News

Microsoft Describes 'Hybrid' Intune-SCCM Mobile App Management Vision

• By Kurt Mackie
• May 26, 2015

Microsoft last week shared more details about its mobile application management vision, in which its Intune and System Center Configuration Manager (SCCM) products will play key roles.

The company previously gave a high-level explanation of its plans. The idea is that Intune's mobile device management (MDM) capabilities are getting embedded inside Microsoft's Office 365 applications. Other software vendors also can tap APIs from an Intune software development kit (SDK) to add management capabilities to their apps. They can use the same app wrappers that Microsoft uses and access the same "containers" that are used by Office apps to add these Intune management capabilities.

Last week, Microsoft further explained how its newly released service packs for System Center 2012 and System Center 2012 R2 enable Intune's mobile application management capabilities in "hybrid" scenarios in which SCCM is combined with the Intune service.

Organizations can use SCCM as their main tool integrated with Intune in a hybrid configuration, with Intune providing the mobile application management support. Those capabilities come into play when so-called "managed apps" are deployed by an organization. A managed app, by definition, already has the Intune SDK built into them, according to Microsoft's descriptions.

Organizations with their own proprietary apps also can add Intune management capabilities by wrapping their apps using Microsoft's app wrapping tools. Currently, there's an existing tool for iOS apps. Last week, Microsoft announced a new Intune App Wrapping Tool for Android solution.

Hybrid Intune-SCCM solutions work by associating a managed app's "deployment type" with policies set up by IT pros. Here's how Microsoft describes it:

When using System Center Configuration Manager (ConfigMgr) integrated with Intune, you can associate the app management policy with the ConfigMgr application's deployment type (DT) that you want to restrict. When the application is deployed and the application's DT is installed on devices, the settings you specify will take effect.

At present, it's possible to add mobile application management capabilities to managed apps running on Android 4 and later operating system versions, as well as Apple iOS 7 and later versions.

The standalone Intune product already works with various iOS managed apps, including Office suite apps, OneDrive cloud storage, Work Folders and the "Intune Managed Browser," which is Microsoft's specialized browser that lets IT pros manage user actions. On the Android side, there's support for an Intune Managed Browser, Office apps for tablets, OneDrive, a PDF Viewer and AV Player application. Microsoft's list of managed apps can be found in this TechNet library article.

Microsoft has been clear that Intune is its main MDM tool going forward. Additionally, as a cloud service, Intune follows a monthly update cycle and gets its new feature updates faster than Microsoft's venerable SCCM product. Still, Microsoft is gradually adding Intune capabilities to the SCCM component of System Center 2012 and System Center 2012 R2. That's done by improving SCCM's "extensibility model," according to Mark Florida, a principal program manager at Microsoft. He explained in an Ignite session that there was "80 percent" parity with Intune and SCCM in System Center 2012 Service Pack 2 and "85 percent" parity with Intune and SCCM in System Center 2012 R2 Service Pack 1.

SCCM might still be the tool of choice for very large organizations or organizations managing Internet of Things-types of scenarios. Florida explained that the Intune standalone product has a device support scale limit of 50,000 devices, whereas the hybrid Intune-SCCM solution is capable of managing "hundreds of thousands of devices."