Microsoft goes public with what's next for Windows Intune

Microsoft plans to deliver new updates to its Intune device-management service next week, and a handful of others later this year.
Written by Mary Jo Foley, Senior Contributing Editor

On January 29, Microsoft peeled back the covers on what's next for its Windows Intune device-management and security service.


Next week, Microsoft will be rolling out a handful of Windows Intune updates to current subscribers.

Microsoft officials are talking up Windows Intune's ability to work as a cloud-only service as if it were something new. (I'm not sure if this is really new. Update: It's not, though there are some new capabilities that are now cloud-only. More at the end of this post.) Last year, Microsoft made System Center Configuration Manager integration a centerpiece of its Intune push, and that capability still remains.

Microsoft officials also shared today this list of new features coming to Windows Intune subscribers as of next week:

• Ability for the administrator to configure email profiles, which can automatically configure the device with the appropriate email server information and related policies, as well as the ability to remove the profile along with the email itself via a remote wipe if needed.
• Support for new configuration settings in iOS 7, including the "Managed open in" capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.
• Ability for the administrator to remotely lock the device if it is lost or stolen, and reset the password if the user forgets it.

The team also provided a "sneak peek" of additional new features that will be coming at some point later this year for Intune subscribers. On that list:

• Deeper email management, including conditional access to Exchange email inboxes depending on if the device is managed
• Ability to define application restrictions, through direct platform management as well as “wrapping” policy around unmanaged applications, giving administrators the ability to define how an application interacts with data and block undesirable functions such as cut and paste to other apps
• Bulk enrollment of mobile devices, specifically useful for devices not used by a single user or knowledge worker, including kiosks, student devices, or those used in retail
• Allow or deny apps from running on mobile devices
• Web browser management, including URL filtering to manage which web sites mobile devices can access

Microsoft's most recent update to its Windows Intune device-management service came in October 2013. That update is believed to have been codenamed "Wave E."

Last year, getting information about what was coming with Windows Intune was like pulling teeth. It's nice to see the team opening up about its plans this year.

Update: Microsoft officials, when I asked, acknowledged that Windows Intune has been a standalone cloud service since its launch. However, according to one of my contacts, there are a few capabilities that previously required Intune plus Config Manager that now can be handled through Intune only, including VPN, Wi-Fi, app-triggered VPN definitions  and certification enrollment.

Editorial standards