After evaluating the update management features in the Windows Intune beta, some of you will be curious to know how Windows Intune’s update management feature compares with the Windows Server Update Services (WSUS) solution.
The short answer is that Windows Intune’s update workload essentially replaces WSUS for all your Microsoft update distribution needs. Just like WSUS, Windows Intune lets you to centrally manage the deployment of Microsoft updates and service packs to all your PCs.
Windows Intune works over the cloud like Windows Update (WU) and Microsoft Update (MU), but you don’t need on-site infrastructure. Updates are delivered directly to any of your managed PCs that have an Internet connection.
There are a lot of similarities in the update management functionality provided by Windows Intune and WSUS. The following core update management tasks are available in both solutions:
Configure server settings
- Select products and classifications of interest
- Configure auto-deployment rules
Configure agent policies
- Scheduled install for clients/test machines
- Download and notify for servers
- Deploy updates for installation to specific target computer groups
- Check the status of a previously approved update(s)
- Determine which computers need updates
Resolve Update deployment issues
- Determine which computers have failed updates
- Decline an update
Update status summary
- System wide status of update deployment
- Update statistics for each group
- Update status for each computer
Generate update reports
Because Intune is a cloud service, it has some compelling benefits over an on-premise solution such as WSUS.
No need for On-site infrastructure: Intune has no onsite infrastructure requirements while WSUS solution requires on-site infrastructure to be deployed.
This means that unlike WSUS, Windows Intune:
- Does not need any on-premise infrastructure (e.g. servers, additional software). As a result there are no maintenance costs associated with upgrades, patching, servicing on-premise infrastructure, and you derive cost savings as a result.
- Allows you to seamlessly do remote management, i.e. view patch status and compliance of all managed PCs whether they are inside or outside of corporate network.
- Does need to any internet facing server or DMZ to support this scenario.
Some update configuration notes:
- In WSUS, admins can choose to download update files locally on the server (on-premise) or have managed PCs pick up the files from Microsoft Update (MU). Windows Intune, being a cloud service, only supports the latter.
- If your company has a caching web-proxy (e.g. SQUID, Microsoft Forefront TMG etc.) you can achieve update file caching benefits for Intune managed PCs.
- WSUS allows admins to deploy certain driver updates (available from MU) to managed PCs, while Intune does not currently support driver deployment.
- Also, Intune admin console has a similar layout and terminology usage as WSUS admin and using similar functionality should not require any additional ramp-up. So, transitioning from WSUS to Intune should be very simple and intuitive.
So, for those of you using WSUS for distributing Microsoft updates & service packs, Windows Intune offers a compelling alternative.
In addition, Intune also offers a host of other PC management capabilities such as malware protection, PC inventory, Microsoft volume license management, alerts, and remote assistance…all for a low monthly subscription fee. The goal of Windows Intune is to provide a solution that lowers the cost and effort of managing your PCs. We encourage you to sign up for a trial when it becomes available. To be notified of availability, please visit this site and we’ll advise you when you can sign up.
Written by Bharathan Venkateswaran, Senior Program Manager on the Windows Intune team.