Microsoft EMS & Intune price increases


Image by NikolayFrolochkin from Pixabay

Microsoft are adding a raft of new features to both EMS (Enterprise Mobility & Security) and Intune, these include:

  • Microsoft Tunnel VPN features for Android and iOS devices
  • Enhanced MacOS management capabilities
  • New endpoint analytics features
  • Various enhancements to Microsoft Endpoint Manager

These, and other, additions mean that Microsoft are putting the prices up. From July 1, 2021:

  • EMS E3 will increase from $9 pupm to $11
  • Intune will increase from $6 pupm to $8

However, the price for Microsoft 365 E3 won’t increase (and so one must assume that neither will E5) – making the bundle option that little bit more attractive.

See the Microsoft announcement here.

Microsoft Enterprise Mobility Suite Rumour


Rumours abound that Microsoft are set to make 2 announcements at tomorrow’s (27/03/14) web conference:

1) Office for iPad

2) Enterprise Mobility Suite

Office for iPad is a big one, that’s been talked about for a long while, and is a tricky thing to consider. On one hand, there are millions of people with iPads who will surely buy Office – bringing in significant revenue to Redmond. On the other hand, does Office on iPad weaken the Windows tablet message somewhat?

I don’t think it does, Office isn’t the only benefit of a Windows tablet – but I can see it being a question MS will need to address.

The second point is a newer rumour – the Enterprise Mobility Suite (EMS). According to ZDNet, this will be a bundle of:

  • Windows Intune
  • Azure Active Directory Premium (a new offering)
  • Azure Rights Management Services

This would enable organizations to easily manage 1000’s of devices – Windows, Windows RT, Windows Phone as well as iOS & Android – with features such as self service password reset, group management and more.

Source – ZDnet: http://www.zdnet.com/microsoft-to-unveil-enterprise-mobility-suite-alongside-office-for-ipad-7000027717/

Windows Intune & Power BI coming to Open Licensing


In a very encouraging move, Microsoft have announced that, from April 1st 2014, customers will be able to purchase both Windows Intune through the Open licensing program.

Currently Intune is available only via the MS portal but will now sit alongside Office 365 (and soon Power BI too) on the regular pricelists.

See more here:

http://www.digitalwpc.com/Community/Perspectives/Pages/Windows-Intune-and-Power-BI-coming-to-Open-Volume-Licensing.aspx?fbid=-jjTmFnB-aO&mtag=mbar-twitter&mtag=mbar-linkedin#fbid=PVSRpLQGbVC

Hat tip to Licensing School for finding this.

Managing Windows RT tablets & Windows Intune Licensing Changes


Windows 8 RT is a new member of the Windows family, and one that’s caused/causing some confusion when it comes to management. It transpired a while ago that Windows RT pcs/tablets will not be able to join Active Directory domains and since then, people have been wondering exactly how they’d manage these devices. Well the answer is here – Windows Intune & System Center Configuration Manager (SCCM) SP1.

“Windows Phone 8 and Windows RT devices will be managed by the next release of Windows Intune.  IT Pros will have the flexibility of using either the Windows Intune or Configuration Manager 2012 SP1 console to set mobile security policies, distribute mobile apps and view reports.  We’ll share more details as we get closer to the next release of Windows Intune.”

As Windows Intune is becoming more of a star, it’s getting some licensing changes too – always a favourite thing of mine 🙂

  1. We are shifting from a per-device to a per-user licensing model.  Each user license for Windows Intune covers up to 5 managed devices.
  2. There will be a Windows Intune user license that includes the rights to System Center 2012 Configuration Manager, enabling organizations to manage those devices through either Windows Intune or Configuration Manager, or both
  3. Organizations that already own System Center 2012 Configuration Manager licenses, such as through the Core CAL, will have access to Windows Intune at a reduced price
  4. We will also make a version of Windows Intune available without rights to Windows Enterprise, thereby lowering the cost for organizations that are not ready to move to the latest operating system.

That final point is something I’ve been hoping to see since the first release of Intune. I’ve always felt that having the desktop OS and a systems management product intertwined muddy the waters and made it a more difficult proposition in many cases; so this is a positive move that will enable Intune to shine in its own light.

It’s also interesting to note that SP1 of SCCM will be able to manage other types of devices including:

  • Windows Embedded Thin Clients
  • Point of Sale (PoS) terminals
  • Digital Signage
  • Kiosks

as well as:

  • Distribution point for Windows Azure to help reduce infrastructure costs
  • Automation of administrative tasks through PowerShell support
  • Management of Mac OS X clients and Linux and UNIX servers
  • I’m pleased to see this move to bring Windows RT into the management fold, making it easier for partners AND customers to tell, understand and take part in the Windows 8 story.

    See the whole post over at:

    http://blogs.technet.com/b/server-cloud/archive/2012/09/10/system-center-2012-configuration-manager-sp1-beta-and-windows-intune-update.aspx

    Windows InTune V2


    Windows Intune was released to General Availability (GA) today on March 23rd 2011 but already the next version is being worked on, at least according to Twitter.

    image

    I haven’t seen anyone else mention this but Maarten is a SCOM MVP and the hashtags indicate this came directly from today’s MMS2011 keynote speech, so I think it’s safe to believe it Smile Plus it is in no way unusual for Microsoft to be working on the next version of a product before they’ve even released the first edition…

    If Windows Intune V2 does include Software Distribution, that will be pretty amazing. That will enable IT departments/Managed Service Providers (MSP’s) to deploy new software to users from a remote location via the web. Although it will of course be limited by internet bandwidth between the 2 points, this will make so many things so much easier for so many people! That could well be the point that sees InTune take hold in larger organizations…

    Microsoft MDOP features and licensing changes


    The Microsoft Management Summit has brought more great changes, this time involving MDOP.

    The Microsoft Desktop Optimization Pack is a great set of additional tools aimed at making desktop management easier,faster and more dynamic – for more info, see this post:

    https://richardgibbonsuk.wordpress.com/2009/09/05/microsoft-mdop/

    MDOP 2011 will see both new products, feature enhancements and a change to the way the product is licensed.

    Products:

    Microsoft recently announced the “Microsoft Bitlocker Administration & Monitoring” tool aka MBAM (codename Malta), which makes the management of Bitlocker devices much easier across an organization; a big one being self-service recovery of keys…I’m sure many IT dept’s will be happy to lose that job!

    This will be included in MDOP 2011 and the beta is available on Microsoft Connect here:

    https://connect.microsoft.com/site1115/Downloads

    Features:

    DaRT – Diagnostics & Recovery Toolkit – is getting a new version with at least one new feature; the ability to do an offline remote boot, rather than needing to visit the physical machine. Again, another great time saver for some IT teams!

    If you’re interested in this, the beta nomination form can be found here:

    https://connect.microsoft.com/site1200/Survey/NominationSurvey.aspx?SurveyID=12358&ProgramID=6840

    Licensing Availability:

    Previously the only way to purchase MDOP was as an addition to having Windows 7 with Software Assurance (SA) but now it is also available to companies who have either the Virtual Desktop Access (VDA) licence or Windows InTune.

    Thanks to Bridget Botelho for her article over at:

    http://searchenterprisedesktop.techtarget.com/news/2240033610/Microsoft-sweetens-MDOP-deal-and-releases-Intune

    Microsoft Windows InTune: Computers Overview


    image

    This is the second screen in the Windows InTune Console:

    Computers

    On the left you can see a list of all the computer groups that I’ve created. These machines are on 3 different networks but they all appear in this one central view, which makes administration very easy!

    Selecting a group on the left takes you into a new view where you can see much more granular detail on the machines. At the minute, I’ve only got one machine in each group but you get the idea Smile

    image

    The “View Properties” button takes you deeper into that machine, with more sections available to view:

    image

    The first few tabs are all quite self explanatory…but the final two are very interesting.

    Hardware

    This gives an amazingly detailed list of the hardware in and related to the machine. For my laptop, this information includes:

    • Model
    • Serial Number
    • BIOS Name & Version
    • CPU Name/Type/Speed
    • Number of disks
    • Disk model
    • Disk Size
    • Number of partitions
    • Network adapter
    • IP Address
    • MAC Address
    • Monitor Resolution
    • Printers (including Soft printers like OneNote)

    and more. It’s similar to the free ware program CPU-Z (which you may be familiar with) in that it gets really deep into you machine to give you all the information you could possibly need!

    Software

    This gives a list of all software installed on the machine…in this case:

    image

    It then gives you an idea of the category such as Browser, OS, Utility etc and also tells you if it’s a Virtual Application.

    You can export these lists to either .csv or .html files for use with other applications and systems.

    This feature fits really well in to the whole Software Asset Management piece, as organizations will have a complete, current list of all software installed on all machines. It’s very quick to update with added/removed software which will enable companies to be confident of compliance at all times.

