Desktop Analytics Configuration Step by Step Guide – Device Mgmt Portal

In this video post, you will see the Azure cloud side Azure Desktop Analytics configuration from the Device Management portal. I have a previous post which explains the configuration from SCCM Desktop Analytics (1902 Technical Preview) side.

NOTE! – Microsoft announced public preview of Desktop analytics today Check out and join public preview from the above Microsoft’s post.

Subscribe to this blog via eMail

[jetpack_subscription_form show_only_email_and_button=”true” custom_background_button_color=”#00d084″ custom_text_button_color=”undefined” submit_button_text=”Subscribe” submit_button_classes=”wp-block-button__link has-text-color has-background has-vivid-green-cyan-background-button-color” show_subscribers_total=”false” ]

What is Desktop Analytics?

Desktop Analytics is a cloud-based service that provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows and Office. It combines data from your organization with data aggregated from millions of devices connected to Microsoft cloud services.

Why Desktop Analytics

Use Desktop Analytics with Configuration Manager to:

  • Create an inventory of apps running in your organization.
  • Assess app compatibility with the latest Windows 10 feature updates.
  • Identify compatibility issues and receive mitigation suggestions based on cloud-enabled data insights.
  • Create pilot groups that represent the entire application and driver estate across a minimal set of devices.
  • Deploy Windows 10 to pilot and production-managed devices using SCCM.
  • Minimize deployment risks by monitoring the health state of your devices during and after the deployment.
  • Ensure your devices are still supported with security and feature updates status.

Prerequisites – Azure Desktop Analytics

As mentioned above today, Microsoft released Desktop Analytics in public preview mode.

This Public preview of Desktop Analytics is made available to you to test and check out the configuration for your pilot devices. More detailed explanation about technical requirements here.

  • Login with Global Administrative access and
    • Use credentials that have at least Workspace Contributors permissions.
  • We need to verify that you have one of the following license subscriptions:
    • Windows 10 Enterprise E3 or E5; or Microsoft 365 F1, E3, or E5
    • Windows 10 Education A3 or A5; or Microsoft 365 A3 or A5
    • Windows Virtual Desktop Access E3 or E5

Configuration – Setup Azure Desktop Analytics

Following are the steps which I explained in the video to setup Desktop Analytics in Azure Device Management portal (setup Azure Desktop Analytics).

Azure Desktop Analytics
Azure Desktop Analytics

NOTE! – If you are prompted for an invitation code during the onboarding process, use: DesktopAnalyticsRocks! (Note that the code is case-sensitive and includes the !) More details here.

  • Do you have one of the supported subscriptions?
    • Yes
    • Why do I need one of these subscriptions?
      • Desktop Analytics requires one of the license subscriptions above. If you don’t have one of these subscriptions, you cannot continue set up.
  • Give users and apps access
    • In order to access Desktop Analytics, users need the ‘Desktop Analytics administrator’ (or equivalent) Directory role and workspace access.
  • Directory role management
    • Allow Desktop Analytics to manage Directory roles on your behalf
      • Yes
      • By selecting ‘Yes’, we will assign the ‘Desktop Analytics administrator’ role to Workspace owners.
  • Workspace owners
    • Users in this security group will be granted Azure owner access to the Log Analytics workspace associated with your Desktop Analytics portal. (Azure Desktop Analytics)
  • Security group: M365 Analytics Client Admins
  • Set up your workspace
    • To set up Desktop Analytics, you need an Azure subscription. Create an Azure subscription
    • This step sets the Log Analytics workspace we’ll use to store insights for devices in your organization. To use an existing workspace for Desktop Analytics, select it and Set as Desktop Analytics workspace. If you’re already using Windows Analytics, select that same workspace.
  • If you don’t see the workspace, you’d like to use with Desktop Analytics, check your subscription, Resource group and workspace permissions.
  • Select an Azure subscription.
  • Configure and enroll devices in SCCM to populate your workspace.
  • Keep your Commercial ID key handy; you may need it afterward when you configure Desktop Analytics in SCCM.
  • On the Last steps page, select Go to Desktop Analytics. The Azure portal shows the Desktop Analytics Home page.


