Latest posts by Paul Schnackenburg (see all)
- Project Honolulu - A new way to manage Windows Server - Wed, Nov 22 2017
- Use Azure Managed Service Identity (MSI) to store passwords in your code securely - Thu, Nov 9 2017
- Azure Data Lake overview - Fri, Sep 22 2017
In this final part of this series on Windows Intune we’ll look at the Intune client experience and then wrap up by comparing Intune to other similar products as well as look at the cost and the future of Intune.
Windows Intune Client ^
The easiest way to install the client agent on a PC is to download the 14 MB zip file from the console; save it in a network share or on a USB stick and then install it manually. The executable contains both the 32 and 64 bit version and will run the appropriate one automatically; supported client operating systems are Windows XP, Windows Vista and Windows 7. Server operating systems are not supported. The installation is really just a two click affair with no questions asked. Notice that the zip file also contains a WindowsIntune.accountcert file that has to be kept in the installation folder as it’s used by the agent to identify which account to connect to in the cloud.
The client shows up in the console a few minutes after the agent is installed (provided it has internet connectivity of course) but it can take up to 30 minutes for all the agents to report their status.
If you want to distribute the agent to multiple computers using an automated method the 32 and 64 bit MSI files can be extracted from the installation file and then distributed using Group Policy software distribution or any other installation method of your choice.
The agent puts a short cut on the desktop and has a very simple interface with links to Updates, Endpoint Protection and Remote Assistance which operates through Easy Assist; the system tray also has an icon for Endpoint Protection. The benefits of the cloud become apparent here as your users can ask for help wherever they are (as long as they’re connected to the internet) without being connected to the corporate network.
The Windows Intune client shouldn’t be hard for the average end user to figure out
Windows Intune and the competition ^
Windows Intune is a great offering for small businesses that don’t have a server today, giving them the ability to manage, monitor and maintain their computers in a way that they probably haven’t been able to do before. For small sites with a server today (most likely Small Business Server 2003/2008 or even 2011) the value proposition is less clear although the included Windows 7 Enterprise subscription will be a great boon to businesses that have so far held off updating from Windows XP. For larger businesses there’s some validity to Microsoft’s idea that unmanaged non-domain joined clients, mostly home computers, could be well served by Windows Intune.
Windows Intune also fits in well with the movement of consumerization of IT with more users bringing in their own devices and computers to work, this is an ideal way of having some control over these non-company IT assets.
Intune isn’t cheap, at $ 11 USD per PC per month, but if you take into account the inclusion of Windows 7 Enterprise the maths might add up. For another $1 a month you add Microsoft Desktop Optimisation Pack (MDOP) which adds multiple (enterprise level) tools; such as App-V for application virtualization, MED-V for desktop virtualization, Advanced Group Policy Management (AGMP), System Center Desktop Error Monitoring (DEM) and Microsoft Diagnostics and Recovery Toolset (DaRT). For most small businesses only the latter will be a natural fit.
For many small businesses that are on Windows XP today a major benefit will be the inclusion of Windows 7 Enterprise as that’s the only version (apart from Ultimate) that includes such goodies as Bitlocker (very useful for those executive laptops) and Bitlocker to Go (even more useful for everyone’s USB sticks) along with other great enterprise features.
A question many small business IT providers will be asking is how does Intune stack up against Managed Service Provider platforms such as Kaseya, Hound Dog and N-Able; at this stage the functionality is a bit limited compared to those more mature offerings but on the other hand it’s a true cloud based solution.
There’s a distinct version 1 feeling about Intune but I don’t mean that in a negative way, it’s certainly very capable and what it does, it does well. Missing from this first version is OS and software deployment, remote performance monitoring, remote control (Remote Assistance is always user initiated from the client machine) along with richer policy control for general client machine lock down. The Intune team is unusually candid about what they’re planning to include in future releases and their stated goal long term is to have “smart parity” with System Center Configuration Manager which means the same use scenarios should be covered but in a simpler fashion than in SCCM. Microsoft recommends Intune for up to 20,000 accounts but I suspect the major uptake will be in the SMB space.
Overall Intune is easy to work with and I can see a good fit for at least one of my SMB clients who don’t have a server today and is 1500 km away from my location.