In part two of this Windows Intune review we looked at the new mobile device management, in this third post we’ll look at how Intune integrates with Office 365 accounts and even AD on-premises as well as what’s new in policy management.
Active Directory and Office 365 ^
By integrating Intune with Windows Azure Active Directory Microsoft achieves simpler administration; if your organization is already using Office 365 as the same accounts can be used, it also means you no longer have to use a Windows Live account for Intune. If you were already a user of Intune before the June 2012 upgrade you’ve probably already gone through the process of changing to using an Office 365 / Azure AD account.
Because Intune now uses the same authentication mechanism as Office 365 you can setup Active Directory Integration using the Microsoft Online Services Directory Synchronization tool. Whilst this sounds all well and good, this is not a trivial undertaking with a fair bit of infrastructure requirement and not something you’ll go through for 20 or 30 sales staff and their devices. If your business however is already using Office 365 with Single Sign On (SSO) configured or you have a large number of users / devices to manage using Intune it might make perfect sense to extend your AD to the cloud.
The new Intune end user portal is definitely inspired by Metro – which isn’t even called Metro any longer.
The new Company Portal allows end users to pick software they need for their job rather than having it pushed to their machines. They can also install software to other PCs, enroll mobile devices and access help desk / remote assistance. Users can even add or remove machines from the service themselves.
Policy improvements ^
Intune comes with templates for security settings and Firewall settings, these now have recommended settings based on the Microsoft Solution Accelerator Team (SAT) guidelines, making it quick and easy to setup good policies. For mobile policies you can define whether users have to enter a password to unlock devices, inactivity timeout, whether to allow users to download email attachments, use the camera or use a web browser, and on supported devices whether to require encryption.
Because a cloud only solution can put a lot of pressure on your internet bandwidth, previous releases offered a BITS setting to limit bandwidth during certain hours of the day. This new version enables the peer distribution platform present in Windows 7 (Pro, Enterprise and Ultimate) and Windows 8. This is the same technology that enables Branch Cache and means that if you have an office with a slow link and five machines that are managed by Intune, when a user downloads software to one of those PCs, it’ll also be cached and other machines in the office will automatically grab the content from this machine rather than downloading it again over the internet connection.
In the fourth and final part of this Windows Intune overview we’ll look at what’s new in the administrator console as well as how SCCM 2012 SP1 will integrate with Intune.