System Center 2012 SP1 and Windows Intune 4 review

Microsoft upgrades its cloud management service

TODO alt text

System Center can piggyback on Intune's ability to manage Windows RT, Windows Phone 8 and iOS. Windows RT comes with the Intune cloud management agent built in and Intune uses the MDM APIs in iOS. You need an Apple Push Notification certificate for this to work, but Intune will remind you when it has to be renewed.

You can set password rules for all devices, such as how many chances users have to get it right. You can also control email sync through Exchange if you want to limit email or specify whether users can download attachments. You can force users to turn on encryption on their phone or tablet, including for storage cards, and block devices that don't support encryption from connecting to Exchange.

For Windows RT you can prevent the use of PINs instead of passwords or setting a picture password. For iOS, you can turn off the camera and web browser, and individually allow or block backup, document sync and Photo Stream sync to iCloud.

intune MDM RT iOS

Intune lets you manage specific iOS options like iCloud backup

For Android (and other smartphones like Windows Phone 7, BlackBerry and Symbian managed through Exchange Active Sync policies), management is a little more complex and less powerful. Microsoft hasn't created an agent to deploy onto Android phones because it says there are too many to deal with; but you still can manage options like password complexity and turn off the camera and web browser using EAS policies.

In Intune this requires an on-premise Active Directory and Exchange Connector software on a server in your office – it can't be the same server on which you run Exchange unless they're both in virtual machines – even if you use Office and Exchange Online rather than running your own Exchange server. Once that's done you'll see EAS-connected devices you're managing through Intune and be able to apply policies to them like other devices, instead of having to use the Exchange admin console.

This is an improvement over the previous release of Intune, which could only manage phones and tablets through EAS, and only if you had your own Exchange server rather than Exchange Online. It provides a simple and powerful option for managing Windows PCs, Windows RT and iOS; but it's still not a complete cloud management system if you need to include EAS-only devices.

If someone brings a phone or tablet to work, they don't want you installing software without asking – but they want to get their email, access work resources and have an easy way to get at any apps they need to get things done. Intune allows you to customise a company portal; a website for most users, but Windows 8, RT and Windows Phone users get an app.

You can include useful information and support contacts, and users can see all the devices you manage for them in Intune, add their own devices, and remove those they no longer want for work.

A single wizard enables you to deploy links to apps from public stores, as well as installers for Windows, Android, iOS, Windows Phone and WinRT apps. If you're sideloading WinRT apps you write yourself and don't put in the Windows Store, you need a $30 sideloading product key for users not running the Enterprise version. You can distribute those through Intune.