New Livemeeting session on Intune

July 29, 2011 at 8:47 am in Uncategorized by mikeresseler

On the 28th of september I will be presenting another livemeeting session on Windows Intune.

This session will be all about the new features of Windows Intune 2 (or better known as Windows Intune beta for now :-)) and will give you best practices for deploying software to your workstations… from the cloud.

There are two sessions that day, so you can fit it into your agenda :-)

For more information on the Afternoon Session (14.00 Belgian time, GMT + 2):

For more information on the Evening Session (19.30 Belgian time, GMT + 2):

See you all there :-)



Follow me on twitter @mikeresseler



Bandwidth calculations for Windows Intune

May 31, 2011 at 7:50 am in Uncategorized by mikeresseler

Got myself a difficult question today.  How much bandwidth does Intune use per client?

Since I didn’t had the answer to that (I measured it a few months ago in Beta, which gave me a bit over 10 MB on one day, but never looked at it again) and this will certainly be a question whenever you need to deploy such a solution, I decided to find more information about it.

It took me some time (was I using the wrong keywords?) but finally found the answer in the online help of Intune

As always in IT, the answer to the question is… it depends.

You have to consider the following questions:

  • Whether the client computer is newly enrolled in Windows Intune and has had no updates applied.
  • The operating system that is running on the client computer.
  • The types of applications that are installed on the client computer.
  • Whether the current day is security-patch Tuesday. On security-patch Tuesday, Microsoft releases new updates. On those days, bandwidth usage can be more than usual. (Or if you wait with approving the updates, then it is on your security-patch day [:)])
  • Whether the network configuration includes a caching web proxy server. A caching web proxy server can be a Microsoft Forefront Threat Management Gateway server or a Microsoft Internet Security and Acceleration (ISA) server. A caching web proxy server caches HTTP and updates binary download requests from Windows Intune to managed client computers. By avoiding duplicate downloads, a caching web proxy server can reduce the consumed Internet bandwidth.

In that article, they also make a calculation and arrive at around 5 MB a day.  But they do that under following assumptions:

  • Very large updates, such as the Windows 7 Service Pack 1, are not factored into this estimate.
  • The client computer is regularly and currently patched.
  • The initial enrollment process traffic of the client computer into Windows Intune is not included in the estimate.
  • This estimate is based on the default selection of update products and classifications for Windows Intune. If you change the default selection, the bandwidth usage can vary.

Since I calculated it around 10 MB, I started to look for the differences…

No, I wasn’t downloading Windows 7 SP1 (then I would have a lot more then 10 MB…), yes my laptop is regularly and currently patched, no it wasn’t the initial enrollment process but yes, I do have more then the default selection of update products and classifications.  So the difference is there.

While I sent out the email to my discussion partner, I realized that the first thing he would say is: “Yeah, so on Patch Tuesday, my small companies internet lines will be overwhelmed…”

True, if you leave everything by defaults.  But therefore you can use groups to separate the installations, approvals etc… so that you can also separate the data traffic.

Just my 2 cents



Intune Purchase and Support Explained

May 25, 2011 at 7:27 am in Uncategorized by mikeresseler

Windows Intune is on a roll… More and more people I talk with are interessted and many companies are already looking at the product as we speak.  One of the questions that comes up frequently is how support is handled and how to purchase it.

Let me give you some more information about this.

Windows Intune is a device subscription

This basically means that you tie the license to a machine and not a user.  The subscription term is 12 months.

What do you get for a subscription?

  • Windows 7 Enterprise Upgrade Rights
  • Future Upgrade Rights
  • Downgrade Rights
  • Reimagine Rights
  • Run 4 Additional Local Virtual Machines
  • Virtual Desktop Access (VDA)
  • Ability to Purchase MDOP (see later in this post)
  • Windows Fundamentals for Legacy PCs
  • E-Learning (unless purchased through Microsoft Online Customer Portal, but they remain if you are an exisiting SA customer)
  • Extended Hotfix Support

Can Microsoft change the price during the 12 month subscription?

