This article is still a draft and the information contained is subject to change and/or may result in inconsistent results.
Enterprise Technology Services (ETS) will be migrating UVM-owned Windows devices to Intune, Microsoft’s endpoint management platform, in mid-2024. Intune is the replacement for System Center Configuration Manager (SCCM) and is a cloud-based solution which will enable better management of the modern, hybrid workforce. With Intune comes some user-facing changes, outlined below.
Windows Updates
Intune uses more tools already built into the Windows operating system and leverages the native Windows Update utility for detecting and installing necessary Windows updates. This replaces the Software Center application used by SCCM and changes the behavior of update notifications and automated reboots. More information can be found here: https://www.uvm.edu/it/kb/article/windows-intune-windows-updates
Application Installs/Updates
Intune uses a new application named Company Portal to perform application installs and updates. Company Portal replaces the Software Center application provided by SCCM and provides similar functionality. Company Portal can be used to install UVM-provided applications with a single click and without the need to provide administrator credentials. Company Portal also keeps many applications up to date automatically. More information about applications can be found here: https://www.uvm.edu/it/kb/article/windows-intune-application-installation
Administrator Escalation Behavior
The move to Intune includes a significant increase in information security. One of these changes is requiring administrator credentials when a process or application requires elevation. This means, even if you are already running as an administrator on your computer, you will be prompted to enter your admin credentials when performing a task that requires elevated privileges. This is being implemented to ensure only those processes users are running directly can escalate to admin privileges which reduces the changes of malware or ransomware from infecting your computer. More information about this administrator escalation prompt can be found here: https://www.uvm.edu/it/kb/article/windows-administrative-prompt
Encryption
Another security change/enhancement is the new requirement for all Windows devices to be encrypted, not just laptops and tablets. This means that all desktops running Windows will also be encrypted automatically (so long as the prerequisites are met). This change should not have significant user impact and Intune provides self-serve encryption key recovery. More information about Windows device encryption, including how to access a recovery key, can be found here: https://www.uvm.edu/it/kb/article/windows-intune-bitlocker-recovery
Syncing Intune Policy
Intune policy syncs from Microsoft cloud nodes, no longer requiring a device to be on campus or connected to the VPN to receive updated configurations. This enables more consistent communication for timely access to security updates and enhanced troubleshooting tools. Intune policy syncs roughly every 8 hours by default and occasionally ETS may ask users to manually sync their machine to pull a critical change down or during troubleshooting. More information about manually syncing Intune policy can be found here: https://www.uvm.edu/it/kb/article/windows-intune-policy-sync