Windows Intune Beta: Enterprise Options for Small Orgs

Windows 7-based desktop PC security and management service

Microsoft on Monday launched a limited public beta of a new Windows 7-based desktop PC security and management service for smaller organizations.

The service, called "Window Intune," is being designed for organizations with between 25 and 500 PCs, which Microsoft defines as midmarket users. The current beta of the service will only be available to users in North American markets (United States, Canada, Mexico and Puerto Rico), according to Sandrine Skinner, director for Windows Commercial.

A Microsoft FAQ explains that the service will only be available to the first 1,000 customers until May 16, 2010. Organizations interested in trying out Windows Intune can sign up for the beta at the Microsoft Online Services portal here. During the trial period, users can manage only up to 20 PCs.

Midmarket organizations typically lack personnel or may have one IT generalist on staff tasked with managing desktops, network applications and servers, according to Skinner. They tend to have the same IT needs as larger organizations, yet they have smaller budgets, she added.

"They aspire to have access to enterprise-class solutions, but they don't have the means to do so, both financially and in terms of head count," Skinner explained in a phone interview.

The new service offers resources typically available to larger organizations that have signed on to Microsoft's multiyear volume licensing agreements. However, with Windows Intune, Microsoft will offer these resources on a monthly-fee basis. The pricing and licensing details for the service have not yet been fully worked out, according to Skinner. She expected that Microsoft would begin to offer the Windows Intune service about a year after the beta's release.

The service is different from Microsoft's volume licensing offerings in that it specifically pairs the Windows 7 operating system with online management tools, Skinner explained. However, it does include some of the benefits typically derived by Microsoft's Enterprise Agreement volume licensing customers.

Subscribers to the Windows Intune service will have upgrade rights to the Windows 7 Enterprise edition, which is usually only available through Microsoft's volume licensing agreements. Skinner said that midmarket organizations are typically interested in security tools like BitLocker and BitLocker to Go, which are only available as part of the Enterprise and Ultimate editions of Windows 7.

In addition, subscribers will get access to the Microsoft Desktop Optimization Pack (MDOP), a set of six software tools for on-premises use (they aren't delivered as services via Microsoft's datacenter). In the past, the sort of organizations that had access to MDOP were typically large institutions that purchased Microsoft's volume licensing and signed Microsoft's Enterprise Agreements and Software Assurance options. Finally, Windows Intune comes with a service, hosted by Microsoft, that helps IT personnel manage, update and secure individual PCs.

The management service provides screens that IT personnel can use to drill down into the details of PCs located in an organization, even if they are remotely located. This service superficially resembles Microsoft's now defunct consumer OneCare offering, which offered simplified security and management for home PCs. Microsoft eventually replaced OneCare with its free Microsoft Security Essentials antimalware scanning service for consumers.

[Click on image for larger view.]
Figure 1. Windows Intune management screen.

The management interface is through "Microsoft System Center Online Desktop Manager" technology. It's part of Microsoft's cloud-based service but is not offered as a separate product by Microsoft. Users just have to figure out their policies to configure the management service, Skinner said.

[Click on image for larger view.]
Figure 2. Windows Intune management screen showing drill-down to remote PCs.

Microsoft's FAQ explains that Windows Intune uses the same security engine found in Microsoft Forefront Endpoint Protection. Forefront is Microsoft's security suite for enterprise users.

Windows Intune uses Microsoft Update and Windows Update as underlying technologies for the management service, Skinner said. The same team that codes Microsoft's System Center management offerings worked on the Windows Intune project, she added. Microsoft's FAQ shows that Windows Intune will have some management features offered through Microsoft System Center Configuration Manager 2007 and Microsoft System Center Essentials products.

The service works by installing a client across all of the PCs, according to Microsoft's FAQ. Beta users will have to reinstall the client application if they eventually subscribe to the Windows Intune service. According to the FAQ, data and configurations used with the beta will not be carried over when the service is finally rolled out.

Microsoft's FAQ explains that the service can be used with 32-bit and 64-bit versions of Windows 7 (Enterprise, Ultimate and Professional), Windows Vista (Enterprise, Ultimate and Business) and Windows XP Professional with Service Pack 2.

For Windows XP users, Microsoft recommends an update to Service Pack 3, and stipulates some hardware requirements. Windows XP-based PCs should have 256 MB of RAM and CPU clock speeds of 500 megahertz or greater.

When the service is rolled out in a year or so, customers will have to be Windows Professional edition or Business edition licensees to use it, Skinner said. Subscriptions will be offered through Microsoft's Online Services portal and Microsoft's partners also will be able to sign up customers.

Skinner suggested that Windows Intune would provide opportunities for Microsoft's partners, especially with the advanced management capabilities enabled through MDOP. MDOP includes tools for desktop and application virtualization, as well as the Advanced Group Policy Management tool, the Diagnostics and Recovery Toolset and Asset Inventory Service, among others.

Must Read Articles