Earlier this week Microsoft announced a new program called Windows Intune:
The concept behind it is simple…Management via the cloud – including licensing. Now, that simple sentence means a lot more under the hood. Let’s take a look at what Intune is and what it has to offer.
One of the more difficult things SME (small / medium enterprise) customers have is getting the right software licensing. Intune helps address this by giving you a license to Windows 7 Enterprise and also includes in it the rights to Software Assurance. Right away you should be jumping up and down…Why? Because SA includes MDOP, a small set of tools that have more bang for their buck than you know. If you’ve not heard of MDOP before, check it out and if you’ve got SA, try and get your hands on it to learn more about it (you can also test the bits via MSDN and TechNet).
Ok, so we now know what the licensing is like, how does it work? As with more and more tools these days, Intune is a cloud based service. Simply navigate to a URL and you’ve got your management console in one location. The biggest benefits to this are Anywhere access and the lack of need for a complex back end infrastructure (you don’t need your own SQL server, you don’t need your own SCOM server, you don’t need your own…). So, you want to know what it looks like?
Simply login using your LiveID and away you go…More in to management with LiveID’s later…
It runs entirely on Silverlight so no need for ActiveX components of old (yay), which also means for those of you who prefer to use something other than Internet Explorer, yep, it works in Firefox (p.s. say hello to cookie monster there :
So, you now know about the licensing and the console, what is it that’s under the hood that Intune can do for you? First off, it does Inventory…For those of you familiar with MDOP you’ll recognise some of the screens to be similar to the AIS (Asset Inventory Service). It tells us the software title, publisher and a category as well as the count of computers it’s installed on:
Further, we can drill down on the software title and get more information on it if the software title offers it up to the agent/console.
Wow, Microsoft teams are starting to collaborate (joke). No, really though, for years we’ve had eOpen, we’ve had tool B and then we’ve had the different licensing agreements from here there and everywhere…Well now with Intune, there is a licensing module that will bring all of that mess tidily (is that a word?) under one roof. Simply import a .csv file with the agreement and license numbers or if you don’t have that, manually add them and watch your licenses appear magically in the same console that manages the software (woo hoo!!):
software update management
As noted above, one of the biggest challenges for smaller organisations is infrastructure. To get the functionality of what Intune offers, you’d need SQL, SCOM, SCCM, WSUS and a full time position (benefits, health care, pension, vacation pay, agro)…Intune takes care of that and software management is no exception. With Intune you can manage software updates with a simple click, no need for the infrastructure and even better yet, no need for the disk storage to hold all of the potential updates!
and again, as integration is key, simply click on any update to get further information about it:
You can also approve and decline updates on a one-by-one basis this way too (don’t worry you can globally manage multiple updates too).
So, all of the above is great (as an IT person) however what about the people in management who want pretty reports? Yep, Intune has those as well. Three basic categories:
- Update reports
- Software reports
- License reports
As they allude to, the first one tells which machines (based on your filtering criteria) meet or don’t meet specifications of a certain classification, status or grouping.
The software report does what it says on the tin – reports on the software you’ve got installed. Again, filter on the publisher, category or specific computer groups/departments.
And then the licensing reporting, the most critical to the number crunchers…Installation report and puchase report – again filtered against all agreements or selected agreements, depending on what is entered in to the licensing module (explained above).
Ok, so there is loads included above but what determines how this information gets to Intune and how exactly does it get there? Well, similar to GPO’s, Intune has policies that are controlled by it’s agent. Simply download the x86 or x64 client from the administration area and install it (from what I can tell it embeds your Intune information in to the .msi installer). No questions, simply double click the installer, reboot and let a few more updates trickle down and presto, you’re Intune. All traffic to and from Intune is encrypted over an HTTPS tunnel to keep it secure, and once an agent checks in, it can, like GPO’s be assigned policies, when to update, what to include and what software/patches to send to the machine.
Further one cool thing is the agent allows the user to request remote control from the administrator over this SSL connection. They simply open their Intune agent locally (on the desktop by default) and click on Microsoft Easy Assist:
This triggers an email to whomever is set up in the console (in their language even), with detailed information about the remote control request and includes a link to directly remote control the user:
So, to wrap it all up, Intune is the remote system admin toolkit without the need for local infrastructure and expertise. It gives you:
- Windows 7 Enterprise Licensing
- Software Assurance
- Patch Management
- Remote Control
- Monitoring & Alerting
- Malware Protection
- Licensing Control
…all in one simple location for one simple price.