Using Windows Intune with ConnectWise

Document Overview

This document shows how Managed Services Providers (MSPs) can use Windows Intune™ in conjunction with a professional services automation (PSA) tool such as ConnectWise to create a seamless and efficient workflow.

As the information services (IT) services industry has evolved, many service providers have found increased profitability and customer satisfaction by adopting a flat-rate services model, popularly called managed services. Managed services are a packaged set of IT services offered for a flat, predictable monthly fee. The specific services that MSPs offer vary greatly but include remote infrastructure monitoring, spam filtering, helpdesk, client and server management, and remote backup functionality. Each MSP has its own unique mix of service offerings, but most include remote infrastructure monitoring.

For a flat monthly fee, a robust remote infrastructure monitoring system benefits both the MSP and the customer. The system provides the MSP with a predictable revenue stream, while the customer benefits by having a monitored IT infrastructure and service partner to help identify and repair system issues proactively, before they become system interruptions.

Delivery of this flat-rate and proactively managed services offering depends on a remote management and monitoring tool, such as Windows Intune. These services are further enhanced when business processes are managed using a PSA tool, such as ConnectWise.

What Is Microsoft Windows Intune?

Windows Intune is the latest addition to the Microsoft® Online Services portfolio. The offering combines the delivery of client computer management and security as a cloud service with an upgrade license to the Windows® 7 Enterprise operating system on the client computer, rolled into a monthly subscription. Windows Intune cloud services deliver management and security capabilities through a single web-based console. The console enables IT personnel to monitor, manage, update, secure, and troubleshoot users' computers wherever they are located. A connection to the corporate network or virtual private network is no longer necessary. Windows Intune also provides asset inventory capabilities.

What Is ConnectWise?

ConnectWise is a leading business management solution designed exclusively for IT solution providers, MSPs, technology consultants, integrators, and developers. ConnectWise helps MSPs manage all aspects of their customer relationships from within a single, unified system, combining sales force automation, customer relationship management (CRM), service request and ticket tracking, contract and billing arrangement management, and extensive reporting.

ConnectWise is a software platform that automates the internal business processes for IT pros worldwide. It combines the elements of a successful IT services business, including quoting, sales, project implementations, service delivery, billing, and comprehensive reporting, and provides visibility and reporting on past performance as well as future projections.

How Do Windows Intune and ConnectWise Work Together?

ConnectWise and Windows Intune are different, yet complementary systems. Leveraged correctly, they form an effective systems backbone for established and emerging IT service providers alike.

ConnectWise's business process automation, coupled with Windows Intune systems management automation, creates an integrated workflow that includes issue alerting (Windows Intune), tracking and escalation of these issues (ConnectWise), remediation work to fix the reported issues (Windows Intune), and billing for the work performed (ConnectWise).

When an anomalous event is detected in a customer's Windows Intune–monitored environment, an alert is generated in the Windows Intune management portal. A detailed email message can be sent automatically to an address that the ConnectWise Email Connector monitors. The email is converted to a ConnectWise service ticket.

A technician (usually an employee of the IT service provider) can log in to Windows Intune to remediate the alert situation and track the information from the ConnectWise service ticket. When the issue has been satisfactorily resolved using Windows Intune, the technician marks the ticket as complete within ConnectWise and clears the alert from the Windows Intune administrator console (see Figure 1).

Figure 1. Alert flow from Windows Intune to ConnectWise

Prerequisites

To complete the setup and processes detailed in this document, an MSP must have signed up and activated the following services:

• Windows Intune (http://manage.microsoft.com)
  
• ConnectWise PSA (http://www.connectwise.com)
  
• ConnectWise Email Connector
  

Configuring Windows Intune to Work with ConnectWise

This section shows how Windows Intune can be configured to integrate with ConnectWise using the ConnectWise Email Connector.

Note: These steps assume that the IT service provider has a functional installation of ConnectWise, including the ConnectWise Email Connector, and a functional installation of an Internet Message Access Protocol (IMAP)–enabled mail server. Initial installation of ConnectWise, the ConnectWise Email Connector, or the IMAP-enabled mail server is beyond the scope of this document. For information and support related to the initial installation of ConnectWise or the ConnectWise Email Connector, the IT service provider must contact ConnectWise Support (Help@ConnectWise.com).

Configuration Overview

The ConnectWise Email Connector is an optional add-on tool for ConnectWise PSA. This tool is installed on the ConnectWise server and works as a bridge between an IMAP-enabled mailbox and the ConnectWise PSA Service Ticket module. To facilitate the automated creation of ConnectWise service tickets from Windows Intune alerts, create a dedicated IMAP-enabled mailbox for use exclusively as a receptacle for Windows Intune alerts. Configure the ConnectWise Email Connector to convert these alerts to service tickets on an appropriate ConnectWise service board.

