Windows Intune Product Guide

Simplify
PC management.

Amplify
productivity.

Windows Intune simplifies and helps businesses manage and secure PCs using Windows Intune cloud services and Windows 7so your computers and users can operate at peak performance from virtually anywhere.

CONTENTS

1 1 2 3 5 6 7 8 10 11 11 12 14 16 18 19 20 21 22 24 26 27 28 29 30 32 33 34 34 39 40 40 41 42 42 42 42 43 43 44

Introduction to Windows Intune Todays PC management landscape Overview: Windows Intune can help your business Help manage and secure PCs anywhere The best Windows experience Fits your business How can the Windows Intune solution help you? Microsoft Online Services Windows Intune functionality Help manage and secure PCs anywhere PC health at a glance using System Overview Organizing computer groups Managing and deploying updates Updated Distributing software New Protecting PCs from malware Remote Tasks New Monitoring health and alerts Updated Setting security policies Tracking software and hardware inventory Updated Managing licenses Updated Increase insight with reporting Updated Assisting remote users Centralize administration with Windows Intune Adding an Administrator Updated Using the Multi-Account Console Updated Service privacy, security, and reliability Recommended system requirements Updated The best Windows experience Overview of Windows 7 Enterprise Staying current with future versions Fits your business Comparing Windows Intune Updated Key benefits comparison Update management comparison Endpoint protection comparison Version rights comparison Achieve big-tech results with a small-tech investment Conclusion A comprehensive PC management solution Microsoft Desktop Optimization Pack Updated

Simplify
PC management.

Magnify
insight.

SECTION 1

Introduction to Windows Intune

This section will discuss: Todays PC management landscape Overview: Windows Intune can help your business How can the Windows Intune solution help you? Microsoft Online Services

Todays PC management landscape.

Remote workers in multiple locations. Multiple PC configurations. Limited resources. These are just a few of the challenges that face businesses just like yours every day. Windows Intune is a new solution that can help you address these challenges, and it takes PC management to a whole new level of simplicity. With its powerful combination of Windows Intune cloud services and Windows software, Windows Intune offers a comprehensive solution to help keep your PCs and end users operating at peak performance.

Introduction to Windows Intune

OVERVIEW:

Windows Intune can help your business.

Take advantage of Microsofts experience with cloud services and IT solutions to manage your PCs from anywhere.

Your employees depend on you to keep their PCs running at their bestat any time, from nearly anywhere.
Windows Intune simplifies how businesses manage and secure their PCs with Windows Intune cloud services and Windows 7so your computers and users can operate at peak performance, from virtually anywhere. With Windows Intune, whether your employees are in the office or on the road, you can give them a rich, productive Windows experience without compromising the essentialscosts, control, security and compliance. With the Windows Intune cloud service, IT can remotely perform security and management tasks through a single, Web-based console, helping ensure that users anywhere are working with a well-managed PCall thats required is an Internet connection. With upgrade rights to Windows 7 Enterprise and future versions of Windows included in the subscription, give your users the best Windows experience and standardize your business on the latest version of Windows, reducing management complexity. Windows Intune fits the needs of your business by giving you big tech results with a small tech investment. Microsoft hosts and manages the infrastructure for youalleviating the burden on your IT staff while still keeping them in control of your IT infrastructure. You get a comprehensive solution with a low up-front investment and can pay as you go to help keep your finances under control. The result? Simplified management, comprehensive security, and greater productivity.

Windows Intune can help your business in three key areas:

Help manage and secure PCs anywhere.

The best Windows experience.

2 3

Fits your business.

Windows Intune Product Guide

Introduction to Windows Intune

Overview: Windows Intune can help your business

Help manage and secure PCs anywhere.

The Windows Intune cloud service helps you centrally manage and secure your PCs through a simple Web-based consolewhether your IT staff or end users are in the main office, in a branch office, or on the road.
By replacing the need for multiple tools and a server-based infrastructure with this easyto-deploy cloud service, you can: Protect PCs from malware: Help protect your PCs from the latest threats with centralized endpoint protection that uses the same trusted malware protection engine used in Forefront Endpoint Protection and Microsoft Security Essentials. Manage updates: Centrally manage the deployment of updates to Microsoft and most third-party software publishers, keeping the applications your workers need current. Distribute software: Deploy software, like Microsoft Office 2010, or many third-party applications, to PCs located nearly anywhere via the cloud. Proactively monitor PCs: Receive alerts on updates and threats so that you can proactively identify and resolve problems with your PCs virtually anywhere. Provide remote support: Help resolve PC issues, regardless of where you or your users are located, with remote assistance and remote tasks. Track hardware and software inventory: Track hardware and software assets used in your business to efficiently manage your assets, licenses, and compliance. Set security policies: Centrally manage update, firewall, and endpoint protection policies, even on remote machines outside the corporate network. Manage your licenses: Manage Microsoft Volume License Agreements and other license agreements, including retail, Original Equipment Manufacturer (OEM) licenses and third-party software licenses, to track how many licenses youve purchased against what youve installed. Increase insight with reporting: Generate and save custom reports for updates, software, hardware, and licenses. Export data as a comma separated value (CSV) file and import it directly into Microsoft Excel or other reporting tools for further analysis.

Windows Intune Product Guide

Introduction to Windows Intune

Overview: Windows Intune can help your business

In order to use the service, you just need an Internet connection and the Windows Intune client installed on each PC you wish to manage. Windows Intune can be used by in-house IT professionals or by solution providers to manage the PCs of multiple businesses. Windows Intune can be integrated with the most common professional software automation (PSA) and customer relationship management (CRM) tools used by solution providers, so they can offer smooth tracking from issue to resolution.

Windows Intune Product Guide

Introduction to Windows Intune

Overview: Windows Intune can help your business

The best Windows experience.

