Thursday, May 16, 2013

First impressions about Microsoft Intune

OK, so last month, I cane across Microsoft Intune last month and wanted to see what it could do.  Hey they were giving me a month and I figured why not.  I can say that after a month, it is not bad, and does have it's place in the world out there.

In the past I have used other products to manage systems.  Tools like WSUS, Qualys, and Tivoli Endpoint Manager or TEM.

So what does Intune do.  From what I see it does three big things:

  • Install Microsoft Patches
  • Manage Windows Defender
  • Have the ability to publish software that can be installed by your clients.
Whey you sign up you need to create a company account and at least one administrator account.  I didn't really work much with the company account, but can see where there is a need for separation between the two.  Also there are different permissions for administrators like read only so there can be multiple persons that can get access to the account and the systems managed.

OK so what I like.  I like that you as an administrator have the ability to approve patches like in WSUS.  When a patch comes out, you have to approve it and then it will be available for installation on your infrastructure.

Another think that I like is that you can take an MSI and add it to your list of company apps.  So if you want to deploy something like Adobe Acrobat, just add it and publish.

Also like the ability to create groups.  I didn't use them, but it was nice they were there.

So now my favorite feature: Due dates on patches.  One thing you can do is assign due date and Install now.  This means that if a client is on, the Intune app will get pushed the patches, so you don't have to visit the clients, they will update themselves.

Now it is not all great with Intune, and here are some of my issues with it.  First all of the connectivity is to the internet, so all of your machines that you manage need to have access to the internet.  Also with this connectivity, there are  slew of them to configure.  So it might be challenging for a company that has an IDS or proxy installed.

There was one last feature that I did not test and it was the easy assist.  This looks like the Lync client so you can have your computer remote controlled by the administrator.  Maybe I will look to it in the future.

So down to pricing.  From what I can see, in the US it is a low, low $6 a month for a year.  It looks like you sign up for a year at a time, but can be billed monthly.  And if I am reading it right, that is the cost for the administrator, not for the clients.  So if you have 2 machines or 25, the price would be the same. 

I stopped at 25 because that is the limit of my license that I was given.  I am guessing that as you increase the number of endpoints, that the cost would also increase, but I cannot find that information.


  • Easy to set up
  • Pricing good
  • Handles Microsoft patches very well

  • Only supports Vista, Windows 7 and 8
  • client need internet connection to work