Microsoft Describes 'Hybrid' Intune-SCCM Mobile App Management Vision

Microsoft last week shared more details about its mobile application management vision, in which its Intune and System Center Configuration Manager (SCCM) products will play key roles.

The company previously gave a high-level explanation of its plans. The idea is that Intune's mobile device management (MDM) capabilities are getting embedded inside Microsoft's Office 365 applications. Other software vendors also can tap APIs from an Intune software development kit (SDK) to add management capabilities to their apps. They can use the same app wrappers that Microsoft uses and access the same "containers" that are used by Office apps to add these Intune management capabilities.

Last week, Microsoft further explained how its newly released service packs for System Center 2012 and System Center 2012 R2 enable Intune's mobile application management capabilities in "hybrid" scenarios in which SCCM is combined with the Intune service.

Organizations can use SCCM as their main tool integrated with Intune in a hybrid configuration, with Intune providing the mobile application management support. Those capabilities come into play when so-called "managed apps" are deployed by an organization. A managed app, by definition, already has the Intune SDK built into them, according to Microsoft's descriptions.

Organizations with their own proprietary apps also can add Intune management capabilities by wrapping their apps using Microsoft's app wrapping tools. Currently, there's an existing tool for iOS apps. Last week, Microsoft announced a new Intune App Wrapping Tool for Android solution.

Hybrid Intune-SCCM solutions work by associating a managed app's "deployment type" with policies set up by IT pros. Here's how Microsoft describes it:

When using System Center Configuration Manager (ConfigMgr) integrated with Intune, you can associate the app management policy with the ConfigMgr application's deployment type (DT) that you want to restrict. When the application is deployed and the application's DT is installed on devices, the settings you specify will take effect.

At present, it's possible to add mobile application management capabilities to managed apps running on Android 4 and later operating system versions, as well as Apple iOS 7 and later versions.

The standalone Intune product already works with various iOS managed apps, including Office suite apps, OneDrive cloud storage, Work Folders and the "Intune Managed Browser," which is Microsoft's specialized browser that lets IT pros manage user actions. On the Android side, there's support for an Intune Managed Browser, Office apps for tablets, OneDrive, a PDF Viewer and AV Player application. Microsoft's list of managed apps can be found in this TechNet library article.

Microsoft has been clear that Intune is its main MDM tool going forward. Additionally, as a cloud service, Intune follows a monthly update cycle and gets its new feature updates faster than Microsoft's venerable SCCM product. Still, Microsoft is gradually adding Intune capabilities to the SCCM component of System Center 2012 and System Center 2012 R2. That's done by improving SCCM's "extensibility model," according to Mark Florida, a principal program manager at Microsoft. He explained in an Ignite session that there was "80 percent" parity with Intune and SCCM in System Center 2012 Service Pack 2 and "85 percent" parity with Intune and SCCM in System Center 2012 R2 Service Pack 1.

SCCM might still be the tool of choice for very large organizations or organizations managing Internet of Things-types of scenarios. Florida explained that the Intune standalone product has a device support scale limit of 50,000 devices, whereas the hybrid Intune-SCCM solution is capable of managing "hundreds of thousands of devices."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.