What's new in the windows intune dec 2012 release
-
Upload
atidan -
Category
Technology
-
view
391 -
download
2
Transcript of What's new in the windows intune dec 2012 release
1
New Features: What’s new in Windows Intune?
Contents Release Overview .......................................................................................................................................... 2
Unified Enterprise Management Solution ................................................................................................ 2
User-based Licensing .................................................................................................................................... 5
Extending Client Support .............................................................................................................................. 5
Understanding Mobile Device Management ................................................................................................ 6
Customizing the Company Portal Application .............................................................................................. 8
Distributing Windows 8 and Windows Phone 8 Applications ...................................................................... 8
Dynamic Group Configuration Wizard Updates ........................................................................................... 9
Updating Endpoint Protection Policy .......................................................................................................... 10
Summary ..................................................................................................................................................... 11
Resources: ................................................................................................................................................... 12
2
Release Overview This release of Windows Intune establishes the service as the premier way to manage personal
computers and mobile devices for both small and medium businesses and large enterprises.
Unified Enterprise Management Solution With this update, you can now manage mobile devices either directly from the cloud-based Windows
Intune management solution or with Microsoft System Center 2012 Configuration Manager with SP1 by
using a new Windows Intune connector. Figures 1 and 2 provide an overview of how these two
configurations can help manage devices either directly through the cloud or through Configuration
Manager on-premise:
FIGURE 1: WINDOWS INTUNE CLOUD CONFIGURATION
Figure 1 shows the classic cloud-based configuration; existing users of Windows Intune will be familiar
with this approach. With this arrangement, IT administrators use the Windows Intune web-based
Administrator console to access the management features on the client computers and mobile devices.
Figure 2 shows the new unified on-premises configuration, in which the administrator can use the
Configuration Manager 2012 SP1 management console to access the management features for the
supported clients.
3
FIGURE 2: WINDOWS INTUNE INTEGRATED ON-PREMISES CONFIGURATION
By using the Configuration Manager console, administrators can manage operations on a day-to-day
basis. Its single pane of glass helps to manage not only servers, desktops, and laptops, but also mobile
devices. Figure 3 shows management of all supported device types from a single console.
FIGURE 3: CONFIGURATION MANAGER CONSOLE
4
This configuration can help administrators manage all the organization’s devices through a single
console and get added insight into the ways employees use their mobile devices to access company
data.
The Configuration Manager infrastructure enables support for very large installations. This release
supports installations of up to approximately 100,000 users, computers, and mobile devices in a single
management infrastructure.
The following table summarizes the enhancements that this release of Windows Intune provides,
enhancements listed in italics are only applicable in the Windows Intune unified configuration:
Windows Intune core
updates Unified management experience with integration of on-premises Microsoft
System Center 2012 Configuration Manager with SP1
Support for up to approximately 100,000 computers through the System
Center 2012 Configuration Manager connector
Support for Windows 8 Professional and Enterprise edition clients
Installation of Windows 8 applications through a self-service portal
Direct linking of Windows Store applications to the self-service portal
Enhanced dynamic group creation wizard
Extended security policy settings
People-centric updates Support for up to five devices per managed user
Support for up to approximately 100,000 users via the System Center
Configuration Manager 2012 connector
New Company portal customization options
Mobile device
management updates Windows RT and Windows Phone 8 device management
Corporate self-service portal applications for both Windows RT and
Windows Phone 8 application installations
Extended iOS settings management support without the need for
Exchange ActiveSync
Support for up to approximately 100,000 mobile devices via the System
Center Configuration Manager 2012 connector
Configuration of Windows RT VPN through System Center 2012
Configuration Manager SP1 console
This guide is intended to provide you with information about the new features and updates that are
specific to the December 2012 Windows Intune release. If you are not familiar with Windows Intune, we
recommend that you check the Windows Intune web site at www.windowsintune.com for the full range
of features that Windows Intune provides.
5
User-based Licensing This release of Windows Intune updates adds new licensing options to help organizations with managed
users who employ multiple devices, rather than focusing on one device at a time. Each new license is for
a managed user and that single licensed user can have up to five managed devices*. This new approach
can provide more flexibility to organizations that plan to implement a “bring your own device” strategy.
Microsoft has introduced these new licensing options to help integrate Windows Intune into hybrid
management solutions that include both cloud-based and on-premise System Center-based
management systems. This unified hybrid device management license can help simplify the process of
licensing mobile and personal computer devices, because it licenses the user rather than the device.
