Launch Event – Learn From The Best; Not From The Rest

There are only hours now between now and the start of TechCamp 2013 in City West in Dublin, where Irish MVPs (and a couple of Microsoft folks) will be presenting on:

  • Windows Server 2012 R2
  • Service automation using System Center 2012 R2
  • Hybrid cloud using Hyper-V Network Virtualization, NVGRE, SCVMM 2012 R2 and Windows Azure Pack
  • Service level management using System Center 2012 R2
  • Windows 8.1 in the business
  • New Windows devices
  • BYOD, consumerisation of IT, and mobile device management
  • Enterprise desktop management using System Center 2012 R2

You could wait for a sales person come to town and tell you stuff that they’ve read about.

Or, you could make a little effort to come to TechCamp 2013 where some of the worlds leading experts independent experts (all with international followings and tech book credits to their names) on these technologies (who are Irish BTW) will be there to present an honest appraisal of this technology that they have worked with every day since the 2012 R2/8.1 previews were launched.

Windows Intune “Wave F”

The new version of Windows Intune is not actually called “Wave E”.  I found a presentation by Microsoft Norway that calls the latest release “Blue/Wave F”

image

Some of the slides hint that Intune is doing single sign-on for BYOD.  That’s not strictly true; that functionality is accomplished via new functionality in WS2012 R2:

  • ADFS + PKI
  • Workplace Join via Device registration service
  • Web Application Proxy
  • Work Folders synchronization and selective wipe

Intune can make use of single sign-on for the end user/admin experience to secure, apply policies, audit, remote control, offer support, and deliver apps to Android, Windows (real, RT, and Phone), and iOS.

Intune has pretty much evolved into Microsoft’s mobile device management (MDM) solution, also equally capable of managing the traditional on-premise PC.  Intune gives you a manage-it-anywhere platform that can control devices directly or through System Center Configuration Manager (like an extension of SCCM into the cloud for integrated MDM).  It’s either your BYOD management system and/or your remote device management system, partnering with the advancements in WS2012 R2. 

You can find out more about the new functionality in Windows Intune in this post.

Technorati Tags: ,,

First Impressions – Windows 8.1 RTM

I rebuilt the PC at work yesterday, replacing Windows 8 with Windows 8.1.  I prefer rebuilds instead of upgrades just because you get a cleaner build.  I took an indirect route because it allowed me to experience something I had never done before (that I can remember):

  1. Installed Windows 8.1 (aka “Home)
  2. Installed Office 2013 Pro Plus via the Office 365 Click-To-Run mechanism
  3. Entered the Windows 8.1 Pro product key (reboot)
  4. Joined the machine to the domain
  5. Finished installing and configuring
  6. Downloaded and installed the Windows Intune agent

Office Click-To-Run is a nice way to deploy office in a small business.  It’s quick and managed by Office 365, bringing me updates when they eventually are released – assuming that I don’t have LOB apps with specific compatibility issues.

Wave D Windows Intune (the current release) doesn’t strictly support Windows 8.1 yet.  My OS actually shows up as Windows 6.3, which looks funny when it’s side-by-side with Windows 8.

All the usual programs and apps were installed.  I decided to switch from Chrome to Firefox – I gave up on IE10 a while back and IE11 hasn’t improved enough for me.  Firefox with plugins for Lastpass and Google Translate runs nice and quickly.

I have dual monitors so it was nice to have Metro apps running on both screen.  In fact, I had 4 apps open, with flexible screen space sharing (resizing/snapping).  Skydrive automatically connected to my account.  My wallpaper and lock screen appeared.  I configured the PC to log into the desktop and to use my wallpaper as the Start Screen background.  These two things, in addition to the Start button are technically minor, but might prove psychologically significant enough to get those who are disaffected by Windows 8 to re-consider Windows 8.1.

Other than that – – it’s been all smooth.

Technorati Tags:

Windows Server 2012 R2 Has RTMd

Brad Anderson has announced that Windows Server 2012 R2 has been released to manufacturing.  He also stated:

Also of note: The next update to Windows Intune will be available at the time of GA, and we are also on track to deliver System Center 2012 R2.

The release of Windows Server 2012 R2 is set to happen on October 18th.

I’ve documented quite a few of the features related to Hyper-V in this new release.  There are some things I’ve not had time to add yet:

  • SMB 3.0/SOFS/Storage Spaces
  • Clustering
  • And a few other things where I’m unsure about the NDA

There is quite a bit of change in this release and plenty for you to digest.

Windows Server 2012 R2, System Center 2012 R2, Windows 8.1, and Windows Intune Release Dates

I was on vacation for a few days, but as was predicted by some in the media, the release date of WS2012R2, SysCtr2012R2, Win8.1, and Intune “Wave E” was announced during the week in two announcements, one for the desktop and one for the server & cloud products.

Windows 8.1 will be available online through the Windows Store to Windows 8 customers starting at 00:00 New Zealand time on October 18th – I think that is midday UK/Irish time on October 17th.  October 18th is the GA date, so that’s when you should be able to walk into stores and buy devices with Windows 8.1 already on them.  Ideally those will be designed-for-Windows 8.1 devices.  However, the Windows 8 release was underwhelming in retail stores around the world so I’m not holding my breath this time around – screw the political correctness, the manufacturers (including Microsoft Surface) did a shite job for the release of Windows 8.  The new devices listed in the Windows 8 announcement are already on the market (some less-so than others).

There is no news of TechNet & MSDN release dates for Windows 8.1 but I suspect Windows 8.1 will be made available universally on Oct 18th.  That’s because that is also the release plan for WS & SC 2012 R2 and Windows Intune “Wave E”.  Everything is happening all at once on Oct 18th.

Note that new VL purchases will be possible on November 1st when the price list is updated.

Managing Apple iOS Devices From Windows Intune

This was the most exciting thing I saw at MMS 2012.  I knew what System Center was capable of, but I wasn’t expecting to see iPhones and iPads (as well as Android, etc) being managed by Microsoft from the cloud, using the same solution for managing PCs.

This week I’ve been setting up a demo environment in Windows Intune “Wave D” (thanks to my colleagues at work for the help in setting up the “partner”).  It’s one thing to manage PCs, but you really score points with customers when you can show a Microsoft product managing the rivals.  I use Ubuntu as my guest OS when showing of Hyper-V.  I want to show of an iPad Mini being managed by Windows Intune Smile

The process is “documented” on TechNet, with links from the Windows Intune console.  I use “documented” very loosely.  The information incomplete in my opinion.  So here are my notes:

A step I missed in this documentation is choosing your mobile device management solution.  I chose the Windows Intune option, instead of using System Center with Windows Intune, which was under Tasks in Administration > Mobile Device Management.

The Push Notification Certificate

The first requirement for managing iOS devices is that you have an Apple ID for your company.  There is no cost to this.  This contrasts with the €75/year cost of signing up for a Windows Phone developer account for managing Windows Phone 8.

Now open the Windows Intune admin console and browse to Administration > Mobile Device Management > iOS > Upload an APNs Certificate.  Confusion point: there is more to this than a simple upload.  Here’s how.  Click Download The APNs Certificate Request.  This downloads a .CSR file certificate request.

Now you browse to the Apple Push Certificates Portal.  Here is where you upload the .CSR file that you just downloaded from Windows Intune.  If like me, you’re using IE, you will likely be prompted about a .JSON file.  Ignore that.  Refresh the page (I muddled about here trying to figure out the JSON thing) and you should end up with something like the below:

image

Click Download to get a file called MDM_ Microsoft Corporation_Certificate.PEM; this is the certificate that you will be uploading to Windows Intune.  It will uniquely identify your organisation to managed iOS devices (or something like that). 

Return  to Windows Intune where you downloaded the .CER file, and click Upload The APNs Certificate. Browse in the dialog and select the .PEM file you just got from Apple.  You also need to supply the Apple ID name that was used in the Apple Push Certificates Portal to create the PEM file.

image

That all sounds messy.  I agree.  But you only have to do it once in your portal … every year.  Check the previous Apple screenshot and look at the expiry date for the APN certificate.  It only lasts for 1 year.  Set a recurring reminder in your (and your colleagues) calendar to repeat this process in advance of the expiration (you don’t want to be digging up email addresses and passwords).  And document what accounts/passwords are being used.  Please use a strong passphrase for your Apple ID.

Create User Accounts

You create user accounts in the Windows Intune Accounts site.  You can set up AD synchronisation instead of manually creating your users.  A warning: management of the devices will not work unless you add the users to the Windows Intune user group in the Accounts site.  Open the user, click Group, and check the Windows Intune box:

image

Enroll the Device

This is a crude mechanism.  You need to supply the IOS device user (probably via email) with the following information:

At this point there’s a whole bunch of crap that happens from the Apple side.  You have to OK lots of things to enable the device to volunteer to be managed: Install, Install, Install Now, Install, and then Done.  A Company Portal “app” (it’s actually a web shortcut that opens the mobile site in Safari) is installed on the iOS device.  Now the user can open the Company Portal, log in using their Intune account, and install company supplied apps.  Here’s a screenshot of a user browsing a serious business app on an iPad Mini in the Windows Intune catalog.

image

You can add apps from the Apple App Store (just links which open the App Store and allow the user to install apps as always) or you can develop in-house apps and side-load them directly from Windows Intune, bypassing the app store completely.  Good news: you use the exact same tool for managing apps on all types of devices, including PCs.  And it’s pretty simple to use too.

The Management Profile

Part of the configuration on the device is setting up the Management Profile.  You can find this under Settings > General > Profile – Management Profile.

image

You can expand More Details to see more information (might be useful for troubleshooting certificates).  You can remove management of the device by Intune (“returning” the device to the user) by clicking Remove.  It takes a few seconds to remove the profile.  Management Profile should disappear from Profile after this and Windows Intune is now nothing to do with the machine again.

Device Not Appearing In the Console

The “documentation” says:

To enable iOS devices to receive notifications using a wireless connection, make sure that port 5223 is open.

There is no mention if this is an inbound or outbound port requirement, or if it is TCP (probably) and/or UDP.  You could also read it as a firewall requirement on the actual iOS device itself (which it isn’t).  I had the devices on the lab at work and, while I could pull down apps from and browse the Company Portal, the devices refused to appear in the console.

Want to check if it’s working OK?  Log into the Company Portal on the device in question, and browse to Support.  If the name of the device appears there then comms seem to be OK and the device is registered … at least in my experience – I have no idea if that’s a valid indicator but it works for me … so far.

image

On the Wi-Fi in the company lab, the devices refused to register.  I put them onto 3G and they registered pretty quickly, and you can see lots of information for each device.

Reinstalling The Management Profile

I decided to remote the management profile and try to re-add the iOS device to Windows Intune.  I could not get the device to re-register to Windows Intune using the above process.  I believe the correct procedure is to log into the Company Portal, hit Support, click Change, and click Add Another Device.  This has worked for me a couple of times.

Policy

You can create Mobile Device Security Policy objects in the admin console.  There are some generic and some iOS specific settings:

image

image

image

Summary

The certificate stuff is a bit fiddly but you’ll only have to do that once per company, per year.  I can’t be sure, but I guess that is an Apple restriction on the validity of the APN certificate.  After that, it’s a pretty simple process.

Enrolment of these consumer style devices will always (with any product) be user driven.  You can’t push management onto a consumer (or BYOD) device.  If necessary, you could do the sneaker-net thing.  I can envision helpdesks doing a lot of that for BYOD management.

Some of the Apple folks in the office were very impressed with this solution.  Centralised management of mobile (particularly iOS) is a hot topic right now.  Windows Intune does a nice job.  Does it have all the bells and whistles of a Zenprise?  No, but Intune has a nice price at around €4.89/user/month (with 5 devices/user).  Throw in Software Assurance (€8.98/user/month) and those Windows PCs can be upgraded to the rights of SA, including Windows 8 Enterprise.

Thumbs up!

Technorati Tags: ,,

What’s New In Windows Intune

A short post: Microsoft has summarised the changes to Widnows Intune here. Remember, the cost of licensing has come way down, Software Assurance is now an option, and it is per user (with 5 devices per user) rather than per device now.  That’s removed the biggest blocker to Windows Intune adoption.  EAS (and onsite Exchange) is not required to manage Windows or iOS devices (still appears to be the case for Android). Windows 8/RT are now supported with a Windows App available in the Store. Windows Intune can be managed from the System Center 2012 SP1 ConfigMgr console.

New customers will get immediate access to new functionality. Existing users will have to wait for MSFT to upgrade their accounts.

Technorati Tags: ,,

Changes Coming To Windows Intune (And The Market)

Windows Intune is Microsoft’s client device management system that is run from the cloud. That means that you don’t install a management server; you log into a portal, install agents on a client device, and manage those devices from that portal. 

The Competition

Intune competes against products such as Kaseya and Level Platforms. Intune was very late to the market versus these products. And admittedly, these products have huge market penetration and more functionality. They recognised that their target market was the small/medium enterprise (SME). A savvy product manager understands that most SMEs don’t normally have an IT department; anything beyond a password reset is usually (not always) done by a service provider (selling managed IT services). Kaseya and Level Platforms figured that out, and they sell a partner driven product, allowing white labelling, partner invoicing, centralised management, etc.

In Ireland, I’d guess that a big majority of service providers are using one of these two products to manage PCs and servers on their client sites.

Windows Intune – The Past

Windows Intune was released about 2 years ago (exact date isn’t important). As a nerd, I was interested. I saw the potential for partners to use it, and I saw the potential for large businesses to use Intune for mobile workers and small branch offices (retail POS devices).

Microsoft partners evaluated Intune. Unfortunately they found it lacking:

  • Less functionality than Kaseya or Level Platforms
  • No server management functionality – SMEs have servers too! 

But the real kicker, as I covered back in March 2011, was the price (I got some heat for that blog post from a certain devices and services company):

  • Microsoft really screwed the pooch by overpricing non-USA markets for the same cloud-based service. Eurozone markets were charged 40% more than USA customers at that time. That was moronic.
  • Bundling Software Assurance in the deal drove the price up to $11 per device. Meanwhile, the competition was around half the price.

Imagine trying to promote or sell a product that is twice the price of the competition, and has less functionality than that same competition, and the competition already has huge market penetration. And that’s why Windows Intune barely made any sales at all … anywhere on the planet.

The Shifting Sands

While Intune, Kaseya, Level Platforms are aimed at everywhere from the SME to Fortune 500, their core market is the SME. In Ireland, most of our companies are SMEs. Sure. we’re a small country of 4 million people, but it’s the same in Germany, the UK, France, Australia, Canada, and the USA. There are only so many CitiGroups, Koch Brothers, etc.

In Ireland:

  • 20% of servers are sold to companies with fewer than 100 employees
  • 75% of <25 user businesses (and there’s lots of them) don’t own a server – their primary IT cares are networking, file/print, and email
  • 55%-60% of SBS servers are estimated to be of the 2003 generation

Fact: there is no more SBS. Microsoft isn’t making a Windows Server that is a DC, Exchange server, file/print, and Sharepoint server for that market any more. The solution for that market is “the new Office”, i.e. subscriptions of Offce365 with Office 2013 included in the package (Office Web Apps, Click-to-Run, or temporary run anywhere). If you want, you can sell a Microserver to that 75% of <25 user companies with Windows Server 2012 Essentials to give them:

  • A domain controller with Group Policy
  • Cheap bulk storage in the office
  • Integration with Office365

Microsoft partners have been hearing the story about Office in the cloud since BPOS back in 2008 (or thereabouts – not that important). The majority of partners had no interest: Microsoft was direct invoicing the customer and that stole the customer relationship from the partner. Office365 just did not have market penetration with the market that mattered: the Microsoft partner. They’re the guys that advise, design, and implement IT for the SME. Microsoft screwed the pooch again (that’s one sore pooch!).

Microsoft got the same feedback the world over:

  • Change Office365 licensing so partners can resell it and they’ll be interested
  • Halve the price of Windows Intune (remove the SA obligation) and you might have a fighting chance

As of February 2013, partners will be able to resell Office 365 (with Office 2013 included) via the Open program to customers. That is a huge deal. The subscription price will also include leased Office 2013 that is installed and managed from the cloud; that means the customer gets more bang from their buck:

  • Office 2013: regularly updated from the cloud
  • Email
  • Collaboration via SharePoint (and a new app store)
  • Lync for presence, meetings, and online events
  • Plus whatever MSFT decides to add to the package

That means the role of the server in the smaller SME fades, maybe even disappears. Note: some SMEs will always need local storage, Group Policy, and/or LOB apps that can’t be cloud based, but this is not a back versus white world; it’s all shades of grey.  Maybe the server management functionality of Kaseya and Level Platforms isn’t as necessary any more!

