This document shows how Managed Services Providers (MSPs) can use Windows Intune™ in conjunction with a professional services automation (PSA) tool such as ConnectWise to create a seamless and efficient workflow.
As the information services (IT) services industry has evolved, many service providers have found increased profitability and customer satisfaction by adopting a flat-rate services model, popularly called managed services. Managed services are a packaged set of IT services offered for a flat, predictable monthly fee. The specific services that MSPs offer vary greatly but include remote infrastructure monitoring, spam filtering, helpdesk, client and server management, and remote backup functionality. Each MSP has its own unique mix of service offerings, but most include remote infrastructure monitoring.
For a flat monthly fee, a robust remote infrastructure monitoring system benefits both the MSP and the customer. The system provides the MSP with a predictable revenue stream, while the customer benefits by having a monitored IT infrastructure and service partner to help identify and repair system issues proactively, before they become system interruptions.
Delivery of this flat-rate and proactively managed services offering depends on a remote management and monitoring tool, such as Windows Intune. These services are further enhanced when business processes are managed using a PSA tool, such as ConnectWise.
Windows Intune is the latest addition to the Microsoft® Online Services portfolio. The offering combines the delivery of client computer management and security as a cloud service with an upgrade license to the Windows® 7 Enterprise operating system on the client computer, rolled into a monthly subscription. Windows Intune cloud services deliver management and security capabilities through a single web-based console. The console enables IT personnel to monitor, manage, update, secure, and troubleshoot users' computers wherever they are located. A connection to the corporate network or virtual private network is no longer necessary. Windows Intune also provides asset inventory capabilities.
ConnectWise is a leading business management solution designed exclusively for IT solution providers, MSPs, technology consultants, integrators, and developers. ConnectWise helps MSPs manage all aspects of their customer relationships from within a single, unified system, combining sales force automation, customer relationship management (CRM), service request and ticket tracking, contract and billing arrangement management, and extensive reporting.
ConnectWise is a software platform that automates the internal business processes for IT pros worldwide. It combines the elements of a successful IT services business, including quoting, sales, project implementations, service delivery, billing, and comprehensive reporting, and provides visibility and reporting on past performance as well as future projections.
ConnectWise and Windows Intune are different, yet complementary systems. Leveraged correctly, they form an effective systems backbone for established and emerging IT service providers alike.
ConnectWise's business process automation, coupled with Windows Intune systems management automation, creates an integrated workflow that includes issue alerting (Windows Intune), tracking and escalation of these issues (ConnectWise), remediation work to fix the reported issues (Windows Intune), and billing for the work performed (ConnectWise).
When an anomalous event is detected in a customer's Windows Intune–monitored environment, an alert is generated in the Windows Intune management portal. A detailed email message can be sent automatically to an address that the ConnectWise Email Connector monitors. The email is converted to a ConnectWise service ticket.
A technician (usually an employee of the IT service provider) can log in to Windows Intune to remediate the alert situation and track the information from the ConnectWise service ticket. When the issue has been satisfactorily resolved using Windows Intune, the technician marks the ticket as complete within ConnectWise and clears the alert from the Windows Intune administrator console (see Figure 1).
Figure 1. Alert flow from Windows Intune to ConnectWise
To complete the setup and processes detailed in this document, an MSP must have signed up and activated the following services:
This section shows how Windows Intune can be configured to integrate with ConnectWise using the ConnectWise Email Connector.
Note: These steps assume that the IT service provider has a functional installation of ConnectWise, including the ConnectWise Email Connector, and a functional installation of an Internet Message Access Protocol (IMAP)–enabled mail server. Initial installation of ConnectWise, the ConnectWise Email Connector, or the IMAP-enabled mail server is beyond the scope of this document. For information and support related to the initial installation of ConnectWise or the ConnectWise Email Connector, the IT service provider must contact ConnectWise Support (Help@ConnectWise.com).
The ConnectWise Email Connector is an optional add-on tool for ConnectWise PSA. This tool is installed on the ConnectWise server and works as a bridge between an IMAP-enabled mailbox and the ConnectWise PSA Service Ticket module. To facilitate the automated creation of ConnectWise service tickets from Windows Intune alerts, create a dedicated IMAP-enabled mailbox for use exclusively as a receptacle for Windows Intune alerts. Configure the ConnectWise Email Connector to convert these alerts to service tickets on an appropriate ConnectWise service board.
Create a single, dedicated mailbox to serve as a catch-all configuration. Then, create a new mailbox for each customer that will use Windows Intune. Any Windows Intune alerts sent to the catch-all IMAP-enabled mailbox will be converted to a ConnectWise service ticket for the "Catchall" customer. Any Windows Intune alerts sent to a customer-specific mailbox will be converted to a ConnectWise service ticket for the associated customer. This configuration allows a service provider to use the catch-all address for any new Windows Intune accounts without needing to immediately configure a mailbox, and then later change that Windows Intune account to use a new, customer-specific mailbox.
When setting up this workflow, the exact name of the mailbox must be entered correctly in the ConnectWise Email Connector configuration as well as within the ConnectWise Setup tables. For purposes of this example, the mailbox name within this document will be intune-alerts, and it will be created as the catch-all configuration. The service provider can choose to name the public folder differently, but careful attention should be paid to ensure that the ConnectWise Email Connector and the mailbox have the same name.
The ConnectWise Email Connector retrieves email messages stored in an IMAP-enabled mailbox and converts each email message to a ConnectWise service ticket. At a minimum, create one dedicated mailbox for use exclusively by Windows Intune monitoring alerts so that alerts do not become mingled with customer-initiated service tickets. This first mailbox will be used as the catch-all for any new Windows Intune accounts.
To begin, create a new IMAP-enabled mailbox named intune-alerts. For step-by-step instructions on creating this mailbox, visit the appropriate help page from your mail provider.
When the IMAP-enabled mailbox has been created, configure the ConnectWise Email Robot to poll this mailbox. ConnectWise provides detailed and comprehensive setup instructions for the ConnectWise Email Connector. To download these instructions, go to http://www.connectwise.com/University/Content/User_Documents/Implementation/Email-Connector-SetupOnPremise.doc.
The ConnectWise Email Connector polls mailboxes based on XML configuration files stored on the server running the ConnectWise Email Connector. To add a new mailbox for the ConnectWise Email Connector to poll, perform these steps:
Figure 2. Email Connector config_TEMPLATE_DO_NOT_DELETE.xml
ConnectWise Email Connector polling is actuated when the exlog.bat file (located in C:\Program Files\ConnectWise\email robot) is launched. For this new mailbox to be polled, add a new line to the exlog.bat file, as shown in Figure 3.
Figure 3. Ensuring that the new mailbox is polled
After the Email Connector has been configured, ConnectWise PSA must be configured so that incoming service tickets are routed correctly. To do so, perform these steps:
Figure 4. ConnectWise Setup Table for the Email Connector
By default, all service tickets generated from Windows Intune alerts are created with a source, priority, type, and status equal to the default settings for the Email Connector settings. So that service tickets are created with values appropriate for the type of alert received from Windows Intune, specify Email Connector parsing rules:
After the subject line format is specified, individual parsing rules can be specified for each Windows Intune alert type. The four Windows Intune alert types are:
For each alert type, create a new parsing rule (see Figure 5):
For example, Windows Intune Critical Alerts are more time-sensitive than Information Alerts. Service tickets created from Critical Alerts should be set to a higher priority than Information Alerts. To configure this, add a parsing rule with Text To Search For set to Critical and Service Priority set to an appropriate priority for Critical Alerts.
Figure 5. Configuring alert types in ConnectWise
You can configure Windows Intune to store a single list of all email addresses to which you want to send alerts; this is the Recipients list. To add email addresses to this list in Windows Intune, log on the Windows Intune administrator console for your account, and navigate to the Administration workspace. Click Alerts and Notifications, and then click Recipients.
Then, add the email address associated with the IMAP-enabled mailbox previously created in Step 1: Create an IMAP-enabled Mailbox with a Mail Provider (on page 7) to the Recipients list in Windows Intune. For example, in Figure 6, you can see the intune-alerts@contoso.com address added to the Litware customer's Windows Intune system.
Figure 6. The intune-alerts@contoso.com address added to Litware's Windows Intune system
In Figure 7, you can see the details for the intune-alerts@contoso.com recipient address.
Figure 7. Adding an email recipient to the Windows Intune Recipient list
After a list of valid recipients has been defined within Windows Intune, any of these recipients can be associated with one or more alert types. These associations are defined in Windows Intune by clicking Administration, clicking Alerts and Notifications, and then clicking Notification Rules.
Add the email address associated with the IMAP-enabled mailbox to the All Alerts notification rule. For example, in Figure 8 on page 16, you can see the Windows Intune notification rules (including the All Alerts rule being used).
Figure 8. Windows Intune Notification Rules list
In Figure 9 on page 17, note that intune-alerts@contoso.com is selected as a recipient for all Windows Intune alerts.
Figure 9. Windows Intune recipient notification selection
These steps have detailed the process of creating a new IMAP-enabled mailbox and configuring the ConnectWise Email Robot to poll this mailbox for Windows Intune alerts. They also detailed how to configure Windows Intune to send all alerts to the email address associated with the IMAP-enabled mailbox. All alerts that Windows Intune creates will now be sent by email to the IMAP-enabled mailbox, where the ConnectWise Email Robot will parse the message. Each parsed message will generate a new ConnectWise service ticket for the Catchall company.
When this catch-all configuration is complete, create a new configuration for each customer that uses Windows Intune so that Windows Intune alerts are not all associated with the Catchall company but are instead associated with the correct company for the alert.
To create a new configuration for any customer, repeat steps 1 through 6 above, with the following adjustments:
In the end, you will have a unique IMAP-enabled mailbox, email address, ConnectWise Email Robot configuration, and ConnectWise Setup Table entry for each company supported that uses Windows Intune. There will also be a generic, catch-all IMAP-enabled mailbox and related configuration used for any additional companies that do not have a unique address created.