’s new in Intune for June 2026

EAM auto-updates now generally available

Microsoft Intune Enterprise Application Management (EAM) auto-updates is now generally available. This feature automatically updates managed apps to the latest incremental release without requiring manual packaging or ongoing admin intervention.

• Helps reduce version drift across endpoints
• Limits exposure to known vulnerabilities between major upgrade cycles
• Simplifies cloud-native app lifecycle management

Vulnerability Remediation Agent in public preview

A new Vulnerability Remediation Agent is now in public preview within Microsoft Security Copilot. It uses Microsoft Defender Vulnerability Management data to prioritize CVEs across Intune-managed Windows devices and apps.

Admins can see:

• Prioritized recommendations based on CVSS, exposure impact, and affected devices
• Copilot-assisted summaries and remediation guidance
• Audit-friendly access through a dedicated Microsoft Entra agentic identity

This should help security and endpoint teams triage remediation work faster directly from the Intune admin center.

New Endpoint Privilege Management enhancements

Intune Endpoint Privilege Management (EPM) adds two generally available capabilities:

• Support approval requests for non-primary users on shared devices
• System-level network configuration support so standard users can change settings like DNS, gateway, and IP based on policy

These updates strengthen least-privilege administration without forcing IT to hand out local admin rights or create insecure workarounds.

Apple ADE enrollment experience updated

Intune is moving iOS/iPadOS and macOS automated device enrollment (ADE) profiles to a new infrastructure. This modernized experience supports more granular controls and completes enrollment time grouping (ETG) support across all platforms.

The result is faster and more complete provisioning, with apps and policies applied at enrollment so devices are secure and productive sooner.

Faster app inventory refresh

Microsoft also clarified that app inventory refresh is no longer limited by the old “seven-day” assumption. The new All Apps experience now refreshes data multiple times per day for active devices and includes richer app details such as install location, app size, and uninstall commands.

Why this matters for IT administrators

This release reduces manual overhead in several high-effort areas: app packaging, vulnerability triage, elevation approvals, and device enrollment. It also improves security posture by helping teams enforce least privilege, accelerate patching, and deliver compliant devices faster.

Next steps

• Review EAM auto-update policies for managed applications
• Evaluate the Vulnerability Remediation Agent preview in test environments
• Update EPM workflows for shared or multi-user devices
• Plan for the new Apple ADE enrollment experience
• Note that EPM and EAM become part of Microsoft 365 E5 starting July 1 and confirm licensing readiness

Overall, the June 2026 Intune updates are aimed at giving admins more automation and control while improving endpoint security at scale.