Microsoft announced today that it will be adding several new features to its Windows Intune cloud-based Mobile Device Management (MDM) service, which supports Windows 8, Windows RT, Windows Phone 8, Apple iOS, and Android devices. The firm also supplied some information about features it intends to add to Intune throughout the year.

If you're not familiar with Windows Intune yet, the service has changed a bit over the years and is now being developed alongside System Center Configuration Manager (SCCM) as a cloud-based alternative—and, for those with hybrid needs, a complementary service—to that on-premises management server solution. It can be used as a standalone solution for non-managed or lightly managed environments of all sizes, or can be used in tandem with SCCM in enterprises and other tightly-controlled Active Directory environments.

Intune started off as a way to manage PCs from the cloud, and from the beginning it was an interesting solution for two core audiences: New businesses in which employees are in different locations and will never connect to a central network, and existing businesses in which some employees will never do so. Since then, Intune has adopted MDM capabilities and has been moved into the System Center group where it has been evolved into a more complementary product with SCCM. Today, customers who license SCCM get Intune and vice versa. And you can manage both solutions through an SCCM-based "single pane of glass," or management interface.

Like the R2-based servers that Microsoft delivered last fall, the latest Intune version is described as being "people-centric," or "identity-centric," where the basic unit of management is an individual user and their devices and apps. It works with all modern mobile platforms, including Windows 8.x/RT, Windows Phone 8, Apple iOS, and Google Android, though of course the exact feature set will vary somewhat from device to device depending on which MDM features are supported by the underlying platform.

"We continue to hear that Bring Your Own Device/Bring Your Own Everything is a major force in IT," Microsoft senior director of product management Andrew Conway told me in a recent briefing about the changes coming to Intune. "This is reshaping how they think about end user computing. IT in particular has shifted. They used to stand in the way of these changes before, but they're embracing it now. So they're looking for the right tooling."

Because it's a cloud service, Microsoft is also able to rollout updates more quickly than is possible with a traditional on-premises server. So this week, Microsoft is announcing a set of updates that will be delivered to Intune customers beginning next week. And the firm is generally discussing other features it intends to add to the service throughout 2014.

Here are the new features Microsoft will be adding next week:

Email profiles. Administrator can now configure email profiles that supply both email server information and related policies. When you selectively wipe a device, you can optionally remove the profile along with the email data.

Support for new iOS 7 MDM features. With iOS 7, Apple is now providing new MDM functionality in its mobile OS, and Intune is being updated specific configuration options, including Open In Management, which helps protect corporate data by controlling which apps and accounts are used to open documents and attachments, and optionally disabling the fingerprint unlock feature on the iPhone 5S.

Remote lock and remote password reset. Administrator will be able to remotely lock a device if it is lost or stolen, and reset the password if the user forgets it.

Longer range—by the end of 2014, I'm told—Microsoft will be adding other new features to Intune. These include:

Deeper email management. This includes conditional access to Exchange email inboxes depending on whether the device is managed.

Application restrictions. Using direct platform management or policy "wrapping," administrators will be able to define how apps interacts with data and block undesirable functions such as cut and paste to other apps.

Bulk enrollment of mobile devices. For environments in which devices are used by multiple users, such as kiosks, student devices, or retail.

Whitelisting and blacklisting of apps. Intune will be able to allow or deny apps from running on mobile devices.

Web browser management. This includes URL filtering, which effectively creates white- and blacklists for web sites that can be accessed from managed mobile devices.

On a related note, Microsoft is documenting how you can provision Exchange ActiveSync email profiles to mobile devices using System Center 2012 R2 Configuration Manager and Windows Intune.

You can learn more about Windows Intune on the Microsoft web site.