In this post, we will see step by step configuration to integrate Upgrade readiness with SCCM. Finally, we will verify the result in the SCCM console. This post assumes that you have a valid Azure Subscription, SCCM CB 1610+ with service connection point role, and OMS workspace (Log Analytics).
This is a series of posts as listed below:-
- Define Windows 10 Upgrade Readiness Architecture with SCCM – Part 1
- How to integrate Windows 10 Upgrade Readiness with SCCM – Part 2
- Configure Telemetry for Upgrade Analytics/Readiness with Intune & SCCM – Part 3
The following 3 high levels steps are required for SCCM Upgrade Analytics and Upgrade Readiness integration. We will cover each one in detail.
- Create an application in Azure AD that SCCM can use to access the OMS workspace.
- Grant permission to the Resource Group which contain Azure AD application that the OMS workspace uses.
- Finally configure Upgrade Analytics in the SCCM console.
How to create an application in Azure AD for SCCM to access Upgrade Readiness
- Login to the Azure Management portal with Global Admin.
- Navigate to your Azure Active Directory-> Enterprise applications – All applications.
- Select “New Application”
- Select “Application you’re developing”
- Click on “New application”
- Type web application name
- Select Web app /API
- Type Sign-on URL (you can enter any URL, because this URL’s doesn’t need to be resolvable)
- Click on “Create” at the bottom to create the application
- Select the application which we created.
- Click on “Settings->Keys”
- Type a Key name Description
- Select a duration
- Click on Save.The key gets created after clicking Save.We can retrieve this key only from this page.
- Copy the Key value and keep it with you. It will be needed while configuring the connector in SCCM console.
- Also copy the Application ID and keep it with you.With this we completed Step 1.
How to configure Azure application permission for SCCM to connect Log Analytics
- In Azure Portal, we need to configure permission for the custom application which we created in Step 1.
- Navigate to the resource group. Select the Resource Group that contains your OMS workspace. Example “test” is my resource group name which have my custom application.
- Select Access Control (IAM) and Click Add
- Select the Contributor Role and select custom application which we created earlier. Click Save
Note : Azure console didn’t display custom application in drop down menu by default. Only user objects displayed. I typed first few characters of the application then custom application name displayed.
- As shown below, ensure “Contributor” permission is set for the resource group (Test).
Note : I have seen issues if you configure permissions on your custom application directly.
Configuration of Upgrade readiness in SCCM console
- Launch SCCM console.Navigate to Administration workspace -> Cloud Services.
- Right click on the “Upgrade Analytics Connector” node.
- Select “Create connection to Upgrade Analytics”.
- Update Azure Tenant name, Client ID (application ID) and key. We have already noted these details from step 2.
- Azure subscription,Azure resource group,OMS workspace details will populate.
- If details are not populated automatically then re-check Resource Group permission correctly as mentioned in Step 2.
- We completed SCCM and Upgrade Analytics Integration successfully.
End result for SCCM Administrator
- You can verify the dmpdownloader.log.This log helps us to verify the integration between SCCM server Upgrade analytics and OMS Upgrade readiness.
- You can check the SCCM console after 48 hr and confirm whether Upgrade Readiness information got updated.
- Integrate Upgrade Readiness with SCCM – Here
- Register a new application using the Azure portal – Here
- Azure resource group – Here
- Manage Windows upgrades with Upgrade Readiness-Here