Tag: intune suite

Improving Decision Making with Intune Advanced Analytics Data

Post author By Ola Ström
Post date September 3, 2024
No Comments on Improving Decision Making with Intune Advanced Analytics Data

One thing that many IT administrators tackles every day is the discussion about “my computer feels slow” or “I need a faster computer”. Sometime the feeling of having a slow computer is legit, and sometimes it’s something else.

There are numerous DEX (Digital Employee Experience) tools out there on the market. This can provide you with a great overview of your whole ecosystem, ranging from Teams call quality to desktop experience. However, even if those tools are great, they come with a new set of data to analyze in a new tool. And in bigger organizations, the complicated puzzle of “who owns this and who makes remediations?” arises.

Since I write a lot about Microsoft stuff, we will dive into the Intune Advanced Analytics part of the Intune Suite.

Intune Advanced Analytics is a native part of Intune, which gives you more extensive reporting on your Windows devices. I know Windows isn’t 100% of the fleet in modern organizations but we need to start somewhere.

Setting up Intune Advanced Analytics

To start using Intune Advanced Analytics, you will need these three things.

Intune environment
Intune Suite licenses or Intune Advanced Analytics stand-alone license (remember, this is user based)
Configuring Endpoint analytics in Intune

I won’t go through how to obtain license, since this will vary from case to case depending on your setup.

Configuring Endpoint Analytics

The first thing you need to do is to configure Endpoint Analytics to receive data from your devices. Since I’m all in the cloud, we will look at how you do this for Intune managed devices. To do this, you need to have the Intune Service Administrator role, also known as Intune Administrator.

Head over to the Endpoint Analytics blade in Intune (you can find it under Reports or at https://aka.ms/endpointanalytics). When in there, select the Settings blade.

You can see that my tenant already uses the Intune data collection policy. This default policy exists in all tenants, but you need to make sure it’s assigned to your devices.

Manually create the policy

If you can’t find the policy in your environment, it’s no big deal. You just need create a new policy based on the template for Windows Health monitoring.

If you are configuring this for the first time, make sure to switch Health monitoring to Enable and set the Scope to Endpoint analytics.

Deploy this policy to your devices using either the built in “All devices” group or use a device group.

When you set this up for the first time, it can take up to 24 hours for the data to populate. If you are looking to use Advanced Analytics, expect up to 48 hours.

Allow access to URLs

The last step to do is to make sure that your devices are allowed to reach the URL needed for Endpoint Analytics. This is important if you have a restrictive firewall or if you use a webfilter/proxy to run all your traffic through.

For Intune, the needed URL is:

https://*.events.data.microsoft.com

If you want to read more about how to set this up for Configuration Manager managed devices, check out the Microsoft Learn page.

Getting access to the data

Now when 24 hours have passed, we should start seeing data being populated. If you have additional people who should not be admins who need to review the data. There are a few different built-in roles you can use, or create a custom role.

These are the different options you have:

Role name	Microsoft Entra role	Intune role	Endpoint analytics permissions
Global Administrator	Yes		Read/write
Intune Service Administrator	Yes		Read/write
School Administrator		Yes	Read/write
Endpoint Security Manager		Yes	Read only
Help Desk Operator		Yes	Read only
Read Only Operator		Yes	Read only
Reports Reader	Yes		Read only

Once we have our roles in order, we can start looking at the data!

Looking at the data

The Endpoint Analytics feature consist of 6 different blades

Startup Performance
Application reliability
Work from anywhere
Resource performance
Remoting connection

These features are available with the regular Intune license. With the Intune Advance Analytics license you will get a few more. And it’s automatically integrated into the Intune administrator experience.

Custom device scopes
Anomalies
Enhanced device timeline
Device query
Battery health

If you want to read more about what’s included, I would suggest checking out this Microsoft Learn article.

Reviewing my devices

But as I stated in the beginning of the post, let’s talk about reviewing resource performance. With the regular Intune license, you will gain access to resource performance for your Cloud PCs. With this, I get insights which Cloud PCs are meeting my targets and what Cloud PCs I should investigate upgrading to a different SKU. This data can be broken down to a device or model. This gives me great data about my environment on CPU and RAM spikes when they are being used.

All devices get a score based on their performance, and you can configure what your baseline is in the Endpoint Analytics settings.

You can break the numbers down based on model or individual device performance to get a better understanding.

With the 2408 Intune Service update, this was also made available for physical devices if you have the Intune Advance Analytics license enabled. This will provide me with insights on how my physical devices are performing when it comes to RAM and CPU. I can also learn if they have continuous spikes indicating that they need an upgrade.

If we stand in the “Device performance” tab, we can see all Cloud PCs and physical PCs gathered in the same place. You can also compare Cloud PC and physical PC performance.

Looking at specific devices

If we click on the name of a device, you will be redirected to the blade “User experience” on the device itself. You can also find it if you search for a device in the device list and click in to view that device.

From here, you can see a lot of data about the device around its performance.

As you can see, my Surface Laptop Go 3 has had a few minor spikes in RAM the last 14 days but nothing major.

And if we look at the overall score, it’s pretty okay.

Device timeline

There is one more really nice feature with the Intune Advanced Analytics we can see, and that is a Device Timeline (last tab on the top).

In here, we can see historical data on events that has happened on the device which impact the user experience. As you can see on this device, I’m having a few issues with applications.

And if we jump back and look at another device, a Cloud PC, we can see the same kind of data.

One interesting thing I found while writing this blog post is that I compared my Surface Laptop Go 3 i5 with 16gb RAM with my 4vCPU/16GB Cloud PC. What I can see was that my Cloud PC scores higher. I would say that I use them in a similar way, the same amount of time. I do know that the Cloud PC has a little bit of a more powerfull CPU (being a cloud PC),

The Cloud PC scores 98 in resource performance.

While my Surface Laptop Go 3 scores 77.

So performance wise, Cloud PCs are doing a lot better. However, the Surface Laptop Go 3 is not a fair comparance being a more “low tier” PC. However, they are still both performing really good for what I use them for. So this is important to take into considerations when looking at the data.

Take away

Knowing how the performance of the devices in your environment chelan p you figure out when devices needs to be replaces or upgraded. As you already know, backing your decisions using data is key! Intune can provide you with a lot of data on your device without the need to buy a third party tool and deploying/maintaining a client on the device.

However, if we start looking at “real” DEX products, Intune Advanced Analytics does not provide the same level of data. You will also need to combine several parts of Intune to be able to perform e.g. remediations on the things you find. You still need to manually take actions or create remediation scripts on your findings.

But if you are just getting started and need “something”, this will provide you with a great overview of your environment! This will help you make better decisions and help your end-users even better!

I hope you liked this post and that it gave you some insights to what you can do with Intune Advanced Analytics!

Tags advanced analytics, cloud pc, endpoint management, intune, intune suite, windows 365

Intune

Intune Suite – Exploring Enterprise App Management

Post author By Ola Ström
Post date February 8, 2024
1 Comment on Intune Suite – Exploring Enterprise App Management

Microsoft has now released all the parts they promised back in March of 2023. On the first of February, a lot of cool things saw the light of day without the preview label. We initially saw Endpoint Privilege Management and Remote Help as part of the Intune Suite, with Advanced Analytics, Cloud PKI, Enterprise App Management and Microsoft Tunnel for MAM.

In this post, we will focus on the Enterprise App Management feature which will help IT admins to keep their applications up to date by using a managed catalog of applications (much like SCAPMANN, PatchMyPC and such).

Before we begin. If you have never heard of the Intune Suite, it is a bundle of premium add-ons for Intune making it even more powerful by unlocking new functionality.

What is Enterprise App Management?

Enterprise App Management is a catalog of third-party applications, applications not developed by Microsoft, which is provided in a simple store-like manner in Intune. The catalog today consist of a little over 90 applications which are maintained by the Microsoft service, a list that will hopefully grow over time adding even more applications. The Enterprise App Management service takes care of both packaging the initial application but also managing any updates released fot the application, streamlining the work for the application team!

The concept behind this, is to ease the workload for application administrators not having to package all applications. The easiest way to position this is to think of it as a time saving tool, our packaging team won’t have to care about packaging the simpler applications which might be updated quite frequently. They can instead focus on the more unique and complex applications for the organisation.

Enterprise App Mangement comes in the Intune Suite bundle or can be purchased separately as a stand alone service. What is important to keep in mind here is to make sure you buy enough licenses to cover all your users since it’s licensed based on users in your environment.

How to get started?

Once you have made sure that you have the licenses for either the Intune Suite or Enterprise App Management (you can activate a 90 day trial in the licensing portal to test it out), you can use the new option in the App type for Windows in Microsoft Intune.

At the bottom you will see a new option, Enterprise App Catalog app, which is the Enterprise App Management service!

Once you have selected this as the app type, you will get a reminder that you need to obtain the correct licensing for the service.

