Skip to main content

Unified Device Management with Windows Intune and System Center 2012 Configuration Manager SP1

Together, System Center 2012 Configuration Manager and Endpoint Protection Service Pack 1 (SP1) and Windows Intune deliver a unified device management solution for the enterprise, built on a "people-centric" model, where the user is the focus, not the device. Using these solutions, you can provide users with access to the corporate resources (applications and data) they need on the devices they choose. In addition, IT administrators can address the unique challenges created by bring your own device (BYOD) policies by being able to identify and manage endpoint devices, including Windows PCs (physical and virtual), tablets, smartphones, Macs, and embedded devices, all through a unified administration console.

The following is a quick recap of the functionality and enhancements in each of the latest releases.

Windows Intune addresses new challenges IT departments face when managing devices, including:

  • Providing management and software distribution across a range of mobile devices and platforms, including Windows RT, Windows Phone 8, Android, and iOS
  • Through integration with Configuration Manager 2012 SP1, IT administrators will be able to manage both corporate-owned and personally-owned devices with a single console, making it easier to identify and enforce compliance
  • A self-service portal for selecting and installing company apps

With the latest release, the Windows Intune service is now expanded to 45 additional countries taking the total to 87 countries worldwide.

Configuration Manager 2012 SP1 contains several enhancements, including:

  • Support for Windows 8 and Windows Server 2012, including delivery of Windows 8 applications, the ability to limit downloads on 3G and 4G network connections to prevent unwanted data charges, and support for Windows To Go
  • Native management of Windows Embedded devices
  • Support for PowerShell for administrative tasks
  • Windows Azure-based Distribution Points
  • Support for Mac OS X devices and Linux and Unix servers

Endpoint Protection 2012 SP1 contains enhancements, including:

  • Ability to automatically deploy definition update three times per day
  • Real-time administrative actions to update definitions, scan, and remediate issues quickly
  • Client-side merge of antimalware policies

For more information and to sign up for a free 30-day trial subscription to Windows Intune, visit the Windows Intune resource zone on TechNet. Configuration Manager 2012 SP1 and Endpoint Protection SP1 can be downloaded by MSDN and TechNet subscribers as well as through the Volume Licensing Software Center.

Now on to some additional tips on how to use these technologies to improve your device management approach.

How to Manage Mobile Devices by Using the Windows Intune Connector in Configuration Manager

Configuration Manager 2012 SP1 lets you manage Windows Phone 8, Windows RT, iOS, and Android devices by using the Windows Intune service over the internet. Although you use the Windows Intune service, management tasks are completed by using the Configuration Manager console. You can use the Windows Intune connector site system role in the Configuration Manager console to connect to the Windows Intune service. This enables you to embrace BYOD and provide mobile apps to employees while, at the same time, protecting company data by exercising control over mobile device enrollment and security settings.

The Company Portal and User-Owned Devices

When employees use their own devices they expect to have some control over the apps they download, in addition to privacy for their personal data. The BYOD scenario lets you balance employee concerns with company constraints. Users can manage their devices by using the company portal. The company portal is a self-service portal that lets users control what apps are installed on their devices. Also, the company portal is customized for that platform so that users will only see apps available for their device type.

The Windows Intune Subscription and the Windows Intune Connector

Before you can install the Windows Intune connector, you first have to subscribe to the Windows Intune service and configure your Windows Intune subscription. Your subscription lets you configure which user collection can enroll mobile devices. Also, your subscription lets you configure a portal that will host your company apps and then lets users manage their devices.

After you have configured the subscription, you can install the Windows Intune connector. The Windows Intune connector lets you deploy apps to mobile devices by using a distribution point hosted by the Windows Intune service. When you deploy an app by using the Windows Intune connector, the app appears in the company portal where users can view and download the app. You can either deploy a link to an app that exists in an app store or you can deploy a line of business app by using sideloading.

You can set up links to the Windows Store, Windows Phone Store, App store, and Google Play or you can "sideload" a line of business app. Sideloading an app lets you distribute an app directly to a device without going through the Windows Store, Windows Phone Store, App Store, or Google Play. You can sideload an app for Windows Phone 8, Windows RT, iOS, and Android.

The Windows Intune connector also lets you manage compliance settings and collect inventory on Windows Phone 8, Windows RT, and iOS devices. You can manage the device life cycle of mobile devices, which includes actions such as wipe, retire, and block. The Windows Intune service uses the management client that is built directly into the Windows RT and Windows Phone 8 platforms. For mobile devices that run iOS, the iOS APIs are used for management.

Top Tasks

About the Author

Martin Booth photo

Martin Booth is a Senior Technical Product Marketing Manager with the Windows Server & Management team at Microsoft, specializing in System Center 2012 Configuration Manager.

Related Resources

Stay Informed

Want to receive early access to Windows tips and tricks, as well as insight into exclusive events and upcoming technical resources?

Sign up for the Springboard Series Insider newsletter.