SCCM Management Insights and dashboard in Current Branch 1902

Management insights are introduced from SCCM 1802 build to provide information about the current state of your environment. With build 1802 ,there are very limited insights added .These insights are based on analysis of data from the site database.These Insights help you to better understand your environment and take action based on rules that are pre-defined.

With the release of SCCM current branch 1902 ,there are more insights added to the console which will help you to understand your environment in more better way and take necessary action based on the recommendations .

To locate the management insights from the console ,\Administration\Overview\Management Insights

I am going to list down the list of all management insights (MI) that are available in CMCB 1902 .

There are total 27 management insights available in CMCB 1902.

These insights are grouped into 9 categories  based on their function like collection,packages,applications,boot images,software updates/ADR etc.

Management insight group names:

  1. Security
  2. Software Center
  3. Software updates
  4. Applications
  5. Mac OS and Unix
  6. Simplified management
  7. Collections
  8. Cloud Services
  9. Proactive Maintenance

Following are the list of actual management insights that exist on SCCM Configmgr CMCB 1902 build along with its rule Description.Hope the following information useful for you to understand what each rule does .

Unused
boot images
These
boot images aren't enabled for PXE boot or reference by any task sequence.
Delete these potentially old, unused boot images.
Boundary
groups with no assigned site systems
Without
assigned site systems, boundary groups can only be used for site assignment
and not content lookup. Review whether these boundary groups are appropriate
for content lookup.
Upgrade
peer cache sources to the latest version of the Configuration Manager
client
When
you update the site from a Configuration Manager version lower than 1806, this
rule verifies that you also update all peer cache sources to the latest client
version. The management point doesn't include these peer cache sources in the
list of content locations until they are updated to the least version.
Boundary
groups with no members
Boundary
groups with no members will not be applicable for site assignment or content
lookup. Review and delete any boundary groups that have no members.
Distribution
points not serving content to clients
The
following distribution points haven't served content to clients in the past 30
days. This metric is based on the download history reported by clients. Review
the boundary groups to which these distribution points are assigned. If these
distribution points aren't needed, consider removing these site system
roles.
Unused
configuration items
The
following configuration items aren't part of a configuration baseline, and are
older than 30 days. Review these potentially unused configuration
items.
Enable
WSUS Cleanup
Verifies
that the option to run WSUS cleanup on the Supersedence Rules tab of the
software update point component properties is enabled. This option cleans up
expired and superseded updates, improving WSUS performance.
Unsupported
antimalware client versions
More
than 10% of devices are running versions of System Center Endpoint Protection
that are no longer supported.
SCEP
for Mac and Linux end of support
Lists
the Mac and Linux clients in your environment. These clients may or may not
have SCEP installed. Support for SCEP for Mac and Linux ends on December 31,
2018. 
Changes
to behavior for sending service and diagnostic data to Microsoft from
Office
The
behavior for sending service and diagnostic data to Microsoft from Office has
changed.
Applications
without deployments
Lists
the applications in your environment that do not have active deployments. This
helps you to find and delete unused applications to simplify the list of
applications displayed in the console.
Move
from hybrid MDM to Microsoft Intune in the Azure Portal
Hybrid
MDM is being deprecated on September 1, 2019.  It is recommended to migrate from
hybrid MDM to Microsoft Intune on the Azure Portal.
Update
clients to the latest Windows 10 version
Update
Windows 10 devices to the latest version to improve and modernize the
computing experience for users. This rule detects if there are any Windows 10
version 1709 or later devices in your environment. If the rule detects any such
devices, it turns green.
Assess
co-management readiness
Co-management
is a solution that provides a bridge from traditional to modern management.
Co-management gives you a path to make the transition using a phased approach.
This rule helps you understand what steps are necessary to enable
co-management.
Enable
devices to be hybrid Azure Active Directory joined
Modernize
identity on your devices by extending your domain-joined devices to Azure
Active Directory (Azure AD). Hybrid Azure AD-joined devices allow users to sign
in with their domain credentials while ensuring devices meet the organization's
security and compliance standards. This rule helps identify if there are any
hybrid Azure AD-joined devices in your environment. If the rule detects any
such devices, it turns green.
Client
settings aren't configured to allow clients to download delta content
Some
software updates synchronized in your environment include delta content.
Enable the client setting, 'Allow clients to download delta content when
available.' If you don't enable this setting, when you deploy these updates,
clients will unnecessarily download more content than they require.
Collections
with no query rules and no direct members
Lists
the collections in your environment that have no members or query rules. You
can delete these collections to simplify the list of collections in your
hierarchy.
Empty
Collections
Lists
the collections in your environment that have no members. You can delete these
collections to simplify the list of collections displayed when deploying
objects, for example.
Collections
with query time over 5 minutes
Lists
the collections in your environment that have a query with an execution time
of over 5 minutes. Review the query rules associated with the collection and
consider modifying or deleting the collection.
Collections
with no query rules and schedule full evaluation selected
This
configuration causes potentially unnecessary load on the site and should be
reviewed and either deleted or disabled for evaluation.
Collections
with no query rules and enabled for any schedule
This
configuration causes potentially unnecessary load on the site and should be
reviewed and either deleted or disabled for evaluation.
Collections
with the same re-evaluation start time
Lists
the collections in your environment that have the same re-evaluation time as
other collections. You can modify the re-evaluation time so they do not
conflict with each other.
Collections
with no query rules and incremental updates enabled
Lists
the collections in your environment that have no query rules and have
incremental updates enabled. This configuration causes potentially unnecessary
load on the site and should be reviewed and either deleted or disabled for
incremental evaluation.
Non-CB
Client Versions
This
lists all clients running client versions from ConfigMgr builds before Current
Branch.
Update
clients to a supported Windows 10 version
Some
clients in your environment are running a Windows 10 version that is no longer
supported, or will reach end of service within the next three months.
Direct
your users to Software Center instead of Application Catalog
This
rule checks if any users installed or requested applications from the
Application Catalog in the last 14 days. The primary functionality of the
Application Catalog is now included in Software Center. Support for the
Application Catalog web site ends with the first update released after June 1,
2018. Update any end-user documentation and shortcuts to use Software
Center.
Use
the new version of Software Center
Software
Center has a new, modern look. The previous version of Software Center is no
longer supported. Set up clients to use the new Software Center by enabling the
client setting, Computer Agent > Use new Software Center.

