Latest posts by Paul Schnackenburg (see all)
- Project Honolulu - A new way to manage Windows Server - Wed, Nov 22 2017
- Use Azure Managed Service Identity (MSI) to store passwords in your code securely - Thu, Nov 9 2017
- Azure Data Lake overview - Fri, Sep 22 2017
When we looked at Windows Intune back in June 2011 it had just been released in March 2011 and that first version lacked some features. Microsoft followed up with a second version in October 2011 and then again with version 3 in June 2012.
Compared to on-premises products there’s certainly a quicker pacing in the updates to this “cloud only” management solution. There has also been some confusion around the integration between the incumbent solution – System Center Configuration Manager (SCCM) and Intune as in some ways they do the same thing, something that’s going to be addressed in the forthcoming Service Pack 1 for System Center.
Note that Microsoft doesn’t attach version numbers to Intune (or any other cloud service), it’s simply the “new version” or the “June 2012 release” but for simplicity’s sake when discussing features I’ll refer to each version as 1, 2 or 3.
In this series of four posts we’ll look at what’s new in Intune, where it fits for both small and large businesses and what’s still missing, along with how the integration with SCCM is going to happen.
In our review of version 1 we found that the product lacked software distribution support, remote performance monitoring, remote control and actions, I’m happy to say that this version addresses all these issues, along with other improvements.
The first pane of the Windows Intune admin console give an overview of alerts and system status, along with links to more details on computers and mobile devices.
Introduction to Intune ^
For those new to Windows Intune it’s a cloud service, provided by Microsoft and sold through partners worldwide, that manages client computers and now mobile devices. Each PC has an agent installed and this agent reports hardware statistics and software installed back up to the service as soon as a machine has an internet connection.
Downloading and installing the agent is simple if you’ve only got a few to deal with, for larger implementations it’s easy to distribute the agent using SCCM or Group Policy Software distribution.
Intune comes with an antimalware application (Endpoint Protection) that also reports back up to the service so an administrator can see if machines are infected. Intune manages updating Windows with patches (replacing WSUS or Microsoft Update) and administrators can upload software applications to the service which can then be automatically installed on select machines or alternatively be offered to users so they can choose to install if they need it.
Intune can also track your volume licensing agreements, as well as third party licensing to demonstrate compliance. Policies for mobile devices, Windows Firewall and the Intune Agent / Center can be scoped to groups off users or machines / devices and then be pushed out from the service. If there’s a domain joined machine that’s receiving both Group Policy and Intune policies, and settings conflict, Group Policy settings prevail. Reports can be generated for update status, software installed, hardware and licensing compliance. Windows Intune also comes with upgrade rights to the latest version of Windows Enterprise.
The information that’s gathered for hardware and software inventory is comprehensive.
In part two of this four part series we’ll look at the new mobile device support in Windows Intune 3.