featured

Azure Beginners Guide for AWS Professionals

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS. AWS and Azure are the most comprehensive cloud platforms. I recently watched a video explaining the fundamentals of Azure and AWS cloud platforms.

If you are an AWS professional, your knowledge of the AWS platform makes it easier for you to start your journey with Azure. The learning curve is not very huge. In this post, we will see how you can transfer the fundamental knowledge of the Amazon AWS platform to Microsoft Azure.

This post is based on Matt McSpirit’s 5-minute comparison video. In it, he explains how your knowledge as an AWS Professional easily translates to Microsoft Azure.

Get the critical differences between these two comprehensive cloud platforms in the 5-minute video. This post is an Azure Beginners Guide for AWS Professionals.

Key Concepts of AWS and Azure

The fundamental differences between AWS and Azure are the concepts of subscriptions and accounts. In Azure, account owners can delegate the task of managing subscriptions to application owners. This delegation is essential when paying the bill, not the person operating the technology.

Also, imagine running AWS services in your private data center. With Azure, you can deploy Azure services in your data center with Azure stack. Azure also supports first-party integration between your cloud and on-premises solutions.

  • Common Identity
  • Management and Security
  • Data Platform
  • Artificial Development

Like AWS, Azure Architecture allows you to build solutions with Windows and Linux. AWS and Azure have a vibrant marketplace of growing 3rd party echo systems of apps and solutions.

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS - Fig.1
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Fig.1

Three Pillars of Azure and AWS Cloud Platform 

Azure Beginners Guide for AWS Professionals is based on three main pillars of these cloud offerings. There are three core services in AWS and the Azure cloud platform. I will cover each component in this post, as Matt explained above.

Three Pillars of Azure and AWS Cloud Platform 
Compute
Data Storage
Management
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Table 1

AWS Vs. Azure Compute Options

Virtual Machine Templates

Compute options are very similar to those of AWS and Azure. You can find the same range of on-demand virtual machine sizes in Azure and various Amazon EC2 instances in AWS. There are some differences in Memory, CPU, and storage options.

You can create AWS instances of virtual machines in the AWS management console. You can create Azure VMs in the Azure portal using APIs or Azure Command-line inter-phase for Windows or Linux. Following are the variety of options I have captured for the Azure Beginners Guide for AWS Professionals.

Azure Virtual Machine Offerings

  • Small Workloads (A, Av2, B, D, Dv2)
  • General-purpose (Dv3, N)
  • Storage workloads (L)
  • Database workload (Ev3)
  • Enterprise applications (M)
  • SAP HANA workloads (SAP)

AWS Virtual Machine Offerings

  • Accelerated Graphics (P2, G3)
  • Storage Optimized (I3, D2)
  • General-purpose (T2, M4)
  • Compute Optimized (C4)
  • Memory Optimized (X1, R3, and R4)

Automatic Scalability Options

In both AWS and Azure, you can use Auto-Scaling options to dynamically scale your application or service. For most scenarios, this can be done without any downtime.

In Azure, virtual machine scale sets can automatically add or remove VMs based on your defined metrics and threshold. In contrast, in AWS, AWS CloudFormation can scale your application or services automatically.

Application Architecture

In Azure, you can use Azure Resource Manager or ARM templates to define the architecture of your application or service for the multi-tiered workload. Again, you can use AWS CloudFormation templates to architect your application or services.

Containers Options

Amazon has AWS Elastic (EC2) Container Service for containers. Azure has Azure Container Service (AKS) to provide you with container service options. Use a fully managed Kubernetes container orchestration service or choose other orchestrators.

Azure supports Linux and Windows containers and offers a range of orchestration options, including Kubernetes, Mesosphere DC/OS, and Docker Swarm.

Serverless Options

AWS Lambda and AWS API Gateway (plus other services) are the solutions to build and deploy applications in AWS. In Azure, Azure Functions and other platform services are the answers for Serverless platforms.

This includes Azure Logic Apps, which visually model and automate process workflows. Other serverless options in Azure are Azure Database as a Service and Azure Service Fabric Cluster.

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS - Fig.2
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Fig.2

AWS Vs. Azure Data Storage Options

Persistent data storage is the heart of many applications. Azure and AWS offer a range of storage options. AWS Simple Storage Service (AWS S3) is the cloud storage solution in AWS.

