UVM-owned Windows devices are managed by Intune, Microsoft’s endpoint management platform. Intune is the replacement for System Center Configuration Manager (SCCM) and is a cloud-based solution which enables better management of the modern, hybrid workforce. With Intune came some user-facing changes, outlined below.
Windows Updates
Intune uses more tools already built into the Windows operating system and leverages the native Windows Update utility for detecting and installing necessary Windows updates. This replaces the Software Center application used by SCCM and changes the behavior of update notifications and automated reboots. More information can be found here: https://www.uvm.edu/it/kb/article/windows-intune-windows-updates
Application Installs/Updates
Intune uses an application named Company Portal to perform application installs and updates. Company Portal replaces the Software Center application provided by SCCM and provides similar functionality. Company Portal can be used to install UVM-provided applications with a single click and without the need to provide administrator credentials. Company Portal also keeps many applications up to date automatically. More information about applications can be found here: https://www.uvm.edu/it/kb/article/windows-intune-application-installation
Encryption
All Windows devices must be encrypted, including desktop, laptops, and tablets. This means that all PCs running Windows will be encrypted automatically (so long as the prerequisites are met). This change should not have significant user impact. More information about Windows device encryption, including how to access a recovery key, can be found here: https://www.uvm.edu/it/kb/article/windows-intune-bitlocker-recovery
Syncing Intune Policy
Intune policy syncs from Microsoft cloud nodes, no longer requiring a device to be on campus or connected to the VPN to receive updated configurations. This enables more consistent communication for timely access to security updates and enhanced troubleshooting tools. Intune policy syncs roughly every 8 hours by default and occasionally ETS may ask users to manually sync their machine to pull a critical change down or during troubleshooting. More information about manually syncing Intune policy can be found here: https://www.uvm.edu/it/kb/article/windows-intune-policy-sync