Anyone tasked with managing the PCs in their organization will know just how time consuming and challenging an undertaking it can be.
Even with only a handful to look after you can spend hours making sure everything is up to date, secure and working properly, let alone finding time to fix problems when they arise.
Specialist software is supposed to help, but that in itself can be a challenge with, in most cases, a dedicated server and database required before you can even start.
So why not put the management tools in the cloud, leaving you to concentrate on getting on with the job? Exactly what Microsoft thought, and the thinking behind its new Windows Intune service.
What Is It And Who Is It For?
Designed to appeal to small to medium-sized companies with, typically, up to 500 users, Windows Intune is a cloud-based service designed to address common Windows desktop management issues.
That includes distribution, approval and installation of Windows updates, making sure PCs are adequately protected against viruses and other malware, plus tracking hardware and software inventory information and proactively monitoring PC status.
No special management infrastructure is required, just Internet connectivity. Plus there’s no need for in-depth technical knowledge, with a simple browser interface to administer and manage the service.
Pricing & Setup
As with cloud-based service from Microsoft, Windows Intune is sold to end-user organizations on a per-system subscription basis, at a cost of £7.25/month (ex. VAT) for each managed PC.
However, that’s not the whole story as included in the Intune subscription is an upgrade license enabling PCs to be upgraded to Windows 7 Enterprise, or any future releases of Windows, at no extra cost.
Discounts for bulk purchases of 250 licenses or more are also available and it’s possible for customers with System Assurance agreements to, similarly, subscribe to Windows Intune at a discount.
In addition, Intune customers can opt to add the Microsoft Desktop Optimization Pack (MDOP) to their subscription, giving access to a suite of on-premise management tools capable of performing tasks not possible using Intune alone.
Tasks such as troubleshooting software problems and recovering crashed PCs.
Naturally, Intune is a Windows-only service with an agent that has to be downloaded and installed onto every PC to be managed.
It’s also very much focused on Windows 7, although managed PCs can be configured with 32-bit or 64-bit implementations of Windows XP (SP2 or SP3 required) or Vista, as well as the newer Windows 7 OS.
Agent installation takes just a few minutes and as well as manually downloading the software from the Intune Web site, it can be distributed on a USB key or CD or, on a large network, rolled out using group policy or other software distribution tool.
However, there’s no absolute need for managed PCs to be part of an AD domain and we had no problems deploying it on a workgroup network.
Nothing else is required, other than a browser with support for Microsoft Silverlight 3.0 through which to access the management console, Microsoft hosting and maintaining the necessary server components in their public cloud infrastructure.
Does It Do It Well?
The hosted Intune service certainly tackles many of the key management tasks faced by small to medium sized businesses one of which is the need to make sure that updates are applied on all their desktop computers.
To this end recommended updates for Windows, Office and other Microsoft applications can be listed and remotely approved from the Web console with the option of drilling down to see exactly what each is for.
It’s also possible to filter and automatically approve updates by type—useful when deploying a large service pack.
Detailed hardware and software inventory information is also collected automatically from each client, plus it’s possible to manage license agreements, although only for Microsoft products in this first release.
On the security front the Intune agent will install anti-malware protection on each PC during setup, effectively implementing Microsoft’s Forefront Endpoint Protection with centralised alerting, reporting and management via the hosted Intune console.
Managed PCs can be organised into groups and there’s a whole section of the interface dedicated to monitoring and managing alerts with the option of emailing support staff when problems arise, if wanted.
Other nice features include the ability for end users can to check the health of their PCs locally and generate support requests which are sent on to the Intune console.
Plus there’s built-in support for multiple accounts to, for example, enable a reseller or VAR to monitor and manage several customer sites from a single setup.
Where Does It Disappoint?
Although Windows Intune worked well in our tests and did everything expected of it, we didn’t find it all that easy to get to grips with.
This was partly due to the deceptively simple management interface which, despite being easy to navigate, proved less than intuitive, requiring us to search around in order to work out how to perform even quite simple management tasks.
Error messages and alerts weren’t always easy to interpret plus it took a long time for many of the tasks to complete.
So much so that we sometimes thought that we’d failed to click on the correct menu or link, only to discover later that it had just taken a long time for the agents concerned to respond.
The collection of hardware and software inventory information, in particular, proceeded at a very leisurely pace.
Other disappointments included the inability to manage servers or third-party software including anti-virus and other security products which can’t be updated or managed from Intune.
Moreover, the built-in policy option can only enforce Intune client and basic Windows firewall settings.
And finally, there are no software distribution facilities beyond making sure that Windows updates are installed.
So, despite the inclusion of update rights to Windows 7, you’ll need to find some other way of upgrading older systems rather than use Intune to automate the process.
Would We Recommend It?
Windows Intune certainly ticks a lot of common management boxes and does so without the need for local servers or any real in-house expertise, making it an ideal small business solution.
It’s also reasonably inexpensive, especially when compared to installing and running a more conventional desktop management suite, such as Microsoft’s own System Center.
However, it is far from perfect, and nowhere near as easy to manage as we’d like, plus it does little to address the need to manage software outside the Microsoft family.
It might fit the bill and be exactly what’s required to manage your desktops, but we’d certainly recommend the 30-day trial before making a decision.
