In this blog I will be going through the set up of Desktop Analytics and integrate it with SCCM. Configuring Desktop Analytics provides lots of benefits to organizations such as maintaining the inventory of applications, check for application compatibility for windows 10 feature updates, identify compatibility issue and mitigate suggestions from Microsoft and deploy Windows 10 to managed devices.
Prerequisites for Desktop Analytics
To setup the configuration, you must need to have following permissions:
- Active Azure Subscription with Global Admin rights.
- Workspace permissions:
- resource group permissions, you need to have Log Analytics Contributor and User Access Administrator
- On Subscription, you need to have Owner
- or
- Contributor and User Access Administrator permissions
- To access the portal after onboarding, you need:
- Desktop Analytics Administrator role and Owner, or Contributor permissions on the Log Analytics workspace created.
- Full Administrator Access on SCCM / Configuration Manager
Licensing Requirement
Users needs to have following license so that devices can be enrolled to Desktop Analytics:
- Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 or E5
Setting of Desktop Analytics
Desktop Analytics setup consists of several steps, I will be going through all the steps required.
Initial Onboarding ie. Setting up Desktop Analytics Workspace on MEM Admin Center
Logon to https://endpoint.microsoft.com or https://devicemanagement.portal.azure.com. Both URL’s will take you to the same portal ie. Microsoft Endpoint Manager Admin Center.
From Blade, select All Services and click on Desktop Analytics to start configuring the Workspace.
Set up Desktop Analytics wizard will launch, click Start.
Under Accept service agreement, click Accept.
Under Licensing and costs page, select Yes under “Do you have one of the supported subscriptions”. Click Next.
Under Give users and apps access you can allow users to use the Log Analytics Workspace as owner. Select Yes for Directory role management. Click Next.
Under Set up your workspace, you have to create new workspace, click on Add workspace.
Specify Workspace Name, create new Resource group or select existing one, as I have already created the existing Resource Group with name DesktopAnalytics, I will be proceeding with that.
Wait for a while as Adding workspace will take some time spinning up Desktop Analytics workspace.
Select the recently created workspace and click on Set as Desktop Analytics workspace.
Confirm and grant access on the page by clicking on Continue. You won’t be able to change the workspace once this is done.
Under Next steps, you are ready with to do configuration on Configuration Manager side, we now have Commercial ID key which will be requiring for SCCM configuration with Desktop Analytics.
Connecting Desktop Analytics through SCCM
Login to Configuration Manager server, launch SCCM Console and navigate to Administration > Overview > Cloud Services > Azure Services
Select Configure Azure Services from Ribbon, provide the name and select Desktop Analytics. Click Next.
Under App Properties page, we have to create a Web app. Click on Browse.
This will launch Server App page, select Create to proceed.
Under Create Server Application page, provide following information:
Application Name
Home Page URL: (this will be auto populated, you may change to any URL which does not exists previously)
App ID URL: same as above (auto populated)
Secret key validity period: 1 year (auto populated)
Azure AD Admin Account: Click on Sign in
This will take you to Microsoft Azure Sign in page, provide username & password to authenticate.
Once done, you will be able to see Signed in successfully! With Azure AD Tenant Name specified. Click OK.
Click OK once again to exit Server App.
Web App is now configured, click Next.
Under Configure Windows diagnostic data page, wait for a while to auto populated to Commercial ID key. I am going with Windows 10 diagnostic data level as Optional (Limited) which is the recommended settings, however you have other choices available
Availability Function page will show the Desktop Analytics functionality difference among different OS versions. Click Next.
Under On-board to Desktop Analytics page, select the collection on which systems you want to target.
Monitoring Connection Health for Desktop Analytics
It usually takes 24 to 72 hours to start displaying the data on MEM Admin Center. Once everything is in place, we can verify the connection health through SCCM Console.
Navigate to \Software Library\Overview\Desktop Analytics Servicing\Connection Health. Under Right Pane you will be able to see:
Connection details mentioning Tenant Name and Target collection (I changed the collections from all workstations to DesktopAnalytics collections, hence you might see the changed the name)
Last sync details shows number of devices in collection including Last and next service sync
Connection Health will show enrollment status such as Awaiting enrollment, properly enrolled and others.
Once you click on the ring, lets say green one, it will take you to \Assets and Compliance\Overview\Devices\Properly enrolled with all systems under Properly enrolled status. Hence you can explore all options for troubleshooting if few systems are not reporting / enrolling properly.
Login to MEM Admin Center through https://aka.ms/desktopanalytics which will directly take you to Desktop Analytics page, and you will see the status on Enrolled devices, apps discovered in your environment along with complete detail on Security Updates and Feature Updates regarding what is end of life, which one is latest version of OS and patch version recency.
Once you click on graph, you can get more details on that.
Useful Links:
https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/overview
https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/set-up