Let’s check a new tenant attach CMPivot feature made available with the release of ConfigMgr 2006. Now, you can check the options to Run CMPivot Queries from Intune Portal (a.k.a 👉 Microsoft Endpoint Manager admin center).
Let’s revise the details about CMPivot from the ConfigMgr console. We will see more details about how to run CMPivot Queries from the Intune portal at the bottom of this post.
Also, let’s have a quick check about the prerequisite to enable CMPivot access from the Intune portal.
To Run CMPivot Queries from Intune Portal, you need to have the following prerequisites completed.
NOTE! – Permissions for Tenant attach is updated. You don’t need to give permissions to Configuration Manager Microservice https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/client-details#permissions
- All of the prerequisites for Tenant attach: SCCM client details
- A minimum supported version of ConfigMgr is 2006.
- All sites (child primary and secondary servers) in the hierarchy must meet the minimum ConfigMgr version 2006 requirement.
- ConfigMgr clients must be running the latest version client. Check whether your client version is the latest one mentioned in the GA of ConfigMgr 2006.
- You should have appropriate access to run the CMPivot from SCCM and Intune.
- The Read permission for the device’s Collection.
- The Run CMPivot permission on the Collection.
- The Admin User role for the Configuration Manager Microservice application in Azure AD.
- Add the role in Azure AD from Enterprise applications > Configuration Manager Microservice > Users and groups > Add user. Groups are supported if you have Azure AD premium.
What is CMPivot?
The CMPivot is a new SCCM in-console utility that now provides access to real-time state of devices in your environment. You can run CMPivot as a standalone tool as well.
The post includes CMPivot architecture and communication details as well. 👉SCCM CMPivot Architecture Fast Channel Making | ConfigMgr.
Launch CMPivot from Intune Portal
I assume you all know how to launch the CMPivot from ConfigMgr console. In this section, we learn how to run the CMPivot query from the Intune portal (MEM Admin Center).
Once you have completed all the prerequisites of Tenant attach, you would be able to see all the ConfigMgr managed devices in the Intune portal. You can follow the steps mentioned below to run the CMPivot query.
- Open Admin Center – Intune Portal – https://endpoint.microsoft.com/
- Select Devices node then click on All Devices.
- Click on Windows.
- Select the device that is synced from ConfigMgr via tenant attach.
- Use the Search option to find the device.
- Click on the devices with the following option – Managed By ConfigMgr.
- Select CMPivot (preview) from the Intune portal to run CMPivot.
- Use the Search option to find specific patching details.
- Copy the CMPivot query from the previous posts. You can use the same queries from the Intune portal as well.
- I have selected the CMPivot Query Patches Installed in the Last 220 days.
- QuickFixEngineering | where InstalledOn >= ago(220d)
- Copy the above query and paste it in the small window as shown in the screenshot.
- Click on the Run button to execute the CMPivot query against that particular device that you selected.
Process & Troubleshooting
You can start troubleshooting the CMPivot query initiated from the Intune portal using the following log files CMGatewayNotificationWorker.log & AdminService.log. These logs can be found at the SCCM logs location on the site server.
More Details – You can find more details about the background process flow happens behind the scenes when someone initiates a CMPivot query from the Intune portal (admin center).
You can check the results of CMPivot query in MEM Admin center (Intune) portal itself. You can see more details in the following screen capture.
- Tenant attach: Launch CMPivot from the admin center (preview)
- Troubleshoot CMPivot (preview) for devices uploaded to the admin center