Upload
kerry-oconnor
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Online Services for PC Management: Introducing Windows IntuneMarc ShepardPrincipal Program Manager LeadMicrosoft Corporation
SESSION CODE: WCL203
Session Objectives and TakeawaysSession Objective(s):
Overview of the Windows Intune offeringDemonstrate the functionality of the Windows Intune service
Takeaways:Describe how Windows Intune relates to Microsoft’s cloud strategyDescribe how Windows Intune saves customers time and money when managing PCsDescribe the functionality and scope of the Windows Intune service
Commercial Cloud Services
BUSINESS APPSCOLLABORATION STORAGE PLATFORMMANAGEMENTPRODUCTIVITY COMMUNICATIONS
Challenges in Managing Business PCs
Solution - Cloud Services & Windows 7
Fits Your Business(Big result with low investment)
Manage & Secure PCs Anywhere(Cloud services)
The Best Windows Experience(Standardize OS on Windows 7)
Multiple Configurations,Versions, Licenses
Workers in Many Locations
Lack of Insight to PCs
High Infrastructure Investments Required
The Best Windows ExperienceGet Windows 7 Enterprise and More
BitLocker To Go
Improved UI & Search
Better Mobility Experience
Speed, reliability, and responsiveness
Standardize on a single version of Windows to increase efficiency
Upgrade to Windows 7 Enterprise
Downgrade or run any version of your choice
Upgrades to future Windows versions
Help Manage & Secure PCs AnywhereWindows Intune Cloud Service
Enable a Mobile WorkforceUsers can be managed from the office, branch office, or on the roadIT and partners can work from anywhere too
Protect PCs from malware
Manage updates
Proactively monitor PCs
Provide remote assistance
Inventory hardware and software
Set security policies
Requirements
Administrative ConsoleA browser that supports Silverlight 3.0
Managed MachinesWindows 7 Enterprise, Ultimate and ProfessionalWindows Vista Enterprise, Ultimate and BusinessWindows XP Professional, Service Pack SP2 or SP3 (recommended)
Service Architecture
Ops and Support
Windows Intune Service
MonitorSupport
Contoso.com
Admin
Windows Update AgentSCOMMalware Protection (FEP)Lantern (SCCM DCM)EZ Assist
SSL,
WCF
, Ce
rts
SSL, WCF,
LiveID
• Proven agent technology• Highly available• Secure• Multitenant• Scalable• Private
foo.com
What you DON’T need to do to deploy Windows Intune(aka “why manage through the cloud?”)
Build and maintain server infrastructurePurchase server hardware, OS licenses, management software, etc.Install and configure each server (OS, database, security software, management software, etc.)Integrate into your networking environment
Secure itDesign for security (physical, networking, database, etc.)Assess and manage security on an ongoing basis
Make it highly availableDesign and implement a high-availability configuration (no single point of failure)Design and implement health monitoring (so you can respond to issues quickly)Design and implement a disaster recovery plan (backup, recovery, document the plan, fire drills, redundancy across physical locations, etc.)
Support roaming machinesDeploy internet-facing servers with additional hardening
Capacity planning• Design for current capacity with plans to scale as your business grows
Sign Up
Getting Started with Windows Intune
Microsoft Online Log In
Create additional administrators Initial Configuration
Update Products/Classifications Auto approval rules Agent policy Groups Alerts and notifications
Download enrollment package from console
Enroll your computers
Create additional administrators (Tenant Admins)
Initial Deployment ChecklistChose a technique to deploy the enrollment MSIs
GP-SI, psexec, login script, email, ACLed public share, …Enrollment will fail after seat limit is reached
Can retire computers or purchase more seats
Define your initial group structureNewly enrolled computers go to “Unassigned Computers”Can create additional (nested) groups as needed for reporting/policy boundaries
Typically by role or region (often nested by one then the other)Machines can belong to multiple hierarchies
Configure polices as neededMalware Protection: Conditionally enabled, …Windows Update: Daily scheduled install, …Firewall: Not configured, …
If using GPOs, filter them to not apply to Windows Intune clients (else GP overrides)Add admins, configure alert notifications, deploy security updates
Microsoft Confidential
Windows Intune Deployment Overview Admin console overview, Administrators, Groups and Computer Enrollment
DEMO
Update ManagementBuilds on WSUS and Microsoft Update frameworkDesign your update management workflows. Examples:
Auto-approve security updates to “All Computers”Manually approve “needed” non-SP updates to “Test”, then to “All Computers” a week laterManually approve a needed service pack to Test, gradually rollout via existing target groups (typically in a region/role structure).
