Managing PCs using Windows Intune (Part 4) - Managing Endpoint Protection and Alerts

by [Published on 29 Nov. 2011 / Last Updated on 29 Nov. 2011]

This article demonstrates how to perform different PC management tasks using the Endpoint Protection and Alerts workspaces of the Windows Intune admin console.

If you would like to read the other parts of this article series please go to:

Introduction

Windows Intune is a subscription-based cloud service from Microsoft that lets you manage and secure your company's PCs from anywhere using a web-based console. The previous article in this series examined the  System Overview, Computers and Updates workspaces of the Windows Intune admin console and showed how to perform various PC management tasks using these workspaces. This present article looks at two more workspaces: Endpoint Protection and Alerts.

Note:
This series of articles is based upon a prerelease version of Windows Intune and the final released version may include additional features not included in this version.

Exploring the Endpoint Protection Workspace

Let's start by returning to the System Overview workspace. As you can see from the figure below, there are two alerts relating to malware and the Endpoint Protection status says that we have 1 malware instance on 2 computers in our organization:


Figure 1: We have malware!

To figure out what to do next, we select the Endpoint Protection workspace in the left pane. This displays the Overview pane for Endpoint Protection:


Figure 2: Overview of malware instances on our managed PCs.

In the figure above, under the Malware Status heading, a message says we have "1 recently resolved malware instances." Clicking this link switches us to the All Malware pane, which indicates that we have experienced two infections of the EICAR_Test_File virus but that no follow up is needed because Windows Intune has removed the malware from the affected systems:


Figure 3: We were infected but are now in the clear.

Virus:DOS/EICAR_Test_File is not malware—it's a special test file that can be used to test whether an antivirus application is working properly. You can download this test file from http://www.eicar.org

In the above screen, if we click the link "2 recently resolved computers" we are switched to the Computers tab of the All Malware pane. Here we can see the names of the two computers that were infected with this virus:


Figure 4: The two computers that were infected with Virus:DOS/EICAR_Test_File.

Click the Back arrow in Internet Explorer to return to Figure 3, then click the link "Learn about: Virus:DOS/EICAR_Test_File" at the bottom right of the pane. This opens the page for Virus:DOS/EICAR_Test_File on Microsoft's Malware Protection Center where you can learn everything you need to know about this particular piece of malware:


Figure 5: Learn about Virus:DOS/EICAR_Test_File on Microsoft's Malware Protection Center

Return to the Overview pane of the Endpoint Protection workspace:


Figure 6: Overview pane of Endpoint Protection workspace.

Click the link "Malware Protection Center" under the Tasks heading on the right of the pane. Doing this takes you to the home page of Microsoft's Malware Protection Center where you can learn more about malware and malware protection:


Figure 7: Microsoft's Malware Protection Center

Returning again to the Overview pane of the Endpoint Protection workspace, click the link "Endpoint Protection Overview" under the Tasks heading. This opens Windows Intune online help, where you can learn more about the antimalware capabilities of Windows Intune and how to configure and use them:


Figure 8: Windows Intune online help.

You can also perform certain endpoint protection-related tasks from the Computers workspace. For example, let's select the Vancouver group to display the status of our Windows 7 computers in our Vancouver office:


Figure 9: Some computers in Vancouver have experienced malware infection.

Right-clicking on a managed computer lets you run a full or quick malware scan on the computer or update the malware definition files on the computer:


Figure 10: Running a malware scan on a managed PC.

For example, if you select Remote Tasks | Update Malware Definitions, you're presented with a dialog box like this:


Figure 11: A request to update malware definitions was sent.

Now let's move on to examining the Alerts workspace.

Exploring the Alerts Workspace

Select the Alerts workspace displays the Overview pane of this workspace, which shows you any alerts from Windows Intune concerning your organization:


Figure 12: Overview pane of Alerts workspace.

In the navigation pane, select All Alerts to display a summary list of every kind of alert you've received:


Figure 13: The All Alerts pane.

Two of our alerts relate to malware infection, and selecting the Endpoint Protection pane lets us drill down into these alerts:


Figure 14: Endpoint Protection alerts.

The other two alerts shown here relate to software updates needed to keep our PCs healthy:


Figure 15: Updates alerts.

Note:
In the previous article of this series, we approved all updates needed by our managed PCs. The reason these two alerts still appear in the above figure and the next one is because these screenshots were captured before the updates were approved.

Let's return to the Overview pane for alerts and see how to configure alerts for our organization:


Figure 16: Overview of alerts.

In the above figure, click the link "Configure Alert Type Settings" under the Tasks heading on the right side of the pane. Doing this switches us to the Administration workspace with Alert Types selected in the navigation pane. Here you can see a list of different types of alerts, their level of criticality, and their state (enabled or disabled):


Figure 17: Configuring alert types.

For example, we are currently not receiving alerts when Microsoft Office Excel crashes, so to receive alerts for such events we right-click on that particular alert type and select Enable:


Figure 18: Enabling an alert type.

As you can see from the next figure, this alert type has now been enabled:


Figure 19: We will now receive alerts when Microsoft Office Excel crashes

Now right-click this alert type again and this time select the Configure option, which is available once the alert has been enabled. Doing this opens a dialog box that lets you set threshold levels for the alert:


Figure 20: Configuring thresholds for an alert type.

Clicking the link "View Troubleshooting Information" for an alert displays more information about the alert type as shown here:


Figure 21: More info concerning an alert type.

Now let's specify who can receive alerts. Selecting Recipients in the navigation pane displays the names and email addresses of who are currently receiving alerts. By default, only the person who subscribed their organization to Windows Intune will receive alerts from the service:


Figure 22: The Windows Intune subscriber receives alerts by default.

Let's add Michael Allen, an administrator in our organization, to the list of alert recipients. To do this, begin by clicking the Add button on the toolbar in the above figure. Doing this displays the Add Notification Recipient dialog box shown next:


Figure 23: Adding a recipient for alerts.

The next screenshot shows that Michael has been added to our list of alert recipients:


Figure 24: Michael now receives alerts.

Let's now create a new notification rule for alerts. To do this, select Notification Rules in the navigation pane. You can see from the next figure that there are five default notification rules that cannot be deleted or edited:


Figure 25: The default notification rules.

Although we can't delete or edit a default rule, we can specify who should receive alerts generated for that rule. For example, in the figure above we have selected the Warning Alerts rule, and if we now click Select Recipients on the toolbar we can specify that Michael should be the only recipient of alerts from this rule:


Figure 26: Michael will be the only recipient of Warning alerts.

Now let's create a new notification rule. To do this, click Create New Rule on the toolbar. Doing this displays Step 1 of the Create Notification Rule Wizard. Here we specify a name for our new rule, select alert categories that apply to the rule, and select alert severity for the rule:


Figure 27: Step 1 of the Create Notification Rule Wizard

The next screen shows Step 2 of the Create Notification Rule Wizard. Here we select which groups of computers will generate alerts for this rule:


Figure 28: Step 2 of the Create Notification Rule Wizard

The final screen shows Step 3 of the Create Notification Rule Wizard. Here we specify which people should receive alerts for this new rule:


Figure 29: Step 3 of the Create Notification Rule Wizard

Once we've saved our new rule, it is displayed in the list of notification rules:


Figure 30: The new rule has been created.

If we decide to change the rule we created, we can select it and click Edit on the toolbar. This opens the Edit Notification Rule Wizard which displays the same three steps as before:


Figure 31: You can edit rules you have created.

If you want to temporarily prevent a rule from sending out alerts, you can either right-click on the rule and select Disable or you can click the Disable button on the toolbar. Either way, the rule will be disabled until you enable it again:


Figure 32: You can temporarily disable a rule to prevent it from sending out alerts.

Finally, let's see how we can close out alerts that have been dealt with. Return to the System Overview workspace for a moment:


Figure 33: System Overview workspace.

We still see two alerts here for malware issues, but since the malware infections have been cleaned up by Windows Intune, we really don't need to see these alerts any longer. How do we get rid of them? Go to the Alerts workspace and select All Alerts from the navigation pane, then right-click on any alert you don't want to see any longer and select Close Alert (or use the toolbar) and a strikethrough will be displayed through the alert item:


Figure 34: Closing out alerts.

Once we've closed out these two alerts, our System Overview pane now displays no alerts:


Figure 35: Nothing to worry about.

Conclusion

We've now examined the first five workspaces in the Windows Intune web-based admin console. The remaining articles in this series will examine the last five workspaces.

If you would like to read the other parts of this article series please go to:

Advertisement

Featured Links