News

Microsoft Releases Windows Intune 'Preview,' Outlines BYOD Vision

Microsoft kicked off the second day of the Microsoft Management Summit (MMS) on Wednesday by laying out its vision for connected devices and the "consumerization of IT."

Today's bring-your-own-device (BYOD) culture, in which employees bring their own devices into the workplace to access the corporate network, is shaking up traditional IT client management practices, noted Brad Anderson, corporate vice president of the Management and Security Division at Microsoft. The previous model was corporate-controlled: one device to manage one employee.

"In the near future, there's a dramatic change," Anderson said. "The bulk of these new devices are not going to be controlled by the corporation. They'll be controlled by the user."

Microsoft's view is that IT resources should be centered on the user, and that approach can be supported by IT by following three core principles: have an intelligent application infrastructure in place; have security, access controls and governance; and set policies. For example, Anderson said that Microsoft Corp. trusts its employees, who can use any device so long as they accept the company's encryption policy.

Windows Intune Beta 'Preview'
A few announcements were made during the talk that suggested how Microsoft proposes to help IT pros support the BYOD world. For instance, Microsoft announced a new test release (called a "preview") of the next Windows Intune, which is Microsoft's cloud-based solution for managing and securing PCs in a computing environment. The preview, which can be downloaded here (signup required), is just for testing and shouldn't be used in a production environment, according to Microsoft. Moreover, this test release currently lacks support for some of the BYOD management features to come.

It's not clear when the next Windows Intune service release will arrive, but this Microsoft document (PDF) describes the features. When released, this version of the service will support "automatic discover of mobile devices that access Exchange Server." IT pros will be able to "target Exchange ActiveSync policies to user groups" and set access rules by "device family or model." It will enable a single user experience for accessing "line-of-business applications," even for Apple iOS- and Android-based mobile devices. Users will be able to access approved apps through a self-service portal, even though the access may happen via different app stores. IT personnel or users will be able to erase (or "wipe") the data remotely from lost devices using the new Windows Intune service.

The kinds of devices that IT can manage with the next Windows Intune service release will include Apple iPhones and iPads, Android devices, as well Windows Phone 7-based devices. However these device management capabilities currently aren't supported in the currently available prerelease version of Windows Intune.

In general, Windows Intune won't support the upcoming Windows 8 operating system until that OS is commercially released, according to a Microsoft blog post. This week, Microsoft named the Windows 8 editions, including "Windows RT," which is the new name for Windows 8 on ARM-based devices. Oddly, Microsoft announced at that time that Windows RT-based devices will lack Active Directory support, which might be a major limitation for IT shops wanting to manage such mobile devices. Microsoft so far hasn't clarified this point, but it has indicated that x86/x64 hardware running Windows 8 will have Active Directory management capabilities.

The April release of Windows Intune will work with Active Directory in Windows Server as well as Windows Azure Active Directory. Any mobile device that supports Microsoft Exchange ActiveSync can be managed though Active Directory, according to Microsoft's blog.

Anderson explained that "even not-domain-joined devices can be trusted." Microsoft's management solutions can use Active Directory to confirm the device. The device becomes "domain trusted," he explained, adding that "through Azure and Azure Active Directory, you can authenticate via Windows Intune." Azure Active Directory will link up with Active Directory in a Windows environment.

Configuration Manager 2012
The keynote included some talk about Configuration Manager 2012, which is part of the released System Center 2012 suite of management tools.

One of the features highlighted in the mobile device management context during the keynote was the ability to use Configuration Manager 2012 to simulate the deployment of an application before actually deploying it across a system. Configuration Manager 2012 includes rules and detection methods to assure that an application will perform on a mobile device. Simulated deployment can send the application to real users on real devices and it will show how the apps are performing.

"Talk about a preflight," Anderson commented. "It runs against the actual production system. You get the feedback before you click 'go'."

Anderson commented in general during the talk that Microsoft plans to move Windows Intune and System Center Configuration Manager "closer together as we move forward." He didn't elaborate, though.

It will be possible to manage other mobile devices that use Microsoft's Windows Embedded technologies, such as digital signs and industry-specific types of devices, via Windows Embedded Device Manager 2012, which was announced this week. The new management solution will be available in "the first quarter of 2013" and will enable device management via System Center 2012 Configuration Manager.

Virtual Desktop Infrastructure
Anderson said that virtual desktop infrastructure (VDI) technology will play a greater roll in organizations as users bring their own devices. He claimed that Microsoft is working to support Android and iOS devices, as well as Windows ones.

"We are doing deep integration with Windows, iOS and Android," he declared, without elaborating on the point. His comment was made in the context of the VDI comment, but he later spoke of "deep integration" with respect to enabling a common user experience across the various app stores, whether for iOS, Android or Windows.

Microsoft recently announced a new VDI technology that lets users take their application settings to other devices. The new User Experience Virtualization (UE-V) beta for Windows 7 or Windows 8 will be a new addition to the Microsoft Desktop Optimization Pack, a suite of tools available with some Microsoft licensing options, such as Software Assurance.

Windows Server 2012, which is the new product name for the formerly code-named "Windows Server 8," will allow VDI to be set up quickly. A demo during the keynote showed that VDI can be set up in less than a minute.

Finally, Anderson concluded his talk by disclosing the venue for next year's Microsoft Management Summit, which is planned for New Orleans in June 2013.

Anderson's Wednesday, April 18 talk at Microsoft Management Summit 2012 can be heard on demand here.

Also from the Microsoft Management Summit:

Featured