Skip to content

Hybrid Cloud Blog

It is critical that organizations think holistically about their approach to consumerization and BYOD. The new world of work is more than ever about people – enabling people to get access to their applications and their data on the devices they choose.  This increases satisfaction and productivity, yet IT still has a responsibility to ensure this is done in a way that protects corporate resources and maintains compliance.

We are adding new capabilities to Windows Intune which will provide organizations increased flexibility to enable users to choose the devices which best suit their needs or preferences, while also helping to protect corporate data.   These updates will roll out to our service subscribers next week.

The new management capabilities include:

  • Ability for the administrator to configure email profiles, which can automatically configure the device with the appropriate email server information and related policies, as well as the ability to remove the profile along with the email itself via a remote wipe if needed.
  • Support for new configuration settings in iOS 7, including the “Managed open in” capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.
  • Ability for the administrator to remotely lock the device if it is lost or stolen, and reset the password if the user forgets it.

The email profile and data protection configuration settings are good examples of the enhanced integration between Windows Intune and System Center 2012 R2 Configuration Manager.   These new capabilities will be available within your Configuration Manager console as “Extensions for Windows Intune.”   These extensions provide your existing Configuration Manager infrastructure with the information it needs to let you manage the new capabilities in the cloud without having to upgrade anything on-premises. Once the extensions are enabled, the new configuration settings will appear alongside the existing configuration options, right where they belong.  For more information on how this works, head over to the System Center Configuration Manager Team Blog, where it’s explained in more detail.

For organizations who wish to manage their devices solely from the cloud, without having any on-premises infrastructure, we are also providing the flexibility for organizations to choose how to manage mobile devices – including Windows and Windows Phone, iOS, and Android – completely through the Windows Intune service without requiring the integration with System Center 2012 R2 Configuration Manager.   

We’re also very excited to share a “sneak-peek” of new capabilities we will be adding to Windows Intune this year:

  • Deeper email management, including conditional access to Exchange email inboxes depending on if the device is managed
  • Ability to define application restrictions, through direct platform management as well as “wrapping” policy around unmanaged applications, giving administrators the ability to define how an application interacts with data and block undesirable functions such as cut and paste to other apps
  • Bulk enrollment of mobile devices, specifically useful for devices not used by a single user or knowledge worker, including kiosks, student devices, or those used in retail  
  • Allow or deny apps from running on mobile devices
  • Web browser management, including URL filtering to manage which web sites mobile devices can access

If you haven’t already looked at our device management technologies – now is the time to start trying them out for yourself. Hear more about our cloud-based device management strategy from Brad Anderson on his In the Cloud blog and head over to to sign up for a free trial.