Microsoft Intune Premium Suite

Photo by fauxels on

Microsoft, somewhat confusingly, “introduced” Intune at Ignite 2022…despite it having existed for what – at least a decade at this point?! It’s more of a Jay-Z style “allow me to re-introduce myself” as it seems Microsoft have decided to make Intune the primary brand for endpoint management going forwards…say goodbye to Microsoft Endpoint Management (MEM) as part of this.

The new suite will include:

  • Remote Help for Windows & Android
  • Microsoft Tunnel for Mobile App Management
  • Endpoint Privilege Management
  • Advanced endpoint analytics

as well as more features to be announced in 2023.

The add-on license will be available for Microsoft 365 E3/E5 and any licenses that include Intune and will, not surprisingly, be cheaper than buying all the individual components separately. This is another example of where organisations licensed with M365 E5 must still acquire additional licenses – something I know many are not happy with.

Further Reading

See more details on the features here.

Microsoft EMS & Intune price increases

Image by NikolayFrolochkin from Pixabay

Microsoft are adding a raft of new features to both EMS (Enterprise Mobility & Security) and Intune, these include:

  • Microsoft Tunnel VPN features for Android and iOS devices
  • Enhanced MacOS management capabilities
  • New endpoint analytics features
  • Various enhancements to Microsoft Endpoint Manager

These, and other, additions mean that Microsoft are putting the prices up. From July 1, 2021:

  • EMS E3 will increase from $9 pupm to $11
  • Intune will increase from $6 pupm to $8

However, the price for Microsoft 365 E3 won’t increase (and so one must assume that neither will E5) – making the bundle option that little bit more attractive.

See the Microsoft announcement here.

Microsoft Enterprise Mobility Suite Rumour

Rumours abound that Microsoft are set to make 2 announcements at tomorrow’s (27/03/14) web conference:

1) Office for iPad

2) Enterprise Mobility Suite

Office for iPad is a big one, that’s been talked about for a long while, and is a tricky thing to consider. On one hand, there are millions of people with iPads who will surely buy Office – bringing in significant revenue to Redmond. On the other hand, does Office on iPad weaken the Windows tablet message somewhat?

I don’t think it does, Office isn’t the only benefit of a Windows tablet – but I can see it being a question MS will need to address.

The second point is a newer rumour – the Enterprise Mobility Suite (EMS). According to ZDNet, this will be a bundle of:

  • Windows Intune
  • Azure Active Directory Premium (a new offering)
  • Azure Rights Management Services

This would enable organizations to easily manage 1000’s of devices – Windows, Windows RT, Windows Phone as well as iOS & Android – with features such as self service password reset, group management and more.

Source – ZDnet:

Windows Intune & Power BI coming to Open Licensing

In a very encouraging move, Microsoft have announced that, from April 1st 2014, customers will be able to purchase both Windows Intune through the Open licensing program.

Currently Intune is available only via the MS portal but will now sit alongside Office 365 (and soon Power BI too) on the regular pricelists.

See more here:

Hat tip to Licensing School for finding this.

Managing Windows RT tablets & Windows Intune Licensing Changes

Windows 8 RT is a new member of the Windows family, and one that’s caused/causing some confusion when it comes to management. It transpired a while ago that Windows RT pcs/tablets will not be able to join Active Directory domains and since then, people have been wondering exactly how they’d manage these devices. Well the answer is here – Windows Intune & System Center Configuration Manager (SCCM) SP1.

“Windows Phone 8 and Windows RT devices will be managed by the next release of Windows Intune.  IT Pros will have the flexibility of using either the Windows Intune or Configuration Manager 2012 SP1 console to set mobile security policies, distribute mobile apps and view reports.  We’ll share more details as we get closer to the next release of Windows Intune.”

As Windows Intune is becoming more of a star, it’s getting some licensing changes too – always a favourite thing of mine 🙂

  1. We are shifting from a per-device to a per-user licensing model.  Each user license for Windows Intune covers up to 5 managed devices.
  2. There will be a Windows Intune user license that includes the rights to System Center 2012 Configuration Manager, enabling organizations to manage those devices through either Windows Intune or Configuration Manager, or both
  3. Organizations that already own System Center 2012 Configuration Manager licenses, such as through the Core CAL, will have access to Windows Intune at a reduced price
  4. We will also make a version of Windows Intune available without rights to Windows Enterprise, thereby lowering the cost for organizations that are not ready to move to the latest operating system.

