Microsoft this week announced the next iteration of its Windows Intune cloud-based PC management service. Now available in beta, this version of Intune adds mobile device management, Active Directory integration, a new user portal, and other features.

Aside from some qualms around pricing, I’ve been a big fan of Microsoft’s Windows Intune since the original release. And this week, the software giant provided a preview of the third version of this cloud-hosted PC and now device management service. And as I had hoped, it adds some key missing functionality that was missing in previous versions, providing some features that even its on premise big brother, System Center 2012, doesn’t.

As a refresher, Windows Intune debuted in 2010, providing cloud-based PC management capabilities using a simple policies system that operated outside of (but respected) Active Directory-based Group Polices. Management occurred via a new web-based admin console that provided a centralized view of managed PCs, software updates, anti-malware, alerts, and more. A 2011 updated added the single biggest missing piece of the puzzle—centralized software deployment—as well as some other new features.

On the client side, Intune has always required a small agent install, along with the associated EndPoint-based anti-malware solution. But the nice thing about putting management in the cloud, rather than in an on-premise server, is that it works against PCs that rarely or never enter the corporate network. So its ideal for frequent travelers, but also for the new generation of remote and stay at home workers.

As a result, the usage patterns for Intune evolved somewhat differently than originally expected. That is, I figured most Intune customers would be smaller businesses, since this product gives them the management capabilities of much bigger enterprises without any of the complexity. But Intune usage has skewed more towards larger businesses, many of which are using it alongside on premise PC management solutions.

(Part of the issue, I think, is pricing. Whereas the small business version of Office 365 is an affordable $6 per user per month, Microsoft is pricing Intune, at $11 per user per month, out of that market. My own major complaint about this solution since day one is that it is just too expensive for the small business market.)

In keeping with its push to the higher end of the market, Microsoft this week unveiled the third iteration of Windows Intune, which I’ll called Intune 3 for simplicity’s sake, and has provided a somewhat limited beta version of the service if you’d like to test it. And as you might expect, this new version provides what was arguably this year’s single biggest missing feature along with some other interesting changes.

These include:

Mobile device management.  As hinted at long ago, Windows Intune 3 will now manage mobile devices as well as Windows-based PCs. These include Android devices (handsets and tablets), iOS devices (iPhone and iPad), and Windows Phone handsets. The management model is based on Exchange ActiveSync (EAS), so presumably other device types would work as well, including Windows RT (ARM) based tablets.

intune_dev_mgmt

The device management capabilities look solid. You can automatically discover compatible mobile devices that access Exchange (though this feature isn’t available to beta participants) and deploy EAS-based policies to managed devices to ensure that they meet the security needs of your distributed environment. For Android and iOS devices, which support side-loading of apps, you can even push custom apps to the devices. (Because of Windows Phone’s current security model, this is not possible for current generation devices.)

Active Directory integration. Windows Intune v3 will integrate with Windows Azure Active Directory, the same directory service that is used by Office 365. This means you will be able to integrate Intune with your existing AD infrastructure and sync pre-existing users and security groups to the service and then manage them through Intune. In previous versions, you had to manually recreate users and groups inside of Intune, which existed solely outside of any AD infrastructure you may have. (AD integration is not available during the beta because the beta Intune environment will disappear when the new version of the service goes live later this year; Microsoft doesn’t want customers tying their infrastructure to a beta and temporary service.)

User portal. Windows Intune 3 sports an excellent new portal for end users, which provides a new method for deploying software. While you can still push software to end user machines, you can also opt to simply make it available. Then, users can browse the portal and discover the new software, trigger the install themselves. The portal has a simple, Metro-y look to it.

intune_portal

intune_portal2

The portal provides other capabilities, too. Users can remotely install software to other connected PCs, enroll their mobile devices with the service, and access Help desk and Remote Assistance capabilities.

In addition to these big bucket features, there have been a ton of improvements to the admin console, most of which are aimed at making it more usable and useful. New policies have a new recommended settings option that is based on recommendations from Microsoft’s solution accelerator team. The service is more intelligent about detecting changes to Group Policies that conflict with Intune policies, and provides on-the-fly alerts when things change. (As before, GP always takes precedence.) And many of the UIs have been rejiggered to be clearer and offer the best possible information up top. For example a new “Top 3” section in System Overview lets you see the most serious alerts up top, while the more information-filled System Status section has been moved down in the UI. You can also filter out alerts that are annoying but not important to you. My favorite change, perhaps, is a new Filter Security Updates by KB feature that lets you view updates by their Knowledge Base numbers, so you can ensure that the Patch Tuesday updates are distributed quickly.

There’s a lot more, of course, but I’ve only received a quick demo and just signed up for the beta. I’ll have more to report about this third Intune version in the future.

You can sign-up for the Windows Intune 3 beta at the Microsoft web site. Hurry, it's a limited time offer.