Hands On with Windows InTune

Back in April, in Windows InTune: Microsoft Takes the Midmarket to the Cloud, we discussed Microsoft's upcoming Windows InTune service, which is currently in beta and will ship to the public in early 2011. Since then, I've been using InTune to manage the PCs in my own home environment. And it's been working well.

As a reminder, InTune offers PC management via a hosted online service. Simple almost to the point of absurdity, InTune bypasses (but respects) Active Directory (AD) and Group Policy (GP), offering instead a simpler set of management capabilities that should be welcome to overtaxed IT departments in mid-sized businesses. (Indeed, it is this focus on the midmarket that is arguably InTune's greatest fault; this is a solution that should be made available to businesses of all sizes.)

It's hard not to imagine InTune not one day "growing up" and picking up AD/GP functionality, though the first shipping version is at least AD-aware and will ensure that any conflicting policies default to AD and not InTune. Microsoft has already expressed its desire to expand the capabilities and scope of this solution to meet the needs of the enterprise; implicit in this promise is AD integration, I think. So far, the software giant is silent on this issue.


For now, however, InTune hits a nice balance. It consists of a Silverlight-based web console that looks and feels a lot like Microsoft's on-premise consoles as well as a set of client agents. From the web console, you can view details about the connected computers (alert statuses, update statuses, and malware protection statuses); view, manage, and configure how updates will be applied to your managed computers; view the anti-malware status for managed computers; view alerts, survey the software and software versions that are installed across your managed computers; optionally manage volume licenses to ensure that the software in your environment is correctly licensed; create and manage (non-GP) policies, view and create reports, and perform other administrative tasks.

Hands-on with Windows InTune
The web-based Windows InTune management console.

Managed clients can include PCs running Windows XP SP2+, Vista, or 7 and requires a software agent install. For those environments using GP, Microsoft provides instructions for properly configuring the client (to avoid policy conflicts) and rollout the agent. Smaller outfits can deploy the client manually.

To the client, Windows InTune looks and works just like Microsoft's Security Essentials, the free anti-malware solution. And I think this is what I like the most about this product. Unlike competing security suites, InTune is easy to configure and deploy, and end users won't typically even know it's there. It's a great example of set-it-and-forget-it software. And I've been using either MSE or InTune on my PCs since last year. As noted in the So Easy a Child Can Do It commentary from a few weeks back, these solutions are rock solid, contrary to what you may have heard from those who test security suites against theoretical rather than real world situations.

Hands-on with Windows InTune
Look familiar? The InTune client looks and works like Microsoft Security Essentials.

For those waiting to test InTune, Microsoft did open up the beta version to the public very briefly back in April, but I'd be surprised if the company wasn't planning a second public release before next Spring. And there are some unanswered questions around the InTune delegated administration, since this is an ideal offering for Microsoft's partners to sell to and manage for customers. With the software giant's Worldwide Partner Conference (WPC) happening next week in Washington D.C., I expect to hear at least some kind of InTune update. (Among other things; remember that Microsoft promised a Windows Server 2008 R2/Windows 7 Service Pack 1 beta by the end of this month as well.)

Whatever happens, InTune is a good example of cloud computing done right. I understand why Microsoft went with core servers such as Exchange, SharePoint, and Communications Server for its first round of hosted offerings, but moving on to management for the second round makes plenty of sense as well. As is often the case, my only major complaint with Windows InTunes is that it's not available now. I think Microsoft may be onto something here.

An edited version of this article appeared in the July 6, 2010 issue of Windows IT Pro UPDATE. --Paul