In this post, we will see a step-by-step configuration to integrate Upgrade readiness with SCCM. Finally, we will verify the result in the SCCM console. This post assumes that you have a valid Azure Subscription, SCCM CB 1610+ with service connection point role, and OMS workspace (Log Analytics).
This is a series of posts as listed below.
- Define Windows 10 Upgrade Readiness Architecture with SCCM – Part 1
- How to integrate Windows 10 Upgrade Readiness with SCCM – Part 2
- Configure Telemetry for Upgrade Analytics/Readiness with Intune & SCCM – Part 3
The following 3 high levels steps are required for SCCM Upgrade Analytics and Upgrade Readiness integration. We will cover each one in detail.
- Create an application in Azure AD that SCCM can use to access the OMS workspace.
- Grant permission to the Resource Group, which contains the Azure AD application that the OMS workspace uses.
- Finally, configure Upgrade Analytics in the SCCM console.
How to create an application in Azure AD for SCCM to access Upgrade Readiness
- Log in to the Azure Management portal with Global Admin.
- Navigate to your Azure Active Directory-> Enterprise applications – All applications.
- Select “New Application”
- Select “Application you’re developing”
- Click on “New application.”
- Type the web application name
- Select Web app /API
- Type Sign-on URL (you can enter any URL because this URL doesn’t need to be resolvable)
- Click on “Create” at the bottom to create the application
- Select the application which we started.
- Click on “Settings->Keys.”
- Type a Key name Description
- Select a duration
- Click on Save. The key gets created after clicking Save. We can retrieve this key only from this page.
- Copy the Key value and keep it with you. It will be needed while configuring the connector in the SCCM console.
- Also copy the Application ID and keep it with you. With this, we completed Step 1.
How to configure Azure application permission for SCCM to connect Log Analytics
- In Azure Portal, we need to configure permission for the custom application we created in Step 1.
- Navigate to the resource group. Select the Resource Group that contains your OMS workspace. Example “test” is my resource group name which has my custom application.
- Select Access Control (IAM) and Click Add
- Select the Contributor Role and select the custom application which we created earlier. Click Save
Note: Azure console didn’t display custom applications in the drop-down menu by default. Only user objects are displayed. I typed first few characters of the application then the custom application name was revealed.
- As shown below, ensure “Contributor” permission is set for the resource group (Test).
Note: I have seen issues if you configure permissions on your custom application directly.
Configuration of Upgrade readiness in the SCCM console
- Launch SCCM console. Navigate to Administration workspace -> Cloud Services.
- Right-click on the “Upgrade Analytics Connector” node.
- Select “Create connection to Upgrade Analytics”.
- Update Azure Tenant name, Client ID (application ID), and key. We have already noted these details from step 2.
- Azure subscription, Azure resource group, and OMS workspace details will populate.
- If details are not populated automatically, then re-check Resource Group permission correctly, as mentioned in Step 2.
- We completed SCCM and Upgrade Analytics Integration successfully.
End result for SCCM Administrator
- You can verify the dmpdownloader.log.This log helps us to confirm the integration between SCCM server Upgrade Analytics and OMS Upgrade readiness.
- You can check the SCCM console after 48 hr and confirm whether Upgrade Readiness information got updated.
- Integrate Upgrade Readiness with SCCM
- Register a new application using the Azure portal
- Azure resource group
- Manage Windows upgrades with Upgrade Readiness
Vimal has more than ten years of experience in SCCM device management solutions. His main focus is on Device Management technologies like Microsoft Intune, ConfigMgr (SCCM), OS Deployment, and Patch Management. He writes about the technologies like SCCM, Windows 10, Microsoft Intune, and MDT.