    Groups:

    Creating a group is very straight forward. It has 3 sections, each with just one selection to make:

    image

    Details = Group name (and an optional description field)

    Parent Group = Choose which group this will link off from. Either “All Computers” or one of your own.

    Members = Choose which machines to add to the group.

    Done.

    I’ll cover deploy software to machines etc in a later post.

    Microsoft Windows Intune: Online Systems Management


    Microsoft Windows InTune is the new Cloud based systems management tool from Microsoft, formerly known as “System Center Online” and has been long awaited. The ability to manage multiple locations/organizations from one central, online point is attractive to a lot of people for a lot of reasons…so let’s take a look @ InTune.

    There are at least 10 sections inside InTune so I’m going to cover them in a number of posts, we’ll start with – System Overview:

    image

    image

    This is the first screen you see when you log in to the Windows InTune Admin Console and it immediately gives you a great overview of yours systems. It shows:

    • If Machines are infected/unprotected
    • If there are updates for your machines
    • A number of other alerts

    Malware Protection:

    From here you can see which machines have Malware protection turned off completely and also if they have overdue scans or specific parts of the protection, such as USB device scanning, turned off.

    1 click takes you to a list of machines, from where you can turn on protection.

    Updates:

    This, not surprisingly, gives you a list of all the updates that are available for you machines be they for the OS or applications.

    One issue with this is that, as default, it shows you ALL possible updates:

    image

    however, these can easily be filtered:

    image

    image

    Another problem I have noticed is that it wants to give my laptop updates for Office 2007, as well as Office 2010; oddly, this doesn’t happen with my other 2010 machines. I had a number of issues when upgrading Office versions and I’m inclined to believe that there are some Office 2007 remnants on the machine that are being picked up by Intune.

    Should you choose to approve an update for a machine/machines, you then reach this screen:

    image

    Choose the groups on which you want to install the updates, click approve and job done!

    I feel it would be a smoother experience and require less clicks, if you could see the machine names on the same screen as all the updates. Currently, you must:

    • Select the update
    • click on “x computers need this update”
    • Check the groups/machines
    • Go back to the previous screen
    • Approve Update

    Showing the machines names/groups on the initial screen would remove a lot of that.

    You can also access the updates via the individual machine screen, I’ll cover that in a later post.

    Alerts by Type:

    This section, as well as the above, also includes other types of alerts…not just updates and malware. This is where InTune starts to differentiate itself from other products, for example:

    image

    If I click through, it tell me:

    image

    That is pretty cool, and something that is very useful for System Admins. I didn’t expect InTune to cover things like this, certainly not in the beta, so I’m pleasantly surprised Smile However, you can’t initiate the defrag from InTune.

    The 2 options on the right hand side “Create Computer Group” and “View a Report” will be covered in later posts.

    Summary:

    This is a brief look at just the first screen of Microsoft Windows InTune but I’m sure you will agree that it already looks very interesting. So stay tuned for the remaining posts in this series (at least 9!) and ask any questions you may have in the comments Smile

    Cheers

    Rich

    Microsoft Windows Intune: Second Beta


    Microsoft Windows Intune is a new product aimed at managing pcs in a new way. My original post can be found here:

    Read Windows Intune

    The initial beta was restricted to the US, Canada, Mexico & Puerto Rico and 1000 participants. Microsoft have now opened that up to another 10,000 users in the following countries:

    image

    To be eligible you need to deploy it to at least 5 machines and start within 1 week.

    If you’re interested, go and sign up here:

    http://www.microsoft.com/windows/windowsintune/windowsintune-experience.aspx

    Pricing

    The pricing of Windows InTune has now been confirmed for the States and it is:

    $11 per user per month

    That gets you:

    • Cloud based Desktop Management service
    • Anti Virus and Anti-Spyware
    • Windows 7 Enterprise Desktop Upgrades

    and, for an extra $1 per user per month, you can get the whole MDOP suite too. More MDOP info here:

    Read Microsoft MDOP

    Partner Features

    Many partners will be looking to InTune to provide them with a new way of generating revenue, through the ability to remotely manage their customers machines. This will reduce the need to travel thus saving money on hotels and petrol and increasing profit margins. Microsoft have quickly, and cleverly, added in a new feature aimed at making this as easy as possible…the “Multi – Account Console”:

    This will allow partners to quickly and easily see a top level view of all the customers they manage and, through filtering, spot those needing urgent assistance immediately.

