How to connect SCCM to Windows Analytics Upgrade Readiness

In order to start using all the data in the Upgrade Readiness solution in Windows Analytics, we need to connect ConfigMgr to Upgrade Readiness. Once that is done, we can create dynamic collection based on what devices are ready to start upgrading to the next Windows 10 Feature Update.

This blog will not go into details on how to monitor and resolve issues in the Upgrade readiness solution. That might come in a later post.

Why?

Why is this cool? Because we can leverage the data available in Windows Analytics, to make sure our devices only gets upgraded once we’ve confirmed they are ready to upgrade in the Upgrade readiness solution.

Prerequisites:

  • Global Admin in Azure AD
  • Owner on the Log Analytics Workspace Resource group
  • Log Analytics Workspace with Upgrade Readiness Solution
  • ConfigMgr Infrastructure

Tasks:

  • Create Azure AD App Registration
  • Create a secret key
  • Give the App Reader on the ressource group the Log Analytics workspace is
  • Give the App Contributor on the Log Analytics workspace
  • Create Upgrade Readiness Connector in ConfigMgr
  • Verify sync is working

Getting started:

Go to the Azure Portal -> Azure Active Directory and select Application registration

Name: ConfigMgr-UpgradeReadiness

Redirect URI: https://ConfigMgr-UpgradeReadiness

Once created we need to create a secret key:

Copy the secret key once added:

Permissions on Log Analytics workspace

Grant the new App Reader on the ressource group:

Go to the Log Analytics workspace for Windows Analytics, click Access Control (IAM) -> Add -> Search for the App Registration just created (ConfigMgr-UpgradeReadiness) and click Add.

Grant Contribute on the Upgrade Readiness solution:

Go to the Log Analytics Workspace for your Windows Analytics, click Solutions and “DeviceHealthProd”.

Click Access Control (IAM) -> Add -> Select Contributor in Roles, search for the App Registration and select it (ConfigMgr-UpgradeReadiness)

Gather some information for later use

Once the permissions are set, we need to copy some informations we need to input in ConfigMgr.

First we’re going to copy the Commercial Id Key:

Still in the Device Health solution, click Device Health Settings and copy the Commercial Id Key and save it for later.

Now, let’s find the Application ID, DisplayName and Application ID of the App Registration created ealier:

Go to Azure Active Directory -> App registration, search for the App (ConfigMgr-UpgradeReadiness) and select it.

Save Display name and Application ID for later use. Then click on Redirect URIs (1 web, 0 public client)

Save the redirect URI: “https://ConfigMgr-UpgradeReadiness”

Last thing we need from the Azure portal, is to copy the Tenant Name and Tenant Id:

Go to Azure Active Directory -> Properties. Save Name and Directory Id.

Setup Upgrade Readiness Connector in ConfigMgr

Now we are done in the Azure Portal. Open up ConfigMgr Console and expand Cloud Services in Administration.

Right click Azure services -> Configure Azure Services.

Type a name and select Upgrade Readiness Connector

Click import and fill in the information gathered.

  1. Click Import
  2. Azure AD Tenant Name = Directory Name
  3. Azure AD Tenant ID = Directory Id
  4. Application Name = ConfigMgr-UpgradeReadiness
  5. Client ID = Application ID
  6. Secret Key = Secret Key (from the App Registration we copied in the first step.)
  7. 12/31/2299
  8. Add ID URI = Redirect URI

Click verify and OK.

If you get an error saying something like “app already exist”, delete the App Registration and create it again.

Click Next

Verify the Azure Subscription, resource group and Windows Analytics workspace is correct.

If you don’t see any subscription, resource group or Windows Analytics workspace, you need to look at the permissions on the resource group and Log Analytics workspace

Verify everything is syncing

Once the wizard is completed go and make a Sync to verify everything is working.

Click Sync with Upgrade Readiness :

Open the dmpdownloader.log to verify the connection is OK.

Now in the ConfigMgr Console, you can create collection based on the readiness status assigned in Upgrade Readiness. Pretty cool!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s