The New Windows Intune

The current version of Windows Intune (sometimes called v3) added the ability to manage mobile devices running Android and iOS (iPhones and iPads). That includes policies and software distribution:

  • The ability to link to apps in the platform’s app store, which is included in all mobile device management products
  • App sideloading, which allows you to install an app onto a device without using an app store or jailbreaking

The management stuff is good. The app store stuff is very good for larger enterprises that could afford to get custom apps developed for mobile devices, but that just a flashy unrealistic demo for the SME.

v4 of Windows Intune is on the way, as Mary Jo Foley reported yesterday. It will be continuing support for mobile devices (including Windows Phone), and adding Windows 8/RT support too. But here’s the big news: Windows Intune pricing is changing (and in a good way).  There will be two SKUs:

image

Some notes:

  • Microsoft did not screw the pooch (that lucky puppy!) on the non-USA pricing, e.g. they recognized that $6 is not €6!
  • You can purchase Windows Intune without SA (no Windows 7/8 Enterprise) and still get your free managed Antivirus in the form of Endpoint Protection. The price is $6 or €4.89 per user.
  • You can choose to buy the SA SKU to lease Windows 8 Enterprise and it’s extra features
  • You can also choose to add on MDOP (not shown) if you subscribe to the SA option

€4.89 ($6) per user per month for client device management with managed antivirus. But here’s the nice bit: The likes of Forrester says that the modern worker can have up to 5 smart devices. The per user licensing of Windows Intune covers 5 devices!  Let’s compare:

Let’s say you were a Windows Intune v2 user with a PC and laptop. Your cost was €11 per device per month. Your total price is €22. With the new pricing, you are charged €4.89 per user and you can have up to 5 devices, including PCs, laptops, tablets, and smartphones.  You just saved €17.11 per month.  Nice!

BTW, Windows Intune has always allowed partners to subscribe on behalf of customers. The idea here is that you sell a managed service and include the price of the management into your service charge.  You will be able to buy on behalf and cross charge for both Windows Intune and Office365 for your managed SME customers.

What the SME Will Look Like

For the SME, the Microsoft solution is cloud-centric and looks like this:

image

Everything is cloud connected. Cloud-based management is perfect for mobile devices (tablets on the move, smartphones not on the network, and roaming/home users). Traditional on-site management such as LanDesk or System Center Configuration Manager aren’t really that good for those mobile devices because those management solutions are designed for the WAN, not for the Internet.

Office 365 has the same benefit: the SME with less than 25 users doesn’t want a server with 12+ GB of RAM to run SBS. Sell them Office365 and give them the same basic tools and mobility that a Fortune 500 has. No matter where they go or work, they’ll always have access to their data and communication/collaboration tools.

The managed service provider wins too:

  • They resell the solutions to their customers, offering a superior experience. The clever providers do more than just deploy; they add value, finding a unique selling point (USP) that keeps the customer coming back to them. You’ll go out of business if you rely on installing Office for a living.
  • They can manage customer infrastructure remotely: RemoteAssist via Windows Intune gets you onto customer devices, Windows Intune can install software remotely, Office365 puts critical services in the cloud that can be managed from a web browser.

What the Medium/Large Company Will Look Like

Here we’re talking about the bigger company with more complexity:

image

So here we see a bit of “best of both worlds”. System Center is used to deploy and manage the internal infrastructure and services on Hyper-V/private cloud. PCs and laptops on the corporate WAN are managed by System Center too.

Windows Intune is used to manage:

  • Mobile devices not on the corporate WAN
  • BYOD (laptops, tablets, phones) machines that are brought into the office and might sit on some isolated wireless networks with firewalled access to applications in the corporate WAN.
  • Devices in small branch offices, that might otherwise be too complicated to manage in System Center

With SP1, System Center 2012 can integrate with Windows Intune to give IT a single console for device management.  That unification of infrastructure is one of the goals of System Center 2012, enabling easier administration (another goal).  In this design, System Center 2012 SP1 Configuration Manager will deploy software to, patch, and provide AV for the following on the corporate WAN:

  • Windows 8/RT, and older
  • Mac OS
  • Linux
  • Windows Servers too – never forget them!

Windows Intune will manage the following mobile devices from the cloud:

  • Windows 8/RT and older tablets, PCs, and laptops
  • Android phones and tablets
  • iOS iPhones and iPads

Office can reside in both the private cloud/internal infrastructure and in the cloud via Office365.

So there you go, Windows Intune will be:

  • Cheaper
  • Be the solution for BYOD, mobile devices, home workers, and small branch offices
  • Reflect the changing nature of large enterprises with mobility and BYOD
  • Reflect the changing nature of SMEs that are moving to the cloud
  • A much more interesting solution for managed service providers, such as Microsoft partners working in the SME space

Windows 8, Windows Server 2012, Configuration Manager, Endpoint Protection, and Windows Intune

I’ve got 4 blog posts for you to read.

As I was commuting yesterday, Mary Jo Foley blogged about a Microsoft announcement on how System Center Service Pack (SP) 1 – Configuration Manager (SCCM/ConfigMgr) and Windows Intune will be changing in the near future.  Some highlights:

  • System Center 2012 SP1 Beta is out
  • A new version of Windows Intune with WP8 and Windows 8 support is coming in early 2013
  • You will be able to integrate ConfigMgr with Windows Intune for unified device management, both company and BYOD – or use ConfigMgr and Intune separately
  • Windows Intune will switch to per-user licensing from per-device. The new per-user license covers 5 devices.  ConfigMgr client ML owners will also get a discount.
  • Windows Intune will (at last!!!) be sold without Windows 7/8 Enterprise; currently anyone with SA on the desktop OS gets a 50% discount because they already own Windows 7 Enterprise

A follow up blog entry was posted by Microsoft, discussing the support changes in ConfigMgr and Endpoint Protection for Windows 8 and Windows Server 2012:

ConfigMgr 2012 SP1 will support:

  • Windows 8 Pro/Enterprise and Windows Server Std/DC as clients
  • All site roles on WS2012 Std/DC

ConfigMgr 2007 SP1 will support Windows 8 Pro/Enterprise and WS2012 Standard/Datacenter as clients only.

System Center 2012 SP1 Endpoint Protection (SCEP) will protect:

  • Windows 8 Pro/Enterprise and Windows Server Std/DC as clients
  • WS2012 Std/DC

You can also protect those OSs with Forefront Endpoint Protection 2012 with Update Rollup 1.  Note that this 2010 version won’t support WS2012 as a management server.

Make sure you read the following to get more info and to fill in the gaps:

  • The original announcement
  • The news post by Mary Jo Foley
  • The supplemental support post by Microsoft

EDIT#1

Let’s not stop there.  You might want to learn about the cross-platform support that’s being added to ConfigMgr 2012 SP1

  • Mac OS will be added as a supported client: h/w discovery, software inventory, policy settings management, and software/patch distribution
  • Linux and UNIX will also be added: h/w discovery, software inventory, policy settings management, and software/patch distribution

SCEP 2012 will also support Mac OS – please don’t say that there is no malware on Mac OS because you’re living in a dreamland under a very dark rock if you think that’s the case.  If did not realise this but:

Endpoint Protection 2012 Client for Linux is also available now.

June 2012 Version of Windows Intune Goes Live Today

The new version of Windows Intune is going live today.  Intune is the cloud based user device management solution that bundles:

  • Windows 7 Enterprise: featuring DirectAccess (VPN without VPN client), BranchCache (WAN optimisation), BitLocker (disk encryption), and BitLocker-To-Go (USB device encryption).
  • Endpoint Protection: The only way to manage Endpoint Protection without using System Center 2012 Configuration Manager.

I say “user device management” because Intune now supports:

  • The expected PCs, slates, and laptops running XP SP3 or later
  • Windows Phone 7
  • iPhone
  • iPad
  • Android

And as reported at MMS, this includes side-loading apps onto Android and IOS.

A unified experience across all devices through:

  • Automatic discovery of mobile devices that access Exchange Server
  • User-centric views for device inventory
  • A single console (the Windows Intune administrator console) to manage computers and mobile devices

The ability to help secure corporate data on mobile devices through:

  • Targeting Exchange ActiveSync polices to user groups. Policies include settings that let you set requirements for password length and encryption (if it is supported by the mobile device).
  • Setting device access rules by device family or model
  • Retiring and/or wiping lost, stolen, or otherwise compromised mobile devices.

The ability to make licensed internal line-of-business applications available for your users through:

  • Hosting and targeting licensed internal line-of-business applications to user groups
  • Self-service capabilities for your users, which enable them to download internal line-of-business applications to their mobile devices
  • Prerequisites for supporting mobile devices with Windows Intune are as follows:

An on-premises component to orchestrate communication between Exchange Server 2010

Service Pack 1 and later, and Windows Intune

A computer that has access to the Exchange environment. The computer must meet the

following requirements:

  • The computer must run Windows Server 2008 Service Pack 2 (64-bit) or Windows Server 2008 R2.
  • .NET Framework 4.0 and PowerShell 2.0 must be installed on the computer.
  • The computer must be joined to the Exchange Server domain.
  • The computer must have Internet access.

There is a new company portal:

image

Windows Intune now uses the same Azure-based AD services as Office 365.  This includes the ability, by the looks of it, to synchronise with your on-premise AD.  Now your internal users can appear in Intune. 

You can read this getting started guide to … well … get started.

Technorati Tags: ,