When you add an application from the Enterprise App Catalog, it will be added as a Win32 app, but called Windows catalog app. To select your app, simply click “Search the Enterprise App Catalog“.

You will now see the full list of apps in a fly-out menu to the right where you can select the app you need.

In this example, we will select 7zip as the application we want to deploy. When we have chosen our app, we click “Next” at the bottom of the screen.

In the next step we can select which version of the app we need, for 7Zip there is only one version. Click “Select” at the bottom of the screen when you have chosen your version.

When we have chosen our application, the application information will be pre-populated. If you do not need to do any modifications to the app information, just click “Next” at the bottom of the screen.

You can now notice that the install- and uninstall command for the application has automatically been added, and also the return codes.

Next page is as always for Win32 apps the requirements where we can add any additional requirements we have identified. As you can see, the mandatory fields will be pre-populated and we can just move to the next step.

What I really like is that the service also add detections rules for the app. So just hit “Next” to move to the last step!

What is a bit different from adding your own applications is that you never add the assignments as part of this initial step. So last step is “Review and Create”. Once the application has been created, you will be able to add assignments to your app. Now click “Add app” to finish the process.

The app will now be created, which takes just a few seconds, not even enough time to go and refill that coffee cup you just finished!

Once the app has been added, you can add assignments just as any other app by going to Properties on the app and add your target groups.

Updating an application

Enterprise App Management is created to keep your applications updated. The service will utilize self-updating features of the applications where ever possible to minimize the effort from an admin side. If self-updating is enabled for the app, it will automatically be updated on the client.

If self-updating is not available for the app, a new version of the app will added with the needed superseedence relations for it to be replaced, mening that you will have both the new and the old version visible in Microsoft Intune.

Do you want to read more? Check out this Microsoft articles:

Tags enterprise app management, intune suite, Microsoft intune, msintune

Intune

Intune Suite – What’s in it for me?

Post author By Ola Ström
Post date March 28, 2023
No Comments on Intune Suite – What’s in it for me?

Microsoft finally released the long-awaited Intune Suite, or as it is called in Intune “add-ons”.

But what is the Intune Suite and why should I even care? That’s what I’m set out to cover in this blog post, and we will take a look at what there is right now and what’s to come.

One major change happened when this was introduced, and that is how Intune is licensed. Or at least it got some new names. Microsoft Intune Plan 1 is what previously was just called Intune and is included in the Microsoft 365 and EMS plans. This will give you the core Intune features as you have been using them today (with some exceptions).

Then we have Microsoft Intune Plan 2 which are some add-ons to plan 1 including Microsoft Intune Tunnel for Mobile Application Management, which will give you an option to use Intune Tunnel together with your MAM enabled applications. And then we also have Microsoft Intune management of specialty devices, which enables you to manage specialty devices in Intune such as AR/VR devices, conference room meeting devices and large smart screen devices.

For Plan 1, there is also a possibility to buy Remote Help, Endpoint Privilege Management, Advanced Endpoint Analtics and the other upcoming features as standalone services to your Plan 1.

Intune Suite – premium features for Intune

The Intune Suite is a packaged deal which includes all the bells and whistles. You get Plan 1 and Plan 2, but also all the nice extra add-ons. Today, this list is quite limited since it will only get you Plan 2, MS Intune Tunnel for MAM and Remote Help on-top of your Plan 1 licens (which you got from your M365 license anyway). BUT, and this is the selling point, you will get all the upcoming features once they are released.

The two already released premium features (if we disregard the Plan 2 features), are by them self really good products. I’ve previously covered the Remote Help app which since then has been refined even further.

Microsoft has further announced that they will release Endpoint Privilege Management (which is currently in public preview) and Advanced Endpoint Analytics as a start, but there are more things coming which will make this suite even better!

Why should I consider this?

Should you consider the Microsoft Intune suite? Well, that depends on your needs. For some, it certanly makes sense to consider it given that they are interested in a lot of the listed features. For others, maybe just one is interesting which then makes more sense to buy as add-ons on it’s on rather than buying the whole suite.

I think, as of right now, Remote Help and the upcoming Endpoint Privilege Management is what will be most useful for many companies as it solves two major headaches: A remote support tool integrated to Intune and a first party solution to manage local administrator. There are a lot of other good tools out there to manage both remote support and local administrator but having a first party tool comes with advantages such as good integrations to Intune for e.g. reporting.

I will in feature post dig in more to the features of the Intune Suite, but for now we have set the scene!

Tags intune, intune suite

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.