Let’s learn to set up Cloud PC Monitoring Health Performance using Endpoint Analytics Intune. Endpoint analytics provide the measurement of the compute and memory load on your Cloud PCs. Cloud PC health monitoring reports provide better sizing analysis for your virtual desktops.
The Cloud PC health and performance monitoring feature comes without any additional agent deployment. This uses Intune Management Extension (IME) agent to collect the data. I try to avoid additional agents getting deployed into Windows PCs wherever possible. This is because the agent-based monitoring tools come with an additional overhead of management.
You will need to enable the Endpoint analytics from the MEM admin center portal. This allows you to monitor the startup performance of Cloud PCs. Additionally, this will also give end-to-end analytical data of overall system performance. Intune data collection policy helps collect user experience data and send it to endpoint analytics to process it.
Endpoint Analytics Architecture – Cloud PC Monitoring Health Performance
Let’s have a quick look into the very high-level architecture of Endpoint analytics. The following diagram gives a basic idea about the architecture and data flow of Endpoint analytics.
- Intune Data Collection Policy will enable the data collection from Cloud PCs.
- Intune Management Extension agent helps to sent the data to the Endpoint Analytics service.
- Endpoint Analytics services will process the data and compare it with the baseline you set.
- Make user experience, performance, health, etc.. reports available in Intune MEM admin center conosle.
NOTE! – License requirements to use endpoint analytics are EMS E3 or M365 E3 or Higher. So, this is the same license that you need for MEM Intune management. So you are already covered from a licensing perspective. However, to get onboarded to proactive remediation, you need Windows E3 licenses.
Enable Endpoint Analytics for Cloud PCs
The end-user experience problems persist because IT doesn’t have much visibility for Cloud PCs. You can try to get this visibility using endpoint analytics. You can log in to the MEM Admin Center (a.k.a Intune portal) to perform the following actions. The next steps might help to enable Endpoint Analytics for Cloud PCs.
- Login to Endpoint.Microsoft.com with appropriate permission.
- Navigate to Reports -> Endpoint Analytics tab. You will need to click on START button if you have not gone through the initial setup of endpoint analytics.
- From the General page of Settings tab, you can start the Cloud PC monitoring process using Endpoint analytics.
- Agree to the Consent to share data to share the data with Microsoft.
NOTE! – Don’t worry if your Settings in General page doesn’t show Connected; I will go through the Intune Data collection policy in the next section of this post. Once that Intune data collection policy is created and deployed to Cloud PCs, you would be able to see a green checkmark under Intune Data Collection Policy.
You now need to select the appropriate baseline for Endpoint Analytics from the Baseline page of Settings. I have chosen All organizations (median) configurations, as you can see in the below screenshot. You can create different baselines as per your requirements. The following are score categories available while writing this post.
- Endpoint analytics score
- Startup performance
- Recommended software
- Application reliability
- Resource performance (preview)
- Work from anywhere (preview)
Agree to Consent to share data is important here – Microsoft will anonymize and aggregate the scores from all enrolled organizations to keep the All organizations (median) baseline up-to-date. Revoking your Consent will disable reports like Startup performance or Recommended software.
You can select the baseline regression threshold as per your requirement. But, I normally start with the default settings as that is Microsoft’s recommended settings. The metrics vary slightly from day to day basis. You can use the slider to choose how far (in percent) a metric can fall below the baseline before reports show that it needs your attention.
Create Intune Data Collection Policy
You will need to go through the Intune data collection policy creation and deployment process to enable this monitoring option for Cloud PCs. You can go to the Intune data collection policy node directly from the Endpoint Analytics portal using the hyperlink available on the settings page.
Intune data collection policy – Collect user experience data from Intune-managed Cloud PCs. Let’s following the steps below to create Intune Data Collection policy for Cloud PCs.
- Open MEM Admin Center Portal -> endpoint.Microsoft.com
- Navigate to Devices -> Windows -> Configuration Profiles.
- Click on +Create Profile option to creat a profile.
- Select Windows 10 or Later from Platform.
- Select Templates from Profile Type.
- Search for “Health” -> Select Windows Health Monitoring profile template.
- Click on Create button.
On the Window Health Monitoring profile creation page, you must enter the profile name and description as explained below.
- Windows Health Monitoring Profile Name -> Cloud PC Health Monitoring Policy
- Platform -> Windows 10 and later
- Profile Type -> Windows Health Monitoring
- Click on Next to continue.
This policy proactively monitors device health by tracking device events. The Health monitoring is available for devices running Windows 10 1903, and later, or Windows 11. From the configuration page of the Windows Health Monitoring policy, you will need to select the following configurations.
Health Monitoring: Use ENABLE option to collect event information from supported Windows 10 and Windows 11 Cloud PC devices.
Scope: I selected both the Endpoint analytics and the Windows updates scopes, even though the Windows update scope is not used by endpoint analytics.
It’s time to go through the SCOPE and Intune filter rules for Cloud PCs. I use the same assignment method for many other policy deployments for my lab environment.
- Click on All Devices.
- Click on Filter to add Windows 365 Cloud PC filter and you need to include only Cloud PC devices.
- Click on Review + Save to complete Intune monthly policy creattion process.
NOTE! – You will need to be careful about the deployment using Intune filter rules in production. I recommend testing all the Intune filter rules and this type of deployment in staging or pre-production environments before going to production.
The Applicability Rules option can be skipped because it’s not relevant for the Cloud PCs scenario. But you can use the Applicability Rules option to specify how to apply this profile within an assigned group. Intune will only apply the profile to devices that meet the combined criteria of these rules.
OS edition and OS versions are the two types of applicability rule options available while writing this post. I don’t think that is very relevant for Cloud PC scenarios. Click on Next, Next, Review + Save to complete the Intune data collection policy creation.
NOTE! – You can back to the Endpoint Analytics tab and confirm whether the green tickmark is enabled against the Intune Data Collection policy from the General tab on the Settings page.
Troubleshooting Tips – Cloud PC Health Performance Monitoring
You can now initiate the Intune policy sync manually on the Cloud PC to check whether the policies relate to Health Performance monitoring are reached or not. Most of the time, you can check and confirm the following event log to confirm the policy assignment from the client-side.
Event Log path for Intune logs –> Applications and Services -> Microsoft->Windows->DeviceManagement-Enterprise-Diagnostics-Provider->Admin
Intune or MDM core component troubleshooting for Windows devices is mainly based on event logs. Intune logs are helpful when you troubleshoot Intune Win32 application deployment issues.
The event ID 208 means the Windows client is contacting Intune Service to check whether there is any new policy or not. The Event ID 813, 815 means received a new Intune Windows Health Monitoring Policies from the server-side to prevent theme change (user). The event IDs are the same for both user and device policy deployments.
- Event ID 813 => Policy Value Received is Integer and that policy successfully applied on the Cloud PC.
- Event ID 814 => Policy Value Recived is String and that is successfully applied.
- Event ID 404 => Policy configuration command failed error because this policy config is not appliable or can’t apply on this particular device. Failed because the policy below was looking for AAD joined PC and Cloud PCs are Hybrid Azure AD joined PCs.
Check for new Policies -> Event ID 208: MDM Session: OMA-DM session started for EnrollmentID (D0892524-C388-43DC-8DFC-D50E7CA19DBF) with server: (MS DM Server), Server version: (4.0), Client Version: (1.2), PushRouterOrigin: (0xB), UserAgentOrigin: (0x8), Initiator: (0x0), Mode: (0x2), SessionID: (0x8B), Authentication Type: (0x1).
New Policy Received (Integer Value) – Event ID 813: MDM PolicyManager: Set policy int, Policy: (AllowDeviceHealthMonitoring), Area: (DeviceHealthMonitoring), EnrollmentID requesting merge: (D0892524-C388-43DC-8DFC-D50E7CA19DBF), Current User: (Device), Int: (0x1), Enrollment Type: (0x6), Scope: (0x0).
New Policy Received (Integer Value) – Event ID 814: MDM PolicyManager: Set policy string, Policy: (ConfigDeviceHealthMonitoringScope), Area: (DeviceHealthMonitoring), EnrollmentID requesting merge: (D0892524-C388-43DC-8DFC-D50E7CA19DBF), Current User: (Device), String: (BootPerformance, WindowsUpdates), Enrollment Type: (0x6), Scope: (0x0).
New Policy Received (String Value) – Event ID 814: MDM PolicyManager: Set policy string, Policy: (ConfigDeviceHealthMonitoringUploadDestination), Area: (DeviceHealthMonitoring), EnrollmentID requesting merge: (D0892524-C388-43DC-8DFC-D50E7CA19DBF), Current User: (Device), String: (DHM_SOUTHEASTASIA), Enrollment Type: (0x6), Scope: (0x0).
Missing Policy Config Error – Event ID 404: MDM ConfigurationManager: Command failure status. Configuration Source ID: (D0892524-C388-43DC-8DFC-D50E7CA19DBF), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Policy/Config/DeviceHealthMonitoring/ConfigDeviceHealthMonitoringServiceInstance), Result: (The system cannot find the file specified.).
Registry Entries Related to Endpoint Analytics Policies
Let’s now check the registry entries related to endpoint analytics Windows health policies. You can perform Cloud PC Health Performance Monitoring using endpoint analytics once the policy is applied and data is sent to Endpoint Analytics services.
NOTE! – Normally, it takes 24 hours to reflect the Cloud PC devices in the reports after receiving these policies from Intune.
The following registry entries help us to confirm that the policy is already applied on the Cloud PCs. It’s now your time to relax and wait for the next 24 hours to get those Cloud PCs details in the Endpoint Analytics report.
- AllowDeviceHealthMonitoring = 1
- ConfigDeviceHealthMonitoringScope = BootPerformance, WindowsUpdates
- ConfigDeviceHealthMonitoringUploadDestination = DHM_SOUTHEASTASIA
Results of Endpoint Analytics for Cloud PCs
You can check the Cloud PC Health, Performance, and Monitoring reports 24 hours after enabling Windows Health Monitoring policies. Once you have the reports, you can review your current score and see how it compares to the selected baseline depending on the reports and performance score.
You can also refer to the insights and recommendations to learn how to improve your device startup times and score. Also, there are options to resize the Cloud PC based on these health and performance reports.
NOTE! – I was informed that right now, the “work from anywhere” feature, with Windows 365 Cloud PCs, is a known issue and is presently being worked on.
Somehow I can see only the following reports for Cloud PC after enabling Endpoint Analytics monitoring and PC health for Cloud PCs.
Round Trip and Remote Sign-in information are listed in the endpoint analytics reporting blade for Remoting Connections. Review the round trip time (RTT) and Cloud PC sign-in time for devices in your organization. Select a device to drill down to get more details. Time indicates P95 values.
You can see the Windows 11 upgrade capability report is available after a few manual fixes mentioned in the below section of this post. These Windows 11 upgrade eligibility reports are available under the Work from anywhere section of Endpoint Analytics.
It seems the Connected User Experiences and Telemetry data is not enabled for Windows 365 Cloud PCs even though I have deployed a policy to enable Telemetry data.
As per the registry key, the telemetry data collection is not enabled for Cloud PC.
The registry value for AllowTelemetry should be 1. But I couldn’t find this correctly applied only on Cloud PCs. But on Windows 11 VMs (not Cloud PC). It just works fine.
0 - Not allowed.
1 – Allowed, except for Secondary Data Requests.
2 (default) – Allowed.
Telemetry Data Collection Enabled for Cloud PC
I have enabled telemetry data collection as well. More details in upgrade To Windows 11 Using Intune Feature Update Deployment Policy.
I have enabled Telemetry turned on with a minimum set to Required. You can configure from Device Restriction policy -> Reporting and Telemetry -> Share Usage Data.
But still, the telemetry services are in a disabled state for Cloud PCs. This could be because of the optimization script which is applied to the Cloud PC images? I can’t confirm this yet.
I was looking at Taskmanager – under services, though it is called DiagTrack there (group heading utcsvc) – Connected User Experience and Telemetry. This service is disabled and stopped.
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.…