Windows Intune: What’s New in Q3 2013

With a continued emphasis on delivering scenario based solutions focused on addressing the primary challenges we face on a daily basis as IT pros, the latest Windows Intune update — roughly aligned with the R2 updates of System Center 2012 and Windows Server 2012 — includes a number of new features and improvements, with many of them focused on closer integration with Windows Server 2012 R2 and System Center 2012 R2, which also have new features that integrate with Windows Intune.

Before we dive into what these are, I do want to highlight the fact that most of these additions and improvements are scenario based, which means that the true potential of the offering can only be realized when the supporting components are deployed and available.

Windows Intune Update: Windows Server 2012 R2

The first of the enablers is enhanced support for Windows Intune in Windows Server 2012 R2. Investments in areas like Active Directory have a very specific focus on enabling organisations to deliver the foundation infrastructure for “bring your own device” (BYOD) offerings. There are currently three major new capabilities offered in Server 2012 R2 OS that relate to Intune, including:

  1. ADFS extensions – These extensions enable users to register their devices including Windows Phone, Apple IOS devices, and Android (limited support in the current preview) using a simple web form, to request that the device be trusted to access organization resources. Once registered, ADFS will establish a new object in the hosting Active Directory for the device. This object can then be utilized in claims.
  2. Web Application Proxy – This new feature permits the publishing of resources (primarily web sites/services) utilizing a secure conditional access solution, with “Single Sign On” support to the internet.
  3. Work Folders – similar to the concepts of SkyDrive, this new feature enables clients to access specially shared folders securely over the internet.

Each of these technologies deserves and will receive a much greater in-depth coverage in future posts.

System Center 2012 R2

The second of the enablers are the updates to the Configuration Manager component in System Center 2012 R2. Investments in this product for the Intune scenarios are more of an incremental improvement approach. The first of these additions in this release is the added support for both deploying and managing Windows 8.1 and Windows Server 2012 R2 endpoints. Although, there is also a hidden cost, specifically if you are still deploying XP (which I really hope is not the case),then you should be aware that OS deployment for Windows XP has been depreciated. Additional enhancements are primarily focused to the deployment areas, for example, we now gain the ability to distribute links to web applications. However, in my opinion, one of the feature gaps in both Windows Group Policy and Configuration Manager has also being finally addressed with the ability to finally deploy VPN Profiles, AMEN! Extending on this profile investment, support is now also included to distribute both WiFi profiles and Certificates, both of which are priceless when it comes to managing clients in non-domain joined situations.

Windows Intune 2012: Q3 2013 Updates

There are many, many more investments in both products, but for the focus of Intune, those are the main investment points which are of immediate concern. All these combined investments fall under a single pillar of support in the R2 cycle, namely “People Centric IT!” What exactly does this mean? That’s actually quite simple really, the investment focus can be described in a single sentence “Enabling employees to choose the devices which they want to use for their jobs!”, Which finally leads us to the answer to our question “What’s new in Intune?”.  Microsoft had three objectives for this latest round on Intune updates, including:

  1. Empower Users – Allow users to utilize any device they so wish, to carry out their job, while IT provide a consistent access to our services from these devices.
  2. Unification. – Blurring the boundaries of the organisation, and fully integrating your existing on premise Configuration Manager Environment with Intune to manage mobile devices from the cloud.
  3. Enhanced Security. – Controlling access to organization data, but restricted based on the user, their device, and their location!

Intune R2 for BYOD

Simplifying these into real world actions quickly clarifies what we get in Intune R2, and also highlights the investments in Windows Server 2012 R2 and Configuration Manager 2012 R2:

  • Delivering a seamless interface for users to registered devices to access organization data, while enabling IT Pros to gain more granular control over these device settings, ensuring they become compliant with your policies
  • Offering a consistent experience for your users to discover your organizations services, and subscribe to the services which you offer, across all of their resisted devices.
  • Unified experience for publishing our applications and services to all devices, regardless of there form factor, location, and whether they be managed devices, or user registered.
  • Securing the data on these devices is simplified, simply revoking a registered device will remove access to applications, data and polices from the device.

We have a lot of material to cover, so look for more information in future blog posts.