Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mark Parris MCM & MVP: Directory Windows Intune.

Published byAllison Anthony Modified over 8 years ago

Similar presentations

Presentation on theme: "Mark Parris MCM & MVP: Directory Windows Intune."— Presentation transcript:

1

2 Mark Parris MCM & MVP: Directory Services @markparris http://markparris.co.uk/feed mark@parris.co.uk Windows Intune

3 Agenda Windows Intune: Overview Windows Intune: Requirements Windows Intune: Architecture Windows Intune: A Deeper Dive What’s Next? Questions? More Info

4 Windows Intune Overview Windows Intune is a Windows CLIENT, cloud based management solution Windows Intune works on domain and non domain joined PC’s Security is certificate based. Requires no server infrastructure to deploy.

5 Availability Serviced from 6 Global datacenters.

6 Availability Serviced from 6 Global datacenters.

7 Capabilities Protect PCs from malware with centralised protection built on the Microsoft Malware Protection Engine. This leverages the same trusted technologies as Forefront Endpoint Protection and Microsoft Security Essentials. Centrally manage the deployment of Microsoft updates and service packs to all your PCs. Proactively monitor PCs with alerts on updates and threats so that they can identify and resolve issues before they significantly impact productivity.

8 Capabilities Provide remote assistance regardless of where the partner or user is located. Track hardware and software inventory to help customers in IT planning and asset management purposes. Set security policies. Centrally manage update, firewall, and malware protection settings across all PCs, even on remote machines outside the corporate network.

9 Windows Intune Requirements Administrative Console A browser that supports Silverlight 3.0 Clients that can be managed 32-bit & 64-bit versions of: Windows 7 Enterprise, Ultimate and Professional Windows Vista Enterprise, Ultimate and Business Windows XP Professional SP2 or SP3 (SP3 recommended)

10 Windows Intune Requirements Hardware Internet Connection 500 MHZ CPU 256MB RAM 200MB Disk Space

11 Additional Benefits Microsoft Desktop Optimization Pack (MDOP) Available as an optional add-on ( Application Virtualization (App-V); Enterprise Desktop Virtualization (MED-V); Advanced Group Policy Management (AGPM); Diagnostics and Recovery Toolset (DaRT); BitLocker Administration and Monitoring (MBAM); Asset Inventory Service (AIS) ). Standardise the Windows Client Windows Intune subscribers can standardise on Windows 7 Enterprise or any other supported version of Windows (7, Vista or XP) and have upgrade rights to future versions of Windows.

12 Windows Intune Architecture  Agents report to the Windows Intune service  Support engineers access the data via the Web-based console  Ports 80 and 443 are all that is required for agent communications  Windows Live ID is required for administrative access

13 Administration Console

14 Installation Process Package Download Installation Initial Agent Install Agent Download and Report Reboot typically Required Delete - WindowsIntune.accountcert

15 Intune Components Component & Path Windows Intune %ProgramFiles%\Microsoft\OnlineManagement\Common\*.* Windows Intune Center %ProgramFiles%\Microsoft\OnlineManagement\Client UI\*.* Windows Intune Endpoint Protection %ProgramFiles%\Microsoft\OnlineManagement\Host Protection\HostProtection\*.* Windows Intune Monitoring Agent %ProgramFiles%\Microsoft\OnlineManagement\Monitoring\*.* Microsoft Online Management Policy Agent %ProgramFiles%\Microsoft\OnlineManagement\PolicyAgent\*.* Microsoft Easy Assist %ProgramFiles(x86)%\Microsoft Easy Assist\*.* Microsoft Policy Platform %ProgramFiles%\Microsoft Policy Platform\*.* Microsoft System Center Operations Manager 2007 R2 Agent %ProgramFiles%\System Center Operations Manager 2007\*.* Windows Firewall Configuration Provider %ProgramFiles%\Windows Firewall Configuration Provider\*.* Microsoft Online Management Update Manager %ProgramFiles%\Microsoft\OnlineManagement\Updates\*.*

16 Client Software Switches Available installer switches: Windows_Intune_Setup.exe /? Windows_Intune_Setup.exe /quiet Windows_Intune_Setup.exe /extract %Temp%

17 Deployment Methods Direct Download Network Share Flash Drive Electronic Software Distribution Software Publishing MDT 2010 3 rd Party solution Remember to protect your Cert!

