Microsoft Releases April Windows Intune Update
Microsoft this week started delivering the next update to Windows Intune, which is its cloud-enabled device management product.
The update was announced on Monday, but it will reach all Windows Intune customers by about May 21. Organizations using a combination of Windows Intune plus System Center Configuration Manager will see the update in mid-May. New Windows Intune subscribers will get the updated release after May 9, according to Microsoft's announcement.
Microsoft mostly added support for managing Windows Phone 8.1 devices in this Windows Intune release. Those Windows Phone 8.1 improvements were briefly described by Microsoft as follows:
- Additional device configuration settings
- Software installation (sideloading) enhancements
- Selective wipe
- Support for Web Authentication Broker enrollment
- Automatic mobile device management (MDM) certificate renewal
Microsoft released Windows Phone 8.1 to developers on April 14, and now the selective wipe capability is available via Windows Intune. Selective wipe is used to remove just a company's data from a device that may also contain personal data.
The Web Authentication Broker is a feature for developers. It allows them to add user authentication and single sign-on capabilities to their Windows Store Apps ("Metro") applications, according to an MSDN library article description.
Windows Intune's mobile device management changes are listed in a TechNet library article, dated April 1, at this page. The automatic certificate renewal capability doesn't seem to be present in that list. However, it's rather difficult to keep a mental picture of the various management capabilities available per device. For instance, the setting that makes a password required for unlocking a mobile device is available for Window Phone 8 and Windows Phone 8.1, as well as iOS and Android devices, but it's not available (yet) for devices running Windows 8.1 and Windows RT 8.1. Those sorts of nuances are described in the TechNet library article.
Microsoft also added Windows Intune management support for Samsung Android device configuration settings via the Knox standard, as well as for the Exchange ActiveSync protocol. Samsung describes Knox as a security solution consisting of three components. First, it has a "secure boot" component, which verifies the software that can be run on the device. Next, it has an enhanced security capability for Android OSes that "isolates applications and data into different domains" to address potentially malicious or buggy applications. Lastly, Knox monitors the integrity of the Linux kernel in Android via its "TrustZone-based integrity measurement architecture."
Microsoft also indicated in its announcement that it is updating its "Company Portal Apps" for iOS and Android. Company Portal Apps allow users to remotely connect to their PCs via their mobile devices. No info was provided on when those updated apps will be available, but users will be able to get them through the Apple Store and Google Play Store, respectively.
Windows Intune is also getting a new licensing option. On May 1, Microsoft plans to launch its Enterprise Mobility Suite licensing, which was first unveiled in late March. The new Enterprise Mobility Suite licensing includes the rights to use Windows Intune, along with Windows Azure Active Directory Premium and Windows Azure Rights Management Services. Enterprise Mobility Suite licensing is expected to be priced at $7.50 per user per month when purchased through Microsoft's volume licensing programs.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.