In this post we will see step by step configuration to integrate Upgrade readiness with SCCM. Finally, we will verify the result in SCCM console. This post assume that you have a valid Azure Subscription, SCCM CB 1610+ with service connection point role and OMS workspace.
This is a series of posts as listed below:-
The following 3 high levels steps are required for SCCM Upgrade Analytics and Upgrade Readiness integration. We will cover each one in detail.
- Create an application in Azure AD that SCCM can use to access the OMS workspace.
- Grant permission to the Resource Group which contain Azure AD application that the OMS workspace uses.
- Finally configure Upgrade Analytics in the SCCM console.
How to create an application in Azure AD for SCCM to access Upgrade Readiness
- Login to the Azure Management portal with Global Admin.
- Navigate to your Azure Active Directory-> Enterprise applications – All applications.
- Select “New Application”
- Select “Application you’re developing”
- Click on “New application”
- Type web application name
- Select Web app /API
- Type Sign-on URL (you can enter any URL, because this URL’s doesn’t need to be resolvable)
- Click on “Create” at the bottom to create the application
- Select the application which we created.
- Click on “Settings->Keys”
- Type a Key name Description
- Select a duration
- Click on Save.The key gets created after clicking Save.We can retrieve this key only from this page.
- Copy the Key value and keep it with you. It will be needed while configuring the connector in SCCM console.
- Also copy the Application ID and keep it with you.With this we completed Step 1.
How to configure Azure application permission for SCCM to connect OMS
- In Azure Portal, we need to configure permission for the custom application which we created in Step 1.
- Navigate to the resource group. Select the Resource Group that contains your OMS workspace. Example “test” is my resource group name which have my custom application.
- Select Access Control (IAM) and Click Add
- Select the Contributor Role and select custom application which we created earlier. Click Save
Note : Azure console didn’t display custom application in drop down menu by default. Only user objects displayed. I typed first few characters of the application then custom application name displayed.
- As shown below, ensure “Contributor” permission is set for the resource group (Test).
Note : I have seen issues if you configure permissions on your custom application directly.
Configuration of Upgrade readiness in SCCM console
- Launch SCCM console.Navigate to Administration workspace -> Cloud Services.
- Right click on the “Upgrade Analytics Connector” node.
- Select “Create connection to Upgrade Analytics”.
- Update Azure Tenant name, Client ID (application ID) and key. We have already noted these details from step 2.
- Azure subscription,Azure resource group,OMS workspace details will populate.
- If details are not populated automatically then re-check Resource Group permission correctly as mentioned in Step 2.
- We completed SCCM and Upgrade Analytics Integration successfully.
End result for SCCM Administrator
- You can verify the dmpdownloader.log.This log helps us to verify the integration between SCCM server Upgrade analytics and OMS Upgrade readiness.
- You can check the SCCM console after 48 hr and confirm whether Upgrade Readiness information got updated.