In the last post of this four part review of Windows Intune 3 we covered authentication and policies, in this final part we’ll look at what’s been improved in the console as well as the forthcoming integration between SCCM and Intune.
You can now customize your alerts thresholds as well as change the severity level of alerts to suit your particular environment. Windows and Microsoft application updates are now listed with the KB article number, making it easier to prove compliance by giving you visual feedback as to the installed status of particular updates. Also new is that in this version, when you remove a client computer from management, the client agent is automatically uninstalled; previous versions simply severed the link between the service and the client but left the agent installed.
Intune, like all management systems, can suffer from too many noisy alerts but at least now there’s ways of configuring it to be a bit quieter.
Groups in Intune can now include user accounts and mobile devices, previously they could only hold computer accounts. Also new is the ability to define criteria that dynamically adds members to a group without you having to assign users, computers or mobile devices to groups manually; group membership can even be a mix of static and dynamic assigned accounts. If you have AD on-premises and AD FS you can use your internal security groups as criteria for membership, you can also use the Manager attribute of an account as a criteria for group membership. For computer accounts you can use AD Organizational Unit (OU) location or the domain as criteria. As in previous versions a computer can be a member of multiple groups. Intune is also switching from a per device to a per user license model where each user account can use up to five managed devices.
Marrying the cloud and on-premises
Service Pack 1 for System Center 2012 is coming in early 2013 and will bring integration between System Center Configuration Manager (SCCM) and Intune. As this functionality isn’t available in the beta of SP1 yet we’ll have to wait and see exactly how this integration will be achieved but so far we know that Intune can be accessed from within the SCCM console and that there will be licensing and pricing concessions for users of SCCM in accessing Intune. This integration achieves the best of both worlds: state of the art management of traditional PCs as well as a comprehensive and easy to use cloud management of mobile devices as well as laptop users that seldom or never come in to the office.
New in this version is the ability to link users to their devices, similarly to how SCCM 2012 approaches “user centric IT”
Windows Intune is going from strength to strength at quite a rapid pace. The most glaring problem at this stage is that it only supports client machines – not servers. This is why it’s not seen as competition for other platforms (Kaseya, GFI Max, HoundDog) for Managed Services. For small businesses, especially those with little or no server infrastructure Intune is a natural fit and can be cost – effective if you factor in the included Windows license. For medium and large businesses Intune represents one way to exert some control over the BYOD security challenge that most IT departments are facing. Although there are certainly other mobile device management and mobile device application management solutions with richer feature sets. For those who have already rolled out SCCM 2012, the coming Intune integration will be a natural step.
But there are still question marks around management of Windows RT tablets and Windows Phone 8 and we’ll have to wait until the next release to see how this pans out.