Mark Parris MCM amp MVP Directory Services markparris httpmarkparriscoukfeed markparriscouk Windows Intune Agenda Windows Intune Overview Windows Intune Requirements Windows Intune ID: 768890
Download Presentation The PPT/PDF document "Mark Parris MCM & MVP: Directory Se..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Mark Parris MCM & MVP: Directory Services @markparris http://markparris.co.uk/feed mark@parris.co.uk Windows Intune
Agenda Windows Intune: OverviewWindows Intune: Requirements Windows Intune: ArchitectureWindows Intune: A Deeper Dive What’s Next? Questions? More Info
Windows Intune Overview Windows Intune is a Windows CLIENT , cloud based management solution Windows Intune works on domain and non domain joined PC’s Security is certificate based. Requires no server infrastructure to deploy.
Availability Serviced from 6 Global datacenters.
Availability Serviced from 6 Global datacenters.
Capabilities Protect PCs from malware with centralised protection built on the Microsoft Malware Protection Engine. This leverages the same trusted technologies as Forefront Endpoint Protection and Microsoft Security Essentials. Centrally manage the deployment of Microsoft updates and service packs to all your PCs. Proactively monitor PCs with alerts on updates and threats so that they can identify and resolve issues before they significantly impact productivity.
Capabilities Provide remote assistance regardless of where the partner or user is located. Track hardware and software inventory to help customers in IT planning and asset management purposes. Set security policies. Centrally manage update, firewall, and malware protection settings across all PCs, even on remote machines outside the corporate network .
Windows Intune Requirements Administrative Console A browser that supports Silverlight 3.0 Clients that can be managed 32-bit & 64-bit versions of : Windows 7 Enterprise, Ultimate and Professional Windows Vista Enterprise, Ultimate and Business Windows XP Professional SP2 or SP3 (SP3 recommended )
Windows Intune Requirements Hardware Internet Connection 500 MHZ CPU 256MB RAM 200MB Disk Space
Additional Benefits Microsoft Desktop Optimization Pack (MDOP) Available as an optional add-on ( Application Virtualization (App-V ); Enterprise Desktop Virtualization (MED-V ); Advanced Group Policy Management (AGPM ); Diagnostics and Recovery Toolset (DaRT ); BitLocker Administration and Monitoring (MBAM ); Asset Inventory Service (AIS ) ). Standardise the Windows Client Windows Intune subscribers can standardise on Windows 7 Enterprise or any other supported version of Windows (7, Vista or XP) and have upgrade rights to future versions of Windows.
Windows Intune Architecture Agents report to the Windows Intune service Support engineers access the data via the Web-based console Ports 80 and 443 are all that is required for agent communications Windows Live ID is required for administrative access
Administration Console
Installation Process Package Download Installation Initial Agent Install Agent Download and Report Reboot typically Required Delete - WindowsIntune.accountcert
Intune Components Component & Path Windows Intune %ProgramFiles%\Microsoft\OnlineManagement\Common\*.* Windows Intune Center %ProgramFiles %\Microsoft\OnlineManagement\Client UI\*.* Windows Intune Endpoint Protection %ProgramFiles %\Microsoft\OnlineManagement\Host Protection\HostProtection\*.* Windows Intune Monitoring Agent %ProgramFiles %\Microsoft\OnlineManagement\Monitoring\*.* Microsoft Online Management Policy Agent %ProgramFiles %\Microsoft\OnlineManagement\PolicyAgent\*.* Microsoft Easy Assist %ProgramFiles(x86 )%\Microsoft Easy Assist\*.* Microsoft Policy Platform % ProgramFiles%\Microsoft Policy Platform\*.* Microsoft System Center Operations Manager 2007 R2 Agent %ProgramFiles %\System Center Operations Manager 2007\*.* Windows Firewall Configuration Provider %ProgramFiles %\Windows Firewall Configuration Provider\*.* Microsoft Online Management Update Manager %ProgramFiles %\Microsoft\OnlineManagement\Updates\*.*
Client Software Switches Available installer switches: Windows_Intune_Setup.exe /? Windows_Intune_Setup.exe / quiet Windows_Intune_Setup.exe /extract %Temp%
Deployment Methods Direct Download Network Share Flash Drive Electronic Software Distribution Software Publishing MDT 2010 3 rd Party solution Remember to protect your Cert!
Installation Behaviour Changes Is AV installed ? Start Client Installation Is MSE or FEP installed? Upgrade to WIEP Install WIEP Is EP Policy enabled ? Is AV upgradable ? Do not install WIEP Install WIEP in parallel Uninstall AV & install WIEP Y Y Y Y N N N N
Script Solutions Uninstall Script Available via: mymfe.microsoft.com/WindowsIntune/Feedback.aspx?formID=615 AgentUninstall_Intune.cmd Enact Policy Now Script Available from the Windows Intune Support team. EnactPolicy.ps1 EnactPolicy.cmd
Malware Protection Updates Protection Agents updated to FEP 2010 Malware Protection renamed Windows Intune Endpoint Protection. Proactive Detection 8 Hour Update Cycle
Proactive Detection Generics/Heuristics Allows a single signature to detect thousands of files, using emulated behavior or binary characteristics. Dynamic Translation Translates code that accesses real resources (unsafe) into code that accesses virtualized resources (safe). Behavioral Monitoring Tracks behavior of unknown processes and known good processes gone bad. Dynamic Signature Service Queries reputation data on “interesting” files. If a file is known bad, a new signature is delivered to the requesting client in real time. Network Vulnerability Shielding Inspects all traffic for known exploits to known vulnerabilities. If system is already patched, this feature is automatically disabled.
