/build/static/layout/Breadcrumb_cap_w.png

MMS2012: Windows InTune Deep Dive

Vision/Goals

  • To enable flexible work styles (empower users to work from anywhere)
  • To complement to SCCM (deliver simplified enterprise-class management for IT with less cost and higher productivity)
  • To offer the latest in Windows (give users a modern OS experience for greater productivity, security and mobility benefits)
  • Rapid release cycles (provide customers continuous improvement and new features without costly deployments)

Pillars

  • User Centric: Enable IT Pros to think users
  • Self Service: Empower users to meet their own management needs
  • Modern Devices: manage corporate and personally owned phones and tablets 

Demo Notes

  • Like Office 365, creating a user in InTune creates a user in the Azure Active Directory (AD) (Cloud Identity). You can sync an Azure AD account with your local on premise AD (Synced Identify) but doing so means the user has to manage two sets of password. However, there is an option to enable single sign-on. An Office 365 account can also be tied into this single sign on feature (Federated Identity). While not automatic, it was stressed that this is not a difficult process.
  • User device affinity can be specified through the UI, choose a user and an unassigned device to create the relationship
  • Self service portal allows users to perform pull installations in addition to the new push deployment capabilities recently introduced by InTune for Windows desktops only (no mobile support at this time)
  • Lots of help and links to best practices are included within the admin UI
  • Apps can be made available to users and it then becomes available for a pull installation via a user portal on their appropriate devices: Windows (can push), Windows Phone, iOS, and Android (pull)
  • Windows Installer command lines are known and used (with an option to override and specify your own, such as to include values for public properties)
  • Client user portal is HTML5 so any HTML5 supported browser may be used
  • As an end user you can see your applications but the demo was to make the software available for user initiated installation, not pushed.
  • To address concerns about many people all deciding to download available applications at the same time, some peer caching is leveraged. In the demo shown Lync was downloaded quickly and looking at PerfMon it was seen that the download was actually sourced from another computer that downloaded the computer the previous day.

Top Questions and Concerns from Enterprise Customers

  • How many computers does InTune support? Does it scale to meet enterprise needs?
  • How reliable is cloud-based management. Does it comply with regional privacy standards?
  • What is the bandwidth requirement? How can I reduce Internet bandwidth usage? 

Units can be added anytime to accommodate new accounts. It is architected and developed by the same team that delivered Windows update service. Managing up to 5k seats per account is supported today by IT pro experience and this is a number they will improve upon with each release to better support larger enterprise needs.

Data center is allocated based on the declared location of the account holder to comply with regional privacy standards.

There are many scenarios to consider for bandwidth requirements: initial deployment, endpoint protection, software deployment, patch management, etc.

Microsoft says typical bandwidth usage is low but that you should plan in case of large number of computers sharing a single Internet connection.  Average bandwidth usage 5mb per day, an average patch Tuesday: about 10mb and an average agent install usage is about 120mb. You can set policies to prevent bandwidth usage during working hours if you wish. Finally peer caching sis supported for PCs running Windows 7 and later. No additional infrastructure is required to support this (this is one of the technologies that powers BranchCache).


Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