Windows Intune 2 Soars at WPC 2011

At its annual Worldwide Partner Conference (WPC), held this week in Los Angeles, California, Microsoft provided a number of interesting updates related to Windows. The most interesting, I think, is the public beta release of Windows Intune 2, a major update to the cloud-based PC management service that Microsoft launched earlier this year.

You may recall that Microsoft was pushing a more limited beta version of its first Windows Intune service at last year's WPC. Well, here's how much things have changed in just a year: The v2 beta is open to one and all, and it's available in all of the 40 countries that Microsoft is currently offering the first version of the service.

In case you're not familiar, Windows Intune is a cloud service, aimed mostly at small- and medium-sized businesses, which allows you to easily manage computers, software updates, security, and Microsoft software licenses, regardless of the location of the machines you're managing. (You can read my overview from last summer, Hands On with Windows Intune, for more information.)

Depending on your perspective, there are one or two major failings in the 1.0 version of Windows Intune. First, it doesn't truly integrate with Active Directory, but rather exists outside of AD, offering its own flatter and simpler policies. (That said, it does respect AD policies, so that any conflicting policies will always default to your original AD choices.) Second, it doesn't offer any form of software distribution capability.

I don't believe the lack of deep AD integration is an issue, and in fact for the business types that Microsoft is targeting, this may in fact be an advantage, and a chance for Microsoft to re-do things from scratch with some perspective. And indeed, I've been told that Microsoft has implemented policies in Intune in a way that is simpler, with fewer convoluted conflicts, than is the case with Group Policy in AD.

But there's little doubt that software distribution is a need. And while Microsoft does offer sophisticated software distribution functionality through its on-premises System Center servers, Intune should ideally duplicate that functionality as it matures. And sure enough, software distribution is the headline new feature in version 2.0.

That it's happening so quickly—the final version of Intune 2 will ship by the end of calendar year 2011, I'm told—is a testament to how fast Microsoft is moving its best products to the cloud. And because Windows Intune 2 is available in public beta form to anyone that wishes to experiment, you're going to want to dive in, as soon as possible, with one caveat.

See, here's the thing. While you can get the Intune 2 beta today and manage up to 10 computers for free, Microsoft won't be offering a seamless beta-to-RTM migration. However, it will be offering a seamless v1-to-v2 migration. In fact, Microsoft Director Alex Heaton told me that everyone using Windows Intune will be automatically upgraded to the new version with no intervention, automatically. And this is possible because v2 is a true superset of the first version, with no major new end user changes. (The Intune agent that's installed on managed PCs will be updated for v2, but that will also happen automatically.)

So my advice is to test Windows Intune, on the side, using a handful of PCs, so you can see how the v2 software distribution tools work. And then you can move to Intune at any time, either before v2 ships or after. If you're interested in really diving into cloud services, I recommend checking out the Intune 2/Office 365 integration as well: Thanks to the new software distribution capabilities in Intune, you can use this service to deploy the Office 365 Configuration tool and Office 2010 desktop suite in those environments that will use both services.

Windows Intune 2 has a few other new features. Admins will be able to trigger remote tasks like scans, PC restarts, and malware definition updates, from the web-based console. And in a move toward a more granular administration model, Intune 2 adds a new admin type, called read-only admin: These users can run reports and perform other non-destructive tasks, but not deploy software and so on. The software licensing component is open to third-party applications now, not just Microsoft apps. And there are some nice fit and finish changes across the board as well.

There were a few other Windows-related headlines at WPC. Microsoft announced that it has now sold over 400 million licenses to Windows 7, continuing the OS's stance as the fastest-selling version of Windows ever created. But here's another way to look at that statistic: In just 20 months, there are now over eight times as many people using Windows 7 as there are consumers using every version of Mac OS X combined.

Microsoft is also updating its Microsoft Desktop Optimization Pack (MDOP) suite with a new update called MDOP 2011 R2 that will ship in August. MDOP is available as a Software Assurance (SA) perk, as you know, but Intune customers can also add this suite to their subscription for an additional $1 per PC. MDOP 2011 R2 will include updates to three of the tools in the suite. Microsoft BitLocker Administration & Monitoring (MBAM) will gain BitLocker administration and monitoring capabilities. Microsoft Diagnostics and Recovery Toolset (DaRT) gains remote boot, eliminating the need to "sneakernet" a boot disc around your environment. And Asset Inventory Service (AIS) gains enhanced reporting capabilities that puts it on par with the reporting functionality in Intune 1.0. 

Related Reading:
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.