Recently I was asked about Mobile Device Management (MDM) capabilities within Configuration Manager 2012 and what benefits integration with Windows InTune can bring. This blog article will highlight the benefits and the range of devices that can be managed.
Mobile Device Management ‘Out of the Box’
Out of the box, Configuration Manager 2012 is not strong with regards to Mobile Device Management capabilities. There is no support for Windows 8 phones, Windows RT, iOS and Android devices – the crux of the ‘Bring Your Own Device’ culture.
Using the Exchange Connector within Configuration Manager brings a ‘Light’ management of mobile devices. Information recorded in the Configuration Manager database about these devices is simply information that is recorded in Exchange ActiveSync.
Windows InTune, however, provides no mechanism for Operating System Deployment, Software Metering, Power Management and a limited capability for Settings Management.
Windows InTune Limitations:
- ConfigMgr installs a Distribution Point when the InTune Connector is configured. This cannot be used for Network Bandwidth control.
- Users cannot connect to the Application Catalog through the InTune Connector. Devices connect to a Company Portal. However, For Windows 8, Windows Phone 8, RT and iOS, there is a native portal on the device. For Android, access is via the web-based Self-service portal.
- A standard ConfigMgr client is not installed on mobile devices. Windows RT, Windows 8 phones and iOS devices have a management client on them that Configuration Manager uses.
- Cannot provision Operating Systems via Intune.
- No Remote Control access to mobile devices from the Configuration Manager console. User-initiated, Internet-based Remote Control to PCs from XP SP3 up to Windows 7 is achievable using Windows Intune. This is done via Easy Assist.
The following table details the capability of Windows InTune as a stand-alone application.
Once Configuration Manager integrates with Windows InTune, a far richer environment emerges as can be seen from the table below.
The Unified Configuration is a lot stronger in terms of a much greater set of Configuration items you can set which feed into the Configuration Baselines – thus satisfying the Configuration Settings item at a greater level. In Intune, ‘Policies’ is the closest equivalent to Compliance Settings – so for example if you wanted to enforce a 5-pin password across mobile devices (or a subset) Intune can set this.
Once integrated, we can then provide enhanced functionality using Configuration Manager capabilities such as Software Inventory and Hardware Inventory. We can create different applications within the Configuration Manager Application model and deploy to users’ mobile devices, ensuring the user has access to the application wherever they are and whatever device they are using.
We can also utilise the Software Updates feature of Configuration Manager to deploy patches to Windows mobile devices.
To summarise, integrating InTune into Configuration Manager brings a far richer experience, extending the capabilities of both products. With the next release of Windows Intune brings further enhancements such as VPN and WiFi profiles, a new application portal for mobile devices, automatic VPN triggering on application launch and access to corporate resources from the mobile device.