windows intune start to finish
TRANSCRIPT
Windows Intune Getting Started Guide
Cloud Based Device Management
By Stuart King
Windows Intune is a cloud based Device Management monthly subscription solution from Microsoft which can be used to manage, secure, update and deploy applications to PCs, laptops, mobile devices including iPhones / iPads / Andriod devices etc.
It's perfect for organisations who wish to manage internet enabled devices but have no dedicated IT staff or dedicated management hardware. Or for oganisations who wish to lower their device management costs.
IT administrators simply login to the Windows Intune Admin Console via a web browser and manage all the devices in an organisation.
End users simply login to their "Company Portal" and from there they can enroll and manage their devices and access applcations.
Windows Intune also includes the superb Windows Intune Endpoint Protection anti-virus / malware for those that require a business grade anti-virus solution.
Step 1: Send Windows Intune Trial to Client
Login to account.managemicrosoft.com
Navigate to the Partner Link and create a trial link
Sign up for Windows Intune on behalf of the client using their O365 default Admin details if present
Step 2: Login to your Windows Intune Admin account
Once you have setup your Windows Intune Admin account you will need to login. To do this go to:
Windows Intune Account Admin or type account.manage.microsft.com in to any web browser
From here you can add Users, assign and purchase more licenses etc as shown below:
Step 3: Navigate / Login to the Windows Intune Admin Console
From the Windows Intune Account Admin select the Admin Console link as shown above. This is where the actual configuration of Windows Intune takes place. From here you can:
Download the client software
View an easy to understand Overview of your IT estate health
Create Groups of Users or Computers or both
Configure and or Approve Updates for various Microsoft products
Configure and get overviews of Endpoint Protection
Configure Alerts and Monitoring
Deploy and Manage software
Manage Microsoft Volume Licensing and Software Licensing Agreements
Configure, app and deploy Policies
View Reports
Administer your Windows Intune Admin Console
Step 4: Download the Windows Intune Client software
First you will need to download the Windows Intune Client software. You do this by:
Navigating down to Administration then select Client Software Download as shown below:
This will download the Windows_Intune_Setup.zip file
Once downloaded, right click on this file and select Extract
This will then produce a Windows_Intune_Setup folder which contains 2 files - Windows_Intune_Setup.exe and WindowsIntune.accountcert
You must keep these 2 files together
You can then copy the Windows_Intune_Setup folder to a network share or USB drive
Step: 5 Install the Windows Intune Client software / Enroll Devices
Once you have the Windows Intune Client software downloaded, extracted and stored on a network or portable medium, you can now begin to install the client software on your devices. You can install Windows Intune via various methods including:
Install Windows Intune via Group Policy - Useful when rolling out Windows Intune to multiple machines over various sites
Install Windows Intune via Imaging - New computers are automatically enrolled in Windows Intune
Install Windows Intune on a PC by PC basis - Going round each PC and running Windows_Intune_Setup.exe via a USB drive / Share
End users can also enroll their devices via the Company Portal. Use this method to enroll iOS devices such as iPhones.To do this, simply:
Direct end users to your Compay Portal or the Windows Intune website via the URL or email and advise them to select My Account at right hand side
End users then login with their Windows Intune User credentials
Accept the prompt to install the your company's management profile
Step 6: Organise your Computers / Devices in to Groups
Installing the Windows Intune Client doesn't do very much. You now must return to the Windows Intune Admin Console to get the most out of Windows Intune PC / Device Management. A good place to start is to organise your Users, Computers and or devices in to Groups. This is done via the Groups icon in the Windows Intune Admin Console as shown
As with any organisational management, planning your groups and setting a universal scheme and sticking to it will make future deployments and management much easier. So please plan your groups out using schemes such as sites, departments, location, device types etc. Similar to OU planning in Active Directory.
Having numerous Users or Computers as "Ungrouped" will work but will end up being a management and deployment nightmare!
Step 7: Set Policies
OK now you have deployed the Window Intune Client and organised your organisation in to Groups of users and computers. However this still doesn't achieve very much. The enforcement of certain policies will set rules in your organisation. Windows Intune allows the simple creation and deployment policies. To set Policies, navigate down to the Policies icon then select New Policy as shown:
From here you can choose from 4 Policies with Recommended Settings or Create and Deploy Custom Policies, details of these Policies below:
Mobile Device Policy
Windows Firewall Settings
Windows Intune Agent Settings Policy
Windows Intune Center Settings Policy
Step 8: Automatically Approve Windows Updates
One of the primary aims of cloud based device management is to make device administration simple, quick and even automatic. So as an IT admin or someone responsible for IT devices, you don't want to spend all day approving Windows product updates. Be clever and have this done automatically. To do this simply:
Navigate to the Administration icon and select Updates as shown:
Now scroll down to Automatic Approval Rules as shown:
Click New then customise the General, Product Categories, Update Classifications, Deployment and Summary screens then click finish
Future updates will now deploy automatically
Step 9: Configure Alerts
There is NO point in having a device management system if no one ever is alerted to any issues. So configure alerts by:
Navigating to Administration then selecting Alerts and Notifications as shown:
From here you can configure alert type and recipients
Following the above guide should be enough to get you started with Windows Intune