Tải bản đầy đủ - 0 (trang)
Skill 3.2: Deploy software by using Microsoft Intune

Skill 3.2: Deploy software by using Microsoft Intune

Tải bản đầy đủ - 0trang

that are outside of the corporate network. You can use Microsoft Intune to approve or decline

updates, configure installation methods, deploy updates, or monitor the progress of these


This section covers how to:

Use reports and In-Console Monitoring to identify required updates

Approve or decline updates

Configure automatic approval settings

Configure deadlines for update installations

Deploy third-party updates

Use reports and In-Console Monitoring to identify required updates

Microsoft Intune provides dashboard reporting for updates required by managed devices. There are

several locations from which you can obtain information about updates, but the Updates page, shown

in Figure 3-7, is the most comprehensive.


The Updates page in Microsoft Intune

The classic Intune portal still provides extensive reporting capabilities relating to software updates

for operating systems that you install with the Intune client. The client is no longer required for

managing devices running Windows 10 because these can be auto enrolled and managed using Azure

Active Directory, and reflects the new modern way that Windows 10 receives security and feature

updates on an automatic basis.

If you want to manage software updates on Windows 10 devices, using Intune, you will need to

install the Intune client and use the classic portal.


The Updates workspace is not displayed in the Intune classic admin console until you have

installed the Intune client onto at least one computer client.

The Updates page contains a dashboard view displaying the overall update status for devices

managed by Microsoft Intune. It also groups updates according to type and provides links to view

updates by those groups. When you click any group, Microsoft Intune displays the updates

corresponding to the group. To obtain more detailed information, you can create and view a report by

clicking the View Update Reports link in the Overview section of the Updates page. After clicking

View Update Reports, you are presented with the Update Reports page, from where you can configure

report settings and generate a report to view specific updates as shown in Figure 3-8.


The Update Reports page in Microsoft Intune

To generate a report, you should specify the specific criteria of updates you want to see, including

the following:

Update classification

Update status

Microsoft Security Response Center (MSRC) rating

Effective approval

Device group (if configured)

When the parameters of the report have been set, you can generate and view the report by clicking

View Report. The report is generated and displayed in a new window and can be printed or exported.

Approve or decline updates

To deploy updates to Microsoft Intune clients, you must approve them in the classic Intune

Administration console. To choose how to handle an update, perform the following steps:





In the classic Intune Administration console, click the Updates workspace.

In the All Updates node, select the update(s) that you want to approve.

Click Approve or Decline in the toolbar, depending on how you want the update handled.

On the Select Groups page, shown in Figure 3-9, select the groups to which you want the update

deployed, click Add, and then click Next.


Selecting groups to which the update will be deployed

5. On the Deployment Action page, shown in Figure 3-10, select the approval status for the update.

You can choose from among Required Install, Not applicable, Available Install, and Uninstall.


Choosing approval status for an update

6. Click Finish.

Configure automatic approval settings

Automatic approval rules enable you to configure Microsoft Intune to approve updates automatically,

based on product category and update classification. When you configure an automatic approval rule,

the update will be deployed automatically rather than requiring an administrator to perform manual

approval. For example, you might configure an automatic approval rule for Windows 10 operating

system updates that are classified as critical or security.

Any Windows 10 operating system update that Microsoft publishes that has the critical or security

classification will automatically be deployed to Microsoft Intune clients.


Remember that approval rules will only apply if Microsoft Intune manages the product and

classification that are the subject of the rule. There’s no sense in configuring an approval rule for

Windows 10 updates if Microsoft Intune isn’t configured to manage updates for Windows 10


To create an automatic approval rule, perform the following steps:

1. Select the Admin workspace of the classic Intune Administration console.

2. Click Updates. Scroll to Automatic Approval Rules, and then click New.

3. On the General page of the Create Automatic Approval Rule Wizard, create a name and provide

a description for the rule, and then click Next.

4. On the Product Categories page, select the products to which the automatic approval rule

applies, and then click Next.

5. On the Update Classifications page, select the update classifications for which the rule will

perform an automatic approval, and then click Next.

6. On the Deployment page, select the Intune groups for which the automatic approval rule will

approve the update. If you scroll down, you can also configure an installation deadline for

updates approved by this rule. Click Add, and then click Next to proceed.

7. On the Summary page, click Finish to complete the installation of the updates.

Configure deadlines for update installations

In the previous steps for configuring automatic approval, you had the option to choose an installation

deadline for updates. In order to choose an installation deadline, you must first select the check box

labeled Enforce An installation Deadline For These Updates. Once this check box has been selected,

you can choose from the available options to enforce the deadline for installation:

1 Day After Approval

3 Days After Approval

7 Days After Approval

14 Days After Approval

21 Days After Approval

28 Days After Approval

If the update is not installed, or if the computer is not restarted before the deadline configured for

the update, the update will be automatically installed when the deadline passes and the computer will

be automatically restarted, if required by the update.

Deploy third-party updates

You can also use Microsoft Intune to deploy updates from third parties. You do this by manually

uploading the update files, which can be in MSI, MSP, or EXE format. To upload and configure a

third-party update to Microsoft Intune, perform the following steps:

1. In the Updates workspace of the classic Intune Administration console, click the Add Updates

item on the right side, under Tasks.

2. On the Before You Begin page, click Next.

3. On the Update Files page, select the file you want to upload, and click Next.

4. On the Update Description page, complete the fields describing the update, and then click Next.

5. Select a classification. You can choose from among Updates, Critical Updates, Security

Updates, Update Rollups, or Service Packs. Click Next.

6. On the Requirement page, select the operating system and architecture (x86 or x64) requirements

for the update, and then click Next.

7. On the Detection Rules page, specify how Microsoft Intune can check whether the update has

already been deployed on the Microsoft Intune client. This check can be performed by looking

for an existing file, an MSI product code, or a specific registry key. Click Next.

8. On the Prerequisites page, identify any prerequisite software required for update installation and

then click Next. You can specify None if no prerequisites are required or specify an existing

file, an MSI product code, or a specific registry key.

9. On the Command Line Arguments page, specify any command-line arguments required to deploy

the update and then click Next.

10. On the Return Codes page, specify how Intune should interpret return codes the update

installation generates. Click Next. Finally, click Upload to complete.

After the update is uploaded to Intune, you can approve it using the same method you use to

approve other software updates.

Skill 3.3: Manage devices with Microsoft 365 Solution

You can use Microsoft 365 to extend traditional device management beyond the corporate network

and into the public Internet. With the cloud-based nature of the Microsoft 365 components, devices

will be secure, productive and manageable from any location, with the only specific requirement

being an Internet connection. This skill will review the management capabilities of Microsoft 365 and

how you can use those capabilities to manage devices in your organization.

This section covers how to:

Provision user accounts

Enroll devices

View and manage all managed devices

Configure the Microsoft Intune subscriptions

Configure the Microsoft Service Connection Point role

Manage user and computer groups

Configure monitoring and alerts

Manage policies

Manage remote computers

Provision user accounts

Microsoft 365 is a solution that integrates several products providing the combination of Office 365,

Windows 10, security, and device management capabilities. With the range of features included, each

licensed Microsoft 365 user will be able to be more productive, while at the same time protecting the

business from the malicious attacks and potential data loss.

User accounts are an important part of Microsoft 365 functionality. You can control the application

of Microsoft 365 management functionality for specific users, depending on how they are configured,

and to which groups they belong.

You can add users to Microsoft 365 in several ways including:

Create users manually in the Microsoft 365 Admin Center.

Synchronize user accounts with Active Directory Domain Services.

Import users from a comma-separated values (CSV) file.


A user must have a license to your Microsoft 365 subscription before they can sign in and use the

Microsoft 365 service. When a user has a license, they are able to download the latest version of

Microsoft Office to their device. They can also enroll up to five devices into Microsoft Intune.

Creating users manually

You can create users manually within the Microsoft 365 Admin Center by entering the information

about each user. To create a user account in Microsoft 365 Admin Center, perform the following


1. Sign into Microsoft 365 using https://www.office.com, and click the Admin tile.

2. On the Admin center Home page, click Add a User in the Users area.

3. On the New user complete the fields (Display Name and User Name, Product licenses, are

required fields) and then click Next.

4. Click Add.

Synchronizing user accounts with Active Directory Domain Services

Microsoft 365 can integrate with Active Directory Domain Services (AD DS) to provide user

account synchronization from AD DS to Microsoft 365. This synchronization process enables you to

avoid duplicate account creation and information by leveraging the information already stored in your

on-premises Windows Server Active Directory (AD DS), and importing it into Microsoft 365 through

the synchronization process. Microsoft 365 uses Azure Active Directory (AAD) to store user

information, which can also be used with other Microsoft cloud products such as Microsoft Azure

and Office 365.

The primary component required by the synchronization process is the Azure Active Directory

(AD) Connect tool, which provides integration between AD DS and AAD. Once configured, Azure

AD Connect will synchronize selected AD DS user accounts and information to Microsoft 365. You

can synchronize Microsoft 365 with AD DS by using Azure AD Connect in two primary ways:

Azure AD Connect sync Azure Active Directory Connect synchronization services (Azure AD

Connect sync) synchronizes identity data between your on-premises environment and Azure AD.

Optionally, password information is synchronized from AD to AAD to enable the users to

maintain a single user account and password. An alternative to password synchronization is

passthrough authentication, where authentication requests are forwarded back to Azure AD

Connect on-premises.

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Skill 3.2: Deploy software by using Microsoft Intune

Tải bản đầy đủ ngay(0 tr)