Windows 7 Enterprise highlights: BitLocker and BitLocker To Go
TM

With Windows Intune, you can provide a better experience for your workforce thats easier to manage. You can upgrade to Windows 7 Enterprise or run a prior releaseits your choice.
Stay current with Windows 7 Enterprise.
For the best Windows experience, upgrade your PCs to Windows 7 Enterprise, providing end users with an improved, intuitive interface and advanced search capabilities, plus BitLocker to better protect confidential data.

Improved Windows Taskbar Windows Search and Libraries Windows Troubleshooting Platform View Available Networks Speed, reliability, and responsiveness

Standardize on the Windows version you want.

Get the flexibility to standardize your PC environment on a single Windows platform Windows 7, Windows Vista, or even Windows XP.

Upgrade to future versions of Windows

Windows Intune includes upgrade rights to future versions of Windows, so with an active subscription you can you can get the latest Windows experience without the worry of purchasing upgrade licenses in the future.

Windows Intune Product Guide

Introduction to Windows Intune

Overview: Windows Intune can help your business

Fits your business.

With Windows Intune, you get big-tech results with a small-tech investment, minimal overhead, and simple billing.
All-in-one solution.
Windows Intune is a comprehensive, end-to-end Microsoft solution that includes PC management, endpoint protection, Windows upgrades, and morein one easy purchase.

Easy to get started and to use.

The Windows Intune cloud service requires no costly server setup, so you can start managing and protecting PCs right away.

Low overhead and maintenance.

Because the Windows Intune cloud service is hosted by Microsoft, you dont have the overhead of maintaining on-site PC management servers and software.

Always up-to-date.

Each new release is an update that builds upon the prior version so regardless of when Windows Intune customers purchase the service, they will get the latest features available.

Simple billing.

Windows Intune offers a predictable, monthly payment cycle that helps your business more accurately forecast expenditures.

Try before you buy.

Try Windows Intune for 30 days with no up-front costs. You can run it concurrently with your existing systems to evaluate it before making a decision.

Windows Intune Product Guide

Introduction to Windows Intune

How can the Windows Intune solution help you?

Bringing the power of multiple technologies together, Windows Intune provides a comprehensive solution to address PC management and security challenges so that you can give your end users the best PC experience.

Objective Enable greater employee flexibility to work from almost anywhere.

How can Windows Intune help?

Manage PCs and provide better support for virtually all your users, whether they are working at home, in a remote office, or on the road. Give your users the best mobile experience with Windows 7 mobility features like power management and easy network connections. Enable your IT department to work from anywhere tooPC management tasks, such as distributing software, can be performed from the web-based administration console to PCs virtually anywhere.

Reduce support costs and increase uptime.

Proactively detect and manage issues with health monitoring and alerts to reduce help-desk calls. Help users resolve issues remotely with online Remote Assistance. Keep Microsoft and third-party applications current with the latest updates.

Create a uniform PC environment.

Upgrade all of your PCs to Windows 7 Enterpriseor standardize on the Windows version of your choicewithout purchasing additional licenses. Centrally manage the updates you wish to deploy to all of your PCs, so you can keep all your PCs current and standardized with needed updates. So if any problems arise, you only have one configuration to troubleshoot. Inventory the software being used throughout your environment, and reconcile license gaps.

Enhance security.

Help protect your PCs with Windows Intune endpoint protection which uses the same trusted antimalware engine that is used in Forefront Endpoint Protection and Microsoft Security Essentials. Ensure that all of your managed PCs have the latest Microsoft security updates with online update distribution and management. Centrally manage Windows Firewall using the cloud service. Protect data with BitLocker and BitLocker To Go with Windows 7 Enterprise.

Windows Intune Product Guide

Introduction to Windows Intune

Microsoft Online Services.

Twenty million businesses and over a billion people use Microsoft cloud services.

With over 20 years experience with business software and nearly 15 years experience with cloud computing, you can trust that Microsoft cloud services are delivered to you with the reliability and security you expect for your business. Microsoft offers a complete portfolio of business cloud services, including Office 365, the Windows Azure software platform, and now Windows Intune.
With Microsoft Online Services, weve made it simple to extend the latest cloud technology to your entire workforceremote workers, mobile workers, or on-site workers. As with all Microsoft Online Services, Windows Intune gives you the ability to quickly enhance and expand your IT capacity by adding services without having to invest in the development of new skills or the infrastructure to deploy new hardware or software. You can rely on Microsoft cloud services because: Microsoft cloud services provide the reliability and security you expect for your business. - Scheduled uptime of 99.9 percent. - Financially backed service level agreement. - Around-the-clock support. Windows Intune takes advantage of the Microsoft Update and Windows Update infrastructure, which pushes out a petabyte of updates every month to hundreds of millions of PCs.

Windows Azure

TM

Personal information received through Microsoft cloud services is used only to provide, operate, and improve this and other Microsoft products and services. To review the Microsoft Online Service Privacy Statement, visit www.microsoft.com/online/legal. Microsoft has established itself as a leader in delivering management solutions with its System Center family of products. And weve leveraged this experience in developing Windows Intune.

Windows Intune Product Guide

Introduction to Windows Intune

Microsoft Online Services

1
Easy to deploy and manage 1 As part of Microsoft Online
Quickly and easily extend new capabilities to your organization Services, Windows Intune panel. from one central control Plus centralized management offers these benefits:end users and lets you add new manage them all from one place.

IT professional

Admin console

Latest technology
2 Monitoring and reporting tools Ease of use Monitoring and reporting consoles

Strong privacy protection

keep you in control of the services you offer end users.

Increased productivity using 3 Greater financial flexibility Business-class tools

End users can securely access the service anywhere without the need for an VPN connection.