Yes and No.  They garantee that the price stays the same during that 12 month subscription period.  However, Microsoft reservers the right to lower the price at any time.  But that’s always good right [:D]

What about SLA?

My number one favorite argument from IT Administrators… We can’t control the server environment that hosts the intune service so we can’t guarantee that the service is up…

True, but with the contract comes an SLA.  And the SLA states that:

Monthly uptime smaller then 99,9%, you get 25% of your money back

Monthly uptime smaller then 99%, you get 50% of your money back

Monthly uptime smaller then 95%, you get 100% of your money back

How many clients do I need to get a subscription?

One. Yes, you read it correctly.  One is enough

Ok, you convinced me, how do I get a subscription?

Follow the guidelines that are found in the two documents below this post.

How about support?

For IT administrators, there’s online help:

You can always look at the service state page:

24/7 support can be found here:

More information: 

Download the Windows Intune Support and Purchase guide which also includes information about opting out, reduction of devices and adding devices





Friday Opinion: Windows Intune – Now, Future or Born Dead

May 6, 2011 at 11:30 am in Uncategorized by mikeresseler


Lately I have been busy a lot with Windows Intune as some of you might have noticed.  I’ve presented on the topic, did some livemeetings and blogged about it.

But I’ve spent also a lot of time in discussing the Windows Intune story to other people.  And these discussions go around the technical side of the story, the current features and (possible) upcoming features of the product, the business and opportunities, the future of the product and whether this will still exist in 10 years…

I will describe a few of my thoughts and discussions here, but it remains (of course) my opinion.  If you don’t agree, feel free to comment

IT Professional side of the story

These discussions are mostly held with IT Professionals.  Oneliners such as: “We have no more control” “There is no more security” “I will lose my job” and “I will be back at the helpdesk” are thrown at me a lot of times.  Considering that I am not a Microsoft employee, I sometimes wonder how much of these oneliners are thrown to Microsoft employees [:)]

Let me try to clarify a few of these oneliners.

We have no more control

No, this is not true… If you have ever looked at Windows Intune, you will see that the configuration of the service remain in your hands.  By using the Microsoft Policy Platform you will stay as an administrator in control on what will happen on your users desktops or laptops.  Can you control everything?  No, not at this moment, but what ain’t will probably come.  I don’t see this also as a reason to say that you don’t have control over the software.  Or can you call one application that delivers management that is fully controlable, every detail, every parameter?  It is true that some of these applications (such as SCCM or SCOM) deliver you a bit more control over the behaviour of the clients and the workflows / policies that you can enter, but again, this is version 1, and what isn’t now, will probably come.

At this moment, most IT pro’s change the discussion to: “What I mean is that we don’t have control over the server side of the service”

Answer to that: True, with Windows Intune, you don’t need to purchase hardware, buy OS licenses (or allocate them), buy the software, install the server(s) (whether virtual or physical).  You also don’t need to secure it with accounts, security groups, GPO’s.  Nor do you need to assess that security every now and then.  You don’t have to care about it being 24/7 up with an SLA of 99.9999% or create a disaster recovery plan for it.  You also don’t need to place a server in a DMZ so that your clients that are abroad, in a hotel or just at home are also managed.  And last but not least, you don’t need to calculate how many servers you will need to manage your entire environment, and when you need additional ones when the company grows.

Wait a minute?  Isn’t that the fun part of the job?  Isn’t that exactly what we are paid for?  Well, I hope not… I hope that your assignment is to manage your users workplaces (desktop / laptop) and that designing, architecting, maintaining and fixing the servers that support that specific assignment is just a waste of your time so that there is less time for helping your users

Whenever I say something like this, I always feel that I just showed a red flag to a bull…  And yet, that is exactly what the business expect from us and we should try to spend as much time as possible in doing exactly that.  So let’s make a shift in our mind here, and start doing exactly what we are supposed to do, without the additional work that normally comes with it.