Create a single, dedicated mailbox to serve as a catch-all configuration. Then, create a new mailbox for each customer that will use Windows Intune. Any Windows Intune alerts sent to the catch-all IMAP-enabled mailbox will be converted to a ConnectWise service ticket for the "Catchall" customer. Any Windows Intune alerts sent to a customer-specific mailbox will be converted to a ConnectWise service ticket for the associated customer. This configuration allows a service provider to use the catch-all address for any new Windows Intune accounts without needing to immediately configure a mailbox, and then later change that Windows Intune account to use a new, customer-specific mailbox.

When setting up this workflow, the exact name of the mailbox must be entered correctly in the ConnectWise Email Connector configuration as well as within the ConnectWise Setup tables. For purposes of this example, the mailbox name within this document will be intune-alerts, and it will be created as the catch-all configuration. The service provider can choose to name the public folder differently, but careful attention should be paid to ensure that the ConnectWise Email Connector and the mailbox have the same name.

Step 1: Create an IMAP-enabled Mailbox with a Mail Provider

The ConnectWise Email Connector retrieves email messages stored in an IMAP-enabled mailbox and converts each email message to a ConnectWise service ticket. At a minimum, create one dedicated mailbox for use exclusively by Windows Intune monitoring alerts so that alerts do not become mingled with customer-initiated service tickets. This first mailbox will be used as the catch-all for any new Windows Intune accounts.

To begin, create a new IMAP-enabled mailbox named intune-alerts. For step-by-step instructions on creating this mailbox, visit the appropriate help page from your mail provider.

Step 2: Add the IMAP Mailbox to the Exchange Robot Configuration

When the IMAP-enabled mailbox has been created, configure the ConnectWise Email Robot to poll this mailbox. ConnectWise provides detailed and comprehensive setup instructions for the ConnectWise Email Connector. To download these instructions, go to http://www.connectwise.com/University/Content/User_Documents/Implementation/Email-Connector-SetupOnPremise.doc.

The ConnectWise Email Connector polls mailboxes based on XML configuration files stored on the server running the ConnectWise Email Connector. To add a new mailbox for the ConnectWise Email Connector to poll, perform these steps:

1. On the server running the ConnectWise Email Connector, go to C:\Program Files\ConnectWise\email robot.
   
2. Within that directory, copy the config_TEMPLATE_DO_NOT_DELETE.xml file.
   
3. Name the new file config_intune-alerts.xml.
   
4. Edit the newly created config_intune-alerts.xml file, replacing the colored placeholders shown in Figure 2 as follows:
   

Figure 2. Email Connector config_TEMPLATE_DO_NOT_DELETE.xml

• <EMAILSERVER>: The fully qualified domain name of the email server (i.e., webmail.contoso.com)
  
• <USERNAME>: The user name for the mailbox that the email connector will be polling (i.e., intune-alerts@contoso.com)
  
• <PASSWORD>: The password for the mailbox that the email connector will be polling
  
• <SETUPTABLENAME>: The name of the mailbox, excluding the domain name (i.e., intune-alerts). This name must match the value entered as the Exchange Folder Name.
  
• <COMPANYID>: The company ID used when logging on to ConnectWise PSA (i.e., CON)
  

ConnectWise Email Connector polling is actuated when the exlog.bat file (located in C:\Program Files\ConnectWise\email robot) is launched. For this new mailbox to be polled, add a new line to the exlog.bat file, as shown in Figure 3.

Figure 3. Ensuring that the new mailbox is polled

Step 3: Add an IMAP-enabled Mailbox to the ConnectWise Email Connector Setup Table

After the Email Connector has been configured, ConnectWise PSA must be configured so that incoming service tickets are routed correctly. To do so, perform these steps:

1. From within the ConnectWise interface, click Setup. Click Setup
   Tables
   Email Connector, and then create a new entry.
   
2. Within the Email Connector Setup Table (see Figure 4), enter the IMAP-enabled mailbox name in the Exchange Folder Name field.
   

Figure 4. ConnectWise Setup Table for the Email Connector

1. In the Email Options field, complete the following fields:
   

• Email From: Enter the email address associated with the IMAP-enabled mailbox in Step 1: Create an IMAP-enabled Mailbox with a Mail Provider on page 7.
  
• Send Errors To: Enter the email address of a person or distribution list that should receive notifications if the Email Connector generates an error.
  
• Select the Never Respond to Email Sender check box.
  

1. In the New Service Ticket Options field, click the appropriate choice in the drop-down lists:
   

• Board: Select the service board on which Windows Intune alerts should be created.
  
• Default Company: Click Catchall for the account. If your company uses a different company as a generic or catch-all company, select that company here.
  
• Default Member: Click the person who will be responsible for all inbound Windows Intune alerts.
  

1. After the Email Connector Setup Table is configured, click the Floppy Disk icon in the upper-left corner of the pane to save the settings.
   

