Quickstart: Enroll Intune devices into Endpoint analytics

This quickstart outlines prerequisites and instructions for enrolling Intune managed devices into Endpoint analytics. If your devices are co-managed and meet the Intune device requirements below, we recommend using the instructions in this quickstart to enroll them to Endpoint analytics via Intune. Note that you do not need to move any co-management workloads to Intune to enroll eligible devices via Intune.

Prerequisites

Before you start this tutorial, make sure you have the following prerequisites:

Intune device requirements

  • Intune enrolled or co-managed devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Enterprise, or Windows 10 Education. Windows 10 Home isn't supported.
    • Startup performance insights are only available for devices running version 1903 or later of Windows 10 Enterprise, Education, or Pro. Windows 10 long-term servicing channel (LTSC) isn't supported.
      • Windows 10 Pro versions 1903 and 1909 require KB4577062.
      • Windows 10 Pro versions 2004 and 20H2 require KB4577063.
  • Windows 10 devices must be Azure AD joined or hybrid Azure AD joined.
    • Workplace joined or Azure AD registered devices aren't supported.
  • The Connected User Experiences and Telemetry service on the device is running

Endpoints required for Intune-managed devices

To enroll devices to Endpoint analytics, they need to send required functional data to Microsoft public cloud. Endpoint Analytics uses the Windows 10 and Windows Server Connected User Experiences and Telemetry component (DiagTrack) to collect the data from Intune-managed devices.

Endpoint Function
https://*.events.data.microsoft.com Used by Intune-managed devices to send required functional data to the Intune data collection endpoint.

Licensing Prerequisites

Endpoint analytics is included in the following plans:

Endpoint analytics permissions

  • The Intune Service Administrator role is required to start gathering data.
    • By clicking Start, you agree to and acknowledge that your customer data may be stored outside the location you selected when you provisioned your Microsoft Intune tenant.
    • After clicking Start for gathering data, other read-only roles can view the data.
  • The following permissions are used for Endpoint analytics:
    • Permissions appropriate to the user's role under the Endpoint Analytics, Organization or School Administrator categories. A read-only user would only need the Read permission under either category. An Intune administrator would typically need all permissions.

    • Read under the Help Desk Operator, or Endpoint Security Manager Intune roles.

    • Reports Reader Azure AD role.

Onboard in the Endpoint analytics portal

Onboarding from the Endpoint analytics portal is required for Intune managed devices. For more information about common issues, see Troubleshooting device enrollment and startup performance.

  1. Go to https://aka.ms/endpointanalytics
  2. Choose from the following options:
    • All cloud-managed devices: Creates an Intune data collection policy assigned to all Windows 10 1903 or later devices which are either Intune managed or co-managed.
    • Selected devices: Creates and assigns the policy to devices which you select.
    • I'll choose later: Doesn't deploy a policy to devices. Proactive remediations can still be used, but any reports that rely on analytics data will be empty.
  3. Click Start. This will automatically assign a configuration profile to collect boot performance data from all eligible devices. You can change assigned devices later. It may take up to 24 hours for startup performance data to populate from your Intune enrolled devices after they reboot.

Important

We anonymize and aggregate the scores from all enrolled organizations to keep the All organizations (median) baseline up-to-date. You can stop gathering data at any time.

View the Overview page

You won't see your data immediately. The data needs to be gathered and the results calculated. For startup performance, the device needs to have been restarted at least once. Once your data is ready, you'll notice some information on the Overview page, explained in more detail below:

  • The User experience score is a 50/50 weighted average of the Recommended software and Startup performance scores. We'll be expanding the set of subscores over time.

  • You can compare your current score to other scores by setting a baseline.

    • As described in the baseline settings, there's a built-in baseline for Commercial median to see how you compare to a typical enterprise. You can create new baselines based on your current metrics so you can track progress or view regressions over time.
    • Baseline markers are shown for your overall score and subscores. If any of the scores have regressed by more than the configurable threshold from the selected baseline, the score is displayed in red and the top-level score is flagged as needing attention.
    • A status of insufficient data means you don't have enough devices reporting to provide a meaningful score. We currently require at least five devices.
  • Insights and recommendations is a prioritized list to improve your score. This list is filtered to the subnode's context when you navigate to Best practices or Recommended software.

Endpoint analytics overview page

Next steps

Enroll Configuration Manager devices