Windows Intune is an integrated, cloud-based client management solution that provides tools, reports, and upgrade licenses to the latest version of Windows. Windows Intune helps keep your computers up-to-date and secure, and lets your users more securely access and install targeted licensed software applications and perform other common tasks, from virtually anywhere.
In this blog we will explore the key features, and strengths and weaknesses of Windows Intune.
Requirements
Starting from the requirements Windows Intune client software is supported on both 32-bit and 64-bit versions of:
- Windows 7 Enterprise, Ultimate, and Professional
- Windows Vista Enterprise, Ultimate, and Business
- Windows XP Professional with Service Pack (SP) 3
The Windows Intune Administration, Account and Company Portals are supported on the following web browsers:
- Microsoft Internet Explorer 8.0 and later,
- Google Chrome 19 and later,
- Mozilla Firefox 5 and later.
The Windows Intune Company Portal is also supported on web browsers for the following mobile device platforms: Microsoft Windows Phone 7.0 and later, Google Android 2.1 and later, Apple iOS 4.0 and later.
System Overview
In the admin console, the System Overview workspace provides a central location where you can monitor the overall health of the managed devices. You can view a summary of top alert types, check the system status of several key areas, view summaries of the devices that you are managing, create a new device or user group, or view a report. If an issue occurs, links appear in the affected area to take you directly to the appropriate workspace to investigate and resolve the problem.
Groups
Here is the place you can categorise and group your users and devices. You can create groups by geographic location, department or hardware characteristics and even create dynamic member queries that automatically update the group members based on rules you specify. On the Groups Workspace you can produce a number of reports such as Software reports, Inventories and reports related to the purchased or installed Licenses of your organisation.
Updates
One of the compelling features of Windows Intune is the ability to administer the software update process for all the computers in your organisation. Here you can see a list with the pending updates, approve or decline updates based on machine or user criteria and even configure automatic approval settings. Once the updates are deployed to the client machines, Intune produces a full report listing the installation status for each device.
Windows Intune provides a Cloud Storage space; which utilizes the Windows Azure™ storage platform, on which you can upload non-Microsoft update software packages and then deploy them to the computers of your organisation.
Endpoint Protection
Endpoint Protection helps enhance the security of managed devices by providing real-time protection against potential threats, keeping malicious software definitions up to date, and automatically running scheduled scans. Here you can setup email alerts to notify you in case of a detected threat. You can also schedule automatic scans by using policies or initiate remote scan on specific machines to identify potential issues.
Alerts
Use Alerts workspace to assess the overall health of managed computers in your organization. Identify potential or current problems and take action accordingly to prevent or minimize negative effects on business operations. View all recent alerts to obtain a broad picture of computer health. Investigate specific issues that are occurring on members of specific computer groups or for specific workspaces. Configure email notifications about new alerts of a certain severity level, or remote assistance alerts.
On the Alerts Overview workspace you can also view a list of the users that requested Remote Assistant and initiate a remote control session to further identify and troubleshoot possible issues. End users can use the Company Portal or the Intune client to request Remote Assistance. Many users might receive the following error message on the Intune Client which prevents them from requesting remote assistance:
"The remote assistance software is not installed on your computer, and therefore remote assistance functionality is not available"
This might be cause by a number of reasons depending on your environment. As a first step, you need to make sure that Microsoft Easy Assist V2 client is installed on the end-user's machine. For further information about this issue contact us at info@imgroup.com.
Software
Software workspace lists the detected and managed software that is installed your computers. Software inventory is only available for computers, not mobile devices. Here you can upload managed software packages for which you have appropriate licenses for the Windows, iOS, and Android platforms. You can configure a Required Install deployment to be automatically installed on targeted managed computers without the need for end-user intervention. You can also make a licensed software application available for approved end users to download from the Windows Intune company portal and install on their linked computers or applicable mobile devices.
Licences
In the Licenses workspace lets you add and manage license agreement information for software that was purchased through Microsoft Volume Licensing agreements, and for Microsoft or non-Microsoft software that was purchased by other means. Using this console you can compare the entitlement information that Windows Intune retrieves from Volume Licensing Service Centre to the inventory of Microsoft software that Windows Intune detects on your managed computers and also create license reports that show installation and license counts for software titles.
Policy
Here you can configure policies that manage settings on computers, such as: Updates, Endpoint Protection, Windows Firewall, and Windows Intune Center settings. Also you can deploy policies for mobile devices to manage password policies, active sync policies and device settings.
Reports
The Reports workspace provides detailed reports for software updates, managed and detected software, hardware, and software licenses. You can export reports in csv and htlm formats to be analysed in other reporting tools. Reports can help you confirm current needs and forecast future spending.
Administration
The Administration workspace can be used to manage the settings of the other workspaces and the Company Portal (i.e. what software will be available to your end-users through the Company Portal). Also you can manage the Storage of the Company Portal and your Mobile Devices that user ActiveSync to connect to Exchange. Here you can also configure Intune to send email alerts and notifications to inform you about issues that might arise. Email alerts can are triggered by rules that you specify.
Company Portal
The Company Portal is an end-user focused web portal that allows the end-users to register their computers and mobile devices, search and install for software that was made available through Intune and also request support from the internal helpdesk. When users request remote assistance from the portal, administrators are notified through Intune alerts and are able to respond to the requests.
