Compliance and Security

It is essential that the Cloud PCs are kept compliant and updated. LAs will maintain the devices for their organisations’ Cloud PCs. Please access the below links on topics to review and best practice to follow.

Autopatch

Windows Autopatch is a Microsoft-Managed service that automates the deployment and management of updates for select Microsoft Products. LAs will need to review the requirement for their organisations.

Please refer to the Intune Operations Guide section 10 Autopatch where steps are detailed on how to adopt this feature.

Windows Update Rings

Update rings can be used to upgrade your W365 Cloud PCs in Intune.

Intune LAs have the option to use Centralised channels to apply a feature and quality update, however, they are unable to modify the settings. In the Intune Operations Guide, see section 8.7 for more information.

Feature Updates

Microsoft releases updates, LAs need to decide how this will be managed for their organisations. To support this please review the Intune Operations Guide section 4.8 Intune Feature Updates.

Re-Provisioning

Re-Provisioning the Cloud PC maybe required if the end-user experiences some corruption to their device. Before proceeding, LAs must ensure that the user’s data is backed up.

Reprovision a Cloud PC

This action reconfigures the Cloud PC by ‘re-building’ the device to a known configuration, effectively resetting it to its initial provisioning state. To note, user data and restore points are lost after reprovisioning. LA should check that users data is backed up before reprovisioning.

 

Gather Diagnostics

This action gathers diagnostic information from the Cloud PC for troubleshooting and support.

 

 

Defender Quick Scan

This action performs a quick scan for vulnerabilities on the Cloud PC endpoint for Windows Defender.

 

 

Defender Full Scan

This action conducts a comprehensive scan of the Cloud PC for malware and other threats.

 

 

Defender Security Intelligence

This action ensures that the Cloud PCs antivirus and malware definitions are up to date for enhanced security.

 

 

Pre-defined Scripts

These actions execute pre-defined scripts to fix common issues or apply specific configurations (if remediations are available for your organisation).

 

Run Remediation Script

By selecting “run remediation script”, a list of the different scripts that have been already configured will be displayed.

Security

User Access

All MFA-enabled users accessing a Cloud PC regardless of which model they are deploying will login using NHS.net accounts. The signed in account will authenticate to the Cloud PC and will be prompted for MFA authentication.

Securing Cloud PCs

Local Organisations managing their Cloud PCs will use the Intune Portal to manage configuration and security settings, please refer to links below for further guidance:

LAs are encouraged to review Windows Baseline for NCSC. Existing Baselines can be used along with creating additional security configurations that local organisations require.

Refer to section 12.3 within the Intune LA guide, NCSC – Windows 10/11  Baseline Configurations. Guidance is provided.

If assistance is required where issues are encountered with settings that are used in the Centralised Model. The LA should raise a request via the Helpdesk Self-Service. To note, for the Delegated Model all configuration is carried out via the Intune Portal. Organisations should refer to the Intune Operations Guide to carry out key activities.

Last Reviewed Date 09/07/2024
Updated on 09/07/2024

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top