Microsoft Intune Suite - Deploying Apps, Updates & Managing Security!
Vložit
- čas přidán 29. 06. 2024
- In Part 2 of my 2 part series on Intune Suite, I take a look at deploying apps, updates and managing Intune’s Endpoint Security features. It’s so important to keep your skills up to date. Intune has certainly gone through a lot of changes recently and it’s super important to keep up to date. In addition to managing devices, profiles and licensing, all of which was covered in part 1. It’s super important to k ow how apps work and how and where to deploy them. In addition, security should always be at the forefront of one’;s mind and is a core component of Microsoft’s Zero Trust strategy. Finally ensuring that your operating system is updated is critical, so here I’ll discuss the benefits of Windows Update for Business and how to deploy updates.
Visit me at Andymalonr.org
Timecodes
00:00 Introductions
01:11 Managing Software in Intune
04:21 Intune App Protection Policies
06:55 Intune App Configuration Policies
11:09 Intune Policy Sets
13:52 Endpoint Security - Baseline Security Policies
18:27 Endpoint Security Settings
24:45 Managing OS Updates & More
32:25 Session Conclusions and next steps
Thank you for the awesome tutorial once again Andy! I have been binge watching your playlists! Learning so much
Another good tutorial Andy thanks very much
Another great video Andy. You really rock.
First! Great Video Andy, thank you for putting this together very helpful
Another excellent tutorial Andy. Really enjoy your videos. As orhers have said, a brief overview of how Windows Autopatch fits into the update rings equation would be really handy 👍
No worries, I’ll add it to my list 😊
Amazing & awesome tutorials Sir.
Amazing and SO helpful
Cheers Andy - thanks for this.
Thanks John
@@AndyMaloneMVP Hey Andy - do have any plans to do a vid on MD 102 MCP exam?
@@extramild1 unfortunate there is no courseware available yet John. I do however believe that it’s being released shortly, which will hopefully then allow me to develop something. However, I would say that both of my recent videos to cover quite a bit of the content.
Hi Andy, I enjoy watching your guides, they are very easy to understand, and you have a great way to teach Intune. To the end you talk about windows update rings and how to make them yourself. But as we now have Autopatch, I think Microsoft have taken update management to a new level in Intune. Are you comming with an episode on Autopatch and all the new functions in the May 2023 release?
I’ll do a video on that n due course 👍
Great 😊
Hey Andy, the Intune series has been really useful. What’s the best way of licencing if for example in a 200 person org, 150 users only use a mobile for day to day work, using the Outlook & Teams mobile apps with a business basic licence, and the other 150 users use workstations and have a business premium licence & managed by Intune. The 150 mobile users therefore can’t be managed by intune but upgrading to premium is cost prohibitive
Hi Cris, thanks for the question. Business basic is exactly that, it’s a very basic addition of Microsoft 365. However, that said, all versions of Microsoft 365, come with a version of MDM on mobile device management, which includes mobile devices, but not PCs or Macs. You would need to upgrade to business premium for the full in tune suite but yes, you can use a combination of both, although you may find your business basic users limited in what they can do. Check out M365 maps.com and compare the plans through the visual aid it may help. Thanks again, and all the best, Andy
Great tutorial!! Just a small doubt though. Are update ring policies a combination of feature and quality update policies? Do we need to configure feature and quality update policies if we are using update ring policies?
You can do together or separately. Learn.Microsoft.com
What kind of groups is best practise to assign to update rings, devices or users? When applying to users, like your Sales group it is applying to all device where the users are logging in.
Security Groups - Devices
Thanks for the vid. What is the best and easiest method for third party app updates?
Intune :-0)
@@AndyMaloneMVP thanks for the reply. Right now my company is having a hard time dealing with updating these other applications through InTune and they seem pretty manual heavy. I heard MSFT is going to flesh this out more for non-Microsoft products. The only thing I am finding on the web is using 3rd party tools such as Patch My PC as the answer. Can a video be done detailing on how you would go about patching 3rd party applications or is there a resource out there already on this that I am missing? Thanks again.
@@deitybnb8217Give a try to "Winget AutoUpdate", maybe it's not the most powerful option but very simple to implement on InTune
Hi, Great video. I have configure update ring to download windows and office updates on monthly base but i'm only getting windows update. Office 365 is not updating. Do I need configure any configuration profile
365. Uses a separate mechanism to download office updates. But this can be done within the tune portal or separately in the Microsoft 365 portal for more documentation visit, learn.microsoft.com.
What would be the best way to update pre-existing Windows App packages with a newer version of the software?
For instance, with an app type of Line-of-business, can I simply replace the MSI with the newer version of the application or would it be better to create another identical app with the new version and deploy that then come back to the old app and uninstall from all users by changing the assignment.
Thanks
You can do this in configuration policies in inches. More details I will check out lined up microsoft.com opposite the Microsoft community. Either way, I wish you success.
Use supersedence.
Hi Andy, I noticed when I retire a device in intune, users who are logged on to edge browser ( edge for business), the profile is not removed and they can access one drive, sharepoint. I did a restart and still they were able to access. After that I unjoin the device from
Domain and restarted. This time I could see the work profile still on edge browser but I was asked to switch to edge profile and forced me to register on intune. Now I have set policies in place to block personal device but my worry is that browser will remain active even when I retire the device in intune. And if sync is enabled there could be other devices with access if somehow they managed to log on. If there is a breach attacker could potentially get access to confidential sites. Is there a solution to this
Enterprise roaming stores these settings. Disable it for the user / device
Hello Andy, thanks for the video. When i click on zoom in microsoft apps(new), i get an error message that says...""The selected app does not have a valid latest package version", what could be the reason?? thanks
So a fresh download of the app and try to re publish. Sounds like a corruption.
Is it possible to deploying apps that have alot of installation steps? Like importing a lisence file, choosing server address, choosing a database etc?
These types of apps require a special deployment method as they are classed as Legacy applications. He is more details. learn.microsoft.com/en-us/mem/intune/apps/apps-win32-add
good
Do you know when win32 apps will be available for instalaltion through th enew intunes? all o fthem seem to say currently unsupported in preview for example zoom, teams etc
If you go to learn.microsoft.com, there is an article on converting Win32 based apps into an Intuwin file. Once package to you, then decline like any regular app in Intune.
@@AndyMaloneMVP Sorry is this different than Win32 apps ? Is this referring to the new Microsoft Store (New) ?
Hi,
why would we want to deffer updates these days. Is it not true that updates etc are first made available for home editions etc, and after a while made available for the "business" OS's ?
For small organisations, it’s not an issue, but for large organisations with thousands of PCs, it could be a problem. This is why 😊
What about auto update app in intune ?? I don't want to update app version manually so what we have to follow??
I would read the accompanying documentation which can be found on lynne.microsoft.com for more details.
Is there any way to auto updates for non windows apps & window app ?? I deploy the app in intune and How we know that new version is available or not??
You can do this in Intune, but the vendor has to support it. You need to check the vendor support pages.
@@AndyMaloneMVP What about auto update app in intune ?? I don't want to update app version manually so what we have to follow??
Is there a way to block auto updates for non windows apps (apps from for example Apple store)
You can block apps from the update store, I’m not sure about updates. But I’ve heard it will be added as a feature in the future.
@@AndyMaloneMVP Thank you for the clarification!
Is it possible to update ios apps via intune? We hide the app store and can't figure out how to push out updates
Yes, you can update apps within in tune, but you do not have control of which particular non-Windows updates at the moment.
@@AndyMaloneMVP ok thanks
you didn't show the full process after creating the APP you should show how it gets deployed to the machine or how to manually pull down the app.