In this post I will be discussing on how to enable Endpoint Analytics on Intune which provides detailed insight for devices to check know the performance and quality of device.
- What is Endpoint Analytics
- Benefits of Endpoint Analytics
- Difference between Endpoint Analytics and Desktop Analytics
- Prerequisites for Enroll devices to Endpoint analytics
- Onboarding to Endpoint analytics using Intune
- Onboarding to endpoint analytics using Configuration Manager
- Endpoint Analytics Reports
What is Endpoint Analytics
If your organization is interested in knowing the Microsoft Productivity Score (it provides metrics, insights and recommended actions), then Endpoint Analytics is the answer for it. It is a simple setting, once implemented on Intune, you can get the insights for the devise on how they are working and the quality of experience users are getting. You can monitor various aspects on how your devices are performing. There are advanced monitoring reporting view through which you can monitor Core boot, Core sign-in status which consists of various time device takes to apply Group Policy, to sign-in screen, to get responsive desktop etc.
Benefits of Endpoint Analytics
There are lots of benefits for implementing Endpoint Analytics. One of the biggest benefit of Endpoint analytics is to reduce the IT support costs by providing insights into the user experience. Once implemented, you can monitor the Startup performance, Application reliability in form of report which will show score.
You can also see Proactive remediation recommendations as well in form of recommended script provided by Microsoft. The work from anywhere report is also another feature which helps analysing the ability of your employees to see if they can be productive enough by working from any location. Work from anywhere can also help organizations knowing the “Windows 11 readiness status” and “Windows 11 readiness reason” such as TPM or something else.
Difference between Endpoint Analytics and Desktop Analytics
Usually Endpoint Analytics is compared with Desktop Analytics. While Endpoint Analytics is a solution which can be implemented for both Intune and Configuration Manager. But that’s not the case with Desktop Analytics, though it is a cloud-based service but it can only be integrated with Configuration Manager. And I see the process of Desktop Analytics comes with few requirements which is quite complex to implement. Desktop Analytics will be deprecated and going to be retired on 30th November, 2022. Moreover, Desktop Analytics doesn’t support Windows 11. Hence, Microsoft recommendation is to go with Endpoint Analytics which helps knowing Windows 11 hardware readiness for the devices.
Prerequisites for Enroll devices to Endpoint analytics
You need to enroll the devices first to get the insights from endpoints. Enrolling devices can be done via Intune or Configuration Manager. Following are the prerequisites for enrolling the device.
Devices enrolled in Endpoint analytics should have valid license assigned. This prerequisite remains same for what is required from types of Intune license. A valid Configuration Manager license can also qualify for Endpoint analytics license, either of them is ok for receiving the insights.
There is additional license requirement for Proactive remediations:
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3 or E5)
- Windows 11/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows 10/11 Virtual Desktop Access (VDA)
Endpoint Analytics prerequisites on Configuration Manager-managed devices
- Minimum Configuration manager version 2002 is required or later.
- Configuration Manager client should also be upgraded to version 2002 or higher.
- Configuration manager should be in tenant attached. Co-management should be configured and enabled.
Endpoint analytics prerequisites on Intune-managed devices
- Devices must be Azure AD joined or hybrid Azure AD joined
- Device should be on Enterprise, Professional or Education edition for Windows 10 or later.
- Diagtrack (Windows Connected User experience and telemetry component) is used by endpoint analytics. Hence, Connected User Experiences and Telemetry service should be running.
Onboarding to Endpoint analytics using Intune
Let’s see how to do onboarding of devices to Endpoint analytics, or we can say how to Enroll devices into Endpoint analytics portal.
By performing below steps, we are going to create Configuration Profile with the name Intune data collection policy which will be targeted to the devices.
Under Endpoint analytics blade, select one of the options for Collect device data from:
- All cloud-managed devices – This will create Intune data collection policy and will be assigned to all devices (Intune managed or co-managed)
- Selected groups – This will create Intune data collection policy but will not be assigned. We can later target this to group of devices
- I’ll choose later – This step won’t create any configuration policy.
I am interested in getting the telemetry data from all devices, hence, I am selecting All cloud-managed devices, and click on Start.
We can now see Endpoint analytics configured, however it may take upto 24 hours to get the data seen here.
What we just did ?
By enabling Endpoint analytics, we actually create a configuration profile. Under MEM admin center, navigate to Home > Devices > Configuration profiles. We create a profile with the name Intune data collection policy which is having a profile type “Windows health monitoring”.
Click on Intune data collection policy and we can see it is targeted as Assignment to All Devices.
Under Configuration settings > Health monitoring scope, “Endpoint analytics” is the only option visible.
Let’s change the scope, click on Configuration settings edit option. Keep Health monitoring status as Enable. Under Scope, make sure to select Windows updates along with Endpoint analytics (which is already selected as part of previous exercise).
Click on Review + save. We will now start getting insights on Windows updates as well which is very useful monitor the status.
Onboarding to endpoint analytics using Configuration Manager
We can onboard devices to endpoint analytics using Configuration Manager as well. This is just another option of doing it (not mandate). If you prefer to use configuration Manager to do the configuration for endpoint analytics, this section should be followed.
To enable endpoint analytics, you should enable cloud attach in configuration Manager, ie. to configure co-management for configuration Manager.
Enable Endpoint analytics setting in Configuration Manager
Open Configuration Manager console and navigate to \Administration\Overview\Cloud Services\Cloud Attach, if Co-management is configured, you will be able to see Cloud Attach name as CoMgmtSettingsProd.
Select CoMgmtSettingProd and click on Properties. Navigate to Configure upload tab.
Enable Upload to Microsoft Endpoint Manager admin center. When you enable this option, you have to select a collection also. You can either go with all devices or can go with Specific collection. I will be going with specific collection and will select the same collection which is used for Automatic Enrollment in Intune setting which can be seen under Enablement tab.
Be careful with select All devices to be uploaded as it will each and every device in your environment to MEM admin center portal. This setting should not be confused with enrolling the device in Intune, this is just about uploading the device to portal only.
Under Endpoint Analytics, make sure to select Enable Endpoint Analytics for devices uploaded to Microsoft Endpoint Manager.
Enable Client settings Endpoint Analytics
We need to enable Client settings for device on Configuration Manager. This can be easily be done by navigating to \Administration\Overview\Client Settings, either edit Default Client Settings or Create Custom Client Device Settings. Once you open the client settings.
Navigate to Computer Agent, under right pane scroll down and make sure Enable Endpoint Analytics data collection is set to Yes.
Endpoint Analytics Reports
Once the settings are enabled (either through Intune or Configuration Manager), you start seeing the devices reporting to Endpoint Analytics console (Direct link – https://aka.ms/endpointanalytics).
Endpoint analytics score consists of 3 items:
- Startup performance
- Application reliability
- Work from anywhere
The score you see is compared with a built-in baseline with the name All organizations (median) which was created when we enabled Endpoint analytics. Detailed score can be checked by clicking on Device scores.
Under Device scores, we can see list of devices along with Endpoint analytics score, Startup performance score and App reliability score. Health status can also be verified.
Current Endpoint analytics Baseline settings can be verified by navigating to MEM Admin Center, Home > Reports > Endpoint Analytics > Settings > Baseline, click on All organizations (median). All visible Score categories can be seen along with values.
You can create new Baseline here by clicking on Create new. New baseline created will take your current score values which can be compared later to increase the score and can be compared with this baseline.
Report – Startup performance
Under Startup performance report, you can view various report such as:
- Startup score – Under this report you can view various score breakdown such as Core boot score, Core sign-in score. Average startup time for devices can be monitored here along with how much time it took for Group Policy vs sign-in screen.
- Model performance– Model specific performance
- Device performance – Device specific performance
- Startup processes – Startup process related performance which loads once the desktop appears
- Restart frequency – Restart frequency metrics of devices and per-device average for various categories.
To create and run script packages on devices to proactively look for issues and to fix them. There are 2 readymade scripts available with the name:
- Restart stopped Office C2R svc
- Update stale Group Policies
There are various app reliability score such as:
- App performance
- Model performance
- Device performance
- OS versions performance
Work from anywhere
Report showing your score for work from anywhere capability so that users can be productive from anywhere. This report also comes with other inbuild reports such as :
- Cloud identity
- Cloud management
- Cloud provisioning