The following list outlines these new licensing options:
1. Windows Intune. The new default option for most organizations, basic licensing now provides
access to the Windows Intune service for a user with up to five devices. It also includes use
rights to System Center Configuration Manager so that you can integrate the Windows Intune
service with an on-premises solution
2. Windows Intune with Windows Software Assurance. This option provides access to the
Windows Intune service for up to five devices per user and also includes a Windows Software
Assurance (SA) license for one of those devices. As a result, it’s a good option for organizations
that need to upgrade PCs to Windows 8 Enterprise.
3. Windows Intune Add-on for System Center Configuration Manager. Available to organizations
with an existing System Center volume licensing agreement. It extends the System Center
management capabilities through the Windows Intune cloud service to help you manage both
existing Configuration Manager managed devices and new mobile devices using the
Configuration Manager management console.
*Note: All Licenses are per user, but the Windows SA is for one primary device per user.
Extending Client Support Windows Intune can now help you manage the entire family of Windows 8 devices, including:
1. Windows 8 Professional (x86 and x64 architectures).
2. Microsoft Surface Pro.
3. Microsoft Surface.
4. Windows RT devices.
5. Windows Phone 8 devices.
Windows Intune classifies Microsoft Surface, Windows RT, and Windows Phone 8 devices as mobile
devices (see below for details). Windows 8 and Microsoft Surface Pro devices are classified as fully
managed PC devices, on which Windows Intune management and Endpoint Protection agents are
installed. With the addition of these new clients, and the new capabilities of System Center
Configuration Manager SP1, the management capabilities of the unified solution provides one of the
6
most comprehensive range of clients supported in the industry. As a result, you’ll be better equipped to
manage the needs of a Bring Your Own Device (BYOD) infrastructure.
Understanding Mobile Device Management In this release of Windows Intune a new direct management capability provides the Mobile Device
Management (MDM) features to Windows RT, Windows Phone 8, and iOS devices. Modern devices no
longer require an Exchange ActiveSync (EAS) connection in place to support the MDM solution. Instead,
end users can enroll devices to the Windows Intune service and the built-in management services of
these mobile devices directly provide the capabilities to manage the device. There is no need to
compromise security on the device or install unsupported third-party agents.
Windows RT and Windows Phone 8 devices include a Company Apps setting that the user can employ to
initiate the device enrollment process. Figure 4 shows this option listed in the Windows RT Company
Apps enrollment screen.
This enrollment process identifies the device to the Windows Intune management service and
establishes a trusted communication channel by using a security certificate on the device. After this
enrollment has occurred, Windows Intune can manage the device and the user can install the Company
portal app that provides the user with a view of the available corporate applications.
FIGURE 4: WINDOWS RT COMPANY APPS SETTING
Note: If a user tries to install the Company portal app before they have enrolled the device they will be
notified that they need to enroll the device before they can complete the Company portal installation.
7
After the user has enrolled the device, Windows Intune applies the organization’s mobile device policies
and reports detailed inventory information back to the management service.
While direct management is the recommended management solution, both Windows Intune
configurations still fully supports EAS-based settings. If your organization wishes to keep EAS for
Exchange connected devices, the recommended approach is to apply EAS settings through Configuration
Manager to manage all mobile devices in the same management console. In the cloud configuration you
can manage EAS-connected devices by using the Windows Intune Exchange connector. This option is the
recommended method for older smartphone platforms such as Windows Phone 7 and Android-based
devices. It can also be useful to help discover devices that have not enrolled with the Windows Intune
service directly.
The following table lists the supported operating systems for each of these device types*:
Mobile Device Operating System MDM Method
Microsoft Surface Windows RT Direct
Windows RT Windows RT Direct Windows Phone 8 8.0 Direct
Windows Phone 7 7.0 or later EAS
iPad and iPad2, iPhones, iPod Touch iOS 4.0 or later Direct
Android-based phones and mobile devices Android 2.1 or later EAS
* The full list of supported features depends on the capabilities of the mobile device.
If your organization has standardized on EAS for configuring your current mobiles devices, you can
continue to do so with for newer devices through EAS. In this case, Windows Intune integrates both with
EAS and direct management so that you can use whatever solution best meets your organization’s
needs.
*Note: Microsoft Surface devices are classed as Mobile devices and Microsoft Surface Pro devices are fully managed PC devices.