Windows Intune Update Process Managed Computer Microsoft Update Service Windows Intune administrator console 4-Approved for deployment? 5-Approved 3-These updates apply to me 7-Download and install updates 1-Any new updates? 6-Check for approved updates 2 -Any new updates?
Windows Intune Groups The default groups are All Computers and Unassigned Computers On client installation, computers are added to both default groups Create custom groups to organize computers in your customers’ organizations Computers can belong to multiple groups Deploy updates and policies to groups Child groups inherit updates and policies from parent groups Windows Intune groups are independent of Active Directory groups
Policy Application Policies enable you to centrally control settings on managed computers After you create policies, you deploy them to one or more computer groups Policy changes are distributed as updates to managed computers Policy conflicts management:
Policy Application Policy 1 Policy 2 Policy 3 Group Policy settings take precedence
Alerts Alert types: Endpoint Protection Monitoring Notices Policy Remote Assistance System Updates Alert severity levels: – Critical – Warning – Informational
Alerts Endpoint Protection . This appears in the console when a managed computer has been infected by malicious software and there are tasks that you should perform in Windows Intune to investigate or follow up. This type of alert also occurs if there are problems with the Endpoint Protection client. Monitoring . This appears in the console when health issues for specific applications or operating systems occur on a managed computer. These issues can include running out of disk space or there being insufficient RAM on a managed computer. Monitoring alerts are organized into subcategories that include Microsoft desktop applications such as the 2007 Microsoft Office system and the 2003 Microsoft Office System, Microsoft Office XP, Windows 7, Windows Vista, and Windows XP. Notices . This appears in the console when updated Windows Intune client software is available for download in the Administration workspace. Policy . This appears in the console when there are problems with a policy on a managed computer. Remote Assistance . This appears in the console when a user requests remote assistance. System . This appears in the console when deployment of the Windows Intune software has failed. Updates . This appears in the console when you need to review and approve security or critical updates.
Alerts
Recipients Service administrators use the Windows Intune administrator console to manage PCs E-mail notification recipients receive messages when particular alerts occur: Administrators can be recipients, but recipients are not necessarily administrators Recipient management involves: Adding recipients—administrators are automatically recipients Configuring notification rules
Software Management The Software workspace is built upon Microsoft Asset Inventory Service (AIS) It provides data on installed software on all managed computers Each software title has an entry in the list: Software publisher Name Installation count Category Software reports are available in the Reports workspace
Software Management Platform and management— Desktop and network infrastructure and management software that enables users to control the computer operating environment, hardware components and peripherals, and infrastructure services and security Education and reference— Training or help files for a specific application Home and entertainment— Applications that are primarily designed for use in or for the home, or for entertainment Content and communications— Typically includes Office productivity suites, multimedia players, file viewers, Web browsers, and collaboration tools Operations and professional— Applications that are designed for business uses such as enterprise resource management, customer relations management, and supply chain and manufacturing tasks Product manufacturing and service delivery— Product manufacturing and service delivery applications that help users create products or deliver services in specific industries Line of business— Used for critical business software such as accounting applications for an accounting firm or supply chain management for an Internet sales company
Software Management
Hardware Management
License Management
Reporting Windows Intune supports two types of reports: Custom reports that export data from the current screen Reports in the Reports workspace Report types: Update status reports Software reports License reports: Installation Report Purchase Report
Reporting
Windows Intune Center
Windows Update Services
Endpoint Protection
Remote Assistance It is based on the Microsoft Easy Assist Live Meeting service: Firewall “friendly”: ports 80 and 443 Initiated by the end user It enables: Desktop sharing Application sharing Secure chat File transfer Multiway sessions
Microsoft Easy Assist It is only required on: Administrator computers that Windows Intune does not manage It enables: Desktop sharing Application sharing Secure chat File transfer Multiway sessions http:// support.microsoft.com/gp/cp_livemeeting2007_easyassist
Troubleshooting Log files % programfiles%\Microsoft\OnlineManagement\Logs\ Deployment Errors http://onlinehelp.microsoft.com/en-us/windowsintune/ff628150.aspx
More Information Forum: http://social.technet.microsoft.com/Forums/en-US/windowsintune/threads Blog : http://blogs.technet.com/b/windowsintune/ Facebook : http://www.facebook.com/WindowsIntune Twitter : http:// twitter.com/windowsintune Springboard Series: http://windowsteamblog.com/windows/b/springboard /
Windows Intune What’s Next? Sign up for a trial account microsoft.com/windows/windowsintune/pc-management-how-to-try-and-buy.aspx Follow the trial guide : microsoft.com/windows/windowsintune/get-the-most-from-your-trial.aspx Provide feedback in the forum Help M icrosoft prepare for the next release.
Cost Cost Intune costs £7.25 per managed PC per month MDOP costs £0.60 per managed PC per month
Q&A
Mark Parris MCM & MVP: Directory Services @markparris http://markparris.co.uk/feed mark@parris.co.uk Windows Intune
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows 7, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries . The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.