That final point is something I’ve been hoping to see since the first release of Intune. I’ve always felt that having the desktop OS and a systems management product intertwined muddy the waters and made it a more difficult proposition in many cases; so this is a positive move that will enable Intune to shine in its own light.

It’s also interesting to note that SP1 of SCCM will be able to manage other types of devices including:

  • Windows Embedded Thin Clients
  • Point of Sale (PoS) terminals
  • Digital Signage
  • Kiosks

as well as:

  • Distribution point for Windows Azure to help reduce infrastructure costs
  • Automation of administrative tasks through PowerShell support
  • Management of Mac OS X clients and Linux and UNIX servers
  • I’m pleased to see this move to bring Windows RT into the management fold, making it easier for partners AND customers to tell, understand and take part in the Windows 8 story.

    See the whole post over at:

    Windows InTune V2

    Windows Intune was released to General Availability (GA) today on March 23rd 2011 but already the next version is being worked on, at least according to Twitter.


    I haven’t seen anyone else mention this but Maarten is a SCOM MVP and the hashtags indicate this came directly from today’s MMS2011 keynote speech, so I think it’s safe to believe it Smile Plus it is in no way unusual for Microsoft to be working on the next version of a product before they’ve even released the first edition…

    If Windows Intune V2 does include Software Distribution, that will be pretty amazing. That will enable IT departments/Managed Service Providers (MSP’s) to deploy new software to users from a remote location via the web. Although it will of course be limited by internet bandwidth between the 2 points, this will make so many things so much easier for so many people! That could well be the point that sees InTune take hold in larger organizations…

    Microsoft MDOP features and licensing changes

    The Microsoft Management Summit has brought more great changes, this time involving MDOP.

    The Microsoft Desktop Optimization Pack is a great set of additional tools aimed at making desktop management easier,faster and more dynamic – for more info, see this post:

    MDOP 2011 will see both new products, feature enhancements and a change to the way the product is licensed.


    Microsoft recently announced the “Microsoft Bitlocker Administration & Monitoring” tool aka MBAM (codename Malta), which makes the management of Bitlocker devices much easier across an organization; a big one being self-service recovery of keys…I’m sure many IT dept’s will be happy to lose that job!

    This will be included in MDOP 2011 and the beta is available on Microsoft Connect here:


    DaRT – Diagnostics & Recovery Toolkit – is getting a new version with at least one new feature; the ability to do an offline remote boot, rather than needing to visit the physical machine. Again, another great time saver for some IT teams!

    If you’re interested in this, the beta nomination form can be found here:

    Licensing Availability:

    Previously the only way to purchase MDOP was as an addition to having Windows 7 with Software Assurance (SA) but now it is also available to companies who have either the Virtual Desktop Access (VDA) licence or Windows InTune.

    Thanks to Bridget Botelho for her article over at:

    Microsoft Windows InTune: Computers Overview


    This is the second screen in the Windows InTune Console:


    On the left you can see a list of all the computer groups that I’ve created. These machines are on 3 different networks but they all appear in this one central view, which makes administration very easy!

    Selecting a group on the left takes you into a new view where you can see much more granular detail on the machines. At the minute, I’ve only got one machine in each group but you get the idea Smile


    The “View Properties” button takes you deeper into that machine, with more sections available to view:


    The first few tabs are all quite self explanatory…but the final two are very interesting.


    This gives an amazingly detailed list of the hardware in and related to the machine. For my laptop, this information includes:

    • Model
    • Serial Number
    • BIOS Name & Version
    • CPU Name/Type/Speed
    • Number of disks
    • Disk model
    • Disk Size
    • Number of partitions
    • Network adapter
    • IP Address
    • MAC Address
    • Monitor Resolution
    • Printers (including Soft printers like OneNote)

    and more. It’s similar to the free ware program CPU-Z (which you may be familiar with) in that it gets really deep into you machine to give you all the information you could possibly need!


    This gives a list of all software installed on the machine…in this case:


    It then gives you an idea of the category such as Browser, OS, Utility etc and also tells you if it’s a Virtual Application.

    You can export these lists to either .csv or .html files for use with other applications and systems.

    This feature fits really well in to the whole Software Asset Management piece, as organizations will have a complete, current list of all software installed on all machines. It’s very quick to update with added/removed software which will enable companies to be confident of compliance at all times.


    Creating a group is very straight forward. It has 3 sections, each with just one selection to make:


    Details = Group name (and an optional description field)

    Parent Group = Choose which group this will link off from. Either “All Computers” or one of your own.

    Members = Choose which machines to add to the group.


    I’ll cover deploy software to machines etc in a later post.