There is no more security

This one is actually funny… Yes your data is in the cloud, but Intune is specifically built so that it is impossible that your data will be seen by somebody else.  Nor will the data monitored by Microsoft or any other company.  And for the security adepts among us, here is a listing of the security measurements: (taken from the Windows Intune FAQ)

  • Secure Internet protocols such as Hypertext Transfer Protocol Secure (HTTPS) to secure access to the service and clients.
  • Redundant servers and geographically dispersed facilities to help ensure that your online services are available when you need them.
  • A backup data center on the other side of the country that we can switch to in the event of a disaster.
  • High-availability architecture that provides uninterrupted service even in the event of hardware failure on one of our servers.
  • Management by a rigorously screened and highly trained staff.
  • Encrypted data channels that protect all communications between the client and the data center.
  • Administrator access to the administrative console that requires authentication of authorized administrators you have assigned to your account. Authentication is done through the Windows Live ID service.
  • The Microsoft Online Services guarantee: a service level agreement of 99.9 percent uptime.
  • Current status on the service health is available at

Most of the companies don’t even have that kind of security for their most critical business services.

But, I’m not a security expert.  I specialize in Management (backup, monitoring, deployment…) but not in Security.  But I do know that if a bank would say that this is all the security measures they are taking for their online banking, that we are happy with it… But for managing our desktops and laptops… [;)]

I will lose my job

No, no and again no, or wait, maybe yes…  At this moment, many of the people that say this are saying it because at this moment, they are implementing server solutions with customers or they are responsible for installing servers within their company.  Will they lose their job?  No!  Will they lose that specific jobfunction?  Probably yes.  But that doesn’t mean that they will be out of a job, or that we will need less IT people the next I don’t know how many years… But we will need to refocus our job content.  People that now implement servers and software will transfer to implementing solutions, based on the customers need and wishes (internal and/or external customers).  Cloud services, such as Intune will assist us in implementing a service, a solution for the customer without all the installation work.  So there will be much more time and money for actually implementing it as the customer wants.  Or for educating the customer.  Or for thinking about their management strategy.  Or for… (fill in further [:D])

I will be back at the helpdesk

First… Why is that bad?  Second, a helpdesk is not a call-center alone (as some of us seem to think…) And third, helpdesks, service desks will also evolve in this model, and will turn into real NoC’s with pro-active monitoring, baselining and so on… So for me personally, this is not an argument.  (Even if helpdesks won’t change it is not an argument.  Nothing wrong with a job on a helpdesk.  If you are good, your users will be very thankfull)

My conclusion on the IT Professional side…

I think that many of these arguments are just some reasons to hide the one big thing that many of us are scared of… change.  And change can be scary, but I see this change as a big opportunity to go with IT to the next level, and that is really becoming an asset for the business.

Business Opportunities

Windows Intune is the death of the Microsoft Partner…

We can’t sell SCCM or SCOM implementations anymore to our customers.  It is all in the cloud and the setup is so easy that the customer doesn’t need us anymore.  We won’t be profitable anymore.

Yes, maybe true… But, let us be honest here for a second… Not every customer will go to the cloud at once, and offering the cloud to your customers will give you potential new customers / leads and potential other projects.

Don’t forget that windows Intune comes with a free upgrade subscription to the latest OS (at this time, windows 7).  That means that there are possible services to sell such as upgrade tracks, bitlocker, MDOP projects (which can be bought as an extension to an intune subscription for a pretty cheap price) and so on.  Or what about I wrote in my previous blog (  There is also business to be found.

Business Opportunities conclusion

I can think off a dozen of new opportunities with Windows Intune alone (and then I don’t talk about the other cloud offerings…) but it will need a change of working for the partners.  A change of mind aswel.  Not only IT Pro’s will need to change the way they work, the business will need to adapt its model aswel.

