You can now use the groups that you created previously to deploy both Windows Intune Policies and Microsoft updates. If you want to manage closely the updates that Windows Intune can control, then you can use the Approve or Decline options in the updated workspace. However, if you want to ensure that critical or security updates install on your managed computers, you can use the Windows Intune auto-approval rules. The following steps take you through the process of setting up an auto-approval rule that automates the process of approving updates within the classifications you select.
From the Windows Intune Administration Console, click Administration and Updates.
Select Automatic Approval Rules, scroll down to the bottom of the page, if required, and then click New…
Type in a Rule name such as Default Approval Rule and then click Next.
Check the All Categories option and click Next.
Select the update classifications that you wish to approve automatically. We recommend that you select the categories shown in Figure 13 for automatic approval, because these categories help keep your managed computers protected from new threats or vulnerabilities.
Figure 13. Approval Rule Classifications
When you have selected the classifications you want to automate, click Next.
Select the groups to which you want to deploy this rule. For example, to deploy the rule to your managed computers, select the All Computers group.
Click Run Selected to force this rule to evaluate all updates currently on the system and make those updates available to the managed computers the next time they check in (every eight hours by default). Alternatively, if you click Save at this point, the rule will only apply to future updates as they are released.
As managed computers check back with the service, they receive instructions to apply critical and security updates as soon as those updates are available. Use the Updates workspace to review and approve updates that you wish to apply manually.
Set Up Alert Notifications
Windows Intune tracks alerts for your managed computers, which you can monitor through the Alerts workspace or by having the service send the alerts directly to nominated email addresses.
To configure alert notifications, in the Windows Intune Administration Console click the Administration workspace tab.
Click on Alerts and Notifications.
Click Recipients and click the Add option as highlighted in Figure 14.
Figure 14. Add Recipient
Add the required notification email aliases.
Being an alert recipient does not automatically grant access to the Windows Intune Administration console. If you want to allow any of these recipients to log on to the console, you must add them as an administrator.
Next select Notification Rules and select the Alert rules for which you want to send emails.
Click Select Recipients as highlighted in Figure 15.
Figure 15. Select Notification Rule
Select the email recipients who will receive an email for these alerts.
Reports can help you answer a range of questions, such as how many computers have a particular application or update installed, what malware was blocked, or which users needed Remote Assistance over the last month. Windows Intune provides a set of built-in report templates that can be used as-is, or you can create custom reports based on views within the Windows Intune workloads.
These reports can be printed or exported, either in HTML format or as comma separated value (CSV) files. With the export feature, you can take Windows Intune data and import it into whatever program you use for analysis. For example, you can import the data into Microsoft Excel and create tables and graphs for use in management presentations.
Customizing Report Templates
The following steps show how to create a Windows Intune Update report to identify computers that have pending updates:
Click the Reporting workspace tab.
Click Update Reports.
Customize the report settings to look like those in Figure 16.
Figure 16. Custom Update Report
Click View Report
This action generates a report similar to that shown in Figure 17. This information can help you identify and troubleshoot computers with outstanding updates.