In this post, I will explain ConfigMgr Enable Upload Endpoint Analytics Data. This process has two parts. The following sections provide more details.
Microsoft recently released ConfigMgr 2006 Production into the slow ring, and this version is Generally Available | SCCM https://www.anoopcnair.com/configmgr-2006-production-version-generally-available-sccm/
First, you need to enable data collection from client settings. Then, to allow the upload option from the tenant attach configuration. You need the SCCM 2006 version to enable this feature in your environment.
When you opt to enable Endpoint analytics data upload, the default client settings on your Configuration Manager site server will automatically adjust to allow managed endpoints to transmit relevant data. If you have customized client settings, updating and re-deploying them may be necessary to ensure that data collection occurs efficiently.
- New Corporate Device Identifiers for Windows in Intune
- Microsoft Introduces New Windows Enrollment Attestation Feature in Intune
- Cloud PC Health Performance Monitoring Using Endpoint Analytics using Intune.
- Top 75 Latest Intune Interview Questions and Answers
- Free Intune Training 2024 for Device Management Admins
Tenant Attach Overview
I explained the onboarding process for the tenant attachment in the following post: “How to Build Sync between SCCM Intune Portal | Tenant Attach“.
- ConfigMgr 2006 Tenant Attach comes with a new option to upload Endpoint analytics data to Microsoft Endpoint Manager collected by devices.
- More details about the tenant are attached, as well as improvements on the Microsoft Endpoint Manager tenant.
NOTE! As you can see in the screen capture below, uploading endpoint analytics data is not enabled by default.
Prerequisites -Enable Upload Endpoint Analytics Data
The precondition to enable the upload of Endpoint Analytics Data is similar to ConfigMgr Tenant Attach.
- Tenant attach should be enabled.
- Full Admin access (infrastructure admin) to ConfigMgr infra is preferred.
- Global Administrator Access on Azure Active Directory tenant (These apps will be created automatically during the tenant attach onboarding process)
- To Create a 3rd party application under App Registration
- To Create a first-party service principal account
- An Azure public cloud environment (not available for Govt and other Azure Cloud environments)
- The user account triggering device actions from the Cloud console has the following prerequisites:
- Azure AD Connect should be in place to sync on-prem AD users and groups to Azure AD (if you have Office 365, then you might already be using Azure AD Connect).
- Should be part of Azure Active Directory User Discovery in SCCM
- Should be part of Active Directory User Discovery in SCCM
- Intune portal admin access ( Intune Service Administrator role) should be available to complete this activity.
- Windows 10 devices must be managed by ConfigMgr and Intune (co-managed).
Licensing Prerequisites
Endpoint analytics is included in the following plans:
- Enterprise Mobility + Security E3 or higher
- Microsoft 365 Enterprise E3 or higher.
Firewall/Proxy Settings
In a corporate environment, you must open some firewall ports and update proxy bypass list updates. In this scenario, to enable the upload of Endpoint Analytics Data, you might need to whitelist the following URL (internet endpoints for tenant attach scenario).
The protocol & Port number for the following endpoints is HTTPS (443).
https://aka.ms/configmgrgateway
https://gateway.configmgr.manage.microsoft.com
https://us.gateway.configmgr.manage.microsoft.com
https://eu.gateway.configmgr.manage.microsoft.com
Client-side devices should have access to the following links via proxy/firewall. More details about how the data is sent to the cloud, etc. https://docs.microsoft.com/en-us/mem/analytics/enroll-configmgr#bkmk_endpoints
- https://graph.windows.net
- https://*.manage.microsoft.com
Client Settings – Enable Upload Endpoint Analytics Data
Endpoint analytics data collection is enabled by default in the client settings. However, this doesn’t mean all the data collected from these endpoint analytics will be automatically sent to the cloud!
As we will discuss in the following section of the post, you need to enable the specific setting from Tenant Attach.
- Navigate to Administration – Client Settings.
- Default Client Settings – Computer Agent – Enable Endpoint Analytics Data Collection – Yes
Enable Upload Endpoint Analytics Data from SCCM Console
Let’s enable the upload and configuration of endpoint analytics data.
- Navigate Administration > Overview > Cloud Services > Co-management.
- Click on the properties of Co-management Management.
- Click on the Configure Upload tab.
- Click the Enable option called Enable Endpoint analytics for devices uploaded to Microsoft Endpoint Manager.
- Click OK to complete.
Intune Onboarding
Onboarding from the Endpoint analytics portal is required for both Configuration Manager 2006 or later and Intune-managed devices.
- Go to
https://aka.ms/endpointanalytics
- Login with the admin access ( Intune Service Administrator role) account.
- Click Start. This will automatically assign a configuration profile to collect boot performance data from all eligible devices.
Results – Enable Upload Endpoint Analytics Data
Connections are successfully created, as seen in the screen capture below from the Endpoint Manager web portal. I have not covered the Intune part in this post. However, you can check Joy’s post to learn more about Intune-side configurations.
Let’s see the overview of Endpoint Analytics:
Intune data collection policy (More details here): Collect user experience data from Intune-managed devices. This data is used to calculate your endpoint analytics score.
Configuration Manager data connector (More information here): Set up a Configuration Manager device data connection to collect data devices managed by the Configuration Manager.
Endpoint Analytics (Preview) | Recommended software: I’m Waiting for startup performance data, but I can still see recommended software details from Endpoint Analytics.
NOTE! – It can take up to 24 hours after a device restarts to see its data. To view your tenant’s on-premises data, you must first set up a Configuration Manager device data connection.
Resources
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.