Remote worker

Mobile worker

On-site worker

IT Control & Efficiency

Eliminate the time and effort spent deploying and maintaining servers while keeping IT staff in control.

User Productivity
Give employees the flexibility to work from nearly anywhere without compromising productivity.

Business-class security and reliability:

Designed to deliver the reliability, availability and security you expect for your business with a 99.9% scheduled uptime, financiallybacked SLA.

Windows Intune Product Guide

Simplify

your PC environment.

Magnify
efficiency.

SECTION 2

Windows Intune functionality

This section discusses how Windows Intune: Helps manage and secure PCs anywhere Provides the best Windows experience Fits your business

Help manage and secure PCs anywhere.

The Windows Intune cloud service helps you centrally manage and secure your PCs through a simple Web-based consolewhether your IT staff or end users are in the main office, at a branch office, or on the road. You can help protect, update, monitor, inventory, and troubleshoot the PCs in your environment.

Windows Intune Product Guide

10

Windows Intune functionality

Help manage and secure PCs anywhere

PC health at a glance using System Overview.

When you log in to the Web-based console, youll be presented with the System Overview page, which summarizes the status and alerts for all of your managed PCs. See Figure 1.

Figure 1: System Overview. With the easy-to-use Web-based console, you can access alerts, reports, security policies, and more.

From here you can review update status, endpoint protection status, agent health, policy, software and alerts according to type or security level. You can click the link on any of the summaries to quickly get detailed information. You can also navigate to any of the function areas like Computers, Updates, Endpoint Protection, Alerts, and more.

Windows Intune Product Guide

11

Windows Intune functionality

Help manage and secure PCs anywhere

Organizing computer groups.

As the number of computers in your business grows, organizing them into groups can help you better manage them. You can organize PCs according to department, geographic location, functionor any custom group label. From the Computers Overview screen, you get a complete view of the managed PCs in your environment, with alerts, updates, or endpoint protection status flagged for your review. You can approve needed updates and scan warnings to determine further action. Or you can navigate to the All Computers screen to examine specific groups of computers and drill down to individual PCs. See Figure 2.

Figure 2: The All Computers screen provides a complete view of your managed PCs.

Windows Intune Product Guide

12

Windows Intune functionality

Help manage and secure PCs anywhere

When you drill down to a specific PC, you can access general computer information as well as details on security updates and service packs, endpoint protection status, alerts, security policy settings, installed software, and hardware specifications. See Figure 3.

Figure 3: The Hardware screen provides detailed information about each managed PC manufacturer, physical memory, chassis type, BIOS version, processor, clock speed, and more.

Windows Intune Product Guide

13

Windows Intune functionality

Help manage and secure PCs anywhere

Managing and deploying updates.

Keeping updates current is one of the most critical responsibilities for many IT professionals; it can also be one of the most time-consuming and challenging. Which of your PCs need which updates? And when do you have time to complete manual installation across 50 PCs spread across a number of locations? Windows Intune includes update management to help you schedule and deploy updates to most Microsoft and third-party software to keep your managed PCs running efficiently. From the online administration console, you can assign updates for distribution, for both Microsoft and third-party applications. Critical issues, such as deployment failures, appear at the top of the list on the Updates Overview page. These are followed by new updates that require your approval, as well as other informational alerts. You can also view updates by type. See Figure 4.

I spent two hours weekly ensuring each system had the right updates. With Windows Intune, I set up multiple policies and deploy updates simultaneouslyits saving me about 90 percent of that time.
IT Administrator, Sno Falls Credit Union

Figure 4: The Updates Overview screen summarizes the updates status of your managed PCs. You can drill down into different types of updates, such as Security Updates, to view properties and manage deployment.

With Windows Intune, you get the same list of updates as Windows Software Update Service, with the same level of control, but without the onsite infrastructure. Updates are delivered directly to any of your managed PCs that have an Internet connection.

Windows Intune Product Guide

14

Windows Intune functionality

Help manage and secure PCs anywhere

You can define what types of updates to make available to PC groups. For security updates, you may choose to make them available to all your managed PCs. But for other updates, you may want to ensure compatibility prior to broadly rolling out the updates to all your managed PCs. In that case, you can create an update test group and assign updates to those select PCs to assess compatibility first. From the updates screen, you can filter results according to status such as New updates to approve or with Pending installation. When you approve updates, you can select how and where these updates will be installed or even create a rule to approve updates automatically. See Figures 5 and 6.

Figure 5: The Updates screen lets you set specific deployment settings, sorted by group name or filtered by status. Figure 6: To complete the update task, you will need to select the target computers group(s), select Install from the Approval column and click OK.

You may also deploy third-party software updates* from the administration consoleyoull be required to complete a simple wizard to encrypt, compress and upload the software update to prepare it for distribution.** Once the update is published, you can then choose to deploy the update to the required computer groups.

* If the update does not support quiet mode, you cannot install the update by using Windows Intune. ** Please see section on Distributing Software for more information.

Windows Intune Product Guide

15

Windows Intune functionality

Help manage and secure PCs anywhere

Distributing software.

Windows Intune software distribution uses the cloud to simplify the complex task of distributing most Microsoft and third-party applications* and updates to PCs located virtually anywhere. With Windows Intune, IT administrators can centrally publish and deploy software to managed PCs from the Windows Intune administration console.* From the Windows Intune administration console, the IT administrator completes a simple wizard to guide them through the process of publishing the software for distribution. See Figure 7. These software or update packages can take the form of .EXE, .MSI or .MSP files. The wizard will prompt a series of steps where the administrator will be asked to enter basic software information and define any pre-requisite rules such as application architecture, supported operating system, or detection of underlying required software for updates. Once this information has been entered, the wizard will then encrypt, compress, and upload the package to Windows Azure storage space until its ready for deployment.
* If the software does not support quiet mode, you cannot install the application using Windows Intune.