18 Installation Behaviour Changes Is AV installed ? Start Client Installation Is MSE or FEP installed ? Upgrade to WIEP Install WIEP Is EP Policy enabled ? Is AV upgradable ? Do not install WIEP Install WIEP in parallel Uninstall AV & install WIEP YY YY N N N N

19 Script Solutions Uninstall Script Available via: mymfe.microsoft.com/WindowsIntune/Feedback.aspx?formID=615 mymfe.microsoft.com/WindowsIntune/Feedback.aspx?formID=615 AgentUninstall_Intune.cmd Enact Policy Now Script Available from the Windows Intune Support team. EnactPolicy.ps1 EnactPolicy.cmd

20 Malware Protection Updates Protection Agents updated to FEP 2010 Malware Protection renamed Windows Intune Endpoint Protection. Proactive Detection 8 Hour Update Cycle

21 Proactive Detection Generics/Heuristics Allows a single signature to detect thousands of files, using emulated behavior or binary characteristics. Dynamic Translation Translates code that accesses real resources (unsafe) into code that accesses virtualized resources (safe). Behavioral Monitoring Tracks behavior of unknown processes and known good processes gone bad. Dynamic Signature Service Queries reputation data on “interesting” files. If a file is known bad, a new signature is delivered to the requesting client in real time. Network Vulnerability Shielding Inspects all traffic for known exploits to known vulnerabilities. If system is already patched, this feature is automatically disabled.

22 Windows Intune Update Process Managed Computer Microsoft Update Service Windows Intune administrator console 4-Approved for deployment? 5-Approved 3-These updates apply to me 7-Download and install updates 1-Any new updates? 6-Check for approved updates 2-Any new updates?

23 Windows Intune Groups The default groups are All Computers and Unassigned Computers On client installation, computers are added to both default groups Create custom groups to organize computers in your customers’ organizations Computers can belong to multiple groups Deploy updates and policies to groups Child groups inherit updates and policies from parent groups Windows Intune groups are independent of Active Directory groups

24 Policy Application  Policies enable you to centrally control settings on managed computers  After you create policies, you deploy them to one or more computer groups  Policy changes are distributed as updates to managed computers  Policy conflicts management:

25 Policy Application Policy 1 Policy 2 Policy 3 Group Policy settings take precedence

26 Alerts –Alert types: Endpoint Protection Monitoring Notices Policy Remote Assistance System Updates –Alert severity levels: – Critical – Warning – Informational

27 Alerts Endpoint Protection. This appears in the console when a managed computer has been infected by malicious software and there are tasks that you should perform in Windows Intune to investigate or follow up. This type of alert also occurs if there are problems with the Endpoint Protection client. Monitoring. This appears in the console when health issues for specific applications or operating systems occur on a managed computer. These issues can include running out of disk space or there being insufficient RAM on a managed computer. Monitoring alerts are organized into subcategories that include Microsoft desktop applications such as the 2007 Microsoft Office system and the 2003 Microsoft Office System, Microsoft Office XP, Windows 7, Windows Vista, and Windows XP. Notices. This appears in the console when updated Windows Intune client software is available for download in the Administration workspace. Policy. This appears in the console when there are problems with a policy on a managed computer. Remote Assistance. This appears in the console when a user requests remote assistance. System. This appears in the console when deployment of the Windows Intune software has failed. Updates. This appears in the console when you need to review and approve security or critical updates.

28 Alerts

29 Recipients Service administrators use the Windows Intune administrator console to manage PCs E-mail notification recipients receive messages when particular alerts occur: Administrators can be recipients, but recipients are not necessarily administrators Recipient management involves: Adding recipients—administrators are automatically recipients Configuring notification rules

30 Software Management The Software workspace is built upon Microsoft Asset Inventory Service (AIS) It provides data on installed software on all managed computers Each software title has an entry in the list: Software publisher Name Installation count Category Software reports are available in the Reports workspace

31 Software Management Platform and management—Desktop and network infrastructure and management software that enables users to control the computer operating environment, hardware components and peripherals, and infrastructure services and security Education and reference—Training or help files for a specific application Home and entertainment—Applications that are primarily designed for use in or for the home, or for entertainment Content and communications—Typically includes Office productivity suites, multimedia players, file viewers, Web browsers, and collaboration tools Operations and professional—Applications that are designed for business uses such as enterprise resource management, customer relations management, and supply chain and manufacturing tasks Product manufacturing and service delivery—Product manufacturing and service delivery applications that help users create products or deliver services in specific industries Line of business—Used for critical business software such as accounting applications for an accounting firm or supply chain management for an Internet sales company

32 Software Management

33 Hardware Management

34 License Management

35 Reporting Windows Intune supports two types of reports: Custom reports that export data from the current screen Reports in the Reports workspace Report types: Update status reports Software reports License reports: Installation Report Purchase Report

36 Reporting

37 Windows Intune Center

38 Windows Update Services

39 Endpoint Protection

40 Remote Assistance It is based on the Microsoft Easy Assist Live Meeting service: Firewall “friendly”: ports 80 and 443 Initiated by the end user It enables: Desktop sharing Application sharing Secure chat File transfer Multiway sessions

41 Microsoft Easy Assist –It is only required on: Administrator computers that Windows Intune does not manage –It enables: Desktop sharing Application sharing Secure chat File transfer Multiway sessions http://support.microsoft.com/gp/cp_livemeeting2007_easyassist

42 Troubleshooting Log files %programfiles%\Microsoft\OnlineManagement\Logs\ Deployment Errors http://onlinehelp.microsoft.com/en-us/windowsintune/ff628150.aspx

43 More Information Forum: http://social.technet.microsoft.com/Forums/en-US/windowsintune/threads Blog: http://blogs.technet.com/b/windowsintune/ Facebook: http://www.facebook.com/WindowsIntune Twitter: http://twitter.com/windowsintune Springboard Series: http://windowsteamblog.com/windows/b/springboard/

44 Windows Intune What’s Next? Sign up for a trial account microsoft.com/windows/windowsintune/pc-management-how-to-try-and-buy.aspx Follow the trial guide: microsoft.com/windows/windowsintune/get-the-most-from-your-trial.aspx Provide feedback in the forum Help Microsoft prepare for the next release.

45 Cost Intune costs £7.25 per managed PC per month MDOP costs £0.60 per managed PC per month

46 Q&A

47 Mark Parris MCM & MVP: Directory Services @markparris http://markparris.co.uk/feed mark@parris.co.uk Windows Intune

48 © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows 7, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Mark Parris MCM & MVP: Directory Windows Intune."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.

WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.
Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation

Dan Stolts IT Pro Evangelist US DPE - North East Microsoft Corporation
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
03 | Application Lifecycle Management Susan Ibach| Technical Evangelist Christopher Harrison | Head Geek.

03 | Application Lifecycle Management Susan Ibach| Technical Evangelist Christopher Harrison | Head Geek.
Mark O’Shea Partner Technology Advisor – SMB Microsoft Australia.

Mark O’Shea Partner Technology Advisor – SMB Microsoft Australia.
02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.

02 | Install and Configure Team Foundation Server Anthony Borton | ALM Consultant, Enhance ALM Steven Borg | Co-founder & Strategist, Northwest Cadence.
Wally Mead Senior Program Manager Microsoft Corporation Session Code: MGT303.

Wally Mead Senior Program Manager Microsoft Corporation Session Code: MGT303.
Cloud Examples Is The Cloud a Threat For IT Pro’s Windows Intune Wrap-Up Q and A.

Cloud Examples Is The Cloud a Threat For IT Pro’s Windows Intune Wrap-Up Q and A.
Ran Oelgiesser, Sr. Product Manager Praveen Vijayaraghavan, Program Manager (Virtual PC) Yigal Edery, Group Program Manager (MED-V)

Ran Oelgiesser, Sr. Product Manager Praveen Vijayaraghavan, Program Manager (Virtual PC) Yigal Edery, Group Program Manager (MED-V)
Ravi Sankar Technology Evangelist | Microsoft Corporation

Ravi Sankar Technology Evangelist | Microsoft Corporation
Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.

Walter Pitrof Technology Solution Professional Microsoft Switzerland Backup, Restore und Disaster Recovery mit Data Protection Manager 2012 Philipp Witschi.
Wally Mead Senior Program Manager Microsoft Corporation.

Wally Mead Senior Program Manager Microsoft Corporation.
Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.

Microsoft Desktop Virtualization Migrating to Windows 7 With MED-V.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Arun Subramanian Product Marketing Lead – Windows Client.

Arun Subramanian Product Marketing Lead – Windows Client.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Similar presentations

Ads by Google