Implementing and Supporting Windows Intune Module 3: Computer Administration by Using Windows Intune Module Overview Understanding Groups Creating and Populating Groups The Windows Intune Update Process Update States Managing Updates Deploying Updates Managing Endpoint Protection Windows Intune Policy Concepts Windows Intune Policy Templates Creating and Deploying Windows Intune Policies Lab 3: Computer Administration by Using Windows Intune 1
Understanding Groups The default groups are All Computers and Unassigned Computers On client installation, computers are added to both default groups Create custom groups to organize computers in your customers organizations Computers can belong to multiple groups Deploy updates and policies to groups Child groups inherit updates and policies from parent groups Windows Intune groups are independent of Active Directory groups Creating and Populating Groups 1. Log on to the Windows Intune account that you want to manage 2. In the workspace shortcuts pane, click the Computers icon 3. In the navigation pane, click Overview if it is not already selected 4. On the Computers Overview page, under Tasks, click Create Computer Group 5. Type the name and description for the group 6. Select a parent group 7. Add member computers, and then create the computer group 2
The Windows Intune Update Process Microsoft Update Service Windows Intune Administrator Console 5-Approved Managed Computer 4-Approved for deployment? Cloud Service Update States Applies to State Description Update-specific state (applies only to an update) Approved Using the Approve window, the administrator has specified whether to install, not install, or uninstall updates to groups by clicking Install, Do Not Install, or Uninstall Declined The administrator has declined the update, so it should not be deployed to any computer Computer-specific and updatespecific state (can apply to a computer and an update) Unknown The update was published and is available for deployment in the administrator console, but the computer has not yet evaluated it Needed The computer has evaluated the applicability rules for the update and requested that it be deployed for installation through its group membership Failed The computer attempted to install the update, but failed Pending The administrator has approved the update for the computer, but the computer has not yet attempted to install it Needing Additional Updates The administrator has declined the update for the computer, but the computer is requesting installation of the update as determined by applicability rules 3
Managing Updates Deploying Updates Select updates individually or as groups by using the SHIFT or CTRL keys Deploy to the All Computers group for all managed computers or custom groups for smaller deployments An approved update is not pushed to a computer Best Practices Create automatic approval rules for Critical, Security, and Definition Updates Set up the Update Test group for lower-priority updates Use the Windows Intune Agent Settings policy to apply standard policies For sites with a large number of computers, stage deployments of larger updates to protect Internet bandwidth 4
Managing Endpoint Protection Schedule scans Default quick scans are scheduled daily at 02:00 Policyy can control scan options: p Run full scans Define the types of files and folders to scan Check for definitions Enable Endpoint Protection on the managed computer Enable real-time protection Track resolved malicious software (in days) Join SpyNet and set Membership level Note: If third-party malicious software protection is installed when Windows Intune is installed, the Windows Intune Endpoint Protection agents will not be installed by default Windows Intune Policy Concepts Policies enable you to centrally control settings on managed computers After you create policies, you deploy them to one or more computer groups Policy changes are distributed as updates to managed computers Policy conflicts? 9 Group Policy settings take precedence Policy 1 Policy 2 Policy 3 5
Windows Intune Policy Templates Creating and Deploying Windows Intune Policies 1. Select policy template: Windows Intune Agent Settings Windows Intune Center Settings g Windows Firewall Settings 2. Name and assign settings 3. Deploy or save for later Best Practices: Set Default policies for All Computers to set a Policy baseline You can assign more specific policies to lower groups Policies are not pushed, so plan ahead Computer Group 6
Lab 3: Computer Administration by Using Windows Intune Exercise 1: Adding Computers to Groups Exercise 2: Creating and Applying Policies to Groups Exercise 3: Configuring Automatic Update Approvals Estimated time to complete this lab: 45 minutes Summary Understanding Groups Creating and Populating Groups The Windows Intune Update Process Update States Managing Updates Deploying Updates Managing Endpoint Protection Windows Intune Policy Concepts Windows Intune Policy Templates Creating and Deploying Windows Intune Policies Lab 3: Computer Administration by Using Windows Intune 7
Q&A Implementing and Supporting Windows Intune Module 3: Computer Administration by Using Windows Intune 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentations. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 8