Figure 7: The Windows Intune Software Publisher will guide you through the process of publishing software for distribution.

Windows Intune Product Guide

16

Windows Intune functionality

Help manage and secure PCs anywhere

Paid subscriptions will include a pre-determined amount of storage space, but customers will have the option to purchase more space if needed. Once the software is published, it appears in the Managed Software workspace. Administrators can then choose to deploy the software to select computer groups or computers. See Figures 8 and 9. The next time these PCs are online, software installation will begin. Monitoring of these installations can be done through the Managed Software workspace in the Windows Intune Administration Console.

Figure 8: The Managed Software screen displays the list of published software that is ready for deployment. Figure 9: To complete the update task, you will need to select the target computers group(s), select Install from the Deployment column and click OK

For technical guidance on using the software distribution functionality in the Windows Intune, please read our Best Practices for Deploying Software with Windows Intune whitepaper.

Windows Intune Product Guide

17

Windows Intune functionality

Help manage and secure PCs anywhere

Protecting PCs from malware.

Windows Intune endpoint protection highlights: Anti-virus, anti-spyware, and rootkit protection Dynamic signature service Centralized management and reporting

With Windows Intune you wont need to purchase and manage a separate antimalware productit provides management and security in a single subscription. Windows Intune provides real-time protection against malware threatsincluding, viruses, Trojans, rootkits, and spywarewith centralized management, reporting, and protection built on the same trustedmalware protection engine used in Forefront Endpoint Protection and Microsoft Security Essentials. Windows Intune takes advantage of the latest updates made to Forefront Endpoint Protection 2010 including: Highly Accurate and Efficient Threat Detection The new malware protection engine protects against the latest malware and rootkits with a low false positive rate, and keeps employees productive with scanning that has a low impact on performance. Proactive Threat Detection Windows Intune Endpoint Protection uses the latest heuristics, behavioral monitoring and dynamic protection mechanisms to identify and block attacks on client systems from previously unknown threats. In addition to real-time protection, system scans can be scheduled as a policy (see the Setting Security Policies section) and then applied to clients to provide an additional layer of protection against malware on your managed computers. If an attack is detected, Windows Intune endpoint protection will attempt to block the attack and remove the malware to help ensure that the computer remains in a usable state. It will also notify you of the recent malware activity and the follow-up actions you need to perform, if any. See Figure 10.

Microsoft was awarded its third consecutive Advanced+, the highest rating, in the AV-Comparatives May 2010 Proactive Detection Test.

Figure 10: The Endpoint Protection Overview screen summarizes the malware status of your managed PCs. From there, you can drill down and see malware activity on a per-PC basis.

Windows Intune Product Guide

18

Windows Intune functionality

Help manage and secure PCs anywhere

Remote tasks.

Windows Intune can help you perform a number of on-demand tasks - directly from the administration console - to your Windows Intune-managed PCs. When you right-click on a specific PC, you will see a context menu with a number of actions, including: Add to Group, Retire, Remote Tasks, and so on. By selecting Remote Tasks you can perform a number of tasks on a Windows Intune managed computer. These include: Run Full Malware Scan: Starts an immediate full scan of the client computer. Run Quick Malware Scan: Starts an immediate quick scan of the client computer, searching for select files and common file paths in just a few minutes. Update Malware Definitions: Instructs the client software on the managed PC to check for the latest Windows Intune malware definitions. Restart Computer: Forces a managed computer to restart.

Figure 11: With Remote Tasks, you can perform certain actions on demand to Windows Intune managed PC.

Windows Intune Product Guide

19

Windows Intune functionality

Help manage and secure PCs anywhere

Monitoring health and alerts.

Critical alerts, such as malware attacks or Failed Critical Update, can be sent immediately to you via e-mail, so you dont have to be logged into the console to learn of the threat.

Windows Intune enables you to monitor PCs and proactively identify potential issues. Alert groups and color-coded visual indicators in the System Overview workspace make it easy to quickly identify any issues in your PC environment. If you go directly into the Alerts workspace, you will see the Alerts Overview page here you get a view of all the active alerts about malware protection failures, warnings and errors, policies, configuration updates, and more. By using this view, you have a snapshot of the health status of computers across your organization. See Figure 12.

Because we now monitor PCs through the Windows Intune administrator console, we identify and act on issues early.
Executive Officer, Faden.it Services

Figure 12: The Alerts Overview page lets you view alerts by type, by group, or individually on a computer-by-computer basis.

You may also configure alerts to be reported according to a specified threshold based on frequency, number or percent of computers affected. For example, if your end-users are regularly filling their hard drives, you can customize the alert threshold to notify you when the hard drive on your Windows Intune-managed PCs is 75% full. By customizing such alerts, you can be more proactive in identifying potential issues, evaluating the magnitude of the issue, and subsequently providing support before the issue seriously impacts PC performance and user productivity. For service providers using common professional software automation (PSA) tools, alerts that are generated in the Windows Intune administration console can be imported into their respective PSA tool for ticket tracking and resolution.* Once the alert has been resolved, the service provider can mark the ticket as closed in their PSA tool and clear the alert in the Windows Intune administration console.
*Note: In order to integrate Windows Intune alerts into common PSA tools, 3rd-party software may be required.

Windows Intune Product Guide

20

Windows Intune functionality

Help manage and secure PCs anywhere

Setting security policies.

The Policy Overview page enables you to view security settings for all of your managed PCs. You can create new policy settings based on simple template-based configurations, helping reduce complexity and drive consistency. The template agent lets you create standard policies to configure security updates, malware protection, and firewall policies. These policies can be assigned to any managed computer in your PC environment, regardless of whether it is inside or outside the corporate domain.* See Figure 13.

Figure 13: New policies can be added, edited, deleted, and deployed from a single page and the template page helps streamline the process.

*If Group Policy objects are applied, then these settings will take precedence over the security policy settings in Windows Intune.

Windows Intune Product Guide

21

Windows Intune functionality

Help manage and secure PCs anywhere

Tracking software and hardware inventory.

Understanding what software you have, what hardware the software runs on, and whether the business is utilizing these assets efficiently is a critical, yet time-consuming task. With Windows Intune, you can efficiently inventory your software and hardware assets through the Web-based console. See Figure 14.

Figure 14: Track software assets on all of your managed PCs to efficiently manage your assets, licenses, and compliance.

Windows Intune Product Guide

22

Windows Intune functionality

Help manage and secure PCs anywhere

Plus you can run reports to identify installed software applications and hardware inventory to help you maintain compliance, understand current needs, forecast future IT spending, and save on the cost of maintaining extra licenses you dont need. See Figure 15.

Figure 15: Detected software inventory reports can be filtered by group, publisher, or category, depending on your needs.

Advanced software inventory scanning can also help you find unapproved applications that may be unlicensed or causing compatibility issues. Data can be gathered on all software assets in a single queryit takes just seconds per system and doesnt interrupt work. New hardware filters can help you create detailed reports on your hardware inventory. The filters include: Manufacturer, Chassis type, Available disk space, Memory installed, and CPU speed.

Windows Intune Product Guide

23

Windows Intune functionality

Help manage and secure PCs anywhere

Managing licenses.

Using the Licenses workspace in Windows Intune, you can track your purchased licenses against actual installations for select Microsoft Software Volume Licenses as well as Microsoft Retail Licenses, Original Equipment Manufacturer (OEM) licenses for Microsoft software, and third-party software licenses. Microsoft Volume Licensing Agreements You can enter license agreements into Windows Intune using a comma-separated values (CSV) file or manually enter the pairs of numbers for each agreement: the authorization or agreement number, and the license or enrollment number. These numbers are supplied by MVLS when licenses are purchased, upgraded, or renewed. See Figure 16. Windows Intune will synchronize with the Microsoft Volume License Services (MVLS) to determine the license entitlement that corresponds to the agreements.

Figure 16: Add your Microsoft Volume Licensing agreements by entering agreement number pairs manually.

Windows Intune Product Guide

24

Windows Intune functionality

Help manage and secure PCs anywhere

Other Licensing Agreements For Microsoft Retail Licenses, Original Equipment Manufacturer (OEM) licenses for Microsoft software, and third-party software licenses, you will need to enter details such as the publisher name, software title, number of licenses purchased, license start date and so forth. As you start typing into the appropriate fields, the auto-complete feature reconciles whats in your software catalog, either for deployment or with at least one installation on a Windows Intune-managed PC, and suggests names for completion. See Figure 17.

Figure 17: Add Microsoft Retail Licenses, Original Equipment Manufacturer (OEM) licenses for Microsoft software, and third-party software licenses.

After license agreements are entered into Windows Intune, you will be able to compare the purchase information from your agreement to software actually discovered on your PCs. You can then create license reports that show installation counts and license counts for your software titles and assess your complete license position.* These reports are for your use only; Microsoft cannot access or view your license reports. Note: Features of the Licenses workspace do not affect your license agreements or entitlements to use your software. No actions that you perform in Windows Intune can change the properties and terms of your license agreements with Microsoft. For example, deleting a license agreement pair in Windows Intune does not delete or nullify license agreements that exist between you and Microsoft.

*This feature is provided for convenience only and accuracy is not guaranteed. You should not rely on it to confirm compliance with Microsoft volume licensing agreements.

Windows Intune Product Guide

25

Windows Intune functionality

Help manage and secure PCs anywhere

Increase insight with reporting.

With Windows Intune, you can generate and save reports for major function areas such as updates, detected software, hardware, endpoint protection and more. For example, you can now create reports identifying PCs with low disk space or PCs with less than 2GB RAM. For enhanced reporting functionality, data can be imported into other reporting tools for further analysis. For example, if you want to export data for further analysis, you can export it as a comma-separated-value (CSV) file and import it directly into Microsoft Office Excel. And then you can organize the data into a view thats most helpful for you. See Figure 18. You can also save specific report parameters across the available reportsUpdate, Detected Software Inventory, Hardware Inventory, License Purchase, or License Installationto make it simple to run a report again if there are changes in your environment.

Figure 18: All reports can be exported to CSV files for further analysis using tools such as Excel.

Windows Intune Product Guide

26

Windows Intune functionality

Help manage and secure PCs anywhere

Assisting remote users.

Youve received a call to your help desk from a frustrated employee who is having trouble installing a printer. What if you could see down the line to find out why? With Windows Intune, you can remotely respond to user requests for help to diagnose issues and identify steps to resolve problems, using a remote session. See Figure 19. With remote assistance, you can: Rapidly respond to user requests for help. Take control of remote desktopsonce permission is given by the userfor rapid problem resolution. Enable end users outside the corporate firewall to work more productively and experience less downtime if they have a problem.

Figure 19: Use the Windows Intune Center, installed on the users PC, to initiate a remote assistance session.

In addition to requesting remote assistance, users can also do the following from the Windows Intune agent: Click on Windows Update to check on the update status of their computer. Click on Windows Intune Endpoint Protection to scan their computer or a removable device such as a USB drive or external hard drive.

Windows Intune Product Guide

27

Windows Intune functionality

Help manage and secure PCs anywhere

Centralize administration of Windows Intune.

Its easy to designate your solution provider or IT consultant as an administrator on your account to manage and support your PCs. Just add their Windows Live ID or e-mail alias under Administration in the console to make that user an administrator. Add additional IT administrators. Select administration typefull-service or read-only access. Configure what types of updates you want to deploy and manage. Set up how IT administrators are alerted to issues.