Is SCCM Dead? Microsoft SCCM Intune Roadmap?

Common! I still get the same question. Is Intune going to take over SCCM? SCCM Dead? Check out the Video from the Brad Anderson Head of Microsoft Engineering teams of Microsoft Intune & Microsoft SCCM (System Center Configuration Manager).

No! SCCM is not dead. How do we Define – Die? EOL = End of Life? Yes, SCCM will definitely have an End of Life, but even Microsoft doesn’t know when that is going to be! It’s all about the investment of resources and money! Microsoft is still able to make money with SCCM + Intune integration.

Is SCCM Dying?

Updated News

@djammmer – After hearing more incidents of customer confusion, or incorrect messaging from #SCCM competitors… thought it would be a good time to rebroadcast this quote… 17 seconds!

Introduction – SCCM Dead?

NO! SCCM is not dead! Microsoft is NOT planning to reduce investments in SCCM development. SCCM development team in Redmond is developing the product with much more passion to help the SCCM customers.

SCCM Intune Roadmap is Explained

Nice to hear (again & again) from Brad Anderson that SCCM is not dead 🙂 You can take this as an official announcement from Microsoft corporate VP!

This is what Brad Anderson said “What’s your level of investments in ConfigMgr these days ..there are more people working on SCCM team today than there have been in a decade



As explained in the above video, SCCM & Intune co-existence and Co-Management are the future!


SCCM Folder RBAC Permission Setup Guide

In this video blog, we are going to learn about the new feature “set security scopes for folders (SCCM Folder RBAC Permission),” which got introduced in SCCM 1906 technical preview. I’m sure this feature will be there in the production version of as SCCM 1906.

I have a couple of others SCCM RBAC related posts, which will give you more details about an end to end SCCM RBAC implementation scenario. More information in the following post.

SCCM Folders are Securable Objects

Until now, SCCM admins are not able to control the visibility of SCCM folders from other admins. There was no option to hide folders from other admins. SCCM Folder RBAC Permission.

The SCCM folders will be visible in their console, but they won’t be able to see the objects (Applications, Packages, Collections, Task Sequences, etc.) inside the folders. This behavior was because of the objects inside the folder where securable objects.

SCCM Folder Permission
SCCM Folder Permission

This SCCM RBAC behavior created some confusion for the admins. Moreover, in some scenarios, admins started using wrong folders to place their associated applications or packages. Because the folders were not securable object, we cannot control the access of those folders anyone can put their applications packages or task sequences into wrong folders.

Microsoft is resolving this issue by making folders as a securable object. Now you can control the access of the folders within your administrators using set security scope option in essence Yum console. You can see more details in the below section of this post.

How to Control SCCM Folder Access Using set security scopes Option

SCCM 1906 onwards you can control the folder access within SCCM console. You can decide which admin should have access to which folder. As an example, in the above video, you can see, I have created folders depending on the location or offices. So, you can provide access to a particular folder if you have an admin from that specific office or site.

Remember you must create security scopes depending on the location as I have shown in the video. If you already have implemented SCCM RBAC, then security scopes should be in place already.

Steps to Implement SCCM Folder RBAC Permissions

SCCM Folder RBAC Permissions
SCCM Folder RBAC Permissions

The following steps will help you to set up permissions to SCCM folders (SCCM Folder RBAC).

  • In the SCCM console, right-click on a folder.
    • For example, right-click a folder under the Applications, Packages, Software Updates, Collections, or Task Sequences node.
  • Select Folder and click on Set Security Scopes option.
  • Choose the security scopes you want to apply then click OK.
  • OR If you’re already in the folder (applications, collections, Task Sequences folders), you can also click on Set Security Scopes in the ribbon.


Microsoft MVP Award 2019-2020 Video

Hope you have already listen to the video which is posted above. I received a mail yesterday from Microsoft MVP program to let me know I’m re-awarded as Microsoft MVP Award.

Related PostSCCM Intune Microsoft MVP Award 2019 – The Journey from 4000 to 3000 ?

[jetpack_subscription_form show_only_email_and_button=”true” custom_background_button_color=”undefined” custom_text_button_color=”undefined” submit_button_text=”Subscribe” submit_button_classes=”undefined” show_subscribers_total=”false” ]

Get in Touch – Get Updated about Technologies

Community Groups to Contribute & Learn

Facebook Groups

LinkedIn Groups

Telegram Group


SCCM Clear Application Content from Cache After Installing

Hello in this video post you are going to see and the new feature or new option which got introduced in SCCM 1906 technical preview. We will see more about “Clear Application Content from Cache After Installing.”


The new option “Clear Application Content from Cache After Installing” is very useful for OS deployment scenarios. In many scenarios yes, the SCCM client might have limited cache size so it will be challenging for most of most of the SCCM admins to manage the client cache.

What is the Advantage?

The new feature got introduced in SCCM 1906 technical preview version and I’m sure it will come to the production version of 1906 as well) is very useful in real-world scenarios.

With “Clear Application Content from Cache After Installing” option, you can clear in the application cache content from the client cache once the application is installed during the task sequence process. This this option is very helpful in many Windows 10 upgrade scenarios.

How to Use – Clear Application Content from Cache After Installing

So, let’s see how to enable this (Clear SCCM Cache content) option or how to use this option?

  • Right Click on the task sequence and click on Edit. (DO NOT DOUBLE CLICK ON Task Sequence – view is the default option when you double click)
  • Once the SCCM TS Editor window is opened with all the steps go to ADD menu and go to software and click on install application.
  • Select the option called clear application content from cache after installing (this option is at the bottom of the page)
  • Click OK to finish
SCCM TS - clear application content from cache after installing
SCCM TS – clear application content from cache after installing

NOTE! – Once you enable this option after the application installation that Task Sequence will make sure that application content is cleared or removed from the client cache. What do you think about this particular option which got added to SM 1906?


SCCM 1906 New Features Sneak Peek

In this video, you will see the sneak peek of most of the following list of features released in SCCM 1906 Technical Preview. My favorite among those is SCCM RBAC features for folders.

SCCM Client, Console, Build Version Numbers Details are available here.

List of SCCM 1906 TP New Features

The list of SCCM 1906 TP features is available in this release of the technical preview version.

  • ✔ Improvements to maintenance tasks
  • ✔ Additional options for SCCM third-party update catalogs
  • ✔ SCCM update database upgrade monitoring
  • ✔ Multiple pilot groups for co-management workloads
  • ✔ SCCM RBAC on Folders
  • ✔ Azure Active Directory group discovery Options
  • ✔ Remote control anywhere using Cloud Management Gateway
  • ✔ Improvements to CMPivot
  • ✔ Support for Windows Virtual Desktop
  • ✔ More frequent countdown notifications for restarts
  • ✔ SCCM Co-management auto-enrollment using Azure AD device token
  • ✔ SCCM Management Insights – Rule for NTLM fallback
  • ✔ SCCM Integrated MBAM Improvement

SCCM RBAC for Folders

SCCM 1906 technical preview version introduced new feature role based access for folders. The RBAViewer.exe is the tool which will help you to understand SCCM RBAC in a better way.

  • Collection Folders RBAC
  • Application Folders RBAC
  • Task Sequence Folders RBAC
SCCM 1906 - RBAC for Folders
SCCM 1906 – RBAC for Folders

Multiple Pilot Groups SCCM co-Management Workloads

You can now configure different pilot collections for each of the co-management workloads. Being able to use various pilot collections allows you to take a more granular approach when shifting workloads.

SCCM 1906 - Co-Management Pilot Groups
SCCM 1906 – Co-Management Pilot Groups

Management Insights Rule for NTLM Fallback

SCCM Management insights include a new rule that detects if you enabled the less secure NTLM authentication fallback method for the site: NTLM fallback is enabled. Network Access Account is the example for NTLM.

SCCM 1906 -  NTLM authentication
SCCM 1906 – NTLM authentication

Improvements Third-Party Software Update

SCCM 1906 released with one of the major improvement for SCCM Third-Party Software Updates. SCUP had options to select required categories from vendor catalog cab file. But, this feature was not available until the 1906 version of SCCM.

NOTE! – The latest third-party software update catalog version introduced in SCCM 1906 is TP is Version 3 (V3).

The following steps will help you to check out the new catalog (V3) feature.

  1. In the SCCM console, go to the Software Library workspace. Expand Software Updates and select the Third-Party Software Update Catalogs node.
  2. Select the catalog to subscribe and click Subscribe to Catalog in the ribbon.
  3. Choose your options on the Select Categories page:
    • Synchronize all update categories (default)
      • Synchronizes all updates in the third-party update catalog into SCCM.
    • Select categories for synchronization
      • Choose which categories and child categories to synchronize into SCCM
SCCM 1906 - Third-Party Software Update
SCCM 1906 – Third-Party Software Update

Edit SCCM Maintenance Tasks

There are changes in maintenance tasks viewer in the latest version of SCCM 1906 TP. I have a post with SQL query to find out SCCM maintenance tasks. No need to use this SQL query from SCCM 1906 TP onwards.

  1. In the Administration node, expand Site Configuration, then click on Sites.
  2. Select a site from your list, then click on the Maintenance Tasks tab in the detail panel.
  3. Right-click one of the maintenance tasks and select one of the following options:
    • Enable – Turn on the task.
    • Disable – Turn off the task.
    • Edit – Edit the task schedule or its properties.
SCCM 1906 - Maintenance Tasks
SCCM 1906 – Maintenance Tasks


Features in SCCM technical preview version 1906

SCCM Console Debugger – Show SCCM Object Details Option

SCCM console has many hidden debugging options. In the SCCM Console Debugger video tutorial post, you will see and learn more details about debugging options.

SCCM Console WMI Classes

Before going into SCCM console debug options and show object details option, you can learn more about SCCM WMI Classes related to Console and provider.

NOTE! – SCCM Console Debugger option called “Show Object Details” shall help to get the following WMI class details from SCCM console itself. More information about the right click option called Show Object Details in the video guide here.

  • The SMS_InstanceChangeNotification WMI class that notifies the SCCM admin console that an alert has changed its status.
  • The SMS_ObjectContainerItem contains information about an SCCM console folder item (Object details inside a particular folder in SCCM console etc…).
  • The SMS_ObjectContainerNode contains information for a given SCCM Console folder (folder details Folder Name etc..).
  • The SMS_ObjectContentExtraInfo & SMS_ObjectContentInfo contains the details about Application or Package Content Information and some extra information.

NOTE! – I don’t find the much difference between SMS_ObjectContentExtraInfo & SMS_ObjectContentInfo WMI classes.

  • The SMS_RoleInObjectType object helps to map a role and its associated object types.
  • The SMS_SearchFolder WMI class behaves the same as SMS_ObjectContainerNode is only used for search operations.

SCCM Console Connectivity

The following diagram will give you more details about SCCM architecture. Also, this diagram will provide the Details about SCCM Console -> SMS Provider – WMI – SCCM Site connectivity.

NOTE! – You can find more details about SCCM Console Connectivity and SCCM architecture details from here. More detailed SCCM architecture decision-making tips are available here.

SCCM Console Connection - SCCM Console Debugger
SCCM Console Connection – SCCM Console Debugger

How to Enable SCCM Console Debugger?

There is a hidden workspace called TOOLS in SCCM console, and that is referred SCCM Console Debugger in this post.

You can enable SCCM Tools workspace (SCCM Console Debugger) from the SCCM console shortcut file. The steps mentioned in the following link shall help you to allow the hidden Tools workspace visible in the console.

The following Step by Step Guide to Enable “Show Object Details” right-click option on all SCCM console objects >>>>


SCCM 1905 Awesomeness with Features

Microsoft released the latest version of SCCM 1905 technical preview version with a massive list of new features. As per Microsoft resources, this SCCM TP version is one of the top feature-rich releases.

SCCM 1906 Production version might have most of these below-listed features. If that is going to be accurate, then SCCM 1906 production release would be a real feast for SCCM customers.

SCCM 1905 – Full Version 5.00.8827.1000
SCCM 1905 – Client Version 5.00.8827.1000

SCCM 1905 List of Features

The Following list is the publicly available feature list from Microsoft team. I’m sure there are loads of improvements happened to SCCM product.

NumbersFeaturesSCCM Doc
1Improved control over WSUS MaintenanceLink
2Improvements to Configuration Manager consoleLink
3Configure the default maximum run time for software updatesLink
4Windows Defender Application Guard file trust criteriaLink
5Application groupsLink
6Task sequence as an app model deployment typeLink
7BitLocker managementLink
8Task sequence debuggerLink
9Delivery Optimization in client data sources dashboardLink
10Improvements to Community HubLink
11View SMBIOS GUID in device listsLink
12OneTrace log viewerLink
13Software Center infrastructure improvementsLink
14Improvements to Software Center tab customizationsLink
15Improvements to app approvalsLink
16Retry the install of pre-approved applicationsLink
17Install applications for a deviceLink
18More frequent countdown notifications for restartsLink
19Synchronize collection membership results to Azure Active Directory groupsLink
20Configure client cache minimum retention periodLink
21Improvements to OS deploymentLink
22Add a SQL AlwaysOn nodeLink

BitLocker Management Policy Sample

Following is the BitLocker Wizard information from SCCM 1905 preview build. More details available about SCCM BitLocker management in the following link.

General Information
• Name: Bitlocker Management Policy Test from SCCM
• Description:
• Component Configuration: Client Management Component not configured
• Component Configuration: Operating System Drive Component not configured
Setup Information
• Choose a drive encryption and cipher strength: Enabled
• Select the encryption method: AES 128-bit (default)
• Choose a drive encryption and cipher strength: Enabled
• Operating System Drives: XTS-AES 128-bit
• Fixed Data Drives: XTS-AES 128-bit
• Removable Data Drives: AES-CBC 128-bit


Setup SCCM Third-Party Patching Video Experience

In this video tutorial, you will see how to Setup SCCM Third-Party patching for an infrastructure. I have step by step blog post which explains the third-party patching setup in details. I would recommend reading that post to get detailed information on SCCM third-party software update setup.

#SCCMThirdPartyPatching #ThirdPartySoftwareUpdates #SCCMPatching #StepbyStepGuide #PatchingGuide

Setup SCCM Third-Party Patching

Third-party software updates allow you to subscribe to partner catalogs in the SCCM console and publish the updates to WSUS. You can then deploy these updates using the existing software update management process.

The following points are explained in the SCCM third-party updates setup video. The SCCM third-party patching feature is enabled only for SCCM 1806 or later.

  1. Prerequisites SCCM Third-Party Patching Setup
  2. Setup SCCM Third-Party Updates
  3. Enable Third-Party Software Updates
  4. Add Custom Catalog – Third-Party Software Updates Setup
  5. What is the difference between partner catalog and custom catalog
  6. How to Subscribe to a custom catalog
  7. How to Subscribe to a partner catalog
  8. How to Publish Third-Party software Update content
  9. How to use Third-party update certificates
  10. How to Troubleshoot Third-Party Software Updates Setup
  11. Learn to check Third-Party Software Updates Setup
  12. More and more details … in this video.

FAQ – Third-Party Patching Setup

I have conducted two hours on Facebook (1700 views) and YouTube Live online session on third-party patching with SCCM 1806 or later versions.

I have had many questions, and answers on the Facebook and YouTube live session. I would recommend checking those comments in SCCM Third-Party Patching Facebook Video post.

SCCM Live – SCCM – Third-Party Software Updates Setup – Step by Step Guide – Live

SCCM – Third-Party Software Updates Setup – Step by Step Guide – Live #SCCMLive #FreeTraining #SCCMSaturdays———————————————–Prerequisites Third-Party Software Updates SetupSetup Third-Party Software UpdatesEnable Third-Party Software UpdatesAdd Custom Catalog – Third-Party Software Updates SetupWhat is the difference between partner catalog and custom catalogHow to Subscribe to a custom catalogHow to Subscribe to a partner catalogHow to Publish Third-Party software Update contentHow to use Third-party update certificatesAnd How to Troubleshoot Third-Party Software Updates SetupLearn to check Third-Party Software Updates SetupMore and more details … in this videos.—————————————————————————–More Blog posts related to SCCM/Intune/Windows 10/Hyper-V/Cloud/IT Pro/Azure - SCCM Read Intune Read – Windows 10 Read – Hyper-V Read – About Cloud Read – about Azure Read – About IT Pros Events – about me – #ConfigMgr #SCCMVideos #SCCMTutorials #SCCMStudyVideos #SCCMFreeTraining #SCCMTraining #HowtoManageDevices———————————————————-

Posted by How to Manage Devices SCCM Intune on Saturday, April 13, 2019


Top 5 Awesome New Features of SCCM 1903

In this video post, you can uncut video of SCCM 1903 live upgrade demo and walk through of SCCM 1903 new features.

I spend almost 2 hours via Facebook Live (see the below section – it’s more clear video and live interaction with audience through chat) and YouTube Live to share the SCCM 1903 upgrade experience with SCCM Community.

SCCM 1903 Step by Step Upgrade Guide

Microsoft recently released SCCM Technical Preview version 1902. I shared the upgrade of SCCM 1903 upgrade live with SCCM community. And tries to answer the questions related to:

Recording of SCCM free training video is available in YouTube Channel and Facebook Page.

SCCM 1903 New Features Walk Through

Microsoft SCCM Product Group introduced Five (5) exciting new features with SCCM 1903 technical preview version.

  • Cloud services cost estimator
  • Use SCCM DP as a local cache server for Windows DO (Delivery Optimization)
  • Reclaim lock(SEDO) for editing SCCM Task Sequences
  • Drill through required updates
  • Improvement to SCCM Task Sequence media creation

SCCM Cloud Services Cost Estimator

In the SCCM console, you can navigate to the Monitoring workspace, and select the Cloud Management node. You would be able to see the Cloud Services Usage Estimation tool. This is one of the exciting SCCM 1903 new features.

The SCCM Cloud Sevices Usage Estimation tool is helpful to analyse the cost of your Azure subscription. The tool can be adjusted with the following variable values:

  • Clients enabled for client services
  • Client data consumption (per client/month)

The SCCM Cloud Sevices Usage Estimation tool shall provide the following output based on your above inputs on client servives and data consumption:

  • Total monthly cost estimate
  • Monthly cost per device

I would recommend reading the Microsoft documentation to have more details about SCCM Cloud Sevices Usage Estimation tool. ( The coolest
SCCM 1903 new features)

SCCM DP Windows DO (Delivery Optimization) Cache Server

Microsoft released another awesome feature to help modern Windows 10 management with peer to peer client cache solution. Now, you can use SCCM DP as Windows Delivery Optimization Cache Server.

I would recommend reading the following post Using Delivery Optimization In-Network Cache (DOINC) in SCCM TP 1903 by Johan Arwidmark. This post shall provide you in depth analysis of DO Cache Server and SCCM DP integration details.

Reclaim lock (SEDO) for editing SCCM Task Sequences

With SCCM 1903 or later, you can clear your lock on a task sequence. You don’t have to wait for 30 minutes to get this unlocked after the SCCM console crash.

If the SCCM console stops responding, you can be locked out of making further changes until the lock expires after 30 minutes. This lock is part of the SCCM SEDO (Serialized Editing of Distributed Objects) system. Another interesting SCCM 1903 new features.

I would recommend reading the Microsoft documentation to get more details on SEDO Task Sequence topic.

Drill through Required Updates

SCCM 1903 version comes with more granular drill through compliance statistics dashboard options. This drill down idea was one of the User voice item.

This drill down options will help to see which devices require a specific software update. To view the device list, you need permission to view updates and the collections the devices belong to.

Panu Saukko did a Tweet about new SCCM drill down software update compliