Windows Intune, Microsoft's cloud based device management solution, is set to get a series of updates that will significantly improve its mobile device management credentials. These updates include support for e-mail profiles (configure a device for email), support for a wider range of remote security features (remote lock, reset pin), and support for iOS7's data protection settings. Future updates are also set to extend management capabilities to the app level.

Windows Intune, which is aimed at small-medium enterprises, provides tools and reports to help with the administration of PC (Windows and Mac) and mobile devices (Android, iOS, and Windows Phone). On the PC side this includes applying security policies and settings; the installation, upgrade and license management of software; end point protection (e.g. information about detected threats, manually running malware scans); and alerts.

On the mobile side this currently includes automatic discovery of mobile devices (when a device connects to corporate Exchange server they are automatically linked to a user), defining devices access rules for Exchange access (i.e. control mobile access to email), letting users access and install line-of-business apps through a company portal (i.e. easy deployment of business apps), policy management (currently relatively limited, but being extended), and remote device security actions (wipe).

The new updates are described in detail in a blog post by Brad Anderson on Microsoft's In the Cloud blog:

• Support for e-mail profiles that can configure a device with the correct e-mail server information and related policies – and it can also remove that profile and related e-mail via a remote wipe.
• In addition to our unified deployment mode and integration with System Center Configuration Manager, Windows Intune can now stand alone as a cloud-only MDM solution. This is a big win for organizations that want a cloud-only management solutions to manage both their mobile devices and PC’s.
• There is also support for new data protection settings in iOS 7 – including the "managed open in" capability that protects corporate data by controlling the apps and accounts that can open documents and attachments.
• This update also enables broader protection capabilities like remotely locking a lost device, or resetting a device’s PIN if forgotten.

Later this year Microsoft is planning further updates, including app level management (allow / disallow apps from running) and deeper data management:

Looking ahead to later this year, we will continue to launch additional updates to the service including the ability to allow/deny apps from running (or accessing certain sites), conditional access to e-mail depending upon the status of the device, app-specific restrictions regarding how apps interact and use data, and bulk enrollment of devices.

Windows Intune's mobile device management capabilities, by necessity, work with the big three mobile platforms, but the experience is, in accordance with Microsoft's "first and best on Windows Phone" mantra, smoothest on its own platform. Factors like mobile device management and security are not a major consideration for consumers, but can be critical for small business users. Intune is not a unique product by any means, with plenty of third party alternatives, but it is, arguably, a leader in the cloud-based mobile device management space, and is a solution that is well suited to smaller sized business.