8
Customizing the Company Portal Application In the previous release of Windows Intune, administrators accessed company applications, device
management and IT support features through an online Web portal. In this new release, Windows 8 can
access these features through a new self-service Portal (SSP) Windows 8 application. Figure 5 shows
how this portal looks to a user connected to the service from within Windows 8.
FIGURE 5: WINDOWS INTUNE WINDOWS 8 COMPANY APP
The SSP application provides a feature-rich, touch-optimized user experience that can speed access to IT
published applications, provides direct links to IT approved Windows Store applications, and can also
include links to web-based applications that users can access through the device’s web browser.
The final feature area of the Company Portal application focuses on providing users with customizable
information to help them contact IT support in the event that they need assistance from the company
helpdesk.
Distributing Windows 8 and Windows Phone 8 Applications Microsoft has extended the software distribution feature of Windows Intune to support both Windows
8 and Windows Phone 8 applications. As a result, you can now use the same wizard to publish your line-
9
of-business applications to Windows 8 computers, Windows RT devices, and Windows Phone 8 devices.
Figure 6 shows the updated Add Software wizard and the supported software options.
FIGURE 6: ADD SOFTWARE WIZARD
Microsoft has extended the software distribution feature of Windows Intune to support both Windows
8 and Windows Phone 8 applications. As a result, you can now use the same wizard to publish your line-
of-business applications to Windows 8 computers, Windows RT devices, and Windows Phone 8 devices.
Dynamic Group Configuration Wizard Updates The new release of Windows Intune also helps to simplify some of the Administration console tasks,
based on feedback Microsoft received from customers. An administrator can create dynamic groups for
users based on security group membership or on values in Active Directory properties, such as people
managed by the same person. To make this process easier, the Groups wizard has been streamlined to
enables you to include and exclude objects in the same view. Figure 7 shows how this new arrangement
works.
10
FIGURE 7 NEW GROUP CREATION WIZARD
In the Criteria Membership screen in Figure 7, if the Start group membership with field has the value
Empty group, then you can browse for members of security groups or members that have the same
managers. If you select All Users in the Parent group option, this new group inherits members from the
parent group and you can then use the Exclude members’ options to adjust membership based on
security groups or managers.
Updating Endpoint Protection Policy Finally, we have extended the control an administrator has over the Windows Intune Endpoint
Protection agent installation process. In this release, administrators can get more control over how the
Windows Intune Endpoint Protection agents and user interface behave. Figure 8 shows these new
Endpoint protection policy controls.
11
FIGURE 8 NEW ENDPOINT PROTECTION POLICY CONTROLS
With these new controls, administrators can disable the Windows Intune Endpoint Protection user
interface all together, so that the computer is protected but the agent does not allow the user to
interact with the application. In this situation the administrator manages all the Endpoint Protection
configuration settings through the Windows Intune Agent Settings policy settings.
Summary With this release, Windows Intune significantly extends the reach of its management solution and
enhances existing features through the following changes:
Unified management with Microsoft System Center 2012 Configuration Manager with SP1
More flexible user licensing options
Windows 8 support
Windows RT and Windows Phone 8 device management
Enhanced iOS direct device management
Support for Windows 8 applications publishing
Improved Dynamic Group creation wizard
Enhanced Endpoint protection policy
Many other improvements have been made to enhance the overall speed, scalability, and performance
of the service. As a result, you’ll get a flexible and integrated management environment for all your
devices.
To sign up for a trial of this release of Windows Intune, sign up at the Windows Intune website at:
http://www.microsoft.com/en-us/windows/windowsintune/try-and-buy.aspx
12
Finally, if you are interested in some of the other features included in System Center 2012 Configuration
Manager with SP1 see What’s New in Configuration Manager SP1 on TechNet library at:
http://technet.microsoft.com/en-us/library/jj591552.aspx
Resources: Windows Intune website: http://www.windowsintune.com
Windows Intune Online Help: http://onlinehelp.microsoft.com/en-us/windowsintune.latest
Windows Intune TechNet: http://technet.microsoft.com/windows/intune
Windows Intune Team Blog: http://blogs.technet.com/b/windowsintune/
Some information relates to pre-released product and services which may be substantially modified before it’s commercially
released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Some products and
services are not available in all languages or in all countries or regions and may be taken from the English version of prerelease
software. Some features and functionality may require use of the Windows Intune service and System Center 2012 Configuration
Manager SP1.
© 2012 Microsoft Corporation