Current and Upcoming features

Ah, here is my Achilles.  The other solutions have much more features and possibilities then Windows Intune.  True, can’t deny that, can’t argue that.  For now.  Because if you think of it, with a cloud-model such as Windows Intune, they can add new features and enhancements every 6 months.  The next version will probably be out around September 2011.  Will it have software distribution (the number 1 missing feature that they throw at me).  Probably yes (according to the rumours)

I strongly believe that it will have as much features as the on-premises solutions very soon, and that newer features will be in the cloud first, before they come to the on-premise side.  Oh yeah, and which company has the new version or the new features of a management solution the week after release?


Is this another hype, and will it be dead in a few years… or is something that will stay for a long time.  I think it will.  I strongly believe that common infrastructure services such as management will move to the cloud.  The focus for managing your desktops and laptops (and with that I mean the entire management lifecycle) is seen as an overhead by many companies and therefore the cloud will be a good solution to make sure that no time is lost and that the people that need to do the management can actually do that management, without the need to worry about server infrastructure and stuff.

Will everything go to the cloud?  Probably not, at least not yet soon.  Many management aspects will remain on-premise for a while.  For how long, I can’t say.

Final Conclusion

Is Intune a threat for your environment?  No, if you are willing to change, it will give you opportunities and gain you business (as a partner), time (as a user) and a better service (as a partner AND as a user)

Is it ready for every business at this moment?  No, some companies will need features or possibilities that Windows Intune can’t deliver at this moment.  It will come, so keep an eye on it.

Is everybody wrong and am I right?  No, certainly not.  I just wanted to give my opinion and my thoughts that I use during such a discussions.  But that doesn’t mean that my opinion / believes / thoughts fits your business.  You will have to figure that one out for yourself [;)]

Will the IT world be changed because of solutions such as Windows Intune?  Yes it will, and therefore a mind change for many will be necessary.

I hope these arguments can help you in thinking about this model.  After all, it has started, and there is no way back [:D]

Feel free to comment



Intune for Service Providers and Tools

May 5, 2011 at 7:00 am in Uncategorized by mikeresseler

A couple of days ago, I presented Windows Intune through an online livemeeting.  I will discuss the session later but one of the questions I received during that meeting was about Managed Service Providers and additional tools.  I was at that moment already planning a post about it so the question just speeded that process a bit [:)]

Before I get into the tools you can connect to Windows Intune, let me try to explain what Intune can do for you, as a Managed Service Provider and what it can mean to your customers.

A bit of history

Let us start with a bit of history… In a not so far past ;-), when System Center Essentials 2007 came to market, there was an option to use ROM (Remote Operations Manager) as a Service Provider.  When you had Operations Manager 2007 and your customers were running System Center Essentials 2007, you could connect it with the ROM provider to manage them from your NOC (Network Operations Center).  This connector died pretty fast, which was a pitty because it allowed Service Providers to offer managed services to their customers with the System Center stack.  Now with Windows Intune, we get a brand new possibility to do this.

When your customer buys an Intune subscription, and he allows you to manage it (which is a five-minute work ;-)) you will be able to have the multi-account console.

 As you can see in the screenshot, after I have logged in (or decide to choose another account) I can now choose between the companies that I manage (In this demo setup, I manage 2 companies).

What I really like about this is that you get a high-level overview of your customers and directly have a clear view of the urgent issues that you need to handle.

You can sort this view on account name, on health status or just search for the account that you need.  When you click on it, you will go to the detail of that specific customer.


For a Managed Service Provider, you get a great solution in providing your customers with managed services, and you don’t need to buy / install or maintain infrastructure for it.  The only thing you need is internet, and a browser that supports silverlight.  If you are running a 24/7 NOC and you have engineers “on watch”, then they can start working on issues very fast without the need of getting their own laptop out, creating a VPN to the main office, logging in remotely to the customer and so on…

Connecting Tools to Window Intune?

