This is the week of the Microsoft Management Summit in Las Vegas and, as well as the whole load of System Center-related announcements that we can expect this week, Microsoft has formally announced the beta of a new cloud-based PC management service called Windows Intune.
Designed for customers who have 25-500 PCs, Windows Intune is intended to provide a cloud-based desktop management service in the way that BPOS does for business productivity applications.Â Aimed squarely at the mid-market, Windows Intune (formerly known as System Center Online Desktop Manager) allows smaller organisations to gain some insight over what’s happening in their PC estate, avoiding the high infrastructure costs associated with enterprise products (and even System Center Essentials needs a server on site).
All that’s required on the PC is an Internet connection (and an agent, which Microsoft described as “lightweight”) but also included in the service is a license for Windows 7 Enterprise Edition and the MDOP technologies – that’s a single license purchase for a lot of functionality!Â Microsoft is making the beta available today but interested customers will have to move quickly – it’s limited to 1000 users in the US, Canada, Mexico and Puerto Rico only – Europe and Asia will follow within a year.
For those organisations that are not quite ready for Windows 7, the license with Intune can be downgraded to WindowsÂ XP Professional or Windows Vista Business.
Administrators simply need an Internet connection and a Silverlight-capable browser to access a console which provides a system overview showing a rolled-up status including malware protection, updates, agent health (offline clients) and reports on operating system alerts (e.g. disk fragmentation) along with a number of workspaces – currently:
- Computers – which may be organised into groups and subgroups (e.g. to assign policies and reports).Â Any groups are completely inside Intune and are nothing to do with Active Directory (a computers can exist within multiple groups). It’s also possible to drill down and expose details for each computer (updates, alerts, malware status. etc.).
- Updates – a roll-up of all updates together with the ability to drill down on update type (i.e. security, critical, definition, service packs, update rollups, mandatory updates) and to filters to see which updates are waiting to be approved.
- Malware protection – showing which clients have been infected and any resulting action – including integration with the endpoint protection encyclopedia (with the Microsoft Malware Protection Center)
- Alerts – for malware protection, monitoring, notices, policy, remote assistance, system or updates.
- Software – an automatic inventory reports details about the machine itself and installed software, which may be printed or exported as a CSV file.
- Licenses – the ability to to track licenses within Software Assurance (SA) agreements by entering theÂ agreement numbers correlating installed software with purchased software (for Microsoft products only).Â Microsoft were keen to highlight that privacy will be taken seriously with third party audit ensuring that theÂ information is private to customers and not used by Microsoft to enforce its licensing.Â In addition, the entering of SA agreement details is optional and the service will function without this information.
- Policy – controlling how Intune and clients function including agent settings (template driven, but not using
- Group Policy – indeed Group Policy will override in any conflict), tools settings, and firewall settings (Intune communicates over HTTP, and the agent installation will also open remote management functionality).
- Reports – providing a snapshot of status.
- Administration – each computer is identified by a download/installation and multiple administrators may be defined for the service, with notifications on particular alerts (i.e. by e-mail).
From a client experience perspective, the Windows Intune Tools can be used for an end user to request help from Easy Assist (by sending an urgent alert to the Intune service – this has to be user-initiated and the administrator cannot arbitrarily take control of a client) and the end user can also check the update status with regards to Windows Update and malware protection.
Those who have worked with Microsoft Security Essentials may be interested to note that:
- Windows Intune will work on servers, but is not supported.
- Malware protection is provided by the common malware protection engine (from Forefront) with the user interface from Microsoft Security Essentials (“at the moment”).Â The use of theÂ Forefront Â scanning engine allows for reporting and policy control that is not present in Microsoft Security Essentials.
In summary, Windows Intune is intended as an easy-to-useÂ cloud-based solution for small-medium businesses that requires little or no infrastructure and remains up-to-date.Â It is not an enterprise solution (it’s certainly not a replacement for System Center Configuration Manager) but it is a useful way to license Windows 7 and prepare for Windows 8.
For more information as the beta progresses, check out the Windows Intune Team Blog.