From the Administration console, you can configure policies and preferences for how your organization uses Windows Intune, such as:

The Administration page is also where you go to download and install the Windows Intune client software that must be installed on each PC that you manage. When you create a Windows Intune account, Microsoft automatically creates a customized version of this download just for you. See Figure 20.

Figure 20: When you sign up for the cloud service, a unique identifier is assigned to your client software so your clients report to your console only.

Windows Intune Product Guide

28

Windows Intune functionality

Help manage and secure PCs anywhere

Adding an administrator.

Add administrators at any time from the Administration console. Enter the Windows Live ID for the administrator(s) you would like to designate to manage your account. See Figure 21 When adding service administrators to your Windows Intune account, you can select whether to grant full administrator rights or read-only access to information. A read-only administrator can view all the information in the Windows Intune Administration Console, but cannot take any action such as approving an update or running a scan.

Figure 21: Simply enter the Windows Live ID for the administrator(s) you would like to add. Once you add administrators, you can also designate which alert categories you want sent to specific administrators, subsequently driving greater efficiencies among your IT staff. See Figure 22.

Figure 22: Select which administrators you would like to designate as recipients for specific alert categories.

Windows Intune Product Guide

29

Windows Intune functionality

Help manage and secure PCs anywhere

Using the Multi-Account Console.

If you are a solution provider, you are always looking for ways to create efficiencies in serving multiple customers while continuing to improve customer satisfaction. Windows Intune can help. The Multi-Account Console helps you manage multiple accounts through the single Web-based console. From the account selection screen, you get an aggregate view of your managed environments to easily monitor the status and health of client PCs, including Agent Health, Updates, Policy, and Endpoint Protection. You can change your filter to view by accounts with critical alerts or accounts with malware protection issues, so customers in need of urgent assistance will rise to the top of the list. See Figure 23.

Figure 23: The Multi-Account Console makes managing multiple accounts easy. The aggregate view helps to prioritize action items.

Windows Intune Product Guide

30

Windows Intune functionality

Help manage and secure PCs anywhere

If you are an administrator to several accounts, when you log into Windows Intune with your administrator Windows Live ID, you will be prompted with the Multi-Account Console screen. To access an account, simply select the account name and select View Account. This action will take you to the System Overview page, within the Windows Intune console, for that specific customer or account. See Figure 24. Note: Even though you have access to multiple accounts, your customers will only have access to their own environmentWindows Intune safeguards customer privacy.

Want to switch to a different customer account?

Its simple to switch between accounts. When youve completed work on a customer account, you can simply click the Switch to another account tab at the top right corner of the page. This will bring you back to the Multi-Account Console where you can select the next account you want to work in.

Figure 24: If you are an administrator for more than one Windows Intune account, you will notice that there is a Switch to another account tab in the top right corner of the System Overview screen. Just click on this link to go back to the Multi-Account Console and select the next Windows Intune account you want to work within.

Windows Intune Product Guide

31

Windows Intune functionality

Help manage and secure PCs anywhere

Service privacy, security, and reliability.

The Trustworthy Computing Initiative, a corporate tenet at Microsoft, ensures that all of our cloud services, including Windows Intune, deliver highly secure, private, and reliable computing experiences. To better provide the high degree of security and reliability your business needs, Microsoft Online Services: Runs on a global network of world-class data centers. Operates redundant servers and geographically dispersed facilities help ensure that your online services are available when you need them. Protects our data centers and services using multiple layers of security and operational best practices. Uses high-availability architecture to provide uninterrupted service even in the event of hardware failure on one of our servers. We maintain a backup data center on the other side of the country that we can switch to in the event of a disaster. Employs rigorously screened and highly trained staff to manage our services. Requires that all end users access services using secure Internet protocols such as HTTPS and HTTP over SSL. We will not use the data collected through Windows Intune to investigate potential violations of other agreements you may have with us or our affiliates. To review the Microsoft Online Service Privacy Statement, visit www.microsoft.com/online/legal. Financially backed service level agreement of 99.9 percent scheduled uptime.

Windows Intune Product Guide

32

Windows Intune functionality

Help manage and secure PCs anywhere

Recommended system requirements.

Windows 7 Enterprise, Ultimate, and Professional. Windows Vista Enterprise, Ultimate, and Business. Windows XP Professional with Service Pack (SP) 3.

The Windows Intune client software is supported on both 32-bit and 64-bit versions of:

The Windows Intune client software has no additional hardware requirements for Windows 7 or Windows Vistabased computers. However, to install the client software on Windows XPbased computers, you will need a CPU clock speed of 500-MHz or faster and a minimum of at least 256 MB of RAM. You will also require administrator rights on the computer to complete the Windows Intune client software installation. To access the Windows Intune Web console, administrators will need access to a Web browser that supports Silverlight 3.0 such as Windows Internet Explorer 7.0 or higher.

Windows Intune Product Guide

33

Windows Intune functionality

The best Windows experience.

Across many of todays businesses, its fairly common for end users to be running multiple versions of operating systems, which makes consistency a challenge and IT support seem like a juggling act. Windows Intune helps you standardize your PCs on a single Windows operating system and create a uniform PC environment thats easier for you to manage and support and offers end users a more consistent PC experience. Its your choiceyou can upgrade to Windows 7 Enterprise or standardize on a prior version of Windows. Overview of Windows 7 Enterprise.
For the best Windows experience, Windows 7 Enterprise can help you and your end users do more by making everyday tasks simpler and easier, improving the user experience with a new interface and advanced search capabilities. Plus Windows 7 Enterprise provides BitLocker drive encryption to better protect confidential data. All of your managed PCs covered by Windows Intune may be upgraded to Windows 7 Enterprise, as long as the minimum system requirements for Windows 7 are met.

