Windows Intune is a collection of some of Microsoft's most helpful desktop management tools sold as a cloud-based service. Justin James explores the beta.
Microsoft has recently opened a beta of their new Windows Intune product. While the functionality in the Intune offering is not new, what is unique about it is the packaging. Intune is a collection of some of Microsoft's most helpful desktop management tools sold as a cloud-based service. I spoke with Alex Heaton, the Intune Group Product Manager at Microsoft, to learn more. Let's take a closer look at what exactly Intune is and is not.
When Microsoft says that Intune is a cloud-based service, it means that the management end of the application sits on Microsoft's servers. On each desktop that you want to use with Intune, you install a local application that securely communicates with the Microsoft servers. Intune does not need any kind of integration with your Active Directory deployment or any of your servers. This eliminates a lot of potential headaches around security and also allows Intune to be used in environments without Active Directory. Microsoft has also built out a management system for managed service providers who may want to handle multiple customer accounts with Intune.
Screenshot courtesy of Microsoft
Intune encompasses the following functionality:
- Antivirus: Using the same underlying technology from Forefront Endpoint Protection and Microsoft Security Essentials, Intune can perform real-time and scheduled virus scans on systems.
- License Management: If you purchase your licenses through a volume license agreement, Intune can have those licenses loaded into it and perform a system inventory to help you ensure that you stick to the terms of your licensing.
- Monitoring and Alerting: Using a system similar to Systems Center Operations Manager, Intune can alert you when there is a problem with a desktop, such as a virus infection or a failed hard drive.
- Update Deployments: Intune can manage your system updates and patches and give you control over which patches get deployed to which systems and verify that the patches have been applied.
- Remote Assistance: You can use Intune to access your PCs to perform remote problem solving.
- Policy Management: Intune has functionality for controlling certain aspects of Windows via policies. If you currently use Group Policy, your Group Policy settings will override Intune's if there is a conflict. The full list of Intune's policy capabilities can be found here.
If these sound familiar, it is because each one of these pieces corresponds to an existing piece of Microsoft software. The updates management is essential Windows Server Update Services (WSUS), for example.
One thing that Alex made clear is that Microsoft does not intend for the Intune features to be watered down or "light" versions of existing products. That being said, Intune will not be as full featured as the current server products due to Intune's being in the development cycle. However, Intune will grow and expand to encompass more of the functionality of the on-premise software.
Right now, it looks like the sweet spot for Intune is small shops that lack the manpower or budget to install, configure, and maintain heavy-duty server applications. From personal experience, I can tell you that applications like Forefront Endpoint Protection and SCOM do not have the most pleasant installation scenarios, and they are hardly inexpensive.
In addition, the typical IT department (especially for a smaller company) really does not need full power of many of these applications. For example, with WSUS, you usually just need to make sure that servers never do automatic patching (other than deploying definition updates for antivirus and antispam), and you must push patches to all desktop machines once a month after you have tested them and feel comfortable sending them out. Do you really want to manage an entire server and deal with the storage needs of WSUS just for that? Probably not.
I feel that for an IT department that needs the functionality that is part of Intune, they could save three to five days of installation and configuration by using Intune, and they will save themselves from creating at least three servers (or virtual machines), which can save a bundle of money. For a managed service provider (or an "on-call" systems management consultancy), Intune looks like it can be a good value add and a winner for both the consultancy and the clients.
Intune is supported on Windows XP, Vista, and 7. In addition, Intune customers will be granted upgrades for their Vista and XP machines to Windows 7 Enterprise. Unfortunately, Intune cannot manage the upgrade itself. If you want, you will also have downgrade rights. Intune-managed PCs will also be able to upgrade to future versions of Windows as they are released.
Microsoft Intune is currently in beta. You can sign up for the beta if you have five or more PCs that you are ready to manage with it and if you are able to get started within a week of signing up. Microsoft is trying to make sure that their limited beta accounts go to shops that are serious about trying the system. Intune is expected to go gold in the first half of 2011. Pricing is set for $11 per PC per month, with volume discounts available for more than 250 PCs.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!