But as stated in the beginning of this post… The question was whether it is possible to connect other tools to Intune.  And the answer to that is… Yes.  There are already two tools on the market that can be connected with Windows Intune


What is Connectwise?

From the documentation:

ConnectWise is a leading business management solution designed exclusively for IT solution providers, MSPs, technology consultants, integrators, and developers. ConnectWise helps MSPs manage all aspects of their customer relationships from within a single, unified system, combining sales force automation, customer relationship management (CRM), service request and ticket tracking, contract and billing arrangement management, and extensive reporting.

ConnectWise is a software platform that automates the internal business processes for IT pros worldwide. It combines the elements of a successful IT services business, including quoting, sales, project implementations, service delivery, billing, and comprehensive reporting, and provides visibility and reporting on past performance as well as future projections.

 How do they work togheter?

ConnectWise and Windows Intune gives you an integrated workflow that allows you to:

  • Issue alerting (Intune)
  • Tracking and escalation (ConnectWise)
  • Remediation (Intune)
  • Billing (ConnectWise)

 This is an example of a flow

 What do you need?

  • Windows Intune
  • ConnectWise PSA
  • ConnectWise email connector


What is Autotask?

From the documentation:

PSA systems help MSPs manage all aspects of their customer relationships from a single system. PSA systems combine customer relationship management, service request and ticket tracking, contract and billing management, and extensive reporting.

How do they work togheter?

  • Issue alerting (Intune)
  • Tracking and escalation (Autotask)
  • Remediation (Intune)
  • Billing (Autotask)

 And again, here is a flow that describes a possible process:




What do you need?

  • Windows Intune
  • Autotask Go or Autotask Pro
  • Email2AT from MSPintegrations


With Intune just released, there are already two vendors that have an integration with the product.  I’m pretty sure that more will come (Hello System Center Service Manager?  Where does your connector stay? [:D])

This will give Managed Service Providers a very powerfull solution to manage their customers.

More information?





Windows Intune Released to the public

March 23, 2011 at 5:59 pm in Uncategorized by mikeresseler


It is official now, Windows Intune has been released to the public.  While I already had the opportunity to work with it during the beta stage it now goes RTM and everybody can start working with it.

You will have the option to buy a subscription or try it out for 30 days.

Windows Intune will allow you as a business to manage your entire desktop infrastructure, including, but not limited to malware protection, update management, remote management and inventory from the cloud, accessible from everywhere without the need for an entire antimalware infrastructure, and update infrastructure and so on.

Many IT Professionals where I discuss the topic with are scared that the product doesn’t have enough features compared to the stand-alone suites of System Center.  While I can’t deny that this isn’t true, I always remind them that this product is just new while the other solutions in the suite exist already for a long time.  I had the luck of spending some time with the Intune product team last night in a bar (by –5 degree which was also something new for me Smile) and I learned that they will catch up quite quickly.  Because of the entire cloud solution, they will be able to bring updates and features every 6 months.

Your IT professionals will be able to focus on the real business problems without the need of focusing and maintaining an entire infrastructure.  Imagine upgrading your entire management and security solution for your desktops every 6 months to the latest version.  Then imagine that you won’t need to spent effort in that and you will have no risk on your side… That is the true power of the cloud and windows Intune.

If you are interested in this solution and want more information then contact me through this blog or at Mike[dot]Resseler[AD]Infrontconsulting[com]

Interesting links:

Press Release:

Windows Intune Blog:

Opening the Window to PC Management in the Cloud:

Opening the Window to PC Management in the Cloud:

Get the best out of your trial:



New Intune Client available

February 23, 2011 at 7:43 pm in Uncategorized by mikeresseler

Today I received an email from the Intune program

Thank you for your participation in the Windows Intune beta and your feedback to date. Based on feedback that we received, we have recently made changes to the service. What this means to you: Most of the changes should be transparent to you. Your already deployed clients will be automatically updated and will continue to work normally. However, the client software installation package that you previously downloaded will no longer work. If you want to deploy the client software to any new computers, you must download a new client software installation package. The client software installation package is located in the Windows Intune administrator console, in the Administration workspace, under "Client Software Download." We thank you for your interest in Windows Intune and look forward to your continued participation.