    Microsoft Windows Intune: Online Systems Management

    Microsoft Windows InTune is the new Cloud based systems management tool from Microsoft, formerly known as “System Center Online” and has been long awaited. The ability to manage multiple locations/organizations from one central, online point is attractive to a lot of people for a lot of reasons…so let’s take a look @ InTune.

    There are at least 10 sections inside InTune so I’m going to cover them in a number of posts, we’ll start with – System Overview:



    This is the first screen you see when you log in to the Windows InTune Admin Console and it immediately gives you a great overview of yours systems. It shows:

    • If Machines are infected/unprotected
    • If there are updates for your machines
    • A number of other alerts

    Malware Protection:

    From here you can see which machines have Malware protection turned off completely and also if they have overdue scans or specific parts of the protection, such as USB device scanning, turned off.

    1 click takes you to a list of machines, from where you can turn on protection.


    This, not surprisingly, gives you a list of all the updates that are available for you machines be they for the OS or applications.

    One issue with this is that, as default, it shows you ALL possible updates:


    however, these can easily be filtered:



    Another problem I have noticed is that it wants to give my laptop updates for Office 2007, as well as Office 2010; oddly, this doesn’t happen with my other 2010 machines. I had a number of issues when upgrading Office versions and I’m inclined to believe that there are some Office 2007 remnants on the machine that are being picked up by Intune.

    Should you choose to approve an update for a machine/machines, you then reach this screen:


    Choose the groups on which you want to install the updates, click approve and job done!

    I feel it would be a smoother experience and require less clicks, if you could see the machine names on the same screen as all the updates. Currently, you must:

    • Select the update
    • click on “x computers need this update”
    • Check the groups/machines
    • Go back to the previous screen
    • Approve Update

    Showing the machines names/groups on the initial screen would remove a lot of that.

    You can also access the updates via the individual machine screen, I’ll cover that in a later post.

    Alerts by Type:

    This section, as well as the above, also includes other types of alerts…not just updates and malware. This is where InTune starts to differentiate itself from other products, for example:


    If I click through, it tell me:


    That is pretty cool, and something that is very useful for System Admins. I didn’t expect InTune to cover things like this, certainly not in the beta, so I’m pleasantly surprised Smile However, you can’t initiate the defrag from InTune.

    The 2 options on the right hand side “Create Computer Group” and “View a Report” will be covered in later posts.


    This is a brief look at just the first screen of Microsoft Windows InTune but I’m sure you will agree that it already looks very interesting. So stay tuned for the remaining posts in this series (at least 9!) and ask any questions you may have in the comments Smile



    Microsoft Windows Intune: Second Beta

    Microsoft Windows Intune is a new product aimed at managing pcs in a new way. My original post can be found here:

    Read Windows Intune

    The initial beta was restricted to the US, Canada, Mexico & Puerto Rico and 1000 participants. Microsoft have now opened that up to another 10,000 users in the following countries:


    To be eligible you need to deploy it to at least 5 machines and start within 1 week.

    If you’re interested, go and sign up here:


    The pricing of Windows InTune has now been confirmed for the States and it is:

    $11 per user per month

    That gets you:

    • Cloud based Desktop Management service
    • Anti Virus and Anti-Spyware
    • Windows 7 Enterprise Desktop Upgrades

    and, for an extra $1 per user per month, you can get the whole MDOP suite too. More MDOP info here:

    Read Microsoft MDOP

    Partner Features

    Many partners will be looking to InTune to provide them with a new way of generating revenue, through the ability to remotely manage their customers machines. This will reduce the need to travel thus saving money on hotels and petrol and increasing profit margins. Microsoft have quickly, and cleverly, added in a new feature aimed at making this as easy as possible…the “Multi – Account Console”:

    This will allow partners to quickly and easily see a top level view of all the customers they manage and, through filtering, spot those needing urgent assistance immediately.


    There is already a lot of positive feedback on Windows InTune from the first beta, such as:

    “I save about 40% of the time I used to spend managing PC updates, thanks to Windows Intune. It frees me up to focus on developing more custom applications—and bring on more customers”

    “I think we could expand our customer base by at least 10-15 percent immediately”

    “It accelerates their (customers) decision to make the move (to Windows 7)”

    The Future:

    Early 2011 will see the general availability of Windows Intune in the countries listed in the 1st screenshot above. It will then move to more European & Latin countries as well as “select” Asian locations.

    I’ve signed up to the beta and will hopefully have some post following up on that experience soon.

    The MS Blog post can be found here.

    %d bloggers like this: