Microsoft Intune Rollout Skip to main content
Microsoft

Microsoft Intune Rollout

The Security Operations Center (SOC), in collaboration with OIT, is working on a change to make BYU managed Windows workstations connected to Active Directory (AD) more secure by moving to Microsoft Intune for patching. Having more peace of mind that your workstation and data are protected is a win for everyone. Fortunately, for most of us, it will only require small changes.

To begin the change, all managed Windows workstations will be enrolled in Intune before the end of Winter semester 2023. This will happen automatically when your workstation is on campus. There will be no change to the functionality or user-experience of your workstation because of the enrollment.

The second part of the change is turning on Windows and Office updates within Intune. This will be phased across campus and CSRs will notify their organizations of their specific go-live date. OIT is providing CSRs all necessary information to ensure a smooth transition.

When managed Windows workstations in your department go-live, the impact will be needing to reboot more frequently. Patches will be automatically rolled out and installed, however a reboot of the workstation will still be necessary for the updates to take effect.

Here is the most important detail: once the patch has been installed it will be best to reboot in the 24-48 hours after installation, however, you will have approximately 7 days to reboot after installation before it reboots automatically.

Reboot message

If you push the reboot and forget to reboot before the allotted time (approximately 7 days), your workstation will automatically reboot and you will not be able to stop it. Please make sure work is saved and reboot when you have control to do so. We do not want anyone to lose work! You will receive pop-up messages like the one in the image above warning you to reboot before it does so automatically.

A similar change will take place for macOS in the future – more details to come.

To refresh on the different types of cyberattacks, please visit cessecurity.org.

To learn more about what a managed Windows workstation connected to Active Directory means please visit https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups.