Channel Daily News

The four best features from Windows Intune

Windows Intune, Microsoft’s (Nasdaq: MSFT) Web-based PC management and security platform, may not get the same level of attention as cloud services like Office 365 or Windows Azure, but Microsoft is betting big on Intune to be the cloud service that will facilitate IT’s evolving job of remotely managing PCs.

Today, about seven months after Windows Intune was initially made available, Microsoft is releasing Windows Intune 2.0. With the new version of Intune, IT admins can manage the deployment of Microsoft updates and service packs to all PCs, keep track of hardware and software inventory, fix PC issues remotely, manage protection from malware threats and set security policies. And Windows Intune can be accessed from wherever there’s an Internet connection.

Windows Intune costs $11 per PC per month (Software Assurance customers will pay less than $11), and that price includes an integrated anti-malware product and Windows 7 Enterprise upgrade rights.

Microsoft says Windows Intune is particularly well suited for SMBs that manage around 500 Windows PCs.

Eric Main, Microsoft director of Windows Intune product management, says the company is also seeing more enterprise interest in Windows Intune as larger organizations try to manage “blind spots”, that is, PCs that are not in the office but belong to road warriors and remote workers. On-premise PC management tools do not provide the convenience and flexibility that Windows Intune can provide for a mobile workforce, he says.

“Many larger organizations already have good PC management solutions on-premise, but also need a cloud-based service like Windows Intune to better manage the wares of remote workers and complete the full picture,” says Main.

To that end, Microsoft is building parts of its high-end, on-premise enterprise products such as SCCM (System Center Configuration Manger), Forefront Endpoint Protection, and MDOP (Microsoft Desktop Optimization Pack) into Windows Intune. For an extra dollar per PC per month ($12), Windows Intune customers can access the MDOP suite of products, which include application and desktop virtualization tools.

Microsoft also plans to integrate Windows Intune with Office 365 so that IT pros can use Intune to deploy Office in the cloud. But right now, that integration is not in place for Windows Intune 2.0.

Windows Intune also does not support mobile devices like smartphones and tablets; it supports only Windows PCs. But Main says Microsoft plans to extend the support to mobile devices in future versions.

Windows Intune 2.0 does offer a slew of new features. Here are four notable enhancements that may make Windows Intune a worthwhile service for IT managers.


Windows Intune 2.0 simplifies the complex task of distributing Microsoft and third-party applications and updates to all PCs that are managed by Windows Intune.

An IT admin completes a simple wizard from the Windows Intune console to guide them through the process of publishing the software for distribution. These software or update packages can be .EXE, .MSI or .MSP files.

After the appropriate information has been entered, the wizard then encrypts, compresses and uploads the package to Windows Azure storage space until it’s ready for deployment. During a trial subscription, 2GB of free Windows Azure cloud storage are provided to store updates or apps until distribution. Paid subscriptions have a pre-determined amount of storage space (greater than 2GB). And customers have the option to purchase more space if needed.

When the software is living it appears in the Managed Software workspace. Administrators can then choose to deploy the software to select PCs. The next time these PCs are online, software installation will begin.

Remote Tasks

The Remote Tasks feature gives IT admins more control over software updates and security scans on managed PCs.

When an IT admin right-clicks on a specific managed PC, a context menu appears with actions including Add to Group, Retire and Remote Tasks. When that admin selects “Remote Tasks” he can perform tasks on a Windows Intune managed PC, with options including:

Run Full Malware Scan, which starts an immediate full scan of the client computer

Run Quick Malware Scan, which starts a quick scan of the client computer, searching for select files and common file paths in just a few minutes

Update Malware Definitions, which instructs the client software on the managed PC to check for the latest Windows Intune malware definitions

Restart Computer, which forces a managed computer to reboot

License Management for Other Licenses

Windows Intune 2.0 extends software license management beyond just Microsoft enterprise software licenses to include Microsoft retail licenses, OEM licenses and other third-party licenses.

IT admins can use this feature to track purchased licenses against actual installations by entering details into the software catalog such as the publisher name, software title or number of licenses purchased. Software licenses can be tracked on the Add Agreements page under Licenses.

Read-Only Access

When adding administrators to a Windows Intune account, admins can select whether or not to grant full administrator rights or read-only access to information.

Someone with read-only rights can view all the information in the Windows Intune Administration Console, but cannot take any action such as approving an update or running a scan.

The read-only admin role can be useful when training new employees. These new employees can get familiar with the console without actually performing an action. Once they are comfortable, a full-access administrator can switch the new employee’s access from “read-only” to “full access” if desired.