What’s been keeping the TechNet team busy this week? Yes, you’ve guessed it, Tech.Days. We’re working really hard to get all the sessions posted online, so whether or not you joined us in Fulham, you’ll soon be able to grab the resources and demos for yourselves. In-between sessions this is what we talked about on the blog this week.
Have a lovely long weekend – we’ll be back on Tuesday.
Bored of your colleagues? Fancy a new desk? See if MSemploy can help you out.
Systems Analyst, Global IT Consultancy
London £Competitive Gold Competency Gold Competency Project Manager London £Competitive Gold Competency
Here’s the blurb:
Remote Server Administration Tools for Windows 7 with SP1 enables IT administrators to manage roles and features that are installed on computers that are running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003, from a remote computer that is running Windows 7 or Windows 7 with SP1.
IT Pro Evangelist
Managing from the cloud with Windows Intune
Securing and managing the devices that users take for granted when accessing the cloud is top of mind for IT Professionals everywhere and there are lots of solutions to make things more secure. What about desktops PCs? Everyone in the desktop world is accustomed to managing, patching, remote controlling and securing computers but are there new opportunities presented by the cloud? The answer is of course yes. Windows Intune is a new Microsoft product that allows you to manage Windows computers from the cloud, without the back end infrastructure normally associated with endpoint management.
One of the most striking benefits and one that resonates very strongly with those responsible for paying for business IT is the potential cost savings that come from not having to intensively manage infrastructure. Windows Intune is a pretty cool product because it allows for management of corporate PCs without the need to deploy costly servers and spend time engineering that back end infrastructure normally required in a corporate environment. Not only that but some interesting license benefits make Windows Intune exceptionally valuable for some organisations. First off let’s understand what this new offering does.
Manage Windows Update
Windows Update is one of Microsoft’s largest publically available cloud services providing patches and updates to millions of computers around the world each day absorbing the scale required on busy days like patch Tuesday (the 2nd Tuesday of every month when Microsoft releases patches). In fact if you every try to update a computer from Windows Update you’ll find that the service is out there, ready to serve. Contrast that to the “traditional” approach whereby you have a Windows Server Update Services (WSUS) server installed in your business to achieve control over the patches applied to corporate computers and you’ll see that, whilst its and essential service, it’s another server to run, another server to manage and another server buy. WSUS is perfect for some circumstances but increasingly whilst WSUS provides both local caching of updates and control over which are applied the caching is a reducing requirement with increased bandwidth.
With Windows Intune you have control over which updates are applied to which computers and when within your organisation. All updates are pulled from the highly available public Windows Update service though reducing the need for a local WSUS server. Why this need for control? Occasionally an update can cause issue with an incompatible line of business (LOB) application. Windows Intune allows you to group computers together to apply updates or to reject them so you can create a scenario just like I have in my test lab: I have a “testing” group that applies all Windows Updates automatically, when I’m sure they’ve not caused any issues with the applications running on those machines I allow my “corporate” group to apply the updates but I have a group of special machines “CXO office” that only allow updates to be installed when manually approved. This scenario allows me to retain control, something that some people fear the loss of with cloud.
Windows Intune comes with anti-malware software built in that uses the Microsoft Forefront Endpoint Protection and Microsoft Security Essentials technology to provide a highly reliable yet simple to use solution. The testing I’ve done found every test virus in seconds as you’d expect but the notifications to the end user are simple, elegant, unobtrusive and easy to understand. The centralised management that’s built in lets administrators know that malware was detected and what action was taken to resolve the issue or if there was a reason that the issue wouldn’t be resolved lets the admin know what to do next. When it’s a known malware problem the admin is given detailed information from the Microsoft security response centre which makes their workflow even easier by giving them useful follow up hints.
Updates to the malware protection features are handled through Windows Update so as long as you’ve got an internet connection updates area available and they’re controlled in the same way as Windows Update. That makes it simple to introduce testing or validation if your business needs it.
