online services for pc management introducing windows intune n.
Skip this Video
Loading SlideShow in 5 Seconds..
Online Services for PC Management: Introducing Windows Intune PowerPoint Presentation
Download Presentation
Online Services for PC Management: Introducing Windows Intune

Online Services for PC Management: Introducing Windows Intune

241 Views Download Presentation
Download Presentation

Online Services for PC Management: Introducing Windows Intune

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Required Slide SESSION CODE: WCL203 Online Services for PC Management: Introducing Windows Intune Marc Shepard Principal Program Manager Lead Microsoft Corporation

  2. Session Objectives and Takeaways • Session Objective(s): • Overview of the Windows Intune offering • Demonstrate the functionality of the Windows Intune service • Takeaways: • Describe how Windows Intune relates to Microsoft’s cloud strategy • Describe how Windows Intune saves customers time and money when managing PCs • Describe the functionality and scope of the Windows Intune service


  4. Solution - Cloud Services & Windows 7 Challenges in Managing Business PCs Multiple Configurations,Versions, Licenses Manage & Secure PCs Anywhere (Cloud services) Workers in Many Locations The Best Windows Experience(Standardize OS on Windows 7) Lack of Insight to PCs Fits Your Business (Big result with low investment) High Infrastructure Investments Required

  5. The Best Windows ExperienceGet Windows 7 Enterprise and More • Standardize on a single version of Windows to increase efficiency • Upgrade to Windows 7 Enterprise • Downgrade or run any version of your choice BitLocker To Go Improved UI & Search Better Mobility Experience Speed, reliability, and responsiveness • Upgrades to future Windows versions

  6. Help Manage & Secure PCs AnywhereWindows Intune Cloud Service • Protect PCs from malware • Manage updates • Proactively monitor PCs • Provide remote assistance • Inventory hardware and software • Set security policies • Enable a Mobile Workforce • Users can be managed from the office, branch office, or on the road • IT and partners can work from anywhere too

  7. Requirements • Administrative Console • A browser that supports Silverlight 3.0 • Managed Machines • Windows 7 Enterprise, Ultimate and Professional • Windows Vista Enterprise, Ultimate and Business • Windows XP Professional, Service Pack SP2 or SP3 (recommended)

  8. Service Architecture Windows Intune Service Monitor Support Ops and Support SSL, WCF, Certs SSL, WCF, LiveID • Proven agent technology • Highly available • Secure • Multitenant • Scalable • Private Windows Update Agent SCOM Malware Protection (FEP) Lantern (SCCM DCM) EZ Assist Admin

  9. What you DON’T need to do to deploy Windows Intune(aka “why manage through the cloud?”) • Build and maintain server infrastructure • Purchase server hardware, OS licenses, management software, etc. • Install and configure each server (OS, database, security software, management software, etc.) • Integrate into your networking environment • Secure it • Design for security (physical, networking, database, etc.) • Assess and manage security on an ongoing basis • Make it highly available • Design and implement a high-availability configuration (no single point of failure) • Design and implement health monitoring (so you can respond to issues quickly) • Design and implement a disaster recovery plan (backup, recovery, document the plan, fire drills, redundancy across physical locations, etc.) • Support roaming machines • Deploy internet-facing servers with additional hardening • Capacity planning • Design for current capacity with plans to scale as your business grows

  10. Getting Started with Windows Intune Microsoft Online Sign Up Log In • Create additional administrators • Initial Configuration • Update Products/Classifications • Auto approval rules • Agent policy • Groups • Alerts and notifications • Create additional administrators • (Tenant Admins) Enroll your computers Download enrollment package from console

  11. Initial Deployment Checklist • Chose a technique to deploy the enrollment MSIs • GP-SI, psexec, login script, email, ACLed public share, … • Enrollment will fail after seat limit is reached • Can retire computers or purchase more seats • Define your initial group structure • Newly enrolled computers go to “Unassigned Computers” • Can create additional (nested) groups as needed for reporting/policy boundaries • Typically by role or region (often nested by one then the other) • Machines can belong to multiple hierarchies • Configure polices as needed • Malware Protection: Conditionally enabled, … • Windows Update: Daily scheduled install, … • Firewall: Not configured, … If using GPOs, filter them to not apply to Windows Intuneclients (else GP overrides) • Add admins, configure alert notifications, deploy security updates Microsoft Confidential

