I started testing Intune back in 2012. This blog post is all about my experience with Intune Evolution. I think Microsoft released first beta of Microsoft Intune (Codename Florida) back in April 2010. Intune is the successor to the never released “System Center Online Desktop Manager” project. Following is my first post about Intune “How to Add or Upload a Software Apps to Microsoft Intune“. Intune started with Silverlight console. The Intune is moved to Azure portal after 7 years of the Intune beta release.
The best part of Intune evolution (in my experience) is that Microsoft is NOT in a rush to adopt the features from other MDM solutions in the market. Rather, they have clear strategy to add each feature to Intune in a proper method (by not hacking around the system).
Intune Graph API Evolution
I assume most of the innovations of Intune device management solution were blocked because of Silverlight infrastructure. Intune Silverlight infra was back box for most of the developers and admins. There was no public APIs to connect to Intune Silverlight infra. Once Intune is migrated to Azure portal, we can have a programmatic way of accessing data. Intune Graph API enables automation of application policy deployments. More details about Intune Graph API is available in the following post “How to Fetch Intune and Azure AD details from Microsoft Graph API“.
Intune OS version and Application Deployment Support Evolution
Intune started with Windows 7 device management support and evolved over the years to support all types of OS versions expect Linux, Windows Server, and Unix. Intune supports all the mobile OS versions apart from Blackberry and Symbian (if I’m not wrong).
Over the years Intune added support for the deployment of various types of applications like Windows Installer (*.exe, *.msi), App Package for Android (*.apk), Windows Phone app package (*.xap, .appx, .appxbundle), Windows app package (.appx, .appxbundle), Windows Installer through MDM (*.msi) and external store apps. Intune still doesn’t support complex MSI package and APP-V package deployments. Is this in their roadmap? I’ve no clue, but I assume it all depends up on the Microsoft strategy towards APP-V technology.
Intune Client, App and Security Policy Management Evolution
The need of Intune MSI client installation is eliminated with the release of Windows 10 operating systems and MDM channel management. We still need to use Intune MSI client to manage Windows 7 machines. I’m hoping to have less client health related issues because Intune uses built-in MDM channel to manage Windows devices.
Intune application management policies and security management policies are evolved over the years. This helped organizations (small and medium) to concentrate on Intune cloud solution rather than investing on on-prem AD and SCCM infrastructure. Application and security management policies are available for all the 3 major OS versions (iOS, Android, and Windows) in the market. Intune security policies will replace Windows Group Policies (GPO)? I don’t know at this point of time. But I believe Intune will be capable of doing that in the future (4+ years ?).
Intune Compliance Policy and OSD Evolution
Intune and Azure AD native integration is the best advantage of the modern device management solution. Azure AD conditional access (CA) and Intune compliance policies are the best examples of this integration. I believe no other device management solutions in the market would be able to provide this kind of finely tuned integration.
Windows OS deployment was not in scope for Intune device management at any stages of its development. But, Microsoft’s vision towards Windows 10 AutoPilot solution/strategy will give you an idea why the OSD was not part of Intune at all. Windows 10 AutoPilot is Zero touch deployment of Windows 10 devices.
Intune MAM without MDM and SCCM Integration Evolution
Intune MAM (Mobile Application Management) without MDM and device restriction policies are very helpful for enterprises. MAM without MDM will help us to manage and protect the data of corporate applications. Intune device restriction policies will help us to block the enrollment of the devices into the corporate environment when those devices are not meeting security, OS version or some other specified requirements.
SCCM integration evolutions with Intune in the hybrid scenario is another good example of Intune evolution. SCCM and Intune started supporting the integration back with the SCCM 2012 R2 version. Recently, Microsoft started supporting MDM authority change without any impact to enrolled devices. Microsoft also trying to bridge the GAPs between modern and traditional device management solutions.
Microsoft’s PC-Management – http://www.zdnet.de/41549577/cebit-microsofts-pc-management-dienst-windows-intune-startet-am-23-maerz/
Windows Intune Pros and Cons – http://www.zdnet.com/product/microsoft-windows-intune/