Before we get into this it’s very important to note that Windows Intune is in Beta and things will change. It will still be very cool though…
Managing the Windows PCs in your business is essential if you want to have happy users and want to reduce the threats posed by missed updates, malware and other hassles. It’s also a huge bonus when you know exactly what software is being used in your business (and that you’re licensed for it!) and I’m sure it gives you a warm fuzzy feeling when you get to help out a user without having to leave your desk. Normally you need a server infrastructure to get the best of all this.
Wouldn’t it be brilliant if you could manage all the PCs in your business without having deploy and manage a server infrastructure to do it? Well that’s where Windows Intune steps in to help you out. It’s our new cloud based management solution (currently in Beta) that allows you to manage all the PCs in your business from a console that runs in your web browser and sits in the cloud. No infrastructure needed.
The key things that Intune does for you functionality wise (and there are what I’d call bonuses, BIG bonuses in addition):
So what are the bonuses? How about Windows 7 Enterprise and Software Assurance? That’s a heck of a bonus no? That means that every PC that you install Intune on and pay for will always have the right to have the newest Windows version in line with the Enterprise SKU…and that means you get security features like BitLocker. That in my eyes is a heck of a bonus.
Who’s it good for
If you don’t have any PC management in your organisation and you’re small to mid size, in my opinion Windows Intune is a no-brainer. From day one of using Intune you’ll have a better understanding of your Windows client environment than you’ve ever had.
If you’ve got other PC management in place (that doesn’t have the power of System Center), you are small to mid size and you maintain infrastructure for it you should evaluate Windows Intune, it could save you a fortune.
If you don’t have software assurance then you should consider Windows Intune so you can keep your stuff up to date.
If your remote people have lots of issues that prevent them getting inside your network through your VPN then you should consider Windows Intune because you can manage that PC the second there’s an internet connection. Great if you enforce minimum requirements like having a minimum malware signature level before your users can connect.
If you’re providing a managed PC service for your customers then its awesome once you get your head around direct billing. If you’d like to know more about this let me know.
Finding the sides
Windows Intune isn’t supported on servers and whilst it’s got a fairly comprehensive feature set for managing PCs it’s not got the granularity required by large organisations yet and before doing a large deployment you’ll need to think about networking. Other than that, there aren’t really any, you can technically manage as many clients as you like.
So, lets take a look at some of the highlights of what Windows Intune has to offer and no I’m going through this step by step – there are videos for that.
Lets take a look: Updates
Windows Update is our biggest cloud service, in fact it’s THE biggest cloud service out there, there a millions upon millions of users getting updates from the service every day. Windows Update provides a fire hose of updates direct from source (yep that’s us) for every supported version of Windows and Office and more. Some businesses like a little more control over the fire hose which is why we provide a product called Windows Server Update Service for large businesses. WSUS gives them the ability to control what updates go to what PCs allowing them to create groups of PCs to receive the updates first to make sure they don’t encounter issues such as incompatibility their Line of Business (LOB) applications. The problem with this is that the WSUS server is inside the business network so clients can’t get those updates if they aren’t connected and also it requires infrastructure which smaller business might find costly to deploy.
Welcome Windows Intune.
Windows Intune adds a level of control to that fire hose, a more directed hose nozzle in if you will, allowing the administrator to identify the specific updates to allow and creation of groups of machines to target for specific updates. Just like you’d do in a test environment to ensure your LOB applications play nice.
Inside the console, which is available once you have your account, you find that it’s split into the different aspects that Windows Intune manages. Selecting Updates is the rather obvious way to manage updates and from here the Update Status panel shows you how many updates you have to approve and so on. Updates are split into Critical, Security, Definition Updates (we’ll do this in part 2), Service Packs, Rollups and Mandatory. This last section basically contains the updates necessary to manage a PC with Intune, you see we use the Windows Update service on the PC to keep things in check, neat eh…no extra load for a software update agent.
Updates can be approved or declined meaning that they will be blocked from installing. When an update is approved or declined the flag is set against a particular group of machines giving you some granularity of control…and it’s possible for a single machine to be a member of more than one group. Another very handy feature is that the properties of each update include detailed information about behaviour, severity of the problem being patched and deeper detail such as KB articles.
In part two I take a look at Intune’s Malware protection, Firewall and Remote Assistance and then we’ll take a look at Alerting, Software and Hardware reporting and licensing. Subscribe to my blog so you don’t miss it.
Right now you should apply to join the beta – but remember we want people to try this out, we only have 10,000 places available and they’re filling up fast, but we want people with at least 5 computers to deploy to. You should also check out the official Windows Intune blog too for more.