Microsoft Details Windows Intune Update Coming Next Week
- By Kurt Mackie
- January 29, 2014
An update to Microsoft's Windows Intune cloud-based device management service will begin rolling out to subscribers sometime next week, Microsoft said Wednesday.
The update, which Microsoft described in this announcement, appears to be fairly minor. Microsoft has improved how e-mail profiles get configured, and added support for new iOS 7 configuration settings. The update will also enable administrators to lock devices or reset passwords remotely.
According to Microsoft's announcement, the update will bring:
- "Ability for the administrator to configure email profiles, which can automatically configure the device with the appropriate email server information and related policies, as well as the ability to remove the profile along with the email itself via a remote wipe if needed.
- "Support for new configuration settings in iOS 7, including the "Managed open in" capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.
- "Ability for the administrator to remotely lock the device if it is lost or stolen, and reset the password if the user forgets it."
The last item seems a bit surprising as Microsoft has typically touted remote wipe capabilities of its mobile device management products. Remote lock appears to be an added capability along those lines.
With past Windows Intune releases, subscribers have typically seen the updates appearing in the solution's administrator console in the following month after the announced release. Microsoft's product update cycle for Windows Intune is unclear, and the company doesn't appear to publish an update history anywhere. Past updates included July, September, and October releases, according to the chronicle described at the Windows Intune blog. Many of Microsoft's Windows Intune updates are "mandatory updates" to the product that get automatically installed, according Microsoft's description of the client update process.
Standalone Windows Intune
Microsoft also claimed in this announcement that Window Intune can be used to manage mobile devices without having to integrate it with System Center 2012 R2 Configuration Manager. Such a claim goes back to Microsoft's January 2013 product release of Windows Intune. However, it seems to contradict numerous Microsoft spokespersons who have heavily suggested that both products would be needed for mobile device management per Microsoft's scenario.
An explanation attributed to Brad Anderson, Microsoft corporate vice president for cloud and enterprise, suggested that the standalone management capability of Windows Intune was new.
"In addition to our unified deployment mode and integration with System Center Configuration Manager, Windows Intune can now stand alone as a cloud-only MDM solution," Anderson wrote in a blog post. "This is a big win for organizations that want a cloud-only management solutions [sic] to manage both their mobile devices and PC's."
Microsoft may be facing some mobile device management competition. Forrester Research analyst Tyler Shields suggested in a blog post Wednesday that the mobile device management solutions market is becoming increasingly "commoditized," with more than 100 vendors trying to differentiate themselves. He predicted that the "value for MDM is rapidly approaching zero" as prices get cut.
In any case, Microsoft is promising that other Windows Intune improvements will be arriving this year. One improvement will enable "conditional access to Exchange e-mail inboxes depending on if the device is managed." Other improvements to come include the ability to restrict application data access, as well as the ability to control Web site access by setting URL filtering. It also will be possible to deny device access to certain apps.
In an odd footnote to Microsoft's announcement, veteran Microsoft watcher Mary Jo Foley today noticed the apparent scrubbing of an alternative project within Microsoft to facilitate application sideloading on Windows 8 and Windows RT devices. Enterprise sideloading is part of Microsoft's mobile device management and security vision associated with Windows 8 and Windows RT systems. Sideloading is a way to get "Metro"-style apps and Desktop apps on a device outside the Windows Store distribution process.
The BootyBay announcement by a Microsoft Global Partner Services team in China got pulled, but it described a CodePlex project designed to make it easier for independent software vendors to write Windows Store Apps (otherwise known as "Metro apps") for a "private store," rather than the Windows Store.
The BootyBay team didn't hold back on its reasons for trying to release such a project.
Microsoft's only solution for side-loading app management for enterprise is System Center/Intune. The System Center is too expensive and complex, and Intune is still not available to many regions yet especially China Mainland. Today, with the growth of the win8 device selling to enterprises, there are many partners and customers are looking for a light-weighted, easy-to-deploy solution for app management purpose, especially for Line-Of-Business commercial apps. Although we have Windows Runtime APIs to do so, there is no complete solution available internally or externally to meet the requirement. That's why we are working on the POC [proof of concept] development.
Microsoft's mobile device management approach depends on having multiple Microsoft software solutions in place. Enterprise sideloading typically requires either having an Enterprise Agreement in place or paying the extra costs for certificate licenses to sideload line-of-business apps, which is estimated at $3,000 for 100 license keys. As noted by Foley, Microsoft MVP Rockford Lhotka has spoken out about the need for an alternative licensing approach to get Microsoft's mobile device management vision rolling.