  12. Windows Intune Deployment Overview Admin console overview, Administrators, Groups and Computer Enrollment DEMO

  13. Update Management • Builds on WSUS and Microsoft Update framework • Design your update management workflows. Examples: • Auto-approve security updates to “All Computers” • Manually approve “needed” non-SP updates to “Test”, then to “All Computers” a week later • Manually approve a needed service pack to Test, gradually rollout via existing target groups (typically in a region/role structure). • Configuration options • Products and classifications (what updates do you want to manage) • Auto approval rules (do you want to automate initial approvals?) • WUA policies (e.g., daily or weekly scheduled install) • Can customize WUA “scanning, downloading, and installing” sample vb script for advanced scenarios; patch on first boot, non-standard install schedule, etc. • Management tasks (ongoing management is a trivial amount of work each patch Tuesday): • Alerts for new updates to be approved • Approve and/or decline updates • Monitor status (needed, pending, failed, etc.) at the system, group, computer and update levels Microsoft Confidential

  14. Malware Protection • Built on the Microsoft Malware Protection Engine • Provides anti-Virus, Anti-Spyware, and Anti-Malware capabilities (cleanup, blocking, quarantine, etc) • Used by Forefront Endpoint Protection and Microsoft Security Essentials • Design your malware response workflows • Network quarantine? • Flatten or fix? • Based on severity, type, instance or frequency? • Run either Windows Intune malware protection agent or a 3rd party malware protection software • Default policy is Windows Intuneis disabled if installed when 3rd party solution is present • System-wide, per group and per computer status • Computers that are not protected • Computers with protection warnings (scan overdue, definitions out-of-date, RTP disabled, etc.) • Recently resolved malware or malware needing follow up • Computers running 3rd party malware protection software • Alerts for new malware (so ongoing work is just reacting per you workflow) Microsoft Confidential

  15. Windows Intune Ongoing Management DEMO

  16. Asset Management • Software Inventory • Account-wide and per-computer list of detected software • Categorized through the Asset Inventory Service (AIS) catalog • License Management • Import of agreement pairs • Retrieval of entitlements from the Customer License Position (CLP) service • License purchase and installation reports • Per-computer hardware Inventory • Per computer list of hardware components Microsoft Confidential

  17. Windows Intune Asset Management DEMO

  18. The Client Experience • Local application installed on managed PC • Malware Protection • Update Management • Remote Assistance • Initiated by end user requesting assistance • Alert generated in admin console • “Handshake” to initiate remote assistance session Microsoft Confidential

  19. End-user Assistance DEMO

  20. Key takeaways • Windows Intune is an all-in-one solution: • Cloud based security and management service • All you need is an internet connection • Manage remote machines, manage them from anywhere • The latest version of Windows Enterprise • Highly available, secure, private, scalable, multi-tenant service • Uses proven agent technology • Simple to use, but scales to a large number of machines • Does not have parity with SCCM • Suitable for some targeted enterprise scenarios (acquisition, remote branches, simple needs) • Roadmap is to address all business customers

  21. Milestones • Public Beta released April 2010 • US, Canada, Mexico, Puerto Rico • Opened to first 1000 customers, closed the next day due to high demand • GA: Within a year of beta • North America and EU

  22. Where do I find out more? • Product Overview: • • TechCenter: • • Windows Intune Team Blog: •

  23. What is the Springboard Series? The Springboard Series IT pro experience offers dynamic content and structured guidance across the adoption lifecycle • Inside of Microsoft we are • A turnkey IT pro engagement platform for depth and breadth • The program to mobilize MS marketing and field to focus on desktop OS IT pros • To the IT pro, our goal is • Be the definitive resource for Desktop IT pros • Open, honest; show don’t tell • Information at right time, right level across Adoption Lifecycle DISCOVER EXPLORE PILOT DEPLOY MANAGE How does it change my work? How do I maintain and optimize? Is it worth the pain? Is our environment ready? Is the organization ready? Weekly, Monthly and Quarterly Rhythm of Topical Content Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides one-Windows TechCenter in 10 languages TalkingAboutWindows Video Blogs Virtual Roundtable Events Visit the Springboard Series on TechNet at

  24. Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources • Resources for IT Professionals • Resources for Developers • •

  25. Required Slide Complete an evaluation on CommNet and enter to win!

  26. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year

  27. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.