SharePoint Stuff



Posts Tagged ‘Intune’

Azure AD DS Hybrid with Azure AD and Intune MDM Q&A

Written by Luke Smith. Posted in Microsoft

Q1: Why can’t I “factory reset” my Windows 10 device even though it’s listed in Intune under “Azure AD Devices”, however the device is not listed in All Devices
A1: Azure AD Join devices don’t allow you to factory reset. Your device needs to be enrolled with Intune MDM before the device can be “factor reset”. To enable Intune MDM run though the following
1. Enable Intune MDM integration with Azure AD: https://docs.microsoft.com/en-us/intune/windows-enroll
2. License user for EMS (AD Premium and Intune required): https://docs.microsoft.com/en-us/intune/licenses-assign
3. Device Enrolment: https://docs.microsoft.com/en-us/intune-user-help/enroll-your-w10-phone-or-w10-pc-windows
4. To force intune MDM enrolment you can install the company portal app from the Microsoft Store: https://www.microsoft.com/en-gb/store/p/company-portal/9wzdncrfj3pz
NB: if joining windows AD DS and Azure AD see Q3:

Q2: Can I factory reset a Windows 10 device which is Windows AD DS Joined, Azure AD Joined and Intune MDM Managed
A2: Yes, to configure please see Q3

Q3: can I automatically enrol a windows 10 windows AD DS joined device into MDM and Azure AD
A3; Yes, however you need to be using build 1709 or above, for more information please see : https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup and
https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy

Q4: Is it possible to add the BitLocker Protector key to AzureAD? even if you enabled BitLocker before the device was Azure AD Join?
A4: Yes, the following PowerShell will need to be executed:

Add-BitLockerKeyProtector -MountPoint “C:” -RecoveryPasswordProtector
$BLV = Get-BitLockerVolume -MountPoint “C:”
BackupToAAD-BitLockerKeyProtector -MountPoint “C:” -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId

Further information:

Intune make sure the DNS CNAMEs are created: https://docs.microsoft.com/en-us/intune/windows-enroll#simplify-windows-enrollment-without-azure-ad-premium
Intune Factory reset\Remove company data descriptions: https://docs.microsoft.com/en-us/intune/devices-wipe
Intune Non-windows updates: https://docs.microsoft.com/en-us/intune/whats-new
Intune device compliance policies: https://docs.microsoft.com/en-us/intune/device-compliance-get-started
BitLocker Management: https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-management-for-enterprises

Windows Intune

Written by Luke Smith. Posted in Microsoft

System Overview Page

The System Overview workspace provides a starting point for assessing the overall health of computers across your organization, identifying issues, and performing basic management tasks such as creating computer groups and viewing reports.

To assess computer health, identify issues, and manage computers, the System Overview workspace provides the following areas:

  • In the Notice Board area, alerts provide information about key management tasks and links to configuration settings and other areas in the console so that you can complete tasks such as configuring automatic approvals for updates and downloading the Windows Intune client software.
  • In the System Status area, status summaries for Malware Protection, Updates, and Agent Health let you quickly identify and prioritize issues that require your immediate attention.
  • In the Alerts by Type area, a list of all active alerts grouped by type and sorted by severity provides an additional tool for assessing the health of computers in your organization and for proactively addressing issues.
  • In the Learn About area, you can access a link to Windows Intune newsgroups, where you can post questions and share information with other members of the Windows Intune community.

 

Computers

Computers Overview page provides status summaries for Alerts, Malware Protection, and Updates so that you can quickly assess the health of computers in your organization. Status summaries flag potential or current problems, to help you prioritize your time and take appropriate action. Windows Intune provides a hierarchical view of computer groups, to let you view status summaries for a specific computer group, and then identify and resolve problems on direct members of the group.

Updates

 Updates workspace administers the software update process efficiently for all the managed computers in your organization. The Windows Intune administrator console supports and encourages best practices for update management and lets you focus on your environment and the tasks that you have to perform.

When a managed computer in your organization requests a new software update that is published through Microsoft Update, an update notification is displayed in the Windows Intune administrator console. Each update contains a set of applicability rules. Whether an update is applicable is determined by the hardware and software that is installed on the managed computer. For example, a computer that is running Windows Vista® will not evaluate a Windows XP update. Based on the results of this evaluation, you can decide whether to approve the update.

As updates are approved and installed on managed computers, the update status changes to reflect the success or failure of the installation. Learning how to view and interpret the status of an update enables you to manage updates easily across your organization.

Malware Protection

Malware Protection helps enhance the security of managed computers in your organization by providing real-time protection against potential threats; keeping malicious software, or malware, definitions up-to-date; and automatically running scans. For ease and centralization of computer management, Windows Intune includes a policy template with Malware Protection Agent settings so that you can create a policy and deploy it to multiple computers.

Alerts

 Alerts workspace quickly assesses the overall health of managed computers in your organization. Alerts let you identify potential or current problems and take action accordingly, to prevent or minimize negative effects on business operations.

You can view alerts in multiple ways. For example, you can view all recent alerts to obtain a broad picture of computer health. Or you might want to investigate specific issues that are occurring on members of specific computer groups or for specific workspaces, such as Malware Protection in Windows Intune. By using filters, you can view all alerts of a specific severity level, and you can display alerts that are active, or alerts that are closed.

Software

Software workspace lists programs that are installed on all client computers that you are managing by using Windows Intune™ and lets you sort the inventory by software publisher, name, installation count, or category. Each software title has its own entry in the list. You can also search for specific software.

Licenses

Licenses workspace of Windows Intune™ lets you upload Microsoft Software License Terms information to Microsoft Volume License Services (MVLS), and lets you determine the license entitlement that corresponds to a set of Microsoft Volume License agreements.

You can enter license agreements in Windows Intune by providing one or more pairs of numbers for each agreement: the authorization or agreement number, and the license or enrolment number. These numbers are supplied by MVLS when licenses are purchased, upgraded, or renewed.

Policy

Policy workspace configures policies that manage settings for Updates, Malware Protection, Windows Firewall, and Windows Intune Center on computers. You can create policies based on templates, configure policy settings, and then deploy policies to groups of computers. Additionally, you can search for policies by name or description.

Report

View reports on Updates, Software and Licenses Purchased

Administration

 Administration workspace lets you download the most current version of the client software, view details about your Windows Intune™ account (such as account name, status, and active seat count), and add administrators to your account. You can also use tools in the Administration workspace to configure the kinds of updates that you want to deploy to client computers in your organization, and send email notifications to other people in your organization when specific alerts are generated.