Management insights are introduced from SCCM 1802 build to provide information about the current state of your environment. With build 1802 ,there are very limited insights added .These insights are based on analysis of data from the site database.These Insights help you to better understand your environment and take action based on rules that are pre-defined.
With the release of SCCM current branch 1902 ,there are more insights added to the console which will help you to understand your environment in more better way and take necessary action based on the recommendations .
To locate the management insights from the console ,\Administration\Overview\Management Insights
I am going to list down the list of all management insights (MI) that are available in CMCB 1902 .
There are total 27 management insights available in CMCB 1902.
These insights are grouped into 9 categories based on their function like collection,packages,applications,boot images,software updates/ADR etc.
Management insight group names:
- Security
- Software Center
- Software updates
- Applications
- Mac OS and Unix
- Simplified management
- Collections
- Cloud Services
- Proactive Maintenance
Following are the list of actual management insights that exist on SCCM Configmgr CMCB 1902 build along with its rule Description.Hope the following information useful for you to understand what each rule does .
| Unused boot images |
These boot images aren't enabled for PXE boot or reference by any task sequence. Delete these potentially old, unused boot images. |
| Boundary groups with no assigned site systems |
Without assigned site systems, boundary groups can only be used for site assignment and not content lookup. Review whether these boundary groups are appropriate for content lookup. |
| Upgrade peer cache sources to the latest version of the Configuration Manager client |
When you update the site from a Configuration Manager version lower than 1806, this rule verifies that you also update all peer cache sources to the latest client version. The management point doesn't include these peer cache sources in the list of content locations until they are updated to the least version. |
| Boundary groups with no members |
Boundary groups with no members will not be applicable for site assignment or content lookup. Review and delete any boundary groups that have no members. |
| Distribution points not serving content to clients |
The following distribution points haven't served content to clients in the past 30 days. This metric is based on the download history reported by clients. Review the boundary groups to which these distribution points are assigned. If these distribution points aren't needed, consider removing these site system roles. |
| Unused configuration items |
The following configuration items aren't part of a configuration baseline, and are older than 30 days. Review these potentially unused configuration items. |
| Enable WSUS Cleanup |
Verifies that the option to run WSUS cleanup on the Supersedence Rules tab of the software update point component properties is enabled. This option cleans up expired and superseded updates, improving WSUS performance. |
| Unsupported antimalware client versions |
More than 10% of devices are running versions of System Center Endpoint Protection that are no longer supported. |
| SCEP for Mac and Linux end of support |
Lists the Mac and Linux clients in your environment. These clients may or may not have SCEP installed. Support for SCEP for Mac and Linux ends on December 31, 2018. |
| Changes to behavior for sending service and diagnostic data to Microsoft from Office |
The behavior for sending service and diagnostic data to Microsoft from Office has changed. |
| Applications without deployments |
Lists the applications in your environment that do not have active deployments. This helps you to find and delete unused applications to simplify the list of applications displayed in the console. |
| Move from hybrid MDM to Microsoft Intune in the Azure Portal |
Hybrid MDM is being deprecated on September 1, 2019. It is recommended to migrate from hybrid MDM to Microsoft Intune on the Azure Portal. |
| Update clients to the latest Windows 10 version |
Update Windows 10 devices to the latest version to improve and modernize the computing experience for users. This rule detects if there are any Windows 10 version 1709 or later devices in your environment. If the rule detects any such devices, it turns green. |
| Assess co-management readiness |
Co-management is a solution that provides a bridge from traditional to modern management. Co-management gives you a path to make the transition using a phased approach. This rule helps you understand what steps are necessary to enable co-management. |
| Enable devices to be hybrid Azure Active Directory joined |
Modernize identity on your devices by extending your domain-joined devices to Azure Active Directory (Azure AD). Hybrid Azure AD-joined devices allow users to sign in with their domain credentials while ensuring devices meet the organization's security and compliance standards. This rule helps identify if there are any hybrid Azure AD-joined devices in your environment. If the rule detects any such devices, it turns green. |
| Client settings aren't configured to allow clients to download delta content |