Step 4: Define Parsing Rules

By default, all service tickets generated from Windows Intune alerts are created with a source, priority, type, and status equal to the default settings for the Email Connector settings. So that service tickets are created with values appropriate for the type of alert received from Windows Intune, specify Email Connector parsing rules:

• To configure Email Connector parsing rules, from the Email Connector Setup Table dialog box (see Figure 4) click Define Parsing Rules.
  
• To create new parsing rules, specify the format of the subject line:
  
  • From the Folder Parsing Type list, select Custom.
    
  • In the Email Subject Line Parsing Rule, enter {TaskName} (including the brackets).
    
  • To save these settings, click the Save icon at the top-left corner of the pane (the Save icon looks like a floppy disk).
    

After the subject line format is specified, individual parsing rules can be specified for each Windows Intune alert type. The four Windows Intune alert types are:

• Information Alerts
  
• Warning Alerts
  
• Critical Alerts
  
• Remote Assistance Requests
  

For each alert type, create a new parsing rule (see Figure 5):

• Click the New Item icon at the top of the parsing rules pane (the New Item icon looks like a piece of paper and is located immediately to the left of the Search button).
  
• Enter a priority. (The priority defines the order in which the parsing rules are applied; enter 1 for the first rules, 2 for the second, and so on. The order does not matter.)
  
• From the Parsing Variable list, select {TaskName} / The name or description of the task.
  
• In the Text To Search For field, enter Information, Warning, Critical, or Remote (to determine which type of alert has been received).
  
• Select the appropriate Service Priority, Service Status, and Service Type for the alert type received.
  
• Click the Save icon at the top of the parsing rules pane to save the newly added parsing rule. (The Save icon looks like a floppy disk.)
  

For example, Windows Intune Critical Alerts are more time-sensitive than Information Alerts. Service tickets created from Critical Alerts should be set to a higher priority than Information Alerts. To configure this, add a parsing rule with Text To Search For set to Critical and Service Priority set to an appropriate priority for Critical Alerts.

Figure 5. Configuring alert types in ConnectWise

Step 5: Add an IMAP-enabled Mailbox Email Address as a Valid Windows Intune Recipient

You can configure Windows Intune to store a single list of all email addresses to which you want to send alerts; this is the Recipients list. To add email addresses to this list in Windows Intune, log on the Windows Intune administrator console for your account, and navigate to the Administration workspace. Click Alerts and Notifications, and then click Recipients.

Then, add the email address associated with the IMAP-enabled mailbox previously created in Step 1: Create an IMAP-enabled Mailbox with a Mail Provider (on page 7) to the Recipients list in Windows Intune. For example, in Figure 6, you can see the intune-alerts@contoso.com address added to the Litware customer's Windows Intune system.

Figure 6. The intune-alerts@contoso.com address added to Litware's Windows Intune system

In Figure 7, you can see the details for the intune-alerts@contoso.com recipient address.

Figure 7. Adding an email recipient to the Windows Intune Recipient list

Step 6: Associate Recipients with Windows Intune Alert Types

After a list of valid recipients has been defined within Windows Intune, any of these recipients can be associated with one or more alert types. These associations are defined in Windows Intune by clicking Administration, clicking Alerts and Notifications, and then clicking Notification Rules.

Add the email address associated with the IMAP-enabled mailbox to the All Alerts notification rule. For example, in Figure 8 on page 16, you can see the Windows Intune notification rules (including the All Alerts rule being used).

Figure 8. Windows Intune Notification Rules list

In Figure 9 on page 17, note that intune-alerts@contoso.com is selected as a recipient for all Windows Intune alerts.

Figure 9. Windows Intune recipient notification selection

Summary and Company Differentiation

These steps have detailed the process of creating a new IMAP-enabled mailbox and configuring the ConnectWise Email Robot to poll this mailbox for Windows Intune alerts. They also detailed how to configure Windows Intune to send all alerts to the email address associated with the IMAP-enabled mailbox. All alerts that Windows Intune creates will now be sent by email to the IMAP-enabled mailbox, where the ConnectWise Email Robot will parse the message. Each parsed message will generate a new ConnectWise service ticket for the Catchall company.

When this catch-all configuration is complete, create a new configuration for each customer that uses Windows Intune so that Windows Intune alerts are not all associated with the Catchall company but are instead associated with the correct company for the alert.

To create a new configuration for any customer, repeat steps 1 through 6 above, with the following adjustments:

• The name of the IMAP-enabled mailbox should include the name of the customer. For example, the mailbox intended to receive alerts for Litware might be called intune-alerts-litware@contoso.com.
  
• In the exlog.bat file (located in C:\Program Files\ConnectWise\email robot), change the company name as appropriate.
  

Conclusion

In the end, you will have a unique IMAP-enabled mailbox, email address, ConnectWise Email Robot configuration, and ConnectWise Setup Table entry for each company supported that uses Windows Intune. There will also be a generic, catch-all IMAP-enabled mailbox and related configuration used for any additional companies that do not have a unique address created.

---