- Azure Sentinel—A real-world example - Tue, Oct 12 2021
- Deploying Windows Hello for Business - Wed, Aug 4 2021
- Azure Purview: Data governance for on-premises, multicloud, and SaaS data - Wed, Feb 17 2021
The fist part of this series introduced Windows Intune. In this second part of this Windows Intune review we’ll explore the Intune user interface and discover how the different components make the solution tick.
System Overview
This workspace gives a quick look at the overall health of all monitored computers; broken down into issues with Endpoint Protection (Anti-malware), agent health, other alerts, update status as well as letting you create computer groups and view reports.
Agents that haven’t communicated for a while are flagged, to avoid that false sense of security that green ticks can give; just because there hasn’t been any information communicated back to the cloud.
Computers
Computers can be collated into groups, a computer account can belong to more than one group and you can have nested groups. The main use of groups is to target policies as well as structuring large number of accounts; whatever method makes sense can be used. For instance you could group computers based on geographical location, in my setup I divided accounts into domain and non-domain joined clients.
When a new agent is installed that computer is placed in the built in Unassigned Computers group and you can manually move it into the appropriate group (s). For each PC the OS, name and group membership is listed along with security, update and alert status. If you drill down into a particular computer account a full hardware and software inventory list is presented as well as detailed update and alert status along with any malware infections. For a particular application you can click its name to see a list of which other computers have that same program installed.
Updates
Windows Intune is your Windows Server Update Services (WSUS) server in the cloud and in this workspace you can approve or reject updates and select which products and classifications (security, critical, definition etc.) to cover. Here you’ll also find a list of all updates that are waiting to be installed as well as any problem with updates. In comparison to the non-interactive Updates report (see part 3) this view is more powerful as it allows you to drill down to whatever level of detail you require. Just as in WSUS you can create auto-approval rules to push out security updates for instance as soon as they’re released. Another common practise is to create a separate computer group with a few “guinea pig” PCs; push updates to those computers automatically and then approve the updates for the rest of the machines if no issues are discovered.
Control your Windows and Microsoft application patches as easy as in WSUS
Endpoint Protection
The Windows Intune Endpoint Protection is based on Forefront Endpoint Protection (FEP) which in my experience is a good anti-malware solution. The default policy will only install Endpoint Protection if the computer doesn’t have suitable anti malware already installed but you can change this policy and force installation which will disable the current solution.
Malware and computers with security issues are listed in two separate areas and past malware infections are kept in a list with links to information about each infection.
Remote Assistance is a very handy tool to have when your users are in a tight spot
Alerts
There are 380 alerts built into Intune although a large proportion is disabled by default. You can view all Alerts or filter the view based on the source such as Monitoring, Policy, System and Updates as well as other categories. Just in case you don’t spend your entire life staring at the Intune console you can set up Alert Notifications; currently only via email. A remote assistance request from a client computer will also raise an alert, make sure you add an email notification for that because if a user is asking for help, they generally want it NOW. You can’t change the built in alerts, nor can you add your own and they currently only cover Microsoft technologies (and hardware issues).
The list of available alerts is long indeed, I just wish I could build my own alerts
In the third instalment of this series we’ll finish the exploration of the Intune console and the different workspaces.
