16 Mar.

MDOP component applicability to different types of Windows Intune users

The last update gave a quick run down on what MDOP includes, but now it’s time to see how these components can be used in various types of organizations. We will start with with an unmanaged, distributed workforce, and add structure and potentially complexity through each example. The chart at the end of the post gives each component an applicability rating, but remember that these are just the views of the author, and I am more than willing to be swayed to change my view.

Unmanaged Distributed PCs
This is probably the scenario that will benefit the least from Windows Intune, as many of the components require a more traditional well designed, highly available network infrastructure to allow their effective deployment and maintenance. The ability to install Windows Intune onto unmanaged and distributed PCs, which covers distributed non-domain joined PCs means that some of the MDOP inclusions just aren’t applicable, and then others like the Application Inventory Service may have some very short term value, but DaRT is definitely a very useful addition to the IT arsenal.

Unmanaged Centralized PCs
The big differentiator here is that we have bandwidth. Just what MDOP tools can we start using if we aren’t part of an AD domain? While many in the world of IT have spent years arguing over the best directory or network operating system to deploy, there are still many networks running in peer to peer mode in the SMB space, and while we may want to provide them some more infrastructure, it may not always be as applicable as we like to think. It pains me to write this, as I was a user on one of the first NT style domain rollouts, and then also a lab rat on one of the first AD global domain rollouts, so I fully appreciate the benefits of a directory

Lightly Managed Distributed PCs
Now we have added domain joined PCs into the mix, even if they are at the other end of slow connections and the AD management is quite basic. Suddenly the AGMP tool starts to bring value, and more of the MDOP components start lighting up for applicability.

Lightly Managed Centrally Located PCs
Now we have bandwidth an Active Directory capabilities, what more could we ask for? Well, a lot, and that’s why MDOP and other tools exist. This is where MDOP really starts to shine.

Well Managed Distributed Or Centrally Located PCs
I’ve included this category for the sake of it, but in reality I don’t see anyone swapping out their existing management solution for Windows Intune unless they have some very specific requirements to do so. An ontpremise solutions such as System Center may be more complex to deploy and support than Windows Intune, but the capabilities the combined System Center family offer far exceed anything that Windows Intune will be offer for quite a while.

Unmanaged
Distributed
Unmanaged
Centralised
Lightly Managed
Distributed
Lightly
Managed
Centralised
Well Managed
Application
Inventory
Service
(AIS)
Low Low Low Low Low
Application Virtualization (App-V) Low Low Medium High High
Enterprise Desktop Virtualization
(MED-V)
Low Low Medium High High
Diagnostics and Recovery Toolset (DaRT) High High High High High
BitLocker Administration and Monitoring
(MBAM)
Low Low High High High
Advanced Group Policy Management
(AGMP)
Low Low High High High

I don’t want to go into the ratings of everything above, but I do want to focus on a few of them.

Firstly AIS is listed as Low across the board, and the reason for this is that AIS is the basis for the software reporting capabilities that are in Windows Intune. There is a small window of opportunity for AIS to provide some inventorying capabilities as it is a lighter footprint client than the Windows Intune install, but this wouldn’t be a normal scenario.

App-V and MED-V only receive Medium scores in distributed environments due to the potential bandwidth requirements for deployments. If bandwidth isn’t a concern they can both become High.

DaRT is useful across the board as it will help solve issues with non-booting PCs, which is great inside of a large organisation, but also highly valuable if you have to do any remote recovery and repair work.

Looking at the chart, one of the things that should be clear is that MDOP shines when it has the right infrastructure to work with. While Microsoft would like all of its customers to have some type of Software Assurance (SA) on the desktop OS, combined with MDOP, that isn’t the case. Windows Intune allows customers who chose not to go down this path, or missed the window of opportunity, to get many of the benefits of SA without an SA agreement. Now that I’ve typed that out, I think I may have to write an article comparing a Windows Intune subscription with SA. That will be the first licensing post for the site!

Total Comments: 1

Comments

  1. […] family which really bring Microsoft’s VDI story together when combined with MDOP (which as previously discussed, is an add on option for WIndows Intune […]

Leave a Reply


%d bloggers like this: