I
L
T
A
W
H
I
T
E
P
A
P
E
R
|
T
E
C
H
S
O
L
U
T
I
O
N
S
6
and Intune has now been enhanced to provide similar functionality. Intune can
now provide not only MSI and Store-based applications, but also a more traditional
media-based installation through the "Win32" app type. This method mirrors
the application model in ConfigMgr, including features like custom return code
handling and detection methods. Unlike the ConfigMgr method however, the
actual content for the application is uploaded to the Microsoft Content Delivery
Network (CDN) and delivered directly from the cloud instead of an on-prem or
Azure hosted distribution server. This in turn means that Microsoft Connected
Cache can be used to provide distribution for high density client sites.
In addition to these app types, Intune also provides special methods for
deploying and maintaining core Microsoft apps; specifically, Microsoft Office
365 ProPlus and the new Microsoft Edge browser. As both are built on the
servicing model, you simply select which servicing channel you want for
the client and it installs directly from the CDN with subsequent app updates
maintained automatically. In the case of Office, you configure the app based on
the Configuration Designer, selecting the architecture, which apps in the suite
to install, etc.
Securing and Updating Windows
Windows 10 is designed to be a secure platform, and Microsoft Endpoint Manager
has numerous options for ensuring the client environment is secure. In addition
to the Endpoint Protection policy in Intune, Microsoft now publishes a Security
Baseline for Windows to make securing the environment easier. Whereas in
the past these Security Baselines were published as ADMX templates for import
into Group Policy, the baselines are now also published directly into Intune for
easy deployment. These baselines contain a preset collection of configurations
designed to provide a more secure profile rather than a blank set of policy
options, and these baselines can be modified after initial testing should any of
the settings conflict with required apps or configurations on end user systems.
The Windows 10 servicing model has allowed for some greater flexibility
in managing updates for endpoints. Whether it be monthly cumulative Quality
Updates or semi-annual Feature Updates, new policy options provide a means
of controlling which systems are updated and when without the need to host and
distribute massive data payloads. Both ConfigMgr and Intune help configure
and manage Windows Update for Business policies which provide a method
Figure 1 Breakdown of the Win32 app model in Intune
