Will the next version of Intune, Microsoft's cloud management tool for PCs and now smartphones and tablets, help you manage Windows RT devices? Probably. That's not what Microsoft demoed at the MMS conference today (and Microsoft isn't ready to talk about Intune and Windows RT) but what we saw has some big clues about how businesses will be able to manage Windows RT.
Today, you can manage iOS and Android devices (and Windows Phone and Symbian) through Exchange Active Sync, using Exchange or Office365 or tools like Odyssey or BlackBerry Mobile Fusion; you can make sure that any phone or tablet getting email from your server has a password set or encryption turned on. The next version of Windows Intune adds those management options. It also gives you a portal for offering your own internal apps to iOS and Android users. (For iOS you still have to sign those and create the policy manifest and pay the $299 annual fee to be in the iOS Developer Enterprise program, but this looks like a neat solution to the distribution problem.)
The Intune portal has a very Metro look and in the future we expect Intune to also host Metro-style apps, either as deep links to the Windows Store or the code for your own apps. So far Microsoft has demoed this in a version of System Center Configuration Manager that's going to be available when Windows 8 arrives. This is the private enterprise extensions to the Windows Store that Microsoft has been promising for businesses.
Metro-style apps can run on Windows 8 and on Windows RT, but what Microsoft showed was a Metro-style app being loaded onto a Windows 8 tablet, not an ARM-based Windows RT device.
If you can use the portal from a phone browser you'll be able to use it from Windows RT so users will be able to go to a corporate page to get apps and do simple management of their own devices (like getting a map for where their phone is if they've lost it). But while an admin can push an app out to a Windows 7 or Windows 8 PC and make it install, you can't do that for iOS or Android and we don't expect you'll be able to do that for Windows RT.
For Windows 7 and Windows 8, managing a PC through Intune means applying policies - controlling the firewall, say - and running an agent that both applies policies and checks for malware. If the range of what you can specify through EAS increase substantially in Exchange 15 you might be able to set those kinds of policies on Windows RT but you're certainly not going to be able to install an agent on a Windows RT device beyond Windows Defender, which comes with it.
Microsoft isn't talking about controlling iOS and Android devices that people buy themselves and take into a company; it's talking about governing access to corporate information on those devices. And it's not talking about domain-joined devices any more; it's talking about domain trusted devices. It doesn't matter if the device is joined to the Active Directory as long as the user is; viruses aside (which at least initially and probably in the long term will be far less of a problem on Windows RT than on Windows), it doesn't matter if the device is managed as long as the user is. That's the way you're going to treat iOS and Android devices and it's the way you're going to treat Windows RT devices, but the big advantage for a business is that you can write a WinRT app that will run on both a managed Windows 8 PC and an unmanaged Windows RT device.
If you buy an iPad or an Android tablet or a Windows RT tablet and take it to work, you don't want the IT department to take it over and decide what you can and can't install on it or what Web sites you can and can't visit. You don't want the official company wallpaper or the official company sound scheme. You do want to be able to get email and open work documents and run the application that lets you put in an expense claim.
Even now, Windows RT is still Schrödinger's tablet; we don't know exactly what it does, what it doesn't do or when we can have it. But even when we do know all those, Windows RT will continue to be like a photon; both a wave and a particle - both a PC with a desktop and Explorer and device drivers and a full desktop browser, and a tablet with a simple and secure app development model and a simple interface. Windows Intune now supports both PCs and tablets and smartphones; expect it to treat Windows RT like a tablet rather than a PC.