Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Understanding Windows Intune Alerts

Updated: December 17, 2012

Applies To: Windows Intune

In the Windows Intune administrator console, you can use the Alerts workspace to quickly assess the overall health of managed devices in your organization. Alerts let you identify potential or current problems and take action accordingly, to prevent or minimize negative effects on business operations.

You can view alerts in multiple ways. For example, you can view all recent alerts to obtain a broad picture of device health. Or you might want to investigate specific issues that are occurring to members of specific device groups or for specific workspaces, such as Endpoint Protection in Windows Intune. By using filters, you can view all alerts of a specific severity level, and you can display alerts that are active or alerts that are closed.

In Windows Intune, alerts also let you respond to user requests for remote assistance, a capability that gives you a key tool for troubleshooting client issues. A user can start a remote assistance request, which generates an alert. When you view the alert, you can accept the request. Accepting the request opens a Remote Assistance via Microsoft Easy Assist session so that you can perform remote troubleshooting on the user’s computer.

To ensure that the appropriate people are notified about alerts, you can configure rules to have Windows Intune send e-mail notifications about new alerts of a certain severity level, all alerts, or remote assistance alerts, to recipients that you specify.

Alerts and Alert Types

In working with alerts, it is important to understand the difference between alerts and alert types:

  • Alert Type – An alert type is a predefined rule that looks for and responds to a specific system or software state. Windows Intune comes with a set of default alert types that can be customized by the user.

  • Alert – An alert is an instance of an alert type that is generated when the criteria of the alert type is met. Multiple alerts can be generated from a single alert type.

Alert Category, Type, and Description

The Alert category, type, and description provide the following information:

  • Category: You can click the name of the category to view a list of all alerts generated for that category. Alert categories are predefined and are as follows:

    • Endpoint Protection: Key alerts inform you when computers have protection warnings or are not protected, or have malicious software (also known as malware) that requires follow-up action. Alerts also notify you when malware was seen for the first time or was recently resolved.

    • Monitoring: Key alerts inform you when a service is stopped, disk space is too low, or disk fragmentation is high.

    • Notices: Key alerts inform you about configuration tasks that need to be performed (such as configuring automatic approvals for updates) and provide important information to help you use and learn more about Windows Intune. These also include service announcements that display on the Notice Board on the System Overview page.

    • Policy: Key alerts inform you when a device is unable to enact one or more policy settings.

    • Remote Assistance: Key alerts inform you when a user on a managed computer has initiated a request for remote assistance. Accepting the request opens a Remote Assistance via Microsoft Easy Assist session so that you can perform remote troubleshooting on the user’s computer.

      ImportantImportant
      Remote Assistance via Microsoft Easy Assist is not supported on computers running Windows 8. User cannot request assistance from computers running Windows 8, nor can administrators respond to a Remote Assistance Session Request on a computer running Windows 8.

    • System: Key alerts inform you when client deployments have failed.

      • Mobile Device Management: Key alerts inform you when mobile device issues occur, including Exchange connectivity.

    • Updates: Key alerts inform you when specific updates are waiting for approval, such as Security Updates or Critical Updates.

    For details on all alert types, see Alert Reference.

  • Type: Alert types are grouped into categories. You can click the name of the alert type to view a list of all alerts generated for that alert type.

  • Description: Provides additional information about the alert.

Alert Severity Levels

An alert in the Windows Intune administrator console indicates that an issue has occurred somewhere in your environment or that a task has to be performed. For example, if a client computer begins to run low on disk space, an alert might be triggered to indicate that this issue is occurring. Or, new Critical Updates may be waiting for your approval. Every alert type has a default severity level, but the severity level can be customized to fit the preferences of your organization. Understanding alert type severity levels can help you determine which issues need to be investigated and resolved immediately so that you can prioritize your time accordingly.

Alert types have the following severity levels:

  • Critical (indicated by a red circular icon): Indicates a serious problem, such as a data loss, a security issue, or a loss of function. For example, a Critical alert is generated if one or more computers have active malicious software (also known as malware). The alert should be investigated and acted on immediately. For information about how to investigate Critical alerts, see Reviewing Windows Intune Alerts.

  • Warning (indicated by a yellow triangular icon): Indicates a potential problem or a current problem that is not serious. For example, a Warning alert is generated if security updates must be deployed. The alert should be investigated and acted on quickly to prevent the underlying issue from becoming critical. For information about how to investigate Warning alerts, see Reviewing Windows Intune Alerts.

  • Informational (indicated by a white circular icon): Indicates a typical operation that has occurred. For example, an Informational alert is generated if product and classification settings must be configured for updates that you plan to deploy to computers. The alert is provided for informational purposes and does not have to be investigated, although the information may be helpful for management planning. The Notice Board announcements that display on the System Overview page are informational alerts.

Alert Status

Status information about an alert consists of the following:

  • Alert Level: Indicates the severity of an alert. The severity of an alert depends on the perceived severity of the event that generated the alert. For more information, see Alert Reference.

  • Status: An alert is either active or closed.

  • Created: For alerts that have a computer as a source, this is the time when the alert was generated on the computer. For alerts that have another source, this is the time when the alert was raised.

  • Modified: Indicates the time when the alert was last modified. If an alert is closed, the time when the alert was closed is displayed.

  • Repeat count: Indicates the number of times that the alert was raised. A repeat count of 0 indicates that the alert was raised only one time.

  • Source: Indicates the monitor or rule that caused the alert to be generated. For example, the source of the “Security updates need to be approved” alert is the Security update list. You can click the name of the source to display more information. For example, clicking the “Security update list” source displays the list of security updates that have not yet been deployed. The most common source is the name of the computer that generated the alert.

    noteNote
    The Groups Overview page displays only alerts that have a computer name as the source. In some cases, alerts have other sources. For example, the source for a malicious software alert is the name of the malicious software, not the name of the computer on which the alert was generated. In this case, the Endpoint Protection Status area will indicate that malicious software needs follow-up or was recently resolved, but no corresponding alert will be included in the Alerts area for the computer.

  • Path: For monitoring alerts, this field displays the path of the specific object on the computer that caused the alert to be generated.

Remote Assistance Requests

Remote Assistance requests are displayed as alerts of the Remote Assistance category. New Remote Assistance requests are shown in the System Overview workspace and also in the Alerts workspace. You can either accept or reject the Remote Assistance request directly in the alert. Accepting a Remote Assistance request prompts the user who opened the request to allow a Remote Assistance via Microsoft Easy Assist session. The Remote Assistance via Microsoft Easy Assist session lets you perform remote troubleshooting tasks directly on a user’s computer.

ImportantImportant
Because of conflicts with User Account Control, steps to work around User Account Control may be required to perform remote assistance on computers that are running Windows Vista® or Windows® 7, especially if the application that a user wants to share in a remote session is run as an administrator. For detailed workaround information, see Release Notes for Windows Intune.

To ensure that you can accept or reject Remote Assistance requests, if you are viewing the Windows Intune administrator console with a web browser that has a pop-up blocker enabled, the pop-up blocker must be configured to allow pop-up windows from Windows Intune. If this is not done, you may be unable to accept or reject Remote Assistance requests or perform other tasks such as viewing reports in the Windows Intune administrator console. For information about other tasks that require Windows Intune pop-up windows to be allowed, see Release Notes for Windows Intune. Also, Remote Assistance requests must be accepted or rejected on a computer that is running Windows. You cannot accept or reject Remote Assistance requests on a computer that is running an Apple Mac operating system, even if the web browser pop-up blocker is configured to allow pop-up windows from Windows Intune.

The Remote Assistance Request Process

When you accept a Remote Assistance request, users who open the requests are prompted to allow you access to their computer through a Live Meeting session. After a user gives access, you can work on the user’s computer as if the computer were local to you.

The following process describes how Remote Assistance works.

  1. Remote client computers are enrolled in Windows Intune. Together with other agents that are installed as part of the client software, the Windows Intune Center program is installed on the client computers.

    Client computer users can start Windows Intune Center by using shortcuts available both on the Start menu and on the computer’s Windows desktop.

  2. Users who need technical support can open Windows Intune Center, and then click Request remote assistance from your system administrator under Microsoft Easy Assist in the Windows Intune Center console.

  3. When a user clicks Request remote assistance from your system administrator, you are notified in the following two ways:

    • By a Remote Assistance alert that is displayed in the Windows Intune service console.

    • By using the email account associated with the Windows Live ID that you use to sign in to Windows Intune.

      You can configure notification email messages to be sent to other people in your organization when Remote Assistance alerts occur. For more information about how to configure alert notification email messages, see Configure Windows Intune Alert Notification Rules.

  4. You have one hour to respond to the Remote Assistance request.

    1. If you do not respond within one hour, the Remote Assistance request times out. Users who still want support must start a new Remote Assistance request.

    2. If the user cancels the Remote Assistance request before you respond, you receive an email notification that the request for Remote Assistance was canceled.

  5. Respond to the request in the Remote Assistance alert by clicking Click here to take action. In the dialog box that opens, click Accept the Remote Assistance request.

    You can also decline the Remote Assistance request by clicking Close this Alert in the Tasks list. Status messages in the Windows Intune Center console notify users that their request for assistance was declined.

  6. The user is notified, through the following status message in the Windows Intune Center console, that you have accepted the Remote Assistance request.

    Your request was accepted. Follow the instructions in Easy Assist to share a program or your desktop with your system administrator.

    noteNote
    For help with Remote Assistance via Microsoft Easy Assist, see Microsoft Office Online Easy Assist Help.

    ImportantImportant
    If you accept the Remote Assistance request, but close the Remote Assistance alert before the Remote Assistance via Microsoft Easy Assist session starts on the client user’s computer, the Remote Assistance via Microsoft Easy Assist session does not start on the client computer, and the user is notified that you declined the request. This occurs even if the Remote Assistance via Microsoft Easy Assist session is already open on your computer. To avoid declining the support request by accident, keep the Remote Assistance alert open until after you are sure that the Remote Assistance via Microsoft Easy Assist session has started on the user’s computer.

  7. A Remote Assistance via Microsoft Easy Assist session opens on both your and the user’s computers. Users are prompted to share their Windows desktops with you. They can share their desktops in Remote Assistance via Microsoft Easy Assist by clicking Share My Desktop.

    noteNote
    Users may also share a program at this point.

  8. After a user shares the desktop, click Request Control in the Remote Assistance via Microsoft Easy Assist session.

    noteNote
    The user’s desktop may be viewed by the administrator without requesting or receiving control, however in order for the administrator to control the desktop, you must select Request Control.

  9. After the user accepts your request for permission to control the user’s desktop remotely, you have access to the user’s shared desktop and can provide technical support.

  10. When computing issues are resolved, or you and the user have mutually agreed to take actions outside the remote session to resolve issues, you can release control of the desktop back to the user. The Remote Assistance via Microsoft Easy Assist session can be closed by either the user or you.

    noteNote
    In this release of Windows Intune, recording of the Remote Assistance via Microsoft Easy Assist session is not available.

For more information about how Remote Assistance via Microsoft Easy Assist sessions in Live Meeting work, see Microsoft Office Online Easy Assist Help.

See Also

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.