Ivanti

Overview

Ivanti is a company that provides Unified Endpoint Management (UEM), IT Service Management (ITSM), IT Security, and supply chain solutions. Particularly in enterprise environments, it offers a platform for integrated device management, security enhancement, patch management, and vulnerability management.

Ivanti's solutions integrate the former LANDESK and Heat Software, and now provide a comprehensive platform for managing all types of endpoints including mobile devices, desktops, servers, and IoT devices.

Key Products

Ivanti Neurons

A cloud-based, self-healing platform that provides endpoint management and security using AI and automation.

Key Features:

Automatic device discovery and classification
AI-powered anomaly detection
Automated remediation
Real-time inventory management

Ivanti Endpoint Manager (EPM)

A solution for unified management of Windows, Mac, Linux, and mobile devices.

Key Features:

Unified Endpoint Management (UEM)
Software distribution and license management
Patch management and vulnerability response
Remote control and support
Compliance management

Ivanti Patch Management

Automates the management of patches for operating systems and third-party applications.

Coverage:

Windows OS (Windows 10, Windows 11, Windows Server)
macOS
Linux
Over 300 third-party applications (Adobe, Java, Chrome, Firefox, etc.)

Ivanti Security Controls (formerly Ivanti Patch for Windows)

Patch management and security control solution specialized for Windows environments.

Ivanti Connect Secure (formerly Pulse Secure)

Zero Trust Network Access (ZTNA) and VPN solution providing secure remote access.

Using Ivanti on Windows 11

Using Ivanti in a Windows 11 environment helps streamline security and management on the latest OS.

Key Features Supported on Windows 11

1. Device Management

Unified management using Ivanti Endpoint Manager:

# Check Ivanti Endpoint Manager agent status
Get-Service -Name "LANDesk*"

# Check Ivanti agent version
Get-ItemProperty -Path "HKLM:\SOFTWARE\LANDesk\ManagementSuite\WinClient" -Name Version

OS Deployment: Automated deployment and provisioning of Windows 11
Device Configuration: Application of group policies and configuration profiles
Inventory Collection: Automatic collection of hardware and software details
Remote Management: Remote desktop, file transfer, command execution

2. Patch Management

Automatically manages Windows 11 monthly updates and feature updates.

Operations in Ivanti Console:

Patch Scan: Evaluate current patch status of devices
Patch Approval: Select and approve necessary patches
Distribution Schedule: Deploy at times that don't impact business
Result Reports: Track patch application success/failure

Windows 11-Specific Patch Management:

Windows 11 22H2, 23H2 feature updates
Cumulative updates
Driver updates
Microsoft Defender definition updates

3. Security Management

Vulnerability Scanning: Regularly scans Windows 11 devices for vulnerabilities and provides prioritized remediation actions.

# Trigger manual scan by Ivanti agent (example)
# Actual commands vary by Ivanti version
& "C:\Program Files (x86)\LANDesk\LDClient\ldiscn32.exe" /sync

# Or execute via Task Scheduler
Start-ScheduledTask -TaskName "Ivanti Vulnerability Scan"

Integration with Windows 11 Security Features:

BitLocker Management: Disk encryption settings and recovery key management
Windows Hello: Deployment of biometric authentication settings
Microsoft Defender: Centralized antivirus settings management
Application Control: Integration with AppLocker and Windows Defender Application Control

4. Application Management

Software Distribution:

# Pull applications from Ivanti portal (when using Self-Service Portal)
# Users can select and install apps from the self-service portal

Microsoft Store Apps: Management of MSIX, AppX packages
Win32 Applications: Distribution of traditional desktop apps
Web Apps: Distribution of shortcuts to web-based applications
License Management: Tracking software license usage

5. User Self-Service

Through Ivanti Self-Service Portal, users can perform actions themselves.

Self-service features available on Windows 11:

Install/uninstall software
Password reset
View device information
Submit support tickets

<!-- Access to self-service portal (example) -->
<!-- Usually accessed via browser or dedicated client -->
https://ivanti-portal.company.com/selfservice

Installing Ivanti Agent on Windows 11

Prerequisites

Windows 11 (Pro, Enterprise, Education edition)
Administrator rights
Network connection (access to Ivanti server)

Installation Steps

Download Agent:
- Download the latest Windows agent from Ivanti management console
- Or access from network share
Silent Installation (for administrators):

# Silent installation of agent
Start-Process -FilePath ".\LDClient_Setup.exe" -ArgumentList "/s /v/qn" -Wait

# Verify installation
Get-Service -Name "LANDesk*" | Select-Object Name, Status, StartType

Post-Installation Verification:

# Check Ivanti agent execution
Get-Process | Where-Object {$_.ProcessName -like "*LANDesk*"}

# Check in registry
Test-Path "HKLM:\SOFTWARE\LANDesk\ManagementSuite\WinClient"

# Execute initial sync
& "C:\Program Files (x86)\LANDesk\LDClient\ldiscn32.exe" /sync

Troubleshooting

If agent cannot connect:

# Check network connectivity
Test-NetConnection -ComputerName "ivanti-server.company.com" -Port 9595

# Check firewall settings
Get-NetFirewallRule | Where-Object {$_.DisplayName -like "*LANDesk*"}

# Check event logs
Get-EventLog -LogName Application -Source "LANDesk*" -Newest 50

Windows 11 Management Task Examples

Regular Patch Application Schedule

# Administrators automate Ivanti patch application with Task Scheduler
$action = New-ScheduledTaskAction -Execute "C:\Program Files (x86)\LANDesk\LDClient\ldiscn32.exe" -Argument "/sync /patch"
$trigger = New-ScheduledTaskTrigger -Daily -At 3am
$principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest

Register-ScheduledTask -TaskName "Ivanti Daily Patch Check" `
    -Action $action `
    -Trigger $trigger `
    -Principal $principal `
    -Description "Ivanti automatic patch check and application"

Manual Software Inventory Collection

# Force collection of software and hardware inventory
& "C:\Program Files (x86)\LANDesk\LDClient\ldiscn32.exe" /sync /ntt

# Collected data is sent to Ivanti server

Key Advantages

1. Unified Management

Manage all endpoints (Windows, Mac, Linux, mobile) from a single platform.

2. Enhanced Security

Real-time vulnerability detection
Automated patch application
Compliance monitoring

3. Operational Efficiency

Automated workflows
Self-service portal
AI-powered problem prediction and auto-remediation

4. Cost Reduction

Reduced manual work
Minimized downtime
License optimization

Intune vs. Ivanti Comparison

Feature	Microsoft Intune	Ivanti
Target	Microsoft ecosystem focused	Multi-platform, legacy system support
Deployment Model	Cloud only	Cloud, on-premises, hybrid
Patch Management	Windows Update integration	Comprehensive patch management including third-party apps
Legacy Support	Limited	Supports Windows 7/8, older OSes
Pricing Model	Per user/device	Enterprise licensing
Remote Control	Basic features	Advanced remote management features

Best Practices

1. Patch Management Strategy

[Test Environment] → [Pilot Group] → [Phased Deployment] → [Full Deployment]

Test Group: First validate with IT department or small test users
Phased Deployment: Gradually expand deployment scope if no issues
Rollback Plan: Prepare response procedures in advance for issues

2. Security Policy Application

Principle of Least Privilege: Grant users only minimum necessary permissions
Enforce Device Encryption: Enable BitLocker on all devices
Regular Vulnerability Scans: Perform scans weekly or monthly

3. Monitoring and Reporting

# Check device status in Ivanti environment (example report generation for administrators)
# Actual reports are generated from Ivanti management console

Dashboard Utilization: Monitor device health in real-time
Compliance Reports: Regularly check compliance status
Alert Configuration: Receive notifications when critical issues occur

4. Improving User Experience

Deploy Self-Service Portal: Enable users to solve problems themselves
Set Maintenance Windows: Apply patches outside business hours
User Education: Improve security awareness

Summary

Ivanti provides a comprehensive and flexible solution for endpoint management, particularly in enterprise environments. In Windows 11 environments, it can leverage the latest OS security features while coexisting with legacy systems.

Main Usage Scenarios:

Unified management in large enterprise environments
Multi-platform environments (Windows, Mac, Linux, mobile)
Mixed environments with legacy systems and latest OS
Strict security and compliance requirements

As a Windows 11 User:

Ivanti agent is typically installed and managed by IT department
Can install necessary software yourself through self-service portal
Devices are automatically patched and security is maintained
If issues occur, IT department can provide remote support

Overview​

Key Products​

Ivanti Neurons​

Ivanti Endpoint Manager (EPM)​

Ivanti Patch Management​

Ivanti Security Controls (formerly Ivanti Patch for Windows)​

Ivanti Connect Secure (formerly Pulse Secure)​

Using Ivanti on Windows 11​

Key Features Supported on Windows 11​

1. Device Management​

2. Patch Management​

3. Security Management​

4. Application Management​

5. User Self-Service​

Installing Ivanti Agent on Windows 11​

Prerequisites​

Installation Steps​

Troubleshooting​

Windows 11 Management Task Examples​

Regular Patch Application Schedule​

Manual Software Inventory Collection​

Key Advantages​

1. Unified Management​

2. Enhanced Security​

3. Operational Efficiency​

4. Cost Reduction​

Intune vs. Ivanti Comparison​

Best Practices​

1. Patch Management Strategy​

2. Security Policy Application​

3. Monitoring and Reporting​

4. Improving User Experience​

Summary​

Reference Resources​