Windows Intune Product Guide

34

Windows Intune functionality

The best Windows experience

Intuitive Interface.

In todays workplace, most people work with large numbers of documents and programs at the same time. But wading through a dozen open windows to get to the right document can waste valuable time. The improved interface in Windows 7 Enterprise simplifies the way you work. Its clean, uncluttered, intuitive interface puts the tasks you want to accomplish right at your fingertips. The enhanced Start menu makes it easy to access the files and programs you use most frequently, without cluttering your desktop. And new navigation functionality gets you where you want to gofast. The taskbar is one of the most familiar aspects of Windowswhen you open files and programs, icons appear on the taskbar so you can switch between them. Now in Windows 7 Enterprise, end users can drag programs to the taskbar or pin frequently used documents to programs, expediting work like never before. See Figure 25.

Figure 25: This split taskbar depicts the system tray as well as program icons.

With desktop enhancements in Windows 7 Enterprise, working with multiple windows on your desktop is easier than ever. For instance, you can use Peek to get a quick look at your desktopall of your open windows will become transparent just by hovering on the taskbar. You can also preview specific windows using Peek. Or use Shake to get all but one window out of the way, by literally shaking it. You can also drag open windows to screen borders, to easily resize your workspace, with Snap. The improved interface simplifies everyday tasks.

Windows Intune Product Guide

35

Windows Intune functionality

The best Windows experience

Windows Search and Libraries.

Looking for a file, but cant remember where you saved it? The Search box in the Start menu is a fast and easy access point for all your programs, data, and PC settings. Just type a few letters in the Search box, and youll be presented with a list of matching programs, documents, pictures, music, e-mail, and other files, all arranged by category. See Figure 26. Plus Windows 7 Enterprise makes search results more relevant and easier to understand by sorting your results by type.

Figure 26: From the Start menu, you can search your computer by typing the first few letters of your query.

If you store a large number of files in different file folders or on several PCs or devices, Librariesin conjunction with Windows Searchcan help you find the exact document youre looking for or manage all your files efficiently. Whether files are located in different folders on your PC, on a different drive, or even on a different PC in your home network that Windows Search has indexed, Libraries help you consolidate all those files and their locations so you can browse and search across them as if they were in one location.

Windows Intune Product Guide

36

Windows Intune functionality

The best Windows experience

BitLocker.

Todays mobile workforce makes lost devicesespecially if they end up in the wrong handsa real threat for your business. Windows 7 Enterprise allows users to store information on hard disks and USB drives in an encrypted format, helping give you control over who can read the files. With Windows 7 Enterprise, you can worry less about the loss of sensitive data by better protecting internal PC hard drives and removable storage with drive encryption. See Figure 27.

Figure 27: BitLocker works on fixed drives or removable storage.

Whether people are traveling with their portable computers, sharing large files with trusted partners, or taking work home, BitLocker-protected devices help ensure that only authorized users can read the data, even if the physical media is lost, stolen, or misused.

Windows Intune Product Guide

37

Windows Intune functionality

The best Windows experience

Windows Troubleshooting Platform. Windows 7 Enterprise is the most advanced Windows operating system for business PCs. For more information about Windows 7 Enterprise, see the Windows 7 Product Guide or visit www.microsoft.com/ windows/enterprise/ products/windows-7/ default.aspx.

What if your end users could recognize and solve many common PC problems, so that they could stay productive rather than calling for help? With Windows 7, they can. The Windows Troubleshooting Platform includes smart self-diagnostic tools that let workers resolve many issues themselves, saving trips to the help desk and helping end users get back to work quickly. This keeps end users productive wherever they are and helps ensure their access to IT resources while working remotely.

View Available Networks.

Windows 7 Enterprise improves how you view and connect to your networks, making the process simple and consistent. With one click, you can access available networks Wi-Fi, mobile broadband, dial-up, or your corporate virtual private network (VPN) without needing to install additional software. See figure 28. And with Windows 7 Enterprise, its much simpler to connect your PC to the Internet using a wireless data cardits just like connecting to any other wireless network. You dont need to install any additional software. On first use, just insert your wireless data card; your drivers will be installed, and your PC will connect to the Internet automatically. And if your PC has a built-in data card, youll be connected to the Internet wherever theres mobile service.

Figure 28: From the System Tray, you can view available networks, including wireless.

Windows Intune Product Guide

38

Windows Intune functionality

The best Windows experience

Staying current with future versions.

Tools to help you stay current.
Upgrade guidance is available on the Microsoft TechNet site at technet.microsoft.com /library/ee523218.aspx. We also recommend that you check out the Windows 7 Upgrade Advisor to evaluate whether your PC can run Windows 7 at windows.microsoft.com /upgradeadvisor.

With an active Windows Intune subscription, you get the rights to upgrade to future versions of Windows, so you dont have to worry about purchasing upgrade licenses. You will be given access to a Web site to download Windows media and volume media to upgrade managed PCs. With free tools from Microsoft such as the Microsoft Deployment Toolkit, you can upgrade all your managed PCs to the latest operating system.

Windows Intune Product Guide

39

Windows Intune functionality

Fits your business.

Windows Intune is an all-in-one solution with PC management, endpoint protection, and Windows upgrades rolled into one easy purchase. Like other Microsoft Online Services, Windows Intune offers a predictable, monthly payment cycle that helps your business more accurately forecast expenditures. With minimal overhead, simple billing, and no formal training required, its easy to get started and maintain.
The Windows Intune cloud service requires no costly server setup, so you can start managing and protecting PCs right away. Because the Windows Intune cloud service is hosted by Microsoft, you dont have the overhead of maintaining on-site PC management servers and software. As long as your subscription is active, you get any new feature or updates to Windows Intune cloud service automatically and access to the latest Windows operating systemso your software is always up-to-date.

