by Shane O'Neill

Windows Intune 2.0: Four New Features

Oct 17, 20115 mins
Cloud ComputingComputers and PeripheralsData and Information Security

An update of Microsoft's cloud-based Windows Intune offers a batch of new features meant to simplify how administrators can remotely track and manage company-owned PCs and software.

Windows Intune, Microsoft’s Web-based PC management and security platform, may not get the same level of attention as cloud services like Office 365 or Windows Azure, but Microsoft is betting big on Intune to be the cloud service that will facilitate IT’s evolving job of remotely managing PCs.

Today, about seven months after Windows Intune was initially made available, Microsoft is releasing Windows Intune 2.0. With the new version of Intune, IT admins can manage the deployment of Microsoft updates and service packs to all PCs, keep track of hardware and software inventory, fix PC issues remotely, manage protection from malware threats and set security policies. And Windows Intune can be accessed from wherever there’s an Internet connection.

Windows Intune costs $11 per PC per month (Software Assurance customers will pay less than $11), and that price includes an integrated anti-malware product and Windows 7 Enterprise upgrade rights, which could be a real money-saver for smaller companies doing a Windows upgrade.

Microsoft says Windows Intune is particularly well suited for SMBs that manage around 500 Windows PCs.

Eric Main, Microsoft director of Windows Intune product management, says the company is also seeing more enterprise interest in Windows Intune as larger organizations try to manage “blind spots”, that is, PCs that are not in the office but belong to road warriors and remote workers. On-premise PC management tools do not provide the convenience and flexibility that Windows Intune can provide for a mobile workforce, he says.

(Click below for an overview of new features in Windows Intune 2.0)

“Many larger organizations already have good PC management solutions on-premise, but also need a cloud-based service like Windows Intune to better manage the wares of remote workers and complete the full picture,” says Main.

To that end, Microsoft is building parts of its high-end, on-premise enterprise products such as SCCM (System Center Configuration Manger), Forefront Endpoint Protection, and MDOP (Microsoft Desktop Optimization Pack) into Windows Intune. For an extra dollar per PC per month ($12), Windows Intune customers can access the MDOP suite of products, which include application and desktop virtualization tools.

Microsoft also plans to integrate Windows Intune with Office 365 so that IT pros can use Intune to deploy Office in the cloud. But right now, that integration is not in place for Windows Intune 2.0.

Windows Intune also does not support mobile devices like smartphones and tablets; it supports only Windows PCs. But Main says Microsoft plans to extend the support to mobile devices in future versions.

But Windows Intune 2.0 does offer a slew of new features. Here are four notable enhancements that may make Windows Intune a worthwhile service for IT managers.

Software Distribution

Windows Intune 2.0 simplifies the complex task of distributing both Microsoft and non-Microsoft software and updates to all PCs that are managed by Windows Intune.

An IT admin completes a simple wizard from the Windows Intune console to guide them through the process of publishing the software for distribution. These software or update packages can be .EXE, .MSI or .MSP files.

After the information has been entered, the wizard then encrypts, compresses and uploads the package to Windows Azure storage space until it’s ready for deployment. During a trial subscription, 2GB of free Windows Azure cloud storage are provided to store updates or apps until distribution. Paid subscriptions have a pre-determined amount of storage space (greater than 2GB). And customers have the option to purchase more space if needed.

When the software is living it appears in the Managed Software workspace. Administrators can then choose to deploy the software to select PCs. The next time these PCs are online, software installation will begin.

Click here for more guidance on how to use software distribution in Windows Intune.

Remote Tasks

The Remote Tasks feature gives IT admins more control over software updates and security scans on managed PCs.

When an IT admin right-clicks on a specific managed PC, a context menu appears with actions including Add to Group, Retire and Remote Tasks. When that admin selects “Remote Tasks” he can perform tasks on a Windows Intune managed PC, with options including:

  • Run Full Malware Scan, which starts an immediate full scan of the client computer
  • Run Quick Malware Scan, which starts a quick scan of the client computer, searching for select files and common file paths in just a few minutes
  • Update Malware Definitions, which instructs the client software on the managed PC to check for the latest Windows Intune malware definitions
  • Restart Computer, which forces a managed computer to reboot

License Management for Other Licenses

Windows Intune 2.0 extends software license management beyond just Microsoft enterprise software licenses to include Microsoft retail licenses, OEM licenses and other third-party licenses.

IT admins can use this feature to track purchased licenses against actual installations by entering details into the software catalog such as the publisher name, software title or number of licenses purchased. Software licenses can be tracked on the Add Agreements page under Licenses.

Read-Only Access

When adding administrators to a Windows Intune account, admins can select whether or not to grant full administrator rights or read-only access to information.

Someone with read-only rights can view all the information in the Windows Intune Administration Console, but cannot take any action such as approving an update or running a scan.

The read-only admin role can be useful when training new employees. These new employees can get familiar with the console without actually performing an action. Once they are comfortable, a full-access administrator can switch the new employee’s access from “read-only” to “full access” if desired.

For more information on how to subscribe to Windows Intune, click here.

Shane O’Neill covers Microsoft, Windows, Operating Systems, Productivity Apps and Online Services for Follow Shane on Twitter @smoneill. Follow everything from on Twitter @CIOonline and on Facebook. Email Shane at