Recently, I signed up for the Windows Intune Public Beta to see what new features had come to the service since the project began. I was also on the TAP program for the project and so far after playing with the new version a bit, I like what I see.

What does it do?

Windows Intune is an update and systems management platform built in the cloud that will allow organizations to manage Windows Updates, plus antivirus and anti-malware definitions on any computers within their environment. Computers managed by the Intune service do not have to be on the corporate network to be managed.

The new service, now in public beta (invite only), seems to be a “best of both worlds” scenario. The organizations that use it will be able to centrally manage systems, similar to how they might do it today with Windows Server Update Services. Added though, is the ability to manage systems that are not on the corporate network. For example, the road warrior who travels constantly and doesn’t connect to the corporate network very often might be a prime candidate for use with Intune because corporate IT can manage their updates and anti-malware definitions anywhere they might be located as long as they have Internet access.

Microsoft has another technology that will do this and many more things besides called Direct Access, which allows corporate IT to manage and interact with systems (without Remote Desktop) no matter where they are. Windows Intune is similar in that disparate systems can be managed with the service but IPV6, Windows 2008 R2, Windows 7 and other new technology is not needed on premises for the technology to work.

Why would I want to use this?

I was one of those who was leery at first about deploying yet another antivirus/malware application since the applications currently in use within my organization were keeping up. That’s enough to manage without adding another item to the mix. Then Microsoft released Security Essentials — I loaded the free application on my laptop and honestly have not looked back since.

The updates to definitions are good; it integrates very well with Windows and has a very small footprint. What does this have to do with Intune? It is very similar. The agent for Intune that the clients will use looks almost identical to Security Essentials (at least for the scanner portion of the application).

Another reason to look at Intune when it becomes available is the remote management tools that are slated to be included. Features like remote desktop initiated by the client through the Intune service could be very helpful for consultants and corporate IT when a remote user calls with an email problem.

Windows Intune looks very streamlined. It is a Silverlight application and really looks great in the browser; see Figure A.
Figure A

Windows Intune Overview page

Because Intune lives in the cloud, Microsoft takes care of managing that service. For customers, this is a great option because they get to work with the service and not worry about keeping it running.

How does Intune work?

Windows Intune has a server piece that lives in the Microsoft cloud and a client piece that contains agent applications for the various things Intune will manage. These agent applications communicate with the service to get what they need, from updates to antivirus definitions.

It works much like Windows Server Update Services, but uses Windows Update and the Internet rather than a prepopulated server on your corporate LAN.

Features and navigation
Windows Intune can manage many things, from licensing to anti-malware updates; the navigation pane is outlined below and shown in Figure B.

  • System Overview: high level overview of the Intune service
  • Computers: displays the systems enrolled in the service
  • Updates: displays information about updates needed
  • Malware Protection: displays information about malware threats found
  • Alerts: warnings and information about the service
  • Software: lists of applications installed on enrolled computers
  • Licenses: an area to manage license agreements
  • Policy: allows the creation of policies to control how the service interacts with the computers
  • Reports: reporting for the Intune service
  • Administration: client download and administrative usage information

Figure B

Intune navigation pane

The service will also allow administrators to manage licensing within the application, making it a one-stop shop for keeping tabs on clients and applications that your organization might use.

When clients running Intune need remote assistance or want to interact directly with Intune (for updates or scanning), they can use the Microsoft Windows Intune Tools pane to do so. When they open the tools application they will see a dialog box that looks like the one shown in Figure C.
Figure C

Windows Intune tools

This will allow them to select the task they wish to perform. It is my estimation that the most used portion of the tools application will be Easy Assist, which provides a way to allow an end user to request help from the IT Staff or, in this case, the Intune administration staff, by sending a notification to the Help Desk via the Intune Web interface that the user has requested help.

Within the Intune Web interface, when there is a remote assistance request, the alert appears on the main screen to ensure that the support staff will see it. The item looks similar to Figure D below.
Figure D

Alert for remote assistance

Bottom line

Windows Intune is a solid product at this point and will surely have added features and as it moves toward release. If you’re looking for better ways to manage remote users’ systems, you’ll definitely want to monitor Intune’s progress.