    Feedback:

    There is already a lot of positive feedback on Windows InTune from the first beta, such as:

    “I save about 40% of the time I used to spend managing PC updates, thanks to Windows Intune. It frees me up to focus on developing more custom applications—and bring on more customers”

    “I think we could expand our customer base by at least 10-15 percent immediately”

    “It accelerates their (customers) decision to make the move (to Windows 7)”

    The Future:

    Early 2011 will see the general availability of Windows Intune in the countries listed in the 1st screenshot above. It will then move to more European & Latin countries as well as “select” Asian locations.

    I’ve signed up to the beta and will hopefully have some post following up on that experience soon.

    The MS Blog post can be found here.

    Windows Intune


    Windows Intune is the newest addition to the Microsoft Online Services stable…and it’s a biggie! Do you remember System Center Online Desktop Manager (SCODM)? Did you notice that it all went quiet on that front? Well here it is with a new name…

    What is it?

    Windows Intune is a cloud based, central management system aimed at SMB’s of up to 250 machines (or so).

    “Windows Intune simplifies how businesses manage and secure PCs using Windows cloud services and Windows 7—so your computers and users can operate at peak performance, from virtually anywhere.”

    Intune covers many of the areas that IT Managers find difficult and time consuming such as:

    • Managing Updates
    • Pro-active monitoring
    • Malware Protection
    • Asset Tracking (Hardware & Software)
    • Remote Assistance
    • Setting Security Policies

    Windows Intune screenshot

    Extra Features:

    It’s not just great central systems management that Intune gives you also get:

    Software Assurance: Subscribing to InTune allows you to upgrade all your machines to Windows 7 Enterprise and take advantage of features including:

      • Bit Locker to Go
      • Federated Search
      • Direct Access
      • and more

    You also receive

    “new features or updates to Windows Intune or the Windows operating system automatically as long as your subscription is active”

    so say “Hello” to Windows 8 further down the line 🙂

    Despite this, you can run Vista, or even XP, as your corporate desktop OS.

    MDOP: The Microsoft Desktop Optimization Pack is a great set of tools including MED-V & App-V that make managing your environment easier and more cost effective. See more info here. The Asset Inventory Service (AIS) component of MDOP is already included as part of InTune.

    How can I get it?

    It’s currently in beta, limited to 1000 customers in US, Canada, Mexico & Puerto Rico. If one of those is you locale, go sign up here:

    http://www.microsoft.com/online/windows-intune.mspx

     

    Relation to existing Products.

    Microsoft have had on-site management products for years. First SMS & MOM and now the System Center family such as:

    • SCCM (System Center Configuration Manager)
    • SCOM (System Center Operations Manager)
    • SCE (System Center Essentials)

    These products are becoming more and more popular among both corporate customers and the education sector, and have been marked by Steve Ballmer as an area of big focus for the coming years. Microsoft have also put a lot of effort into their Online Services but could still do with a real killer product to help those small to medium businesses (SMB’s) fully embrace “The Cloud”. Thus it make sense that they’ve combined the 2 and created InTune.

    My thoughts are all around how InTune will sit alongside products and offering that already exist. It is very much an online version of System Center Essentials, although InTune can’t do Application Deployment and SCE doesn’t include any ForeFront Protection. A breakdown is below:

    image

    However I do think that it could cause a lot of confusion when it comes to Software Assurance. As a Channel Licensing Specialist I, and my company, have done a lot of work around Software Assurance – especially as it relates to Windows 7. It seems to me that InTune may well undermine a lot of the work we (and other partners) have done in this area to show the whole range of benefits that SA offers…many of which aren’t included with the new offering.

    It will also muddy the waters when it comes to purchasing Windows 7 & SA now. InTune is slated to be available in many more countries with 12 months of the beta; so companies considering Software Assurance within the next 6-12 months (say) may now push the projects back in order to evaluate InTune. Not great for partners or the channel.

    Conclusion

    As a product, I think InTune is great. I’m a big of BPOS (as a concept, although it hasn’t reached its potential yet) and adding management tools to the Suite is really good way of both bolstering the Online offering and helping more people reap the benefits of Microsoft’s management expertise.

    I am however, more cautious about it’s effect on the perception of SA and project timelines over the coming 12 to 18 months.

    To find out more about Windows InTune, go here:

    http://www.microsoft.com/windows/windowsintune/default.aspx

    %d bloggers like this: