Export (0) Print
Expand All

Windows Intune evaluation guide

Updated: April 1, 2014

Applies To: Windows Intune

Windows Intune provides a cloud-based service that can help your business to protect and manage devices. Because it is cloud-based, it can be administered from any Silverlight-enabled web browser. Windows Intune can manage a wide range of devices:

  • Mobile devices (including phones and tablets running Android, iOS, Windows Phone and Windows RT operating systems). Computers running Windows 8.1 can be managed as mobile devices, or can be managed as computers using the Windows Intune client software.

  • Computers running a professional edition of Windows Vista, Windows 7, Windows 8 or Windows 8.1.

For more information on mobile devices and computers that you can manage with Windows Intune, see Mobile Device Management Capabilities in Windows Intune and Computer management capabilities in Windows Intune.

This evaluation guide covers the following:

Windows Intune provides you with a wide range of general capabilities, as well as capabilities specific to mobile devices and capabilities specific to computers. These capabilities are summarized below:

Windows Intune general capabilities:

  • Management of mobile devices and computers, no servers or intranet required. You can manage mobile devices and computers, even if those devices are not joined to a domain or brought on-site. This makes Windows Intune ideal for a company with a mobile or geographically-distributed workforce.

  • Require encryption of mobile devices and computers. Mobile devices that support encryption can be required to use it. You can also require computers that support Bitlocker drive encryption to use it. If a mobile device or computer with encryption is lost or stolen, the data on the device’s storage media is unreadable, helping to secure that data it from theft.

  • Hardware and software inventory and reporting. You can gather information on the hardware and software used by your company, helping you to plan your hardware upgrade cycle or determine if unwanted software is installed on managed devices.

  • Monitor mobile devices and computers. You can create alerts to notify you when there is a problem with a mobile device or a computer, and also have alerts trigger e-mail notifications so that the right people are informed of the problem.

  • A “self-service” model for IT. Users can use the company portal to enroll devices, to install site-licensed software, or to find contact information for IT administrators.

Windows Intune mobile device management (MDM) capabilities:

  • Configure passwords. The password management capabilities vary slightly across mobile device platforms, but all supported platforms allow you require a password, limit the number of failed sign-in attempts, limit the minutes of activity before the screen locks, set the time for password expiration, and prevent the use of previously-used passwords.

  • Control system and cloud storage settings for mobile devices. The system and cloud storage settings available vary across mobile device platforms, but highlights include the ability to block the iOS lock screen notifications view (to keep meeting details confidential), and the ability to collect diagnostic data from Windows Phone 8.1 and iOS devices.

  • Manage e-mail access for mobile devices using Exchange ActiveSync. You can control e-mail access settings such as whether devices can download attachments, or how much of an e-mail folder is synchronized with a mobile device.

  • Application settings. You can control browser settings, and also such application settings as whether app stores can be used on mobile devices.

  • Device Capabilities, Cellular and Voice. You can allow or disallow the use of a camera, control roaming settings, and enable or disable iOS voice assistant and voice dialing features.

  • Reset, lock or wipe. You can reset passcodes if users lose access to their device, lock missing or stolen devices, or even wipe data off of missing or stolen devices.

Windows Intune computer management capabilities:

  • Manage software updates. You can keep computers up-to-date, and manage when updates are applied.

  • Set Windows Firewall Policy. This helps to ensure that no computer used by your company has an inactive or improperly-configured firewall.

  • Anti-malware protection. Windows Intune includes Windows Intune Endpoint Protection, and allows you to set policies to ensure that computers are kept up-to-date with the latest anti-malware definition updates.

  • Remote assistance. Windows Intune allows users to contact IT support staff, who can then provide assistance using a remote desktop feature that is included with Windows Intune.

  • Software license management. Windows Intune can help you to manage your use of licensed software by tracking how many software licenses are available, and how many available licenses are being used.

As an IT administrator, you want to give your users the freedom to access corporate applications and data from anywhere and from any device (including smartphones, tablets, and PCs). Often, users will want to use a personal smartphone or tablet for work, creating the need to manage these devices so that you can control access to sensitive company information. Windows Intune helps you to enable your users to be productive on any device, while ensuring that any device that handles company applications and data can be managed to protect your company.

You can configure Windows Intune in a number of ways to manage and secure your company's mobile devices and computers (referred to as devices in the remainder of this document).

  • Windows Intune stand-alone configuration. Use the web-based administration console in Windows Intune to manage devices in your organization. Windows Intune can be used without any on-premises IT infrastructure, but if you use Windows Intune with Active Directory Domain Services, you can use domain user accounts that you manage with Domain Services with Windows Intune.

  • Windows Intune with System Center Configuration Manager. Use the System Center 2012 Configuration Manager management console to manage computers and mobile devices in your enterprise. This configuration can help you to manage all of your organization’s devices through a single console, the Configuration Manager Admin Console. Configuration Manager supports very large numbers of mobile devices, servers and computers. For more information, see How to Manage Mobile Devices by Using Configuration Manager and Windows Intune in the Documentation Library for System Center 2012 Configuration Manager.

This evaluation guide focuses primarily on the capabilities of the Windows Intune stand-alone configuration.

You can use the following table to help you decide if Windows Intune stand-alone or by Windows Intune with System Center 2012 Configuration Manager is a better fit for your business.

 

You might choose Windows Intune stand-alone if: You might choose Windows Intune + Configuration Manager if:
  • You have no (or limited) on-premises IT infrastructure. A cloud-based device management solution is ideal for companies with on-premises IT infrastructure (such as deployments of Configuration Manager, Active Directory Domain Services, or Exchange). Windows Intune does not require on-premises IT infrastructure, however it can leverage the capabilities of Exchange ActiveSync or Active Directory Domain Services if you have those installed.

  • You have fewer than 50,000 devices to manage. Windows Intune can manage up to 50,000 mobile devices and computers.

  • You have a small IT staff. With no on-premises IT infrastructure to support and maintain, a small set of IT administrators can use Windows Intune to focus on managing the devices that employees use the most.

  • You have a mobile or highly distributed workforce. It can be very challenging to keep devices up-to-date when the employees using those devices rarely visit the main office, and dread being separated from their device while it is being updated. Cloud-based device management lets you manage mobile devices and computers anywhere in the world.

  • You have on-premises IT infrastructure in place, or plan to deploy it. With Active Directory Domain Services and System Center 2012 Configuration Manager deployed in your enterprise, you can add the mobile device management capabilities of Windows Intune. In this configuration, the device and resource management experience is fully unified:

    • Unified Administration. The Configuration Manager Admin Console is extended with the Windows Intune add-in, while continuing to use the rich device management capabilities of Configuration Manager on domain-joined computers (including servers).

    • Unified user accounts. User names and passwords are synchronized, providing users with a single account that they use to access company resources, whether from a domain-joined computer or from a mobile device.

  • You have over 50,000 devices to manage (or plan to scale-up). Configuration Manager can manage larger numbers of mobile devices and computers than Windows Intune.

Windows Intune has a wide array of administrative workspaces that provide you with capabilities that you can use to manage mobile devices and computers. For a guided tour of Windows Intune, please see Getting started with Windows Intune: walkthrough guide.

 

Feature Capabilities

Account Portal

The Windows Intune account portal lets you manage your Windows Intune subscription and specify the users who can access Windows Intune. From the account portal, you can manage the service and users by adding user accounts and security groups, setting up and managing service settings, and checking the status of the Windows Intune service. You can also contact Microsoft Support and get help from the Microsoft online community. Users can access the account portal to change their password.

For more information about the Windows Intune account portal, see the Windows Azure Active Directory Help. The Windows Azure Active Directory Help provides guidance for Microsoft Online Services such as Windows Intune and Microsoft Office 365, and it covers such tasks as signing up for a Microsoft Online Service, administering your account, signing in, assigning administrator roles for Microsoft Online Services, and changing users’ passwords.

Administrator Console:

System Overview workspace

The System Overview workspace lets you quickly assess the health of the managed devices across your organization. You can view a summary of top alert types, check the system status of several key areas, view summaries of the devices that you are managing, create a new device or user group, or view a report. If an issue occurs, links appear in the affected area to take you directly to the appropriate workspace to investigate and resolve the problem.

Administrator Console:

Groups workspace

The Groups workspace lets you manage your devices and users by organizing them into groups. You can organize groups in the way that best suits your organizational needs (for example, by geographic location, by department, or by hardware characteristics). A device or a user can belong to more than one group.

Administrator Console:

Updates workspace

The Updates workspace allows you to manage the software update process efficiently for all of the managed devices in your organization. You can do the following in this workspace:

  • View pending updates

  • Approve or decline updates

  • Configure automatic approval settings for updates

  • Set a deadline for update installation

Administrator Console:

Endpoint Protection workspace

The Endpoint Protection workspace helps you to enhance the security of all managed computers in your organization by providing real-time protection against potential threats, keeping malicious software definitions up to date, and automatically running scheduled scans. This workspace provides Endpoint Protection status summaries, so that if malicious software is detected on a managed computer, or if a computer is not protected, you can quickly identify the affected computers and take appropriate action.

Administrator Console:

Alerts workspace

The Alerts workspace helps you to quickly assess the overall health of managed computers in your organization, and to respond to problems so that you can prevent or minimize negative effects on business operations. For example, you can:

  • View all recent alerts to get an overview of the health of all your managed devices

  • Investigate specific issues that are occurring on members of specific groups of managed devices (or, in specific workspaces, such as the Endpoint Protection workspace)

  • Use filters to see all alerts with a specific severity level, or to review the list of active or closed alerts

  • Notify the appropriate people about alerts, using Alert Notification Rules to have Windows Intune send email notifications about specific types of alerts to the right people

Administrator Console:

Software workspace

The Software workspace helps you to detect and manage software for all managed devices. In this workspace, you can:

  • Get an inventory of all software installed on computers (not available for mobile devices)

  • Distribute software to computers, including the option to make software required for installation on computers (and install that software without end-user intervention)

  • Deploy managed software packages

  • Link to a web-based application or an application in the Windows Store for the Windows, Windows RT, Windows Phone 8 and Windows Phone 8.1 platforms; link to an application in the ITunes Store for iOS, or link to an application in Google Play for the Android platform

  • Search, sort and filter the lists of managed software or detected software

Administrator Console:

Licenses workspace

The Licenses workspace lets you add and manage license agreement information for software that was purchased through Microsoft Volume Licensing agreements, and for Microsoft or non-Microsoft software that was purchased by other means. In this workspace you can:

  • Enter and manage licenses

  • Compare the set of Microsoft licenses in the workspace to the inventory of software detected on your managed computers

  • Create license reports to track software installation and license counts

Administrator Console:

Policy workspace

The Policies workspace lets you provide settings that control software updates, Endpoint Protection, Windows Firewall settings, and security settings on mobile devices.

Administrator Console:

Reports workspace

The Reports workspace lets you run reports that provide information about the software, and hardware and software licenses in your organization.

Administrator Console:

Administration workspace

The Administration workspace lets you view details about your Windows Intune account (such as account name, status, and active seat count). In this workspace you can manage the following:

  • Updates. Select the products for which you want to manage updates, and determine the types of updates that you want to manage.

  • Alerts and Notifications. Enable alert types that are important, disable those that are not important, set alert thresholds for alert types to notify you if a threshold was met or exceeded, and notify you and other users of alerts using e-mail.

  • Administrator Management. Designate Service Administrators who have permissions to view or edit settings in the Administrator Console; and also assign Tenant Administrators who have the same permissions as Service Administrators, and who can also manage administrator accounts using the Windows Intune Account Portal.

  • Client Software Download. Deploy the Windows Intune client software manually or automatically.

  • Storage Use. Manage your use of Windows Intune Cloud Storage, which is used to distribute software to computers.

  • Mobile Device Management. Configure Windows Intune to directly manage mobile devices in your organization

  • Company Portal. Configure the Windows Intune company portal to display your company specific information, such as your company name, contact information for IT support, and URLs for your company privacy statement and internal support website.

You can start using Windows Intune with a 30-day free trial that includes 25 user licenses. With each user able to use up to 5 devices, you can really get an idea what is possible with Windows Intune. To sign up for the free trial, click here.

WarningWarning
If your organization already has a Microsoft Online Services organization identifier (OrgID), and you might possibly continue with this Windows Intune subscription in production after the trial period ends, then it is essential that you click the Sign in option on that page and authenticate by using the Global Administrator account for your organization. This action will ensure that your Windows Intune trial links to your existing Microsoft Online Services account. If your organization has an Enterprise Agreement or equivalent volume licensing agreement, please contact your Microsoft representative to set up your free trial.

To learn about Windows Intune pricing, go to the Windows Intune Try and Buy page, click Buy, and then click Windows Intune price list.

For step-by-step instructions for free trial signup, and for a walkthrough that you can use to evaluate Windows Intune during your 30-day free trial period, see Getting started with Windows Intune: walkthrough guide. To purchase a paid subscription, see Move from a Windows Intune free trial to a paid subscription.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft