Close Menu
    Facebook X (Twitter) Instagram
    Friday, May 16
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»Compliance Settings»SCCM Management Insights and dashboard in Current Branch 1902

    SCCM Management Insights and dashboard in Current Branch 1902

    Eswar KonetiBy Eswar KonetiApril 01, 11:17 am8 Mins Read Compliance Settings 3,700 Views
    Share
    Facebook Twitter LinkedIn Reddit

    Management insights are introduced from SCCM 1802 build to provide information about the current state of your environment. With build 1802 ,there are very limited insights added .These insights are based on analysis of data from the site database.These Insights help you to better understand your environment and take action based on rules that are pre-defined.

    With the release of SCCM current branch 1902 ,there are more insights added to the console which will help you to understand your environment in more better way and take necessary action based on the recommendations .

    To locate the management insights from the console ,\Administration\Overview\Management Insights

    I am going to list down the list of all management insights (MI) that are available in CMCB 1902 .

    There are total 27 management insights available in CMCB 1902.

    These insights are grouped into 9 categories  based on their function like collection,packages,applications,boot images,software updates/ADR etc.

    Management insight group names:

    1. Security
    2. Software Center
    3. Software updates
    4. Applications
    5. Mac OS and Unix
    6. Simplified management
    7. Collections
    8. Cloud Services
    9. Proactive Maintenance

    Following are the list of actual management insights that exist on SCCM Configmgr CMCB 1902 build along with its rule Description.Hope the following information useful for you to understand what each rule does .

    Unused
    boot images
    These
    boot images aren't enabled for PXE boot or reference by any task sequence.
    Delete these potentially old, unused boot images.
    Boundary
    groups with no assigned site systems
    Without
    assigned site systems, boundary groups can only be used for site assignment
    and not content lookup. Review whether these boundary groups are appropriate
    for content lookup.
    Upgrade
    peer cache sources to the latest version of the Configuration Manager
    client
    When
    you update the site from a Configuration Manager version lower than 1806, this
    rule verifies that you also update all peer cache sources to the latest client
    version. The management point doesn't include these peer cache sources in the
    list of content locations until they are updated to the least version.
    Boundary
    groups with no members
    Boundary
    groups with no members will not be applicable for site assignment or content
    lookup. Review and delete any boundary groups that have no members.
    Distribution
    points not serving content to clients
    The
    following distribution points haven't served content to clients in the past 30
    days. This metric is based on the download history reported by clients. Review
    the boundary groups to which these distribution points are assigned. If these
    distribution points aren't needed, consider removing these site system
    roles.
    Unused
    configuration items
    The
    following configuration items aren't part of a configuration baseline, and are
    older than 30 days. Review these potentially unused configuration
    items.
    Enable
    WSUS Cleanup
    Verifies
    that the option to run WSUS cleanup on the Supersedence Rules tab of the
    software update point component properties is enabled. This option cleans up
    expired and superseded updates, improving WSUS performance.
    Unsupported
    antimalware client versions
    More
    than 10% of devices are running versions of System Center Endpoint Protection
    that are no longer supported.
    SCEP
    for Mac and Linux end of support
    Lists
    the Mac and Linux clients in your environment. These clients may or may not
    have SCEP installed. Support for SCEP for Mac and Linux ends on December 31,
    2018. 
    Changes
    to behavior for sending service and diagnostic data to Microsoft from
    Office
    The
    behavior for sending service and diagnostic data to Microsoft from Office has
    changed.
    Applications
    without deployments
    Lists
    the applications in your environment that do not have active deployments. This
    helps you to find and delete unused applications to simplify the list of
    applications displayed in the console.
    Move
    from hybrid MDM to Microsoft Intune in the Azure Portal
    Hybrid
    MDM is being deprecated on September 1, 2019.  It is recommended to migrate from
    hybrid MDM to Microsoft Intune on the Azure Portal.
    Update
    clients to the latest Windows 10 version
    Update
    Windows 10 devices to the latest version to improve and modernize the
    computing experience for users. This rule detects if there are any Windows 10
    version 1709 or later devices in your environment. If the rule detects any such
    devices, it turns green.
    Assess
    co-management readiness
    Co-management
    is a solution that provides a bridge from traditional to modern management.
    Co-management gives you a path to make the transition using a phased approach.
    This rule helps you understand what steps are necessary to enable
    co-management.
    Enable
    devices to be hybrid Azure Active Directory joined
    Modernize
    identity on your devices by extending your domain-joined devices to Azure
    Active Directory (Azure AD). Hybrid Azure AD-joined devices allow users to sign
    in with their domain credentials while ensuring devices meet the organization's
    security and compliance standards. This rule helps identify if there are any
    hybrid Azure AD-joined devices in your environment. If the rule detects any
    such devices, it turns green.
    Client
    settings aren't configured to allow clients to download delta content
    Some
    software updates synchronized in your environment include delta content.
    Enable the client setting, 'Allow clients to download delta content when
    available.' If you don't enable this setting, when you deploy these updates,
    clients will unnecessarily download more content than they require.
    Collections
    with no query rules and no direct members
    Lists
    the collections in your environment that have no members or query rules. You
    can delete these collections to simplify the list of collections in your
    hierarchy.
    Empty
    Collections
    Lists
    the collections in your environment that have no members. You can delete these
    collections to simplify the list of collections displayed when deploying
    objects, for example.
    Collections
    with query time over 5 minutes
    Lists
    the collections in your environment that have a query with an execution time
    of over 5 minutes. Review the query rules associated with the collection and
    consider modifying or deleting the collection.
    Collections
    with no query rules and schedule full evaluation selected
    This
    configuration causes potentially unnecessary load on the site and should be
    reviewed and either deleted or disabled for evaluation.
    Collections
    with no query rules and enabled for any schedule
    This
    configuration causes potentially unnecessary load on the site and should be
    reviewed and either deleted or disabled for evaluation.
    Collections
    with the same re-evaluation start time
    Lists
    the collections in your environment that have the same re-evaluation time as
    other collections. You can modify the re-evaluation time so they do not
    conflict with each other.
    Collections
    with no query rules and incremental updates enabled
    Lists
    the collections in your environment that have no query rules and have
    incremental updates enabled. This configuration causes potentially unnecessary
    load on the site and should be reviewed and either deleted or disabled for
    incremental evaluation.
    Non-CB
    Client Versions
    This
    lists all clients running client versions from ConfigMgr builds before Current
    Branch.
    Update
    clients to a supported Windows 10 version
    Some
    clients in your environment are running a Windows 10 version that is no longer
    supported, or will reach end of service within the next three months.
    Direct
    your users to Software Center instead of Application Catalog
    This
    rule checks if any users installed or requested applications from the
    Application Catalog in the last 14 days. The primary functionality of the
    Application Catalog is now included in Software Center. Support for the
    Application Catalog web site ends with the first update released after June 1,
    2018. Update any end-user documentation and shortcuts to use Software
    Center.
    Use
    the new version of Software Center
    Software
    Center has a new, modern look. The previous version of Software Center is no
    longer supported. Set up clients to use the new Software Center by enabling the
    client setting, Computer Agent > Use new Software Center.

    If you want to know the status of each rule ,you can either check from SCCM admin console by clicking the insight group and go through each task or use SCCM report,but to take action ,you can only do using SCCM console and cannot be done using reporting .

    On a schedule basis these rules will be evaluated and display the status in the console whether they are completed, failed or in progress .If any rules failed/action needed then you need to review the rule and take necessary action.

    The management insight rules reevaluate their applicability on a weekly schedule. To reevaluate a rule on-demand, right-click the rule and select Re-evaluate.

    The log file for management insight rules is SMS_DataEngine.log on the site server.

    For example, Collections with query time over 5 minutes. What this rule does is ,it will check against all your CM collections and find collections that are taking more than 5 min for evaluation.

    If you want know how many of these rules are needing your action, you need to click on each group and see the status which is time consuming process .

    Starting in version 1810, the Management Insights node includes a graphical dashboard. This dashboard displays an overview of the rule states, which makes it easier for you to show your progress.

    The new addition of MI in 1902 also included in the the dashboard .

    Please note that, this dashboard is available only via console. If you want to view the MI stats using reporting URL ,you need to build custom report.

    This dashboard is based on the SQL table vSMS_ManagementInsights and  ManagementInsightRulesLocalizedData . These are not SQL views hence non-SCCM Administrators (users are given with RBAC role) cannot access these SQL tables.

    Following the SQL code for you to create custom SSRS report .

    SELECT
    MI.Id,
    MI.GroupID,
    loc.RuleName As Name,
    case when MI.Status='1' then 'Completed' when MI.status='-1' then 'Action Needed' else 'Progress' end as 'Status',
    MI.Results,
    MI.LastRunTime,
    MI.LastSuccessfulRunTime,
    MI.Duration,
    MI.Error,
    MI.MoreInfoLink,
    MI.ActionType
    FROM vSMS_ManagementInsights MI
    LEFT JOIN ManagementInsightRulesLocalizedData loc ON MI.Id = loc.Id
    order by 2

    Reference https://docs.microsoft.com/en-us/sccm/core/servers/manage/management-insights

    CI collection with no query rules Collections configmgr Dashboard empty collections Management insights SCCM Software Center wsus cleanup
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    Investigating Co-Management Issues with Windows Endpoints in SCCM/Intune

    October 26, 10:45 pm

    1 Comment

    1. Pingback: System Center Nisan 2019 Bülten – Sertaç Topal

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.