Client notification in Configuration Manager

Applies to: System Center Configuration Manager (Current Branch)

To take immediate action on remote clients, send a client notification action from the Configuration Manager console. Start these actions on an individual device or on a collection of devices.

Actions

The following actions are on the ribbon in the Device or Collection group of the Home tab.

Install client

Opens the Install Client Wizard. This wizard uses client push installation to install a Configuration Manager client. For more information, see Client push installation.

Permissions

This action requires the Modify Resource and Read permissions on the Collection object.

The following built-in roles have these permissions by default:

  • Application Administrator
  • Full Administrator
  • Infrastructure Administrator
  • Operations Administrator
  • OS Deployment Manager

Add these permissions to any custom roles that need to push the client.

Run script

Opens the Run Script wizard to run a PowerShell script on all of the clients in the collection. For more information, see Create and run PowerShell scripts.

Permissions

This action requires the Run Script permission on the Collection object.

The following built-in roles have this permission by default:

  • Full Administrator
  • Infrastructure Administrator
  • Operations Administrator

Add this permission to any custom roles that need to run scripts.

Start CMPivot

Starts CMPivot, which runs real-time queries against the targeted devices. For more information, see CMPivot.

Permissions

This action requires the same permissions as the Run script action.

Starting in version 1906, you can use the Run CMPivot permission on the Collection object.

Client notification

These actions are under the Client notification menu, on the ribbon in the Device or Collection group of the Home tab.

In version 1806 or earlier, the Client Notification option is only available from either the Device Collection node or when you viewed the membership of a Device Collection. Starting in version 1810, you can start a Client Notification directly from the Devices node. There's no longer a requirement to be within a collection membership view.

Permissions

Starting in version 1810, client notification actions now require the Notify Resource permission on the Collection object. This permission applies to all actions under the Client notification menu.

The following built-in roles have this permission by default:

  • Full Administrator
  • Infrastructure Administrator

Add this permission to any custom roles that need to use client notification actions.

Download computer policy

Refresh the device policy. For more information, see Initiate policy retrieval for a Configuration Manager client.

Download user policy

Refresh the user policy.

Collect discovery data

Trigger clients to send a discovery data record (DDR). For more information, see Heartbeat discovery.

Collect software inventory

Trigger clients to run a software inventory cycle. For more information, see Introduction to software inventory.

Collect hardware inventory

Trigger clients to run a hardware inventory cycle. For more information, see Introduction to hardware inventory.

Evaluate application deployments

Trigger clients to run an application deployment evaluation cycle. For more information, see Schedule re-evaluation for deployments.

Evaluate software update deployments

Trigger clients to run a software updates deployment evaluation cycle. For more information, see Introduction to software updates.

Switch to the next software update point

Trigger clients to switch to the next available software update point. For more information, see Software update point switching.

Evaluate device health attestation

Trigger Windows 10 clients to check and send their latest device health state. For more information, see Health attestation.

Check conditional access compliance

Trigger clients to check their compliance with conditional access. For more information, see Manage access to Office 365 services for PCs.

Wake Up

Starting in version 1810, trigger devices configured to support Wake-on-LAN to wake up using other devices on the same subnet to send the Wake-on-LAN package. For more information, see How to configure Wake on LAN.

Permissions

This action requires the Notify resource permission on the Collection object.

Restart

Trigger the selected devices to restart. For more information, see Restart clients.

Endpoint Protection

The following actions are under the Endpoint Protection menu. This menu is on the ribbon in the Collection group of the Home tab. When you select one or more devices, these actions are on the Selected Object tab of the ribbon.

For more information, see Endpoint Protection in Configuration Manager.

Permissions

This action requires the Enforce Security permission on the Collection object.

The following built-in roles have this permission by default:

  • Full Administrator
  • Endpoint Protection Manager
  • Operations Administrator

Add this permission to any custom roles that need to trigger Endpoint Protection actions.

Full Scan

Trigger Endpoint Protection or Windows Defender to run a full antimalware scan.

Quick Scan

Trigger Endpoint Protection or Windows Defender to run a quick antimalware scan.

Download Definition

Trigger Endpoint Protection or Windows Defender to download the latest antimalware definitions.

See also