Some software updates synchronized in your environment include delta content. Enable the client setting, 'Allow clients to download delta content when available.' If you don't enable this setting, when you deploy these updates, clients will unnecessarily download more content than they require. |
| Collections with no query rules and no direct members |
Lists the collections in your environment that have no members or query rules. You can delete these collections to simplify the list of collections in your hierarchy. |
| Empty Collections |
Lists the collections in your environment that have no members. You can delete these collections to simplify the list of collections displayed when deploying objects, for example. |
| Collections with query time over 5 minutes |
Lists the collections in your environment that have a query with an execution time of over 5 minutes. Review the query rules associated with the collection and consider modifying or deleting the collection. |
| Collections with no query rules and schedule full evaluation selected |
This configuration causes potentially unnecessary load on the site and should be reviewed and either deleted or disabled for evaluation. |
| Collections with no query rules and enabled for any schedule |
This configuration causes potentially unnecessary load on the site and should be reviewed and either deleted or disabled for evaluation. |
| Collections with the same re-evaluation start time |
Lists the collections in your environment that have the same re-evaluation time as other collections. You can modify the re-evaluation time so they do not conflict with each other. |
| Collections with no query rules and incremental updates enabled |
Lists the collections in your environment that have no query rules and have incremental updates enabled. This configuration causes potentially unnecessary load on the site and should be reviewed and either deleted or disabled for incremental evaluation. |
| Non-CB Client Versions |
This lists all clients running client versions from ConfigMgr builds before Current Branch. |
| Update clients to a supported Windows 10 version |
Some clients in your environment are running a Windows 10 version that is no longer supported, or will reach end of service within the next three months. |
| Direct your users to Software Center instead of Application Catalog |
This rule checks if any users installed or requested applications from the Application Catalog in the last 14 days. The primary functionality of the Application Catalog is now included in Software Center. Support for the Application Catalog web site ends with the first update released after June 1, 2018. Update any end-user documentation and shortcuts to use Software Center. |
| Use the new version of Software Center |
Software Center has a new, modern look. The previous version of Software Center is no longer supported. Set up clients to use the new Software Center by enabling the client setting, Computer Agent > Use new Software Center. |
If you want to know the status of each rule ,you can either check from SCCM admin console by clicking the insight group and go through each task or use SCCM report,but to take action ,you can only do using SCCM console and cannot be done using reporting .
On a schedule basis these rules will be evaluated and display the status in the console whether they are completed, failed or in progress .If any rules failed/action needed then you need to review the rule and take necessary action.
The management insight rules reevaluate their applicability on a weekly schedule. To reevaluate a rule on-demand, right-click the rule and select Re-evaluate.
The log file for management insight rules is SMS_DataEngine.log on the site server.
For example, Collections with query time over 5 minutes. What this rule does is ,it will check against all your CM collections and find collections that are taking more than 5 min for evaluation.
If you want know how many of these rules are needing your action, you need to click on each group and see the status which is time consuming process .
Starting in version 1810, the Management Insights node includes a graphical dashboard. This dashboard displays an overview of the rule states, which makes it easier for you to show your progress.
The new addition of MI in 1902 also included in the the dashboard .
Please note that, this dashboard is available only via console. If you want to view the MI stats using reporting URL ,you need to build custom report.
This dashboard is based on the SQL table vSMS_ManagementInsights and ManagementInsightRulesLocalizedData . These are not SQL views hence non-SCCM Administrators (users are given with RBAC role) cannot access these SQL tables.
Following the SQL code for you to create custom SSRS report .
SELECT
MI.Id,
MI.GroupID,
loc.RuleName As Name,
case when MI.Status='1' then 'Completed' when MI.status='-1' then 'Action Needed' else 'Progress' end as 'Status',
MI.Results,
MI.LastRunTime,
MI.LastSuccessfulRunTime,
MI.Duration,
MI.Error,
MI.MoreInfoLink,
MI.ActionType
FROM vSMS_ManagementInsights MI
LEFT JOIN ManagementInsightRulesLocalizedData loc ON MI.Id = loc.Id
order by 2
Reference https://docs.microsoft.com/en-us/sccm/core/servers/manage/management-insights
Pingback: System Center Nisan 2019 Bülten – Sertaç Topal