I’m going out on a limb and forecasting that the next big thing in cloud services will be endpoint management. Tools that help organizations manage PS and mobile devices were once only available to enterprise class
There’s no denying that cloud services such as Salesforce.com and Office 365 have changed the economics of IT service delivery. Capabilities that were typically only available to large enterprises with large data centers and teams of IT professionals to maintain them are now available at a reasonable cost with minimal capital expense and technical staff. As the capabilities for CRM and Office Productivity are quickly adopted in smaller enterprises, their reliance on the technology will grow. As such, in order to maximize the benefits from their investment in information technology they will need to grow their IT process maturity.
There are many maturity models that help organizations to understand their own stages of development and how to improve. A common model is the five stage Capability Maturity Model.
Most organizations have staff dedicated to the providing IT services have reached the point where they are comfortable repeatable processes. Moving from level 2 to level 3 can be a difficult transition for many organizations as it requires increased administrative overhead to create the standards and documentation required. In practical terms the overhead associated with tools has traditionally lead to a negative ROI as small organizations don’t benefit from economies of scale. As we’ve seen with other cloud based SaaS solutions such as Office 365, what was once out of reach is now common place. Enter Microsoft Intune
Microsoft Intune b rings enterprise class device management capabilities at a per user cost structure that benefits from the economies of scale that Microsoft can provide by servicing millions of devices with the same infrastructure.
Intune Feature Overview
Microsoft Intune provides much of the same functionality as the venerable enterprise class System Center Configuration Manager (ConfigMgr) with the exception of Operating System Deployment. In fact, Microsoft has publicly stated that the vision for Intune is to provide more overall functionality than ConfgigMgr. This makes sense when you consider that ConfigMgr is an on premise solution with over 20 years of heritage. Intune is a cloud based solution that can address use cases that are either too complex or simply not possible with an on premise solution. Here’s a quick rundown of the major features you get in Microsoft Intune borrowed from the Cloud Platform Website:
Mobile Device Management (MDM)
With the increasing volume and diversity of corporate and personal devices being used in organizations today, a growing challenge for IT departments is keeping corporate information secure. Intune helps minimize complexity by offering mobile device management through the cloud with integrated data protection and compliance capabilities.
- Provide a self-service Company Portal for users to enroll their own devices and install corporate applications across the most popular mobile platforms
- Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled, enabling users to access corporate resources with the appropriate security configurations
- Deliver comprehensive settings management for mobile devices, enabling the execution of remote actions such as passcode reset, device lock, data encryption, and full wipe to protect corporate data on lost or stolen devices
- Protect corporate data by restricting access to Exchange email, Outlook email, and OneDrive for Business documents when a user tries to access resources on an unenrolled or non-compliant device based upon policies set by the administrator
- Simplify enrollment of corporate devices with bulk enrollment using Apple Configurator or a single service account, enabling IT administrators to set policies and deploy applications on a large scale
- Streamline the enrollment of iOS devices purchased directly from Apple or an authorized reseller with the Device Enrollment Program (DEP)
- Enable the enforcement of more strict “lock down” policies for Supervised iOS devices, Android devices using Kiosk Mode, and Windows Phone devices using Assigned Access
Mobile Application Management (MAM)
Employees are demanding access to corporate applications, data, and resources from their mobile devices. Intune addresses this challenge by building manageability and data protection directly into the Office mobile apps your employees are most familiar with. Intune also provides the flexibility to extend these capabilities to existing line-of-business apps and to enable secure viewing of content using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps.
- Enable your workforce to securely access corporate information using the Office mobile apps they know and love while preventing leakage of your company’s data by restricting actions such as copy/cut/paste/save in your managed app ecosystem
- Manage Office mobile apps with or without enrolling the device for management to protect corporate information without the risk of intruding on a user’s personal life
- Apply the same management policies to your existing line-of-business (LOB) applications using the Intune App Wrapping Tool, without requiring code changes in those LOB apps
- Allow users to securely view content on devices within your managed app ecosystem using the Managed Browser, PDF Viewer, AV Player, and Image Viewer apps for Intune
- Allow administrators and device users to protect corporate information through selective wipe of managed apps and related data when a device is unenrolled, no longer compliant, lost, stolen, or retired from use
- Enable administrators to push required apps automatically during enrollment and allow users to easily install corporate apps from the self-service Company Portal
- Provide the ability to deny specific applications or URL addresses from being accessed on mobile devices
As the number of device types allowed in corporate environments grows, management becomes more challenging. Intune provides a comprehensive management solution through a single administrative console that allows you to manage across a variety of devices, including PCs and laptops.
- Integrate your existing System Center 2012 Configuration Manager infrastructure with Intune, further enhancing your ability to manage PCs, Macs, and Unix/Linux servers, as well as mobile devices from a single management console, while building on existing investments and skills
- Provide real-time protection against malware threats on managed computers, keep malware definitions up-to date, and automatically scan computers to help protect against malware infections and other potentially unwanted software
- Collect information about hardware configurations and software installed on managed computers, allowing you to generate reports, organize groups of computers, and more effectively target software deployments
- Simplify administration by deploying software and configuring Windows Firewall settings on computers based upon policies defined by the administrator
Moving Along the Maturity Spectrum
So how does Intune help organizations move along the maturity spectrum? The toolsets to standardize IT service delivery that were once only affordable by large enterprises, are now available to even the smallest shop at a per user cost. In order to use the functionality, the tool almost forces the administrator to adopt a structured approach to delivery that essentially creates (and enforces?) standards. This goes a long way to moving towards a “Defined” service delivery model. Add to that the reporting and compliance capabilities of Intune and you are well on your way to a “Managed” IT infrastructure.