Active Directory Integration
One of the most important changes in Windows Intune 3.0 is the way that it manages user accounts. Intune integrates with Windows Azure Active Directory, the same directory service that is used by Office 365. This means you will be able to integrate Intune with your existing AD infrastructure and sync pre-existing users and security groups to the service and then manage them through Intune. That change also means a new sign-on service that will allow your end-users and the administrators to use their existing Active Directory corporate credentials (user name and password) to access the Microsoft cloud services.
Single Sign-On
There is a clear benefit to users when you set up single sign-on: it lets them use their corporate credentials to access the cloud service that your company has subscribed to. Users don’t have to sign in again and remember multiple passwords.
One of the compelling features of Windows Intune is the ability to administer the software update process for all the computers in your organisation. Here you can see a list with the pending updates, approve or decline updates based on machine or user criteria and even configure automatic approval settings. Once the updates are deployed to the client machines, Intune produces a full report listing the installation status for each device. Windows Intune provides a Cloud Storage space; which utilizes the Windows Azure™ storage platform, on which you can upload non-Microsoft update software packages and then deploy them to the computers of your organisation.
Endpoint Protection
Endpoint Protection helps enhance the security of managed devices by providing real-time protection against potential threats, keeping malicious software definitions up to date, and automatically running scheduled scans. Here you can setup email alerts to notify you in case of a detected threat. You can also schedule automatic scans by using policies or initiate remote scan on specific machines to identify potential issues.Alerts
Use Alerts workspace to assess the overall health of managed computers in your organization. Identify potential or current problems and take action accordingly to prevent or minimize negative effects on business operations. View all recent alerts to obtain a broad picture of computer health. Investigate specific issues that are occurring on members of specific computer groups or for specific workspaces. Configure email notifications about new alerts of a certain severity level, or remote assistance alerts.On the Alerts Overview workspace you can also view a list of the users that requested Remote Assistant and initiate a remote control session to further identify and troubleshoot possible issues. End users can use the Company Portal or the Intune client to request Remote Assistance. Many users might receive the following error message on the Intune Client which prevents them from requesting remote assistance:
"The remote assistance software is not installed on your computer, and therefore remote assistance functionality is not available"
This might be cause by a number of reasons depending on your environment. As a first step, you need to make sure that Microsoft Easy Assist V2 client is installed on the end-user's machine. For further information about this issue contact us at info@imgroup.com.
Software
Software workspace lists the detected and managed software that is installed your computers. Software inventory is only available for computers, not mobile devices. Here you can upload managed software packages for which you have appropriate licenses for the Windows, iOS, and Android platforms. You can configure a Required Install deployment to be automatically installed on targeted managed computers without the need for end-user intervention. You can also make a licensed software application available for approved end users to download from the Windows Intune company portal and install on their linked computers or applicable mobile devices.Licences
In the Licenses workspace lets you add and manage license agreement information for software that was purchased through Microsoft Volume Licensing agreements, and for Microsoft or non-Microsoft software that was purchased by other means. Using this console you can compare the entitlement information that Windows Intune retrieves from Volume Licensing Service Centre to the inventory of Microsoft software that Windows Intune detects on your managed computers and also create license reports that show installation and license counts for software titles.Policy
Here you can configure policies that manage settings on computers, such as: Updates, Endpoint Protection, Windows Firewall, and Windows Intune Center settings. Also you can deploy policies for mobile devices to manage password policies, active sync policies and device settings.Reports
The Reports workspace provides detailed reports for software updates, managed and detected software, hardware, and software licenses. You can export reports in csv and htlm formats to be analysed in other reporting tools. Reports can help you confirm current needs and forecast future spending.Administration
Company Portal
Active Directory Integration
One of the most important changes in Windows Intune 3.0 is the way that it manages user accounts. Intune integrates with Windows Azure Active Directory, the same directory service that is used by Office 365. This means you will be able to integrate Intune with your existing AD infrastructure and sync pre-existing users and security groups to the service and then manage them through Intune. That change also means a new sign-on service that will allow your end-users and the administrators to use their existing Active Directory corporate credentials (user name and password) to access the Microsoft cloud services.
Single Sign-On
There is a clear benefit to users when you set up single sign-on: it lets them use their corporate credentials to access the cloud service that your company has subscribed to. Users don’t have to sign in again and remember multiple passwords.
In addition to the user benefits, single sign-on will provide many benefits to the administrators of your organisation. Some of these include controlling account policies through Active Directory which gives the administrator the ability to manage password policies, workstation restrictions, lock-out controls, and more, without having to perform additional tasks in the cloud.
There is a number of requirements for single sign-on. Some of these include:
- Preparing your Active Directory
- Deploying two Active Directory Federation Services (AD FS 2.0).
- Deploying two AD FS proxy server, if users will be connecting from outside your company’s network
- Deploying one Directory Synchronisation (DirSync) Server
IMGROUP have built a multi-data centre hosted Single Sign-On (SSO) solution, that provides these roles as a geographically load balanced Cloud service requiring just a
secure Virtual Private Network (VPN) connection to a client site containing an
existing Active Directory server(s).
Learn more about the Cloud Based Single Sign-On solution provided by IMGROUP