Configuration optionsProducts and classifications (what updates do you want to manage)Auto approval rules (do you want to automate initial approvals?)WUA policies (e.g., daily or weekly scheduled install)
Can customize WUA “scanning, downloading, and installing” sample vb script for advanced scenarios; patch on first boot, non-standard install schedule, etc.
Management tasks (ongoing management is a trivial amount of work each patch Tuesday):Alerts for new updates to be approvedApprove and/or decline updatesMonitor status (needed, pending, failed, etc.) at the system, group, computer and update levels
Microsoft Confidential
Malware ProtectionBuilt on the Microsoft Malware Protection Engine
Provides anti-Virus, Anti-Spyware, and Anti-Malware capabilities (cleanup, blocking, quarantine, etc)Used by Forefront Endpoint Protection and Microsoft Security Essentials
Design your malware response workflowsNetwork quarantine?Flatten or fix?Based on severity, type, instance or frequency?
Run either Windows Intune malware protection agent or a 3rd party malware protection softwareDefault policy is Windows Intune is disabled if installed when 3rd party solution is present
System-wide, per group and per computer statusComputers that are not protectedComputers with protection warnings (scan overdue, definitions out-of-date, RTP disabled, etc.)Recently resolved malware or malware needing follow upComputers running 3rd party malware protection software
Alerts for new malware (so ongoing work is just reacting per you workflow)
Microsoft Confidential
Windows Intune Ongoing Management
DEMO
Asset Management
Software InventoryAccount-wide and per-computer list of detected softwareCategorized through the Asset Inventory Service (AIS) catalog
License ManagementImport of agreement pairsRetrieval of entitlements from the Customer License Position (CLP) serviceLicense purchase and installation reports
Per-computer hardware InventoryPer computer list of hardware components
Microsoft Confidential
Windows Intune Asset Management
DEMO
The Client Experience
Local application installed on managed PCMalware ProtectionUpdate ManagementRemote Assistance
Initiated by end user requesting assistanceAlert generated in admin console“Handshake” to initiate remote assistance session
Microsoft Confidential
End-user Assistance
DEMO
Key takeaways Windows Intune is an all-in-one solution:
Cloud based security and management serviceAll you need is an internet connectionManage remote machines, manage them from anywhere
The latest version of Windows EnterpriseHighly available, secure, private, scalable, multi-tenant service
Uses proven agent technologySimple to use, but scales to a large number of machines
Does not have parity with SCCMSuitable for some targeted enterprise scenarios (acquisition, remote branches, simple needs)Roadmap is to address all business customers
• Public Beta released April 2010• US, Canada, Mexico, Puerto Rico • Opened to first 1000 customers, closed the next day due to high demand
• GA: Within a year of beta • North America and EU
Milestones
Product Overview:www.microsoft.com/online/windows-intune.mspx
TechCenter:http://social.technet.microsoft.com/Forums/en-US/category/microsoftonlineservices/
Windows Intune Team Blog:http://blogs.technet.com/windowsintune
Where do I find out more?
Weekly, Monthly and Quarterly Rhythm of Topical Content
What is the Springboard Series?
To the IT pro, our goal is• Be the definitive resource for Desktop IT pros• Open, honest; show don’t tell• Information at right time, right level across Adoption Lifecycle
Inside of Microsoft we are• A turnkey IT pro engagement platform for depth and breadth• The program to mobilize MS marketing and field to
focus on desktop OS IT pros
Visit the Springboard Series on TechNet at www.microsoft.com/springboard
The Springboard Series IT pro experience offers dynamic content and structured guidance across the adoption lifecycle
DEPLOYPILOT MANAGEEXPLOREDISCOVER
Is it worth the pain?How does it change
my work? Is our environment ready? Is the organization ready?How do I maintain
and optimize?
one-Windows TechCenter in 10 languagesVirtual Roundtable Events
Springboard Technical Experts Panel Event Support
and Resources
Straight-talk Monthly Feature Articles and Overview Guides
TalkingAboutWindowsVideo Blogs
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
Complete an evaluation on CommNet and enter to win!
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st
http://northamerica.msteched.com/registration
You can also register at the
North America 2011 kiosk located at registrationJoin us in Atlanta next year
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
JUNE 7-10, 2010 | NEW ORLEANS, LA