Comparing Windows Intune.

For many businesses today, the Windows Intune cloud service changes how you can approach PC management, providing an alternative to deploying and maintaining a PC management infrastructure on site. To see how Windows Intune compares to onpremises solutions from Microsoft today, lets consider the possibilities: Windows Intune is Microsofts cloud-based service that delivers the essentials of management and protection with Windows upgrade rightsall in a single license. Microsofts on-premises solutions that deliver rich management and security functionality today include: - Microsoft Forefront Endpoint Protection Suite is the security-specific product that unifies malicious software protection for business desktops, laptops, and server operating systems. - Microsoft System Center Configuration Manager is the solution to comprehensively assess, deploy, and update your servers, clients, and devicesacross physical, virtual, distributed, and mobile enviroments. Optimized for Windows and extensible beyond, it is a great choice for gaining enhanced insight into, and control over, your IT systems. - Microsoft System Center Essentials combines both physical and virtual solutions for IT management for organizations with up to 500 PCs.

Windows Intune Product Guide

40

Windows Intune functionality

Fits your business

Key benefits Windows 7 Enterprise Upgrade Rights Update Management Endpoint Protection Hardware and Software Inventory Remote Assistance Alerts and Monitoring Software Distribution Mobile Device Management Operating System Distribution Support Server Operating Systems

Windows Intune

On-premises

1 2

The Alerts workspace within Windows Intune manages for a pre-defined list of common issues. Windows Intune delivers basic software distribution. For guidance on software distribution with Windows Intune, review the Best Practices for Deploying Software with Windows Intune whitepaper.
1 2

Windows Intune Product Guide

41

Windows Intune functionality

Fits your business

Update management comparison.

Windows Intune deploys Microsoft and most third-party software updates without the need and cost of added infrastructure. Comparatively, enterprise-class solutions such as System Center Configuration Manager have premium software update capabilities, but also require additional server investment. With Windows Intune, you get the same list of updates as Windows Software Update Service, with the same level of control. But you dont need on-site infrastructure. Updates are delivered directly to any of your managed PCs that have an Internet connection.

Endpoint protection comparison.

The endpoint protection included with Windows Intune is powered by the same trusted malware protection engine tried and tested in Forefront Endpoint Protection, so it can deliver alerts and infection reports in a similar manner. However, Windows Intune requires no server infrastructurethe cloud-based service provides this functionality without the need for additional hardware.

Version rights comparison.

The Windows Intune subscription gives your business the best of Windows today and keeps you up-to-date in the future. You automatically gain access to future versions of Windows operating systems and the latest enhancements that we add to the Windows Intune cloud service. To gain this same level of support using other solutions, you would need to enroll in Microsoft Software Assurance.

Achieve big-tech results with a small-tech investment.

With Windows Intune, you get the best Windows experience and a single Web-based console to manage and secure your PCsall in one subscriptionwith low investment, minimal overhead, and simple billing. The result? Less hassle, and peace of mind knowing that your employees PCs are well-managed and highly secure.

Windows Intune Product Guide

42

Simplify
PC management.

Amplify
productivity.

SECTION 3

Conclusion A comprehensive PC management solution.

For more information, visit www.windowsintune.com.

Windows Intune is a comprehensive desktop solution that includes PC management, endpoint protection, and Windows upgradesto help you achieve big-tech results with a small-tech investment. You can depend on Windows Intune to keep your PCs running at their best, so your computers and users can operate at peak performance from virtually anywhere.
The Windows Intune cloud service builds upon Microsofts experience in developing: Online services including Microsoft Hotmail, Windows Update, and Exchange Online. PC protection software, including Microsoft Security Essentials and Forefront Endpoint Protection 2010. Robust management tools in the System Center family.

Windows Intune Product Guide

43

Microsoft Desktop Optimization Pack.

This toolset (DaRT) enables us to restore clients instantly without rebuilding them saving up to six hours per instance.
Technical Support Center, UMC Health System

With your Windows Intune subscription, you also have the option to purchase the Microsoft Desktop Optimization Pack (MDOP) add-on, a set of on-site advanced desktop management tools. MDOP can help further enhance security and control and help you resolve critical issues that could not be addressed by the cloud service, such as diagnosing and recovering unbootable PCs. MDOP includes the following technologies: Microsoft BitLocker Administration and Monitoring New! Enhances BitLocker by simplifying deployment and key recovery, centralizing provisioning, monitoring and reporting of encryption status for fixed and removable drives, and minimizing support costs. Microsoft Diagnostic and Recovery Toolset Reduces downtime by accelerating troubleshooting, repair, and data recovery of unbootable Windows-based desktops. Microsoft Advanced Group Policy Management Enhances governance and control over Group Policy through robust change management, versioning, and role-based administration. Microsoft Application Virtualization Turns applications into centrally managed services that are never installed, never conflict, and are streamed on-demand to end users. Microsoft Enterprise Desktop Virtualization Enables deployment and management of Microsoft Virtual PCs to address key enterprise scenarios, primarily resolving application compatibility with a new version of Windows. Microsoft System Center Desktop Error Monitoring Enables proactive help-desk problem management by analyzing and reporting on application and system crashes. Microsoft Asset Inventory Service Note: This is already delivered to you via the Windows Intune cloud service. The technologies in MDOP are updated regularly, and MDOP subscribers will automatically have access to updates and additions. Visit http://www.microsoft.com/ windows/enterprise/products/mdop/default.aspx for more information.

Windows Intune Product Guide

44

Disclaimer.

This document is provided for informational purposes only, and Microsoft makes no warranties, express or implied, with respect to this document or the information contained in it. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form, by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. 2011 Microsoft Corporation. All rights reserved.

Windows Intune Product Guide

45