Microsoft Intune Evolution Over 10 Years | Endpoint Manager | Intune Admin? I started testing Intune back in 2012. This blog post is all about my experience with Intune Evolution. I think Microsoft released the first beta of Microsoft Intune (Codename Florida) back in April 2010.
Intune is the successor to the never-released “System Center Online Desktop Manager” project. Following is my first post about Intune, “How to Add or Upload a Software Apps to Microsoft Intune“. Intune started with the Silverlight console. The Intune is moved to the Azure portal after 7 years of the Intune beta release.
The best part of Intune evolution (in my experience) is that Microsoft is NOT in a rush to adopt the features from other MDM solutions in the market. Rather, they have a clear strategy to add each feature to Intune in a proper method (by not hacking around the system).
Intune Graph API Evolution
I assume most of the innovations of Intune device management solutions were blocked because of Silverlight infrastructure. Intune Silverlight infra was a back box for most developers and admins. There were no public APIs to connect to Intune Silverlight infra.
Once Intune is migrated to the Azure portal, we can have a programmatic way of accessing data. Intune Graph API enables automation of application policy deployments. More details about Intune Graph API are available in the following post, “How to Fetch Intune and Azure AD details from Microsoft Graph API“.
Intune OS version and Application Deployment Support Evolution
Intune started with Windows 7 device management support and evolved over the years to support all types of OS versions except Linux, Windows Server, and Unix. Intune supports all the mobile OS versions apart from Blackberry and Symbian (if I’m not wrong).
Over the years Intune added support for the deployment of various types of applications like Windows Installer (*.exe, *.msi), App Package for Android (*.apk), Windows Phone app package (*.xap, .appx, .appxbundle), Windows app package (.appx, .appxbundle), Windows Installer through MDM (*.msi) and external store apps.
Intune still doesn’t support complex MSI package and APP-V package deployments. Is this in their roadmap? I’ve no clue, but I assume it depends on the Microsoft strategy towards APP-V technology.
Intune Client, App, and Security Policy Management Evolution
The need for Intune MSI client installation is eliminated with the release of Windows 10 operating systems and MDM channel management. We still need to use Intune MSI client to manage Windows 7 machines.
I hope to have fewer client health-related issues because Intune uses a built-in MDM channel to manage Windows devices.
Intune application management policies and security management policies are evolved over the years. This helped organizations (small and medium) concentrate on Intune cloud solutions rather than investing in on-prem AD and SCCM infrastructure.
Application and security management policies are available for all the 3 major OS versions (iOS, Android, and Windows) in the market. Intune security policies will replace Windows Group Policies (GPO)? I don’t know at this point. But I believe Intune will be capable of doing that in the future (4+ years ?).
Intune Compliance Policy and OSD Evolution
Intune and Azure AD native integration is the best advantage of the modern device management solution. Azure AD conditional access (CA) and Intune compliance policies are the best examples of this integration. I believe no other device management solution in the market would be able to provide this kind of finely tuned integration.
Windows OS deployment was not in scope for Intune device management at any stages of its development. But, Microsoft’s vision for Windows 10 AutoPilot solution/strategy will give you an idea of why the OSD was not part of Intune. Windows 10 AutoPilot is a Zero-touch deployment of Windows 10 devices.
Intune MAM without MDM and SCCM Integration Evolution
Intune MAM (Mobile Application Management) without MDM and device restriction policies are very helpful for enterprises. MAM without MDM will help us manage and protect corporate applications’ data.
Intune device restriction policies will help us block the devices’ enrollment into the corporate environment when those devices are not meeting security, OS version, or some other specified requirements.
SCCM integration evolutions with Intune in the hybrid scenario is another good example of Intune evolution. SCCM and Intune started supporting the integration back with the SCCM 2012 R2 version.
Recently, Microsoft started supporting MDM authority change without impacting enrolled devices. Microsoft is also trying to bridge the GAPs between modern and traditional device management solutions.
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…