One thing that many IT administrators tackles every day is the discussion about “my computer feels slow” or “I need a faster computer”. Sometime the feeling of having a slow computer is legit, and sometimes it’s something else.
There are numerous DEX (Digital Employee Experience) tools out there on the market. This can provide you with a great overview of your whole ecosystem, ranging from Teams call quality to desktop experience. However, even if those tools are great, they come with a new set of data to analyze in a new tool. And in bigger organizations, the complicated puzzle of “who owns this and who makes remediations?” arises.
Since I write a lot about Microsoft stuff, we will dive into the Intune Advanced Analytics part of the Intune Suite.
Intune Advanced Analytics is a native part of Intune, which gives you more extensive reporting on your Windows devices. I know Windows isn’t 100% of the fleet in modern organizations but we need to start somewhere.
Setting up Intune Advanced Analytics
To start using Intune Advanced Analytics, you will need these three things.
- Intune environment
- Intune Suite licenses or Intune Advanced Analytics stand-alone license (remember, this is user based)
- Configuring Endpoint analytics in Intune
I won’t go through how to obtain license, since this will vary from case to case depending on your setup.
Configuring Endpoint Analytics
The first thing you need to do is to configure Endpoint Analytics to receive data from your devices. Since I’m all in the cloud, we will look at how you do this for Intune managed devices. To do this, you need to have the Intune Service Administrator role, also known as Intune Administrator.
Head over to the Endpoint Analytics blade in Intune (you can find it under Reports or at https://aka.ms/endpointanalytics). When in there, select the Settings blade.
You can see that my tenant already uses the Intune data collection policy. This default policy exists in all tenants, but you need to make sure it’s assigned to your devices.
Manually create the policy
If you can’t find the policy in your environment, it’s no big deal. You just need create a new policy based on the template for Windows Health monitoring.
If you are configuring this for the first time, make sure to switch Health monitoring to Enable and set the Scope to Endpoint analytics.
Deploy this policy to your devices using either the built in “All devices” group or use a device group.
When you set this up for the first time, it can take up to 24 hours for the data to populate. If you are looking to use Advanced Analytics, expect up to 48 hours.
Allow access to URLs
The last step to do is to make sure that your devices are allowed to reach the URL needed for Endpoint Analytics. This is important if you have a restrictive firewall or if you use a webfilter/proxy to run all your traffic through.
For Intune, the needed URL is:
https://*.events.data.microsoft.com |
If you want to read more about how to set this up for Configuration Manager managed devices, check out the Microsoft Learn page.
Getting access to the data
Now when 24 hours have passed, we should start seeing data being populated. If you have additional people who should not be admins who need to review the data. There are a few different built-in roles you can use, or create a custom role.
These are the different options you have:
| Role name | Microsoft Entra role | Intune role | Endpoint analytics permissions |
|---|---|---|---|
| Global Administrator | Yes | Read/write | |
| Intune Service Administrator | Yes | Read/write | |
| School Administrator | Yes | Read/write | |
| Endpoint Security Manager | Yes | Read only | |
| Help Desk Operator | Yes | Read only | |
| Read Only Operator | Yes | Read only | |
| Reports Reader | Yes | Read only |
Once we have our roles in order, we can start looking at the data!
Looking at the data
The Endpoint Analytics feature consist of 6 different blades
- Startup Performance
- Application reliability
- Work from anywhere
- Resource performance
- Remoting connection
These features are available with the regular Intune license. With the Intune Advance Analytics license you will get a few more. And it’s automatically integrated into the Intune administrator experience.
- Custom device scopes
- Anomalies
- Enhanced device timeline
- Device query
- Battery health
If you want to read more about what’s included, I would suggest checking out this Microsoft Learn article.
Reviewing my devices
But as I stated in the beginning of the post, let’s talk about reviewing resource performance. With the regular Intune license, you will gain access to resource performance for your Cloud PCs. With this, I get insights which Cloud PCs are meeting my targets and what Cloud PCs I should investigate upgrading to a different SKU. This data can be broken down to a device or model. This gives me great data about my environment on CPU and RAM spikes when they are being used.
All devices get a score based on their performance, and you can configure what your baseline is in the Endpoint Analytics settings.
You can break the numbers down based on model or individual device performance to get a better understanding.
With the 2408 Intune Service update, this was also made available for physical devices if you have the Intune Advance Analytics license enabled. This will provide me with insights on how my physical devices are performing when it comes to RAM and CPU. I can also learn if they have continuous spikes indicating that they need an upgrade.
If we stand in the “Device performance” tab, we can see all Cloud PCs and physical PCs gathered in the same place. You can also compare Cloud PC and physical PC performance.
Looking at specific devices
If we click on the name of a device, you will be redirected to the blade “User experience” on the device itself. You can also find it if you search for a device in the device list and click in to view that device.
From here, you can see a lot of data about the device around its performance.
As you can see, my Surface Laptop Go 3 has had a few minor spikes in RAM the last 14 days but nothing major.
And if we look at the overall score, it’s pretty okay.
Device timeline
There is one more really nice feature with the Intune Advanced Analytics we can see, and that is a Device Timeline (last tab on the top).
In here, we can see historical data on events that has happened on the device which impact the user experience. As you can see on this device, I’m having a few issues with applications.
And if we jump back and look at another device, a Cloud PC, we can see the same kind of data.
One interesting thing I found while writing this blog post is that I compared my Surface Laptop Go 3 i5 with 16gb RAM with my 4vCPU/16GB Cloud PC. What I can see was that my Cloud PC scores higher. I would say that I use them in a similar way, the same amount of time. I do know that the Cloud PC has a little bit of a more powerfull CPU (being a cloud PC),
The Cloud PC scores 98 in resource performance.
While my Surface Laptop Go 3 scores 77.
So performance wise, Cloud PCs are doing a lot better. However, the Surface Laptop Go 3 is not a fair comparance being a more “low tier” PC. However, they are still both performing really good for what I use them for. So this is important to take into considerations when looking at the data.
Take away
Knowing how the performance of the devices in your environment chelan p you figure out when devices needs to be replaces or upgraded. As you already know, backing your decisions using data is key! Intune can provide you with a lot of data on your device without the need to buy a third party tool and deploying/maintaining a client on the device.
However, if we start looking at “real” DEX products, Intune Advanced Analytics does not provide the same level of data. You will also need to combine several parts of Intune to be able to perform e.g. remediations on the things you find. You still need to manually take actions or create remediation scripts on your findings.
But if you are just getting started and need “something”, this will provide you with a great overview of your environment! This will help you make better decisions and help your end-users even better!
I hope you liked this post and that it gave you some insights to what you can do with Intune Advanced Analytics!
