1 / 47

Mark Parris MCM & MVP: Directory Services

Windows Intune. Mark Parris MCM & MVP: Directory Services. @markparris. http://markparris.co.uk/feed. mark@parris.co.uk. Agenda. Windows Intune: Overview Windows Intune: Requirements Windows Intune: Architecture Windows Intune: A Deeper Dive What’s Next? Questions? More Info.

andren
Download Presentation

Mark Parris MCM & MVP: Directory Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Intune Mark Parris MCM & MVP: Directory Services @markparris http://markparris.co.uk/feed mark@parris.co.uk

  2. Agenda Windows Intune: Overview Windows Intune: Requirements Windows Intune: Architecture Windows Intune: A Deeper Dive What’s Next? Questions? More Info

  3. Overview Windows Intune • Windows Intune is a Windows CLIENT, cloud based management solutionWindows Intune works on domain and non domain joined PC’s • Security is certificate based. • Requires no server infrastructure to deploy.

  4. Availability Serviced from 6 Global datacenters.

  5. Availability Serviced from 6 Global datacenters.

  6. Capabilities • Protect PCs from malware with centralised protection built on the Microsoft Malware Protection Engine. This leverages the same trusted technologies as Forefront Endpoint Protection and Microsoft Security Essentials. • Centrally manage the deployment of Microsoft updates and service packs to all your PCs. • Proactively monitor PCs with alerts on updates and threats so that they can identify and resolve issues before they significantly impact productivity.

  7. Capabilities • Provide remote assistance regardless of where the partner or user is located. • Track hardware and software inventory to help customers in IT planning and asset management purposes. • Set security policies. Centrally manage update, firewall, and malware protection settings across all PCs, even on remote machines outside the corporate network.

  8. Requirements Windows Intune • Administrative ConsoleA browser that supports Silverlight 3.0 • Clients that can be managed • 32-bit & 64-bit versions of:Windows 7 Enterprise, Ultimate and Professional • Windows Vista Enterprise, Ultimate and Business • Windows XP Professional SP2 or SP3 (SP3 recommended)

  9. Requirements Windows Intune HardwareInternet Connection 500 MHZ CPU 256MB RAM 200MB Disk Space

  10. Additional Benefits • Microsoft Desktop Optimization Pack (MDOP)Available as an optional add-on(Application Virtualization (App-V); Enterprise Desktop Virtualization (MED-V); Advanced Group Policy Management (AGPM); Diagnostics and Recovery Toolset (DaRT); BitLocker Administration and Monitoring (MBAM); Asset Inventory Service (AIS) ). • Standardise the Windows ClientWindows Intune subscribers can standardise on Windows 7 Enterprise or any other supported version of Windows (7, Vista or XP) and have upgrade rights to future versions of Windows.

  11. Windows Intune Architecture • Agents report to the Windows Intune service • Support engineers access the data via the Web-based console • Ports 80 and 443 are all that is required for agent communications • Windows Live ID is required for administrative access

  12. Administration Console

  13. Installation Process • Package Download • Installation • Initial Agent Install • Agent Download and Report • Reboot typically Required • Delete - WindowsIntune.accountcert

  14. Intune Components Component & Path Windows Intune %ProgramFiles%\Microsoft\OnlineManagement\Common\*.* Windows Intune Center %ProgramFiles%\Microsoft\OnlineManagement\Client UI\*.* Windows Intune Endpoint Protection %ProgramFiles%\Microsoft\OnlineManagement\Host Protection\HostProtection\*.* Windows Intune Monitoring Agent %ProgramFiles%\Microsoft\OnlineManagement\Monitoring\*.* Microsoft Online Management Policy Agent %ProgramFiles%\Microsoft\OnlineManagement\PolicyAgent\*.* Microsoft Easy Assist %ProgramFiles(x86)%\Microsoft Easy Assist\*.* Microsoft Policy Platform %ProgramFiles%\Microsoft Policy Platform\*.* Microsoft System Center Operations Manager 2007 R2 Agent %ProgramFiles%\System Center Operations Manager 2007\*.* Windows Firewall Configuration Provider %ProgramFiles%\Windows Firewall Configuration Provider\*.* Microsoft Online Management Update Manager %ProgramFiles%\Microsoft\OnlineManagement\Updates\*.*

  15. Client Software Switches • Available installer switches: • Windows_Intune_Setup.exe /? • Windows_Intune_Setup.exe /quiet • Windows_Intune_Setup.exe /extract %Temp%

  16. Deployment Methods • Direct Download • Network Share • Flash Drive • Electronic Software Distribution • Software Publishing • MDT 2010 • 3rd Party solution • Remember to protect your Cert!

  17. Installation Behaviour Changes Start Client Installation Is AV installed ? Is MSE or FEP installed? Y Y Upgrade to WIEP N N Is AV upgradable ? Is EP Policy enabled ? Y Y Install WIEP Uninstall AV & install WIEP N N Do not install WIEP Install WIEP in parallel

  18. Script Solutions • Uninstall Script • Available via: mymfe.microsoft.com/WindowsIntune/Feedback.aspx?formID=615 • AgentUninstall_Intune.cmd • Enact Policy Now Script • Available from the Windows Intune Support team. • EnactPolicy.ps1 • EnactPolicy.cmd

  19. Malware Protection Updates Protection Agents updated to FEP 2010 Malware Protection renamed Windows Intune Endpoint Protection. Proactive Detection 8 Hour Update Cycle

  20. Proactive Detection Allows a single signature to detect thousands of files, using emulated behavior or binary characteristics. Generics/Heuristics Translates code that accesses real resources (unsafe) into code that accesses virtualized resources (safe). Dynamic Translation Tracks behavior of unknown processes and known good processes gone bad. Behavioral Monitoring Queries reputation data on “interesting” files. If a file is known bad, a new signature is delivered to the requesting client in real time. Dynamic Signature Service Inspects all traffic for known exploits to known vulnerabilities. If system is already patched, this feature is automatically disabled. Network Vulnerability Shielding

  21. Windows Intune Update Process Microsoft Update Service Windows Intune administrator console 7-Download and install updates Managed Computer 1-Any new updates? 5-Approved 2-Any new updates? 3-These updates apply to me 4-Approved for deployment? 6-Check for approved updates

  22. Windows Intune Groups • The default groups are All Computers and Unassigned Computers • On client installation, computers are added to both default groups • Create custom groups to organize computers in your customers’ organizations • Computers can belong to multiple groups • Deploy updates and policies to groups • Child groups inherit updates and policies from parent groups Windows Intune groups are independent of Active Directory groups

  23. Policy Application • Policies enable you to centrally control settings on managed computers • After you create policies, you deploy them to one or more computer groups • Policy changes are distributed as updates to managed computers • Policy conflicts management:

  24. Policy Application • Group Policy settings take precedence Policy 1 Policy 3 Policy 2

  25. Alerts • Alert types: • Endpoint Protection • Monitoring • Notices • Policy • Remote Assistance • System • Updates • Alert severity levels: – Critical – Warning – Informational

  26. Alerts • Endpoint Protection. This appears in the console when a managed computer has been infected by malicious software and there are tasks that you should perform in Windows Intune to investigate or follow up. This type of alert also occurs if there are problems with the Endpoint Protection client. • Monitoring. This appears in the console when health issues for specific applications or operating systems occur on a managed computer. These issues can include running out of disk space or there being insufficient RAM on a managed computer. Monitoring alerts are organized into subcategories that include Microsoft desktop applications such as the 2007 Microsoft Office system and the 2003 Microsoft Office System, Microsoft Office XP, Windows 7, Windows Vista, and Windows XP. • Notices. This appears in the console when updated Windows Intune client software is available for download in the Administration workspace. • Policy. This appears in the console when there are problems with a policy on a managed computer. • Remote Assistance.This appears in the console when a user requests remote assistance. • System.This appears in the console when deployment of the Windows Intune software has failed. • Updates.This appears in the console when you need to review and approve security or critical updates.

  27. Alerts

  28. Recipients • Service administrators use the Windows Intune administrator console to manage PCs • E-mail notification recipients receive messages when particular alerts occur: • Administrators can be recipients, but recipients are notnecessarily administrators • Recipient management involves: • Adding recipients—administrators are automaticallyrecipients • Configuring notification rules

  29. Software Management • The Software workspace is built upon Microsoft Asset Inventory Service (AIS) • It provides data on installed software on all managed computers • Each software title has an entry in the list: • Software publisher • Name • Installation count • Category • Software reports are available in the Reports workspace

  30. Software Management Platform and management—Desktop and network infrastructure and management software that enables users to control the computer operating environment, hardware components and peripherals, and infrastructure services and security Education and reference—Training or help files for a specific application Home and entertainment—Applications that are primarily designed for use in or for the home, or for entertainment Content and communications—Typically includes Office productivity suites, multimedia players, file viewers, Web browsers, and collaboration tools Operations and professional—Applications that are designed for business uses such as enterprise resource management, customer relations management, and supply chain and manufacturing tasks Product manufacturing and service delivery—Product manufacturing and service delivery applications that help users create products or deliver services in specific industries Line of business—Used for critical business software such as accounting applications for an accounting firm or supply chain management for an Internet sales company

  31. Software Management

  32. Hardware Management

  33. License Management

  34. Reporting • Windows Intune supports two types of reports: • Custom reports that export data from the current screen • Reports in the Reports workspace • Report types: • Update status reports • Software reports • License reports: • Installation Report • Purchase Report

  35. Reporting

  36. Windows Intune Center

  37. Windows Update Services

  38. Endpoint Protection

  39. Remote Assistance • It is based on the Microsoft Easy Assist Live Meeting service: • Firewall “friendly”: ports 80 and 443 • Initiated by the end user • It enables: • Desktop sharing • Application sharing • Secure chat • File transfer • Multiway sessions

  40. Microsoft Easy Assist • It is only required on: • Administrator computers that Windows Intune does not manage • It enables: • Desktop sharing • Application sharing • Secure chat • File transfer • Multiway sessions http://support.microsoft.com/gp/cp_livemeeting2007_easyassist

  41. Troubleshooting • Log files • %programfiles%\Microsoft\OnlineManagement\Logs\ • Deployment Errors • http://onlinehelp.microsoft.com/en-us/windowsintune/ff628150.aspx

  42. More Information • Forum: • http://social.technet.microsoft.com/Forums/en-US/windowsintune/threads • Blog: • http://blogs.technet.com/b/windowsintune/ • Facebook: • http://www.facebook.com/WindowsIntune • Twitter: • http://twitter.com/windowsintune • Springboard Series: • http://windowsteamblog.com/windows/b/springboard/

  43. What’s Next? Windows Intune • Sign up for a trial account • microsoft.com/windows/windowsintune/pc-management-how-to-try-and-buy.aspx • Follow the trial guide: • microsoft.com/windows/windowsintune/get-the-most-from-your-trial.aspx • Provide feedback in the forum • Help Microsoft prepare for the next release.

  44. Q&A

  45. Windows Intune Mark Parris MCM & MVP: Directory Services @markparris http://markparris.co.uk/feed mark@parris.co.uk

  46. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows 7, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related