The next revision of Windows Intune is scheduled sometime in the first quarter of 2014. Windows Intune is Microsoft's Cloud-based management application that comes close to mirroring the on-premise endpoint management solution System Center Configuration Manager (ConfigMgr). Using Windows Intune, companies can enroll PCs and devices to allow remote management functions such as inventory, software delivery, remote desktop, and security, all without adding any on-premise infrastructure. ConfigMgr now also utilizes Windows Intune to enable the on-premise software to manage a broad range of OS's and devices such as Windows RT, Mac, Windows Phone, iOS, and Android.
Up to now, the Windows Intune security solution, Endpoint Protection, has remained somewhat of an add-on, requiring Windows Intune administrators to develop policies to install the client software after the full Windows Intune client installed. To help improve security for managed devices, the next version of Windows Intune will install Endpoint Protection by default as part of the initial client installation. For new Windows Intune clients, it will install automatically. Instead of creating a policy to install the solution like administrators have had to do in the past, they will now need to create a policy to block its installation instead, if required.
It should be noted that after the Windows Intune update, modifying the policy will cause the Endpoint Protection client to uninstall on existing PCs and devices.
The change in direction is good, ensuring that all PCs and devices managed by Windows Intune become protected by default. However, there are specific instances where Endpoint Protection should not be installed and the no-install policy should be initiated. One of these specific times is when another security solution already exists on the remote client. If your company is utilizing Windows Intune for remote management and use a different piece of security software, understanding this change could save you some troubleshooting, since it's not a best practice to run multiple security products on a single PC or device.