Continuing my series of articles about Windows 8, I want to introduce you to Microsoft’s cloud-based client management solution, Windows Intune — more specifically, the latest edition of Itune, which went live in December 2012.
The following topics will be discussed:
Windows Intune (Wave D) is a cloud-based management solution for clients, where clients can be anything from Windows XP SP3 all the way up to Windows 8 and RT, as well as Apple iOS 4.0 or higher-based devices and Android 2.1 or later. However, it is NOT capable of managing Server Operating Systems.
Many enterprises are struggling with decent management of mobile devices (BYOD-related), for which Intune is a good and centralized solution. In short, management is handled through a web browser, where client integration is possible by using a Windows Intune client (on Windows devices) or through Exchange ActiveSync (Apple iOS and Android).
The following features are part of Windows Intune:
As of Wave D, which was released mid-December 2012, Windows Intune can also be integrated in System Center Configuration Manager 2012 SP1, allowing for both cloud-based and on-premise device management possibilities.
As with most cloud-based solutions, a monthly fee is required for this solution. Also, as of Wave D, licensing is done per user, allowing up to five different devices per license. For example, if your CTO has a Windows 7 laptop, Windows 8 RT device, and an Apple iPhone, only one Itune license will be required.
If you asked a sysadmin for a Microsoft solution for client management, it’s likely he or she would refer you to System Center Configuration Manager (SCCM). The latest version of SCCM is part of the System Center Suite 2012, with ServicePack1 released in January 2013.
SCCM 2012 has similar features to Windows Intune, but goes way beyond. First of all, it requires Active Directory as a base for the SCCM installation. Next to that, client management is done through the installation of a SCCM client agent (although certificate-based management is also possible for non-domain joined devices or DMZ-located networks).
Some of the functionalities in SCCM 2012 that don’t exist in Windows Intune:
As already mentioned in the introduction, a combination is possible between Intune Wave D edition and System Center Configuration Manager SP1, which would align multiple features together. This combination is a Mobile Device Management (MDM) solution, something companies are looking for nowadays.
Next, I’ll walk through the Windows Intune free trial registration and all the way up to the installation of the Intune agent on my Windows 8 RT Surface device, which will show you both the administrator part and the end-user experience.
Here we go!
First, get the free Intunes 30-day trial. Enter your contact details and select a domain name.
After registration, you need to login, after which you will be redirected to the Windows Intune Administration Console.
Now you are in the Windows Intune Administration Console. Let’s start with a short overview of the menu options.
|System Overview||The landing page of the Intune Admin Portal; allows you to download and deploy the Intune Client Agent, as well as configuring mobile device management features|
|Groups||Allows you to “group” devices and users into logical units for administration|
|Updates||Just like Windows Software Update Services / WSUS, allows you to specify how / which Updates will be pushed to managed clients|
|Endpoint Protection||AntiMalware plug-in (antivirus, security protection)|
|Alerts||Centralized Overview of all alerts from all managed devices|
|Software||From here you can create install package policies to have (custom) software installed on managed devices|
|Licenses||Optional feature, which allows integration with your Microsoft licensing contract, allowing you to ease license administration and usage (eg. See if you have enough Microsoft Office 2010 licenses based on install usage)|
|Policy||The Policy workspace allows to configure system and mobile devices policies. (eg. Configure Windows Firewall settings). Although it looks a lot like Group Policy settings, it is not that powerfull and doesn’t go into that much detail|
|Reports||As the name says, reporting snap-in; 4 reports are possible: Windows Updates status, Installed software report, computer inventory report and license report|
|Administration||Allows for some general administration settings like specifying which updates you want to install, alert types, notification settings, mobile device authority settings, parameters to be used on the Company Portal|
For now, let’s assume we are happy with all default settings provided by Windows Intune, and we want to go forward with the installation of the Windows Intune Client agent.
You can install the Windows Intune client a number of ways, including these three options I’ll discuss in more detail below: From the Windows Server system overview page; via the Windows Intune company portal; or by using a deployment tools like System Center Configuration Manager. [Editor’s Note: You can also deploy the Intune client as part of an image.]
Option 1: From the System Overview page, select Download and deploy the Client Software.
Next, click on the Download Client Software button, as shown below.
Option 2: Have your end-users first log on to the Windows Intune Company Portal, and let them download the Windows Intune Client software package from there.
First, click on Company Apps.
If this is the first time you want to start this application, a popup shows that you must install the Windows 8 Company App first from the Windows 8 Store.
Click Install (it is possible you have to logon first to get access to the Win8 Store).
Once the app is installed, start it up from your Start Screen.
Select Enroll this Device Now, as shown below.
Again, click on Download the Windows Intune Software. This will download the Windows_Intune_Setup.zip install file for you.
After the download is finished, the Intune Client installation will launch automatically. This is a simple next-next-finish install.
When the installation is finished, go back to your start screen, which will show two new installed applications: Windows Intune Center and Windows Intune Endpoint Protection.
Start the Windows Intune Center. This is a kind of “dashboard” with client information based on Windows Intune Client settings (for instance, if Windows Updates are ready for installation, Windows Intune Center will show a shortcut to install additional applications).
Finally, when logging back on to the Administration Portal/System Overview, it will show one additional device in the computer summary. When clicking on this link, the detailed view of my client device are displayed, such as manufacturer, operating system, serial number, etc. When I double-click on the device itself, another page is opened showing even more details about this device, such as the status of updates, malware, alerts, and hardware/software inventory.
Oh yes, besides both mentioned installation methods, there is also a 3th approach possible, using a manual installation approach – or a non-Windows Intune based installation I could say.
3. Manual installation
After you’ve downloaded the Windows_Intune_Setup.zip file, it is also possible to deploy this to your current client devices in a manual way, that is, by using group policy software deployment, System Center Configuration Manager, or any similar software deployment tool you have in an Active Directory-based environment. You could also email this file to your end-users or have it available for download on an intranet site or something similar. It is also possible to deploy the client by using custom scripts like you would for other software.
Stay tuned for my upcoming article that dives even deeper into Windows Intune administration.