Windows Intune is a new product from Microsoft which is designed for system admins to manage and secure PC’s across an enterprise.
Windows Server administrators have numerous tools to manage a network of Servers (for example security patches etc can be managed in-house using WSUS), however for the managing individual PC’s spread across multiple locations in the enterprise.
Intune is a cloud based solution, allowing administrators to logon to the Intune online portal and manage remote PC’s. Note that every remote PC which is being administered from Intune will need to have the Intune client installed.
Intune can performance the below roles:
- Manage Updates : Manage the deployment of the Windows OS updates and service packs to remote PCs.
- Protect PCs from malware : Helps safeguard the enterprises PCs from the latest threats with centralized protection built using the Microsoft Malware Protection Engine, Microsoft Forefront Endpoint Protection and Microsoft Security Essentials.
- Proactively monitor PCs : Get alerts on updates and threats to proactively identify and resolve problems PCs.
- Provide remote assistance : Resolve PC issues using remote assistance.
- Track hardware and software inventory : Track the hardware and software assets used in the enterprise to efficiently manage your assets, licenses, and compliance.
- Set global security policies : Centrally manage updates as well as firewall and malware protection settings across the enterprise even on remote machines outside the corporate network.
Requirements are quite minimal, for client PCs XP or higher is required and for administrators to access the online portal a browser support Silverlight 2 is required.
Getting Started Using Windows Intune
The first screen you are presented with after logging into the Intune online portal is the Overview screen which provides a summary of the PC system status’ across the enterprise.
Windows Intune Overview Page
Clicking on the Computers link on the left gives a listing of the computers which are being administered using Windows Intune. PCs can also be grouped for the purposes of administration.
Windows Intune Computers Listing
Selecting one of the computers in the listing provides the full details of the hardware and software specs of the PC as well as the system updates applied.
PC System Details
Across the enterprises PCs Intune will show a listing of all the software products installed.
Listing of Software Installed across all the enterprise’s PCs
From the Intune online portal admins can assign updates for distribution to PC’s connected to Intune. Click on security updates for a listing of all updates for the various Windows OSs on the PC’s connected via Intune. The patches can be reviewed and the Approved for distribution to PCs.
Intune provides in-built protection against malware (such as trojans, spyware, rootkits and virsuses) using the Microsoft Malware Protection Engine. PCs will automatically be protected with no intervention required from the administrator via Intune. In the event an attack is detected the malware engine will attempt to block the attack and report the events on Alerts Overview page of the Intune portal.
Security policies can be set for managed PCs using the Policy Overview page. A security policy allows you to create new policy settings based on simple template based configurations. The template agent allows administrators to create standard policies to configure security updates, firewall policies and malware protection.
A common issue for administrators is diagnosing and fixing issues on remote PCs. Windows Intune allows admins to remotely access, diagnose and fix problems on PCs managed by Intune.
The Windows Intune Center which will be installed on client PCs allows the admin to remotely take control of the client desktop (after the client grants permission) via Microsoft Easy Assist.
In addition the PC user will also be able to check the status of Windows Updates and scan their PC or attached storage for malware from their native Windows Intune Center.
Microsoft Windows Intune Center
Overall, Intune is a capable offering from Microsoft. It will offer admins a simple and efficient way to manage a PCs across and enterprise. However the product does still have some shortcomings such as the lack of an ability to manage software application distributions and versioning across managed PCs.