If you want to know the status of each rule ,you can either check from SCCM admin console by clicking the insight group and go through each task or use SCCM report,but to take action ,you can only do using SCCM console and cannot be done using reporting .

On a schedule basis these rules will be evaluated and display the status in the console whether they are completed, failed or in progress .If any rules failed/action needed then you need to review the rule and take necessary action.

The management insight rules reevaluate their applicability on a weekly schedule. To reevaluate a rule on-demand, right-click the rule and select Re-evaluate.

The log file for management insight rules is SMS_DataEngine.log on the site server.

For example, Collections with query time over 5 minutes. What this rule does is ,it will check against all your CM collections and find collections that are taking more than 5 min for evaluation.

If you want know how many of these rules are needing your action, you need to click on each group and see the status which is time consuming process .

Starting in version 1810, the Management Insights node includes a graphical dashboard. This dashboard displays an overview of the rule states, which makes it easier for you to show your progress.

The new addition of MI in 1902 also included in the the dashboard .

Please note that, this dashboard is available only via console. If you want to view the MI stats using reporting URL ,you need to build custom report.

This dashboard is based on the SQL table vSMS_ManagementInsights and  ManagementInsightRulesLocalizedData . These are not SQL views hence non-SCCM Administrators (users are given with RBAC role) cannot access these SQL tables.

Following the SQL code for you to create custom SSRS report .

SELECT
MI.Id,
MI.GroupID,
loc.RuleName As Name,
case when MI.Status='1' then 'Completed' when MI.status='-1' then 'Action Needed' else 'Progress' end as 'Status',
MI.Results,
MI.LastRunTime,
MI.LastSuccessfulRunTime,
MI.Duration,
MI.Error,
MI.MoreInfoLink,
MI.ActionType
FROM vSMS_ManagementInsights MI
LEFT JOIN ManagementInsightRulesLocalizedData loc ON MI.Id = loc.Id
order by 2

Reference https://docs.microsoft.com/en-us/sccm/core/servers/manage/management-insights

One Response to "SCCM Management Insights and dashboard in Current Branch 1902"

Post Comment