And indeed, in the administrator console, I could see the alert


This evening, when I arrived at home from my work I started my laptop.  Soon the system started to update and giving me notifications that my malware and so wasn’t running anymore.  I found that a bit annoying, because if this happens in an environment where the Intune clients are not IT-ers (as it is in our environment) then I probably would get a lot of helpdesk calls… Therefore, make sure that you notify your end-users!

The update was pretty fast done, and soon I could see a change in my start menu: Windows Intune Endpoint Protection


But before everything can work, I still need to restart


Funny endnote: the icon in the tray is the SCCM icon :-)





PS: The KB for the new client can be found here:

The Intune Notice Board

February 6, 2011 at 7:19 am in Uncategorized by mikeresseler

Whenever Microsoft needs to do maintenance to the Intune system, it will let you know in time.

It does this in three ways:

1) By email

Windows Intune Beta Planned Service Outage


Infront Consulting Group BVBA






Windows Intune Beta Planned Service Outage

Please be advised that due to scheduled service maintenance, the Windows Intune beta service may be unavailable starting at 10AM PST on Tuesday, January 25th, 2011. Please check the service status page at for more current service status. We apologize for any inconvenience, and thank you for using the Windows Intune beta service.
View this alert in the Windows Intune console:  URL Removed

2) You can see it in the notification window in the System Overview workspace


The administrators who look at the Intune administrator console often will see the announcements in the Notice Board


3) The service status page


You can also view the service status on the service status page (



Movie: Administration Workspace

January 14, 2011 at 10:26 am in Uncategorized by mikeresseler

After my first movie, here is the second one about Windows Intune


 This movie goes in detail about the Administration Workspace.

Here is (in short) the different topics:

1. The overview


We start the movie by looking at the general overview of the administration and how we can check the service status of windows intune

2. Updates

The next thing we describe is the configuration of the updates.  We talk about the Product Category


The Update Classifications


And we create an automatic update approval rule for all the security updates


3. Alerts and Notifications

We also look at the alerts and notifications.


We are going to enable an alert so that we get notified in case the problem occurs

We also create a new recipient to get the alerts


And finally we are going to adapt the notification rules to make sure that the correct user gets the alert emails.


4. Administrator Management

We show you to create a administrator.  Important here is that it needs to be done with a Live ID


5. Client Software Download

And finally we show you a bit about the Client Software that you can download and distribute to your environment.


Next movie will be about the Computer workspace so stay tuned



Movie: General Overview

January 6, 2011 at 11:00 am in Uncategorized by mikeresseler

I’m in the progress of making some movies for Windows Intune.  The first one has been released online


In this movie, you will get a quick overview of the different workspaces in the Windows Intune Administrator console.

In short, these are the different workspaces:

1. System Overview


This workspace gives you a quick overview of the status of your systems and alerts and so on

2. Computers


The computers workspace gives you an overview of your computers and allows you to manage them and divide them into groups

3. Updates


The updates workspace allows you to manage all of your updates.

4. Malware protection


This workspace allows you to view and review all malware issues on your environment

5. Alerts Overview


The alerts overview workspace allows you to handle the alerts in your environment.  Crashed applications, logical disk failures and so on can be retrieved here

6. Software


This workspace gives you an overview of all the software installed in your environment

7. Licenses


The licenses workspace allows you to review your imported license agreements and compare it with the installed software in your environment

8. Policy


The Policy workspace gives you the opportunity to review, change and create policies that will handle the Updates and other parts of the Windows Intune environment for your computers

9. Reports


The reports workspace gives you some great reporting possibilities about your environment

10. Administration


The last workspace will allow you to administer all of your settings for Windows Intune.

Tune in later for more intune movies… Next movie will be the details about the administration workspace