By Kyle Johnson and Jack Madden
We covered some of the big news out of Microsoft Ignite 2018 during the first day of the show—Jack wrote about Windows Virtual Desktop, while I looked into Microsoft’s security-focused announcements.
But Windows Virtual Desktop and Microsoft Threat Protection weren’t the only news that interested us. During Brad Anderson’s Monday breakout session, “Simplify your IT management and level up with Microsoft 365,” he announced Win32 application management with Intune, new Autopilot capabilities, new Desktop Analytics features, and more.
Win32 app management
Though this is arguably the biggest Microsoft Ignite announcement, we still don’t have a lot of official information. There are some Microsoft Ignite sessions that look like they’ll have what we need, but not all of them are getting streamed live.
Managing Win32 apps has never been an easy part of Windows 10 Modern Management—up until now, official support has focused on deploying UWP apps and MSIs. VMware Workspace One has been making a big effort in this space, but now Microsoft is offering their own management solution through Intune.
Brad said that Win32 support was added in the August release of Intune, with additional capabilities coming later (though we can’t find anything in the What’s new with Intune page). The story will certainly get much more interesting with MSIX, too.
For now, MVP Maurice Daly has an explanation at SCConfigMGR.com. He details the whole packaging process, including the new Intune Win32 app packaging tool, and uses the word “awesome” a couple of times.
Anyway, Brad closed out his Microsoft Ignite announcement by saying:
“You want to continue to rely upon us to deploy those Win32 applications. I hear some of the traditional MDM vendors talking about beginning to manage Windows and ‘hey trust us to deploy some of your Win32 apps,’ but I don’t think you want to be their guinea pig.”
That had to sting for a few VMware product managers.
Desktop Analytics for updates
Many organizations are facing the pain of constant Windows 10 updates, and while Microsoft eased the pain by announcing 30-month lifecycles, they’re naturally trying to help users do faster updates.
One main component of this strategy is Desktop Analytics (DA), which helps determine compatibility of hardware, drivers, Office add-ins, and third-party apps (including in-house apps). Microsoft first announced DA, which is an expansion of Windows Analytics, earlier this month.
Essentially, by connecting to Configuration Manager, Desktop Analytics will create a readiness assessment by comparing your devices and apps to the 700 million other Windows devices that Microsoft sees. DA sits atop ConfigMgr for the moment, but Brad said that it will eventually integrate with Intune as more organizations begin to use that for MDM.
Another feature of DA is FastTrack Desktop App Assure, which will go into GA on October 1. This will examine app compatibility; if an app is found to be incompatible, then Microsoft development team will fix Windows if needed, and if it’s found to be an issue with the app, then they’ll work with you to try and solve the compatibility issue.
It sounds pretty ambitious, but if they’re actually this responsive, then great. It’s just that a lot of admins are pretty jaded in these things.
In the Windows 10 October Upgrade, Autopilot will have two new features for user-driven mode. The first feature is Hybrid Azure AD join support, where IT can select whether to join devices to Active Directory or Azure AD.
For existing Windows 7 devices, IT can use SCCM to configure them so that when they upgrade to Windows 10, they come up through AutoPilot, with ConfigMgr and Intune.
These announcements are on top of the 100% hands-free provisioning process for shared devices, kiosks, and digital signage devices, which was announced in June.
More Microsoft Ignite Intune announcements
A few other new features in Brad’s Microsoft Ignite presentation caught our eye.
First, Intune will be able to deploy and manage eSIM-enabled devices. Brad positioned this as a thing for first-line workers (think ruggedized notebooks and tablets with LTE for field service), but this is something we hope could come to all devices.
Additionally, Microsoft is adding a “security baselines” feature to Intune. Basically, they’re taking the MDM policies that are appropriate for government customers, and then creating a template, so that you can apply them on your own.
A few thoughts
We couldn’t help but notice that many of these features—such as app compatibility reports and industry security templates—were just announced in VMware Workspace One. The narrative used to be that Intune always lagged behind the likes of VMware and MobileIron, but clearly Microsoft is picking up the pace. (Built-in Mac management, as well as Chrome OS management, are still big holes, though.)
Dig Deeper on Enterprise mobile security
How to deploy Microsoft Endpoint Manager step by step
A look at how Lookout integrates with Microsoft, Google, and VMware for unmanaged devices
Do you want to get rid of SCCM, keep it forever, or do something in between?
A closer look at Microsoft Endpoint Manager, the new combination of Intune and SCCM