In this post let’s see ConfigMgr and How to Enable Upload Endpoint Analytics Data. There are two parts to this process of enabling the upload. Let’s see more details about this in the following sections.
Microsoft recently released ConfigMgr 2006 Production into the slow ring and this version is Generally Available | SCCM https://www.anoopcnair.com/configmgr-2006-production-version-generally-available-sccm/
First, you need to enable data collection from client settings. And then you need to enable the upload option from the tenant attach configuration. You need SCCM 2006 version to enable this feature in your environment.
Tenant Attach Overview
I have explained about onboarding process of the tenant attach in the following post “How to Build Sync between SCCM Intune Portal | Tenant Attach“.
- ConfigMgr 2006 Tenant attach comes with a new option to upload Endpoint analytics data to Microsoft Endpoint Manager collected by devices.
- More details about tenant attach improvements on Microsoft Endpoint Manager tenant attach.
NOTE! – As you can see in the below screen capture, the upload of endpoint analytics data is not enabled by default.
Prerequisites
The prerequisite to enable the upload of Endpoint Analytics Data is similar to ConfigMgr Tenant Attach.
- Tenant attach should be enabled.
- Full Admin access (infrastructure admin) to ConfigMgr infra is preferred.
- Global Administrator Access on Azure Active Directory tenant (These apps will be created automatically during the tenant attach onboarding process)
- To Create a 3rd party application under App Registration
- To Create a first-party service principal account
- An Azure public cloud environment (not available for Govt and other Azure Cloud environments)
- The user account triggering device actions from the Cloud console has the following prerequisites:
- Azure AD Connect should be in place to sync on-prem AD users and groups to Azure AD (if you have Office 365, then you might already be using Azure AD connect).
- Should be part of Azure Active Directory User Discovery in SCCM
- Should be part of Active Directory User Discovery in SCCM
- Intune portal admin access ( Intune Service Administrator role) should be there to complete this activity.
- Windows 10 devices must be managed by ConfigMgr and Intune (co-managed).
Licensing Prerequisites
Endpoint analytics is included in the following plans:
- Enterprise Mobility + Security E3 or higher
- Microsoft 365 Enterprise E3 or higher.
Firewall/Proxy Settings
In a corporate environment, you always need to open some firewall ports and proxy bypass list updates. In this scenario to enable the upload of Endpoint Analytics Data, you might need to white list the following URL (internet endpoints for tenant attach scenario).
Protocol & Port number used for the following endpoints are HTTPS (443).
https://aka.ms/configmgrgateway
https://gateway.configmgr.manage.microsoft.com
https://us.gateway.configmgr.manage.microsoft.com
https://eu.gateway.configmgr.manage.microsoft.com
Client-side devices should have access to the following links via proxy/firewall. More details about how the data is sent to the cloud etc… https://docs.microsoft.com/en-us/mem/analytics/enroll-configmgr#bkmk_endpoints
- https://graph.windows.net
- https://*.manage.microsoft.com
Client Settings – Enable Upload Endpoint Analytics Data
Endpoint analytics data collection is enabled by default in the client settings. However, this doesn’t mean all these endpoint analytics data collected will be automatically sent to the cloud!
You need to enable the specific setting from Tenant attach as we are going to discuss in the following section of the post.
- Navigate to Administration – Client Settings.
- Default Client Settings – Computer Agent – Enable Endpoint Analytics Data Collection – Yes
Enable Upload Endpoint Analytics Data from SCCM Console
Let’s enable the upload of the configuration of endpoint analytics data.
- Navigate Administration > Overview > Cloud Services > Co-management.
- Click on the properties of Co-management Management.
- Click on the Configure Upload tab.
- Click the Enable option called Enable Endpoint analytics for devices uploaded to Microsoft Endpoint Manager.
- Click OK to complete.
Intune Onboarding
Onboarding from the Endpoint analytics portal is required for both Configuration Manager 2006 or later and Intune managed devices.
- Go to
https://aka.ms/endpointanalytics
- Login with the admin access ( Intune Service Administrator role) account.
- Click Start. This will automatically assign a configuration profile to collect boot performance data from all eligible devices.
Results
Connections are successfully created as you can see in the below screen capture from the Endpoint Manager web portal. I have not covered the Intune part in this post. However, you can check Joy’s post to know more about Intune side configurations.
Let’s see the overview of Endpoint Analytics:
- Intune data collection policy (More details here)
- Configuration Manager data connector (More details here)
Endpoint Analytics (Preview) | Recommended software – Waiting for startup performance data…I can still see recommended software details from Endpoint analytics.
NOTE! – It can take up to 24 hours after a device restarts to see its data. If you’re trying to view your tenant’s on-premises data, you need to set up a Configuration Manager device data connection first.