Where in Azure, you can use Azure Blob Storage as a cloud storage solution for your application and services. Storage speed and performance are important to cover in the Azure Beginners Guide for AWS Professionals.

In AWS, cold storage using AWS S3 Standard IA is an option. Amazon Glacier is archival cold storage in AWS. In Azure, this cold storage maps to Azure storage standard COLD (Access tier) and Azure Archival storage.

Database Options

Relational Database Options

Database options in AWS and Azure are also similar. However, there is an essential difference that IT pros need to understand. Amazon offers a variety of AWS Relational Database (AWS RDS) options. In Azure, Azure Relational Database options are Azure SQL Databases, Azure DB for MySQL, and Azure DB for PostgreSQL.

Non-Relational Database Options

Azure offers Cosmos DB (Azure Cosmos DB) to build a nonrelational Database for your applications and services. Azure Cosmos DB provides additional features like SQL query, unstructured data, low latency, and Geo-replication. AWS offers Amazon DynamoDB to have Fast and flexible nonrelational database service in the cloud.

Traditional Data Warehousing

Traditional Data Warehousing options are available for both AWS and Azure. Amazon AWS offers the AWS Redshift database for traditional data warehousing requirements of your applications and services.

Azure offers you an Azure SQL Data Warehouse solution to meet your application requirements. Like AWS Redshift, Azure SQL Data Warehouse is a fast, fully managed, and petabyte-scale data warehouse.

Big Data Offerings

Amazon and Azure offer big data analysis as part of their cloud services. AWS offers Amazon Elastic MapReduce (Amazon EMR) for big data analytics, including the Hadoop framework. Azure offers Azure HDInsights as a big data analytics option. 

HDInsight provides a fully managed, full-spectrum open-source analytics service for enterprises. Azure offers an additional offer for Big Data: Azure Data Lake Store. This store allows you to store massive unstructured or structured data sets and enables analysis of all your data from one place.

Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS - Fig.3
Azure AWS Beginners Guide for IT Professionals Azure IT Pros Azure Vs AWS – Fig.3

AWS Vs Azure Management Options

Management is an important topic. Azure and AWS offer various options for managing your cloud resources. You can start with the AWS management console.

Azure provides management options through the Azure management portal. Management options for both platforms are essential with Azure Beginners Guide for AWS Professionals.

Troubleshooting

Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. You can also use Azure Cloud Shell for custom troubleshooting. Azure Cloud Shell supports Bash Shell for Linux and PowerShell for Windows workloads. 

Other options are available, including CloudWatch, CloudTrail, and X-Ray. There are many other third-party solutions for AWS cloud management.

Monitoring

AWS and Azure offer different monitoring options. In AWS, you can use 3rd party analytics engine like Splunk. Azure’s built-in monitoring options are log analytics, Azure application insights, etc.

Proactive Resource Optimization

Azure and AWS provide proactive resource optimization tools to help you. AWS comes with an AWS Trusted Advisor Dashboard. Trusted Advisor allows you to observe best practices for using AWS by inspecting your AWS environment and providing proactive resource optimization.

Azure provides a complementary tool called Azure Advisor for proactive resource optimization for your Azure environment.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Intune Mobile App Assignment Exclude AAD Group Option

Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune

Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune. The Microsoft Intune team depreciated the application assignment type “Not Applicable for good reasons. So, you do not need to worry when you don’t see the “Not Applicable” assignment type for your Intune tenant.

“Not Applicable” will no longer be an option in the console but will be replaced by “Excluded Groups.” The Exclude Group option was already available for Configuration policies and is useful.

Do you remember the Groups in the Intune Silverlight portal? There was exclusion logic used in Intune groups in the Silverlight portal. I think the excluded Azure AD groups used in-app assignments do not use nested group logic (Implicit Exclusion Groups). 

I’m trying to explain two application assignment scenarios using Intune’s “Excluded Groups” logic in this post.

What are the New Features of Intune’s “Excluded Groups”

New app assignment process in Intune with an “Excluded Groups” option. Using the unique ” Excluded Groups ” option, you can now easily manage app assignments to groups with overlapping members or targeted with conflicting app assignment types by using the new “Excluded Groups” option.

How does the depreciation of “Not Applicable” effect?

Previously, the app assignment process in the Intune on Azure console allowed targeting groups with the “Not Applicable” assignment type. This will no longer be the case. The “Not Applicable” option will replace the “Excluded Groups” option.

This new feature manages app assignments, allowing an app to target a large group of users or devices while restricting it to a subset of the same group.

  • https://blogs.technet.microsoft.com/intunesupport/2018/02/02/new-feature-new-app-assignment-process-in-intune-with-an-excluded-groups-option/

What Do I Need to Do to Prepare for this Change?

Start using the new app assignment process and update your documentation if needed. Click on Additional Information to see screenshots and to read about different scenarios where this new feature can help you manage your app assignments.

I will try briefly explaining the new feature of excluded groups in Intune using the following two scenarios. I also have a video tutorial that explains both of these scenarios.

What Do I Need to Do to Prepare for this Change?
Scenario A – Facebook is available for All Users Except “Mumbai Users”
Scenario B – WhatsApp is available for All Bangalore Users Except the “L1 Team”
Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune – Table 1

Scenario A

I want to make the Facebook application available to “All Users” in the organization, but it should not be available for “Mumbai Users.”

Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune – Video 1

Launch Azure Portal and navigate to Microsoft Intune—Mobile Apps—Apps. Select the Facebook app that you want to assign. A dashboard related to the app is displayed.

  1. Select Assignments under the Manage section.
  2. Select Add Group to add the groups of users who are assigned the app.
  3. Select an Assignment type from the available types on the Add group blade. The available app assignments are “Available for enrolled devices,” “Available with or without enrollment,” and “Required.”
  4. Select “Available for enrolled devices” as the assignment type.
  5. Select Included Groups to select the group of users you want to make the Facebook app available.
  6. Select Yes to make “this app available to all users with enrolled devices”.
  7. Click OK to set the group to include.
  8. Select Excluded Groups to select the groups of users you want to make the Facebook app unavailable.
  9. Select the groups “Mumbai Users” to exclude, which makes this Facebook app unavailable for the users in Mumbai Users Azure AD groups.
  10. Click OK on the Add group blade. The app Assignments list is displayed.
  11. Click Save to make your group assignments active for the Facebook app.
Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune - Fig.1
Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune – Fig.1

Scenario B

I want to make the WhatsApp application available to “All Bangalore Users” in the organization, but it should not be available for the “L1 Team.” The video tutorial Intune App Assignment includes more details: Include Exclude Azure AD Groups.

  1. We need to follow the above steps from 1 to 7.
  2. Select Included Groups to select the groups of users that you want to make the WhatsApp application available.
  3. Select the “All Bangalore Users” Azure AD group to include, making this WhatsApp app available to users in that group.
  4. Click OK on the Add group blade to include the users. The app Assignments list is displayed to All Bangalore Users.
  5. Select Excluded Groups to select the groups of users that you want to make the WhatsApp app unavailable.
  6. Select the “L1 Team” group to exclude, making this WhatApps app unavailable for the L1 Team Azure AD group users.
  7. Click OK on the Add group blade. The app Assignments list is displayed.
  8. Click Save to activate your group assignments for the WhatApps app.
Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune - Fig.2
Intune App Assignment Include Exclude Azure AD Groups Microsoft Intune – Fig.2

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Reassign DPs Offset Days Phased Deployments

Reassign DPs Offset Days Phased Deployments with SCCM 1801

Let us learn Reassign DPs Offset Days Phased Deployments with SCCM 1801. Microsoft SCCM product group released SCCM CB preview 1801 with many new features. I think they are getting all set for the big bang SCCM CB 1802 production release with loads of new features.

The video tutorial “Reassign DPs Offset Days Phased Deployments” here can give you a visual experience of all of my favorite features of 1801.

This post covers everything you need to know about adjusting the offset days for phased deployments using SCCM 1801.

We will break down how to reassign these settings in simple steps, making it easier to manage your deployment schedule effectively. Whether you are new to SCCM or need a refresher, this guide will help you navigate the process smoothly.

My Favorite Features of SCCM 1801 Preview

Reassign DPs and Phased deployment features are limited to the SCCM admin console experience. The SCCM CB 1801 client side is NOT ready to test these features. The table below provides more details.

My Favorite Features of SCCM 1801 Preview
Reassign DPs
ADR Offset Days schedule
Phased Deployments for Task Sequences
Software Center Live Preview
Reassign DPs Offset Days Phased Deployments with SCCM 1801 – Table 1

How to Reassign DPs in SCCM?

Reassigning DPs is my favorite feature of SCCM 1801. I know that SCCM admins have struggled for ages to migrate TBs of content from one DP server to another DP server. In most cases, this could be because of changes or redesigns of SCCM hierarchies.

Reassign DPs Offset Days Phased Deployments with SCCM 1801 - Fig.1
Reassign DPs Offset Days Phased Deployments with SCCM 1801 – Fig.1

SCCM 1801 has additional functionality to move a distribution point (DP) from a primary site to another primary site or from under a secondary spot to a primary site.

  • \Administration\Overview\Distribution Points

SCCM ADR Challenge of 2nd Tuesday

Creating ADRs when part of Asia and Australia is always a challenge. Microsoft releases patches every second Tuesday, but for some parts of the world (the Asia continent), it won’t be Tuesday.

Hence, a special script of manual intervention is required for patch Tuesday ADR to work correctly.

Offset Days option in custom Automatic Deployment Rule (ADR) schedule. As I mentioned above, improvements to the Automatic Deployment Rule evaluation schedule are helpful. You can now schedule an ADR evaluation to be offset from a base day.

Check if a custom schedule that deploys updates offset from a base day has been created. The video tutorial “Reassign DPs Offset Days Phased Deployments” provides more details.

\Software Library\Overview\Software Updates\Automatic Deployment Rules
Custom – Monthly – 2nd Tuesday – Offset (days)

Reassign DPs Offset Days Phased Deployments with SCCM 1801 - Fig.2
Reassign DPs Offset Days Phased Deployments with SCCM 1801 – Fig.2

Software Center “Live Preview” from SCCM Client Settings

Improvements to Client Settings for the Software Center are really modern stuff from the SCCM team. You don’t need to deploy NEW software center client settings to devices and test changes.

Instead, you can see the live preview on the SCCM console. Thank you for making the SCCM admin’s life easier!!

The video tutorial “Reassign DPs Offset Days Phased Deployments” provides more details of the software center customization live experience.

Enabling the ‘Hide unapproved applications in the Software Center’ setting in the new Software Center client settings is another option. 

The client settings for Software Center now have a Customise button where users can preview their customization before deploying them to machines. Users can also hide unapproved applications in the Software Center.

  • \Administration\Overview\Client Settings
Reassign DPs Offset Days Phased Deployments with SCCM 1801 - Fig.3
Reassign DPs Offset Days Phased Deployments with SCCM 1801 – Fig.3

Phased Deployments for SCCM Task Sequences

SCCM Phased deployments automate a coordinated, sequenced rollout of software without creating multiple implementations. This feature is available only for Task Sequences in this version of SCCM. I hope it will be useful for Windows 10 servicing models.

I assume phased deployments are getting input from status filtering rules. Status filter rules will check the criteria for phased rollout, and if the deployment failure is more than 5% (this % can be customized), it will automatically STOP the deployment.

  • \Software Library\Overview\Operating Systems\Task Sequences

In this Technical Preview version, the phased deployment wizard can be completed for task sequences in the admin console. However, deployments are not created. Following is the example of phased deployment from my lab environment. 

More details are available in the video tutorialReassign DPs Offset Days Phased Deployments“.

Phased Deployment Configuration
• Phased Deployment Name: Phase Deployment
• Phased Deployment Description:
Collections in this Phased Deployment
• Collection(s): TP100017
• Collection(s): SMSDM003

Resources

Capabilities in Technical Preview 1801 for System Center Configuration Manager

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Intune to Restrict NON Patched Windows Devices

Use Intune to Restrict Non-patched Windows Devices from Accessing Email

Let’s discuss using Intune to restrict non-patched Windows devices from accessing EmailSecurity patching, which is vital to every organization. Now, with Intune, you can restrict Windows 10 devices that are not patched with the latest patches from accessing mail. Non-patched devices are risky to the organization.

There are two options to limit Windows devices from connecting to the corporate network. We will see these options in the following sections of the article.

Windows version = Specify the major.minor.build.CU number here. The version number must correspond to the version returned by the winvercommand.

I have uploaded a video tutorial to my YouTube channel. I hope this video will help you set these restrictions on your Intune test tenant.

Subscribe to the YouTube channel

Use Intune to Restrict Non-patched Windows Devices from Accessing Email

I would recommend testing these in a staging environment before implementing them in production. As you are aware, patching is essential in any modern workplace project implementation.

Intune and Windows Update for Business can ensure all the Windows devices managed through Intune are patched promptly.

There is no need for on-prem components like WSUS to patch Windows 10 devices using Intune and Windows Update for Business. Setting the Windows 10 Update rings in Intune will not create security concerns.

Read my previous post, “How to Setup Windows 10 Software Update Policy Rings in Intune Azure Portal,” to learn more about Windows 10 update rings.

How Do You Restrict Non-patched Windows Devices from Enrolling in Intune?

This option is available only for NEW Windows devices that are enrolled in the Intune environment via the MDM channel. It is not available for Intune PC agent-managed devices.

The setting explained in this section won’t apply to already enrolled and non-patched Windows devices.

If you have already enrolled and non-patched Windows devices, you need to check out the compliance policy option mentioned in the section below.

Servicing OptionVersionOS BuildMax/Min
Semi Annual Channel170916299.201Maximum Version
Semi-Annual Channel170315063.877Minimum Version
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Table 1
Use Intune to Restrict Non-patched Windows Devices from Accessing Email - Fig.1
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Fig.1

We need to set up Intune enrollment restriction policies to restrict Windows devices from enrolling in Intune. The above table is the best reference for setting up Intune enrollment restriction policies for non-patched Windows devices.

First, we need to decide on your Windows 10 minimum and maximum patch level requirements. More patch-level version details are available at http://aka.ms/win10releasenotes.

In my video, I have selected Windows 10’s minimum patch level of 10.0.15063.877 and maximum patch level of 10.0.16299.201. You can also leave the top patch level blank if you want to support all the latest patched Windows devices. 

I have uploaded a video tutorial to my YouTube channel. This video provides a more detailed explanation of how to set up enrollment restriction policies.

You can read my previous post, “How to Prevent Windows Devices from Enrolling to Intune“. This post provides more details about setting up Intune enrollment policies. This also covers the end-user experience of Windows 10 devices if the device patch level is lower than the “Minimum version”.

For example

I have a Windows 10 device, and it’s a non-patched device. And the patch version of that device is “10.0.15063.250“. In this scenario, Intune will check whether the device is patched with a minimum version of the patch required for the organization, which is 10.0.15063.877.

The current patch level of the Windows 10 device is below the minimum version requirement set in the enrollment restriction policy. Hence the device won’t be allowed to enroll in Intune. Update the patches on that Windows 10 device to register to Intune successfully.

Use Intune to Restrict Non-patched Windows Devices from Accessing Email - Fig.2
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Fig.2

How Can We Force Users to Install Patches on Windows 10 Devices to Access Emails?

Most end-users are not always happy to install the latest patches and restart their devices on time. But as IT admins, it’s our responsibility to secure the enterprise environment with the latest patches.

Intune can probably help you force users to install patches on their non-patched Windows devices.

We can create a new compliance policy in Intune to set rules and force users to install patches immediately. The policy gives an option to set minimum and maximum patch levels for Windows devices.

When a device does not match the minimum compliance requirement, that device will be flagged as non-compliant.

When you have conditional access associated with compliance policies, the Windows device will lose access to enterprise applications (like mail, SharePoint Online, Skype, etc.) associated with that conditional access policy.

Once users update their Windows version with the latest patches, their devices get access back to mail.

You can create a WINVER command to decide your organisation’s baseline Windows 10 version with a certain patch level. You can also use the following links to get the latest patch versions of Windows 10.

In my scenario, I set up a new compliance policy with a minimum patch level of 10.0.15063.877 and a maximum patch level of 10.0.16299.201.

This will ensure that all Windows 10 devices with access to enterprise applications are patched, and the patch level version will be greater than 10.0.15063.877.

I have uploaded a video tutorial to my YouTube channel. This video provides a more detailed explanation of how to create a new compliance policy for minimum and maximum patch levels supported within your organization.

Navigate to the Azure portal, “Microsoft Azure—Microsoft Intune—Device Compliance—Policies,” and create a new compliance policy called “Restrict Window device depending on patches.”

Use Intune to Restrict Non-patched Windows Devices from Accessing Email - Fig.3
Use Intune to Restrict Non-patched Windows Devices from Accessing Email – Fig.3

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM Status Summerizers and Health Monitoring Details

SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr

Let’s discuss the SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr. SCCM ConfigMgr CB health monitoring is well-connected with SCCM Status Summarizers.

All monitoring solutions, such as custom scripts and SCOM management packs for SCCM, use SCCM Status Summarizers to get the detailed health status of your SCCM infra. This post will provide details on SCCM status summarizers and health monitoring.

I uploaded a video to YouTube that explains “SCCM Site Status Summarizers Health Details WMI class and Data via SQL Tables and Views“. The following link has a script and solution I used back in SMS 2003 SCCM MP Health Check Script and Automatic Mail.

Do you know how to Reset the SCCM CB Critical Site Component Status Summarizer Counter? The previous blog post will help you understand the process.

You may Subscribe to the YouTube channel

What are SCCM Status Summarizers?

The summary class (SMS_SummarizerStatus) within WMI helps you determine the health or status of different aspects of SCCM/ConfigMgr CB Infrastructure.

The SCCM status summarizers get input from status messages, states, and counts. This status gives us a real-time (Almost?) view of the health of

  • SCCM CB sites
  • Site components
  • Packages
  • Applications
  • Deployments
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr - Fig.1
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Fig.1

List of SCCM CB Status Summarizers

The current branch version of SCCM/ConfigMgr has four status summarizers. These summarizer classes summarize the status and state message data. The table below provides more details of the SCCM CB status summarizers list.

List of SCCM CB Status Summarizers
Application Deployment Summarizer
Application Statistics Summarizer
Component Status Summarizer
Site System Status Summarizer
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Table 1

From the SCCM health check monitoring perspective, the main ones are the SCCM component status summarizer and site system summarizer.

The deployment status of applications, Task Sequences, and packages will be displayed as part of the application deployment summarizer.

The application statistics summarizer helps configure how often application statistics should be updated.

Health Details of SCCM Site via WMI Class

The WMI class “SMS_SummarizerSiteStatus” can help us determine the overall health or status of an SCCM CB site. If the SMS_SummarizerSiteStatus object’s Status property value is “0,” then the SCCM site is healthy.

More details about SMS_SummarizerSiteStatus

The following are other WMI classes that you can refer to for more details about SCCM status summaries.

  • SMS_SUMDeploymentStatistics
  • SMS_SUMDeploymentStatus
  • SMS_SummarizationInterval
  • SMS_SummarizationSettings
  • SMS_SummarizerSiteStatus
  • SMS_SummarizerStatus
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr - Fig.2
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Fig.2

The WMI class SMS_SummarizerRootStatus provides different colour indications in the SCCM CB console. SCCM Status Summarizers and Health Monitoring are interlinked.

One example MOF file is given below.

[Description(“This class contains a rollup Green/Yellow/Red status about the current site, and all its child sites. “), dynamic: ToInstance, provider(“ExtnProv”), read, DisplayName(“Summarizer – Root Status”)]
class SMS_SummarizerRootStatus : SMS_BaseClass
{
[Description(“”), key, enumeration(“GREEN(0),YELLOW(1),RED(2)”)] uint32 Status;
[Description(“This method will take the SiteCode and the Component as the input paramters, and return an arrays of strings: the TallyIntervals, and also the default interval.”), static, implemented] sint32 GetTallyIntervals([in, SizeLimit(“3”)] string SiteCode, [in] string ComponentName, [out] string TallyIntervals[], [out] string DefaultInterval);
};

The following WMI query will contain information, warnings, and error messages since Monday. TallyInterval value “00011280001A2000” = Monday.

More details about Tally Interval

  • SELECT Infos, Warnings, Errors
  • FROM SMS_SiteDetailSummarizer
  • WHERE TallyInterval = “00011280001A2000”

Results of the above WMI query

instance of SMS_SiteDetailSummarizer
{
Errors = 129;
Infos = 368;
Warnings = 51;
};

Health Details of SCCM Site via SQL Views

SCCM Status Summarizers and Health Monitoring details will help streamline and fine-tune your SCCM infra’s monitoring efforts. The SCCM site health data is stored in four SQL views.

We can query the following SQL views for more details on the SCCM status summarizer. Component status summarizer lists summary status information for all SCCM components at different intervals.

  • v_ComponentSummarizer = Component Summary
  • v_SiteDetailSummarizer = Overview
  • v_SiteSystemSummarizer = Site System Summary
  • v_SummarizerSiteStatus = Site Server Summary
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr - Fig.3
SCCM Site Component Status Summarizers Troubleshoot Issues Configuration Manager ConfigMgr – Fig.3

References

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…