Quickstart: Enroll Configuration Manager devices into Endpoint analytics
This quickstart outlines prerequisites and instructions for enrolling Configuration Manager managed devices into Endpoint analytics. If your devices are co-managed and meet the Intune device requirements, we recommend using Intune to enroll them into Endpoint analytics instead of following the instructions in this quickstart. You do not need to move any co-management workloads to Intune to enroll a co-managed device to Endpoint analytics via Intune.
Before you start this tutorial, make sure you have the following prerequisites:
Configuration Manager requirements
- A minimum of Configuration Manager version 2002 with KB4560496 - Update rollup for Microsoft Endpoint Configuration Manager version 2002 or later
- The Configuration Manager clients upgraded to version 2002 (including KB4560496) or later
- Microsoft Endpoint Manager tenant attach enabled.
If you have co-management enabled, enrolled devices that meet the Intune requirements will send required functional data directly to Microsoft public cloud. For more information, see requirements for devices managed by Intune.
Endpoint analytics is included in the following plans:
Endpoint analytics permissions
- The Intune Service Administrator role is required to start gathering data.
- After clicking Start for gathering data, other read-only roles can view the data.
- The following permissions are used for Endpoint analytics:
Permissions appropriate to the user's role under the Endpoint Analytics, Organization or School Administrator categories. A read-only user would only need the Read permission under either category. An Intune administrator would typically need all permissions.
Read under the Help Desk Operator, or Endpoint Security Manager Intune roles.
Reports Reader Azure AD role.
Endpoints required for Configuration Manager-managed devices
Configuration Manager-managed devices send data to Intune via the connector on the Configuration Manager role and they don't need directly access to the Microsoft public cloud. If your environment uses a proxy server, configure your proxy server to allow the following endpoints:
||Used to automatically retrieve settings when attaching your hierarchy to Endpoint analytics on Configuration Manager Server role. For more information, see Configure the proxy for a site system server.|
||Used to synch device collection and devices with Endpoint analytics on Configuration Manager Server role only. For more information, see Configure the proxy for a site system server.|
- Endpoint analytics insights are not available for devices running Windows Server editions.
- With the exception of the Recommended software report, Endpoint analytics supports only Windows 10 devices.
- Using multiple Configuration Manager hierarchies with a single Endpoint analytics instance is not currently supported.
Enroll devices managed by Configuration Manager
Enable data upload in Configuration Manager
- In the Configuration Manager console, go to Administration > Cloud Services > Co-management.
- Select CoMgmtSettingsProd then click Properties.
- On the Configure upload tab, check the option to Enable Endpoint analytics for devices uploaded to Microsoft Endpoint Manager
When you enable Endpoint analytics data upload, your default client settings will be automatically updated to allow managed endpoints to send relevant data to your Configuration Manager site server. If you use custom client settings, you may need to update and re-deploy them for data collection to occur. For more details on this, as well as how to configure data collection, such as to limit collection only to a specific set of devices, see the section on Configuring Endpoint analytics data collection.
Onboard in the Endpoint analytics portal
Onboarding from the Endpoint analytics portal is required for both Configuration Manager and Intune managed devices. For more information about common issues, see Troubleshooting device enrollment and startup performance.
- Go to
- Choose from the following options:
- All cloud-managed devices: Creates an Intune data collection policy assigned to all Windows 10 1903 or later devices which are either Intune managed or co-managed.
- Selected devices: Creates and assigns the policy to devices which you select.
- I'll choose later: Doesn't deploy a policy to devices. Proactive remediations can still be used, but any reports that rely on analytics data will be empty.
- Click Start. This will automatically assign a configuration profile to collect boot performance data from all eligible devices. You can change assigned devices later. It may take up to 24 hours for startup performance data to populate from your Intune enrolled devices after they reboot.
- We anonymize and aggregate the scores from all enrolled organizations to keep the All organizations (median) baseline up-to-date. You can stop gathering data at any time.
- Client devices require a restart to fully enable all analytics.
Configure Endpoint analytics data collection in Configuration Manager
The Enable Endpoint analytics data collection client setting allows your managed endpoints to send data necessary for Endpoint analytics to your site server. This setting does not control whether data gets uploaded to the Microsoft Endpoint Manager admin center.
Starting in Configuration Manager version 2006, the Enable Endpoint analytics data collection setting is enabled by default for devices targeted by only the default client settings. If you're upgrading to version 2006 from Configuration Manager version 1910 or prior, the Endpoint analytics data collection policy will be enabled in your custom client settings upon upgrade. You can enable or disable data collection by following the instructions below:
- In the Configuration Manager console, go to Administration > Client Settings > Default Client Settings.
- Right-click and select Properties then select the Computer Agent settings.
- Set Enable Endpoint analytics data collection to Yes to configure devices for local data collection. Set to No to disable local data collection.
You may also modify the Enable Endpoint analytics data collection policy in custom client settings to configure a specific set of devices for local data collection. Don't forget to deploy or re-deploy your custom client setting after making changes.
If you have an existing custom client agent setting that's been deployed to your devices, you'll need to update the Enable Endpoint analytics data collection option in that custom setting and select Ok for it to take effect.
View the Overview page
You won't see your data immediately. The data needs to be gathered and the results calculated. For startup performance, the device needs to have been restarted at least once. Once your data is ready, you'll notice some information on the Overview page, explained in more detail below:
The User experience score is a 50/50 weighted average of the Recommended software and Startup performance scores. We'll be expanding the set of subscores over time.
You can compare your current score to other scores by setting a baseline.
- As described in the baseline settings, there's a built-in baseline for Commercial median to see how you compare to a typical enterprise. You can create new baselines based on your current metrics so you can track progress or view regressions over time.
- Baseline markers are shown for your overall score and subscores. If any of the scores have regressed by more than the configurable threshold from the selected baseline, the score is displayed in red and the top-level score is flagged as needing attention.
- A status of insufficient data means you don't have enough devices reporting to provide a meaningful score. We currently require at least five devices.
Insights and recommendations is a prioritized list to improve your score. This list is filtered to the subnode's context when you navigate to Best practices or Recommended software.