Manage Windows Firewall
Increasingly with laptops and devices being more mobile a device firewall is essential and increasingly so within the corporate environment. Two examples for you of why they’re necessary. Firstly you need to defend those devices when they are used in less secure locations, like a coffee shop when your sales guys are having a meeting. Secondly within the corporate network you are likely having (let’s call them) uncontrolled devices coming in, someone brings their mobile in and connects to the corporate WiFi network or the like. You don’t know what could be on that device so better to protect all your devices to some degree and one way is with device firewalls. Windows includes one as standard in all versions from XP to Windows 7 and Windows Intune allows you to centralise that management, to be able to push out policies to devices and even to be able to open or close firewall ports on those devices.
Knowing what hardware and software you’ve got in your organisation is a critical task for most administrators and one that introduces enough pain that most hate the task: I know I once had to write a script that used WMI to interrogate more than 5000 devices! Windows Intune includes hardware and software inventory that reports back on what software is deployed to which computers and will simply tell you what hardware each computer has. The information can be used to populate spread sheets or create HTML based reports but critically it can be used to understand what you need to do to upgrade to Windows 7.
I’ll do licensing in a bit but every Windows Intune license includes Windows 7 Enterprise for the life of the Windows Intune license.
Not only do administrators get alerted about updates that have been missed or malware that’s been detected by they find out about all sorts of computer specific stuff that could be causing users concern. For example hard drive space shortages can be spotted and addressed by admins with a phone call explaining how to clean up some space, or by ordering a new drive. That’s the kind of shift in customer service that users love but that cloud represents, IT being able to add more value and do more with less.
One of the best tools for helping users is to be able to take control of their computer or even just to watch it whilst they explain a problem. For me that traditionally meant knowing some kind of information about the computer and obtaining that from the user was like pulling teeth… “I need your hostname”… “my hostname?”… “the name of your PC” … “where do I find that” … “right click Computer and select properties” … it says “Local Disk: C: , Devices with removable storage” … “no, right click” … etc. etc. sound familiar?
Windows Intune doesn’t need any of that, the user clicks a link in the Windows Intune client software and the administrator is sent a link to start a remote session. No back and forth or preamble, it just works.
The only software required for Windows Intune is a client application which when downloaded from the Windows Intune administrators console is unique to your organisation. From then on as soon as it communicates with the Windows Intune cloud service the computer is identified as your organisation and off you go. Zero client configuration required, just Next, Next, Next.
The back end
It’s a cloud service; there is no back end infrastructure to deploy. It’s that simple.
How much does it cost?
Ah now onto the always very worrisome licensing conversation. Except that it’s not a worrisome conversation and in this case I think you’ll like it. Licensing for the UK is £7.25 per month, per PC and included into that you get Windows 7 Enterprise installation rights for any PC that is licensed with Windows Intune. That means that for £7.25 per month per PC you can finally get them all to the same version of Windows and get the best possible Windows 7 experience. On top of that pay a little more 60p per PC and you’ll get the rights for MDOP…so you get App-V, Med-V, DaRT etc.
And to answer your question yes, if you have an EA it does get cheaper, and yes the more machines you have it does get cheaper, go over 250 machines and the price drops then again at other levels.
Is it right for you?
If all the above sounds fantastic then you’re probably thinking you’d like to investigate you can get a trial for 30 days free, have a look at http://windowsintune.com for details. Who is Microsoft aiming this at though? Well it’s perfect for smaller businesses that lack an existing solution and for larger businesses that don’t have the need for Operating System Deployment (OSD) or Enterprise Software Deployment (ESD) those are the two things that Windows Intune can’t yet do. It has however been tested up to 20,000 devices in an organisation, which will do most people I think.
I like when there’s an and finally part to a post, a couple of things that I think are brilliant about Windows Intune but that don’t get a lot of air time. It’s the cloud; that means that the infrastructure is run for you, so upgrades happen for you, when there’s a new version of Windows Intune there will be a smooth way to upgrade and Microsoft will do it for you.
Also because it’s the cloud the second the computer can see the internet it can see Windows Intune and the Windows Update service and that means that wherever that computer is you can manage it. You can deploy updates, update malware definitions, update anything else needed and provide remote assistance. That for me is the biggest advantage of Windows Intune, it could mean an end to devices brining in malware and such just because they’ve not been connected to a VPN for a while and not hit the antimalware and patch servers that are available only inside the traditional corporate environment.
What to do now
Get the 30 day trial and give Windows Intune a go yourself and don’t forget to download the trial guide to get the most out of the trial. You might also want to take a look at this video to see Windows Intune in action.
Download free 30 day trial: http://www.microsoft.com/uk/windows/windowsintune/pc-management-how-to-try-and-buy.aspx
Windows Intune TechCentre: http://technet.microsoft.com/en-gb/windows/ff472080
Watch video: http://www.microsoft.com/showcase/en/gb/details/41c9e668-c28b-4629-a687-8a92e34ca133
Another announcement from TechEd 2011 this way comes…SP1 releases for Office 2010 and SharePoint 2010 are on track for the end of June. Get the highlights over on the Microsoft Office Updates blog.
For more Office goodness, visit the Office Springboard pages on TechNet – your one-stop-shop for technical resources. You’ll find the SharePoint TechCenter here, also on TechNet.
I didn’t realise, but there’s a TechNet blog dedicated to Windows Phone for IT pros. With some interesting announcements made on this topic over in the US at TechEd 2011, why not find out what’s new in the team’s latest post: Overview of New Business Capabilities for Windows Phone Mango announced at TechEd 2011.
I work in the Partner Technical Services team (PTS) and my job is to ensure that our Partners in the UK, Ireland and EMEA are getting the support they need to win deals and deploy Microsoft technologies to their customers.
I have worked at Microsoft for over ten years and my technical background is messaging (Exchange), where I was a Support Engineer and then a Premier Field Engineer, before moving over to the Partner organisation.
It’s interesting trying to describe a typical day as I don’t really have one. My role is split between Technical Lead and Compete Lead, so my days are usually a good mixture of activities. What does this mean? Well, as Technical Lead, I collaborate closely with my colleagues in the Partner organisation ensuring that PTS is working with them efficiently and to ensure our Partners are getting all the assistance they need. For example, if a Partner is working on large or strategic opportunity and they need pre-sales or deployment assistance, I will work with all stakeholders to ensure that they are getting the appropriate input. Another significant aspect of my role is working with and being a point of escalation for our service delivery team who are based out in Bangalore, India. We have a great team of around 20 consultants who support our Partners across all the Microsoft technologies and I see myself as an extension of that team, working particularly closely with the delivery team leads, to ensure we are meeting the requirements of Microsoft in the UK and Ireland and most importantly, our Partners.
As EMEA Compete Lead, I support my colleagues across EMEA when they are experiencing blockers in helping their Partners, particularly when there is a competitive element to the Partner’s request and the consultant is unable to progress it for whatever reason. These can often be high-pressure situations, which is something I enjoy, especially when you see the outcome and it has been successful for the Partner.
Over the last few months, I have been spending a lot more of my time working on Microsoft Online Services, which is great given my messaging background. With the imminent launch of Office 365, I expect it to be a busy few months working with our Partners and getting customers on to this awesome new product.
No doubt, I will finish today having provided competitive assistance, been a relationship manager and had one or more technical discussions, amongst other things!
Grab your copy of this free guide from Directions on Microsoft. Yes, you need to register but it’s worth it. Here’s the blurb:
This 44-page report is a definitive guide to licensing SQL Server 2008 R2. Use it to get clarity about the type and quantity of SQL Server licenses your organisation needs and the best way to purchase them, for both conventional and virtualised servers. This guide provides detailed information about the eight editions of SQL Server and when they're most appropriate, product bundles that include SQL Server and when they make the most economic sense, the different licensing models you can choose between and how to decide, and much more.
Download the guide here.
Here’s this week’s round-up of UK TechNet goodness. If you’re coming along to Tech.Days next week, come and say hello to the team – we’ll be the ones running around like headless chickens, or in some cases, presenting (not me, you’ll be relieved to know).
Have a great weekend.
Microsoft is supporting free Linux CentOS on Windows Server via Hyper-V and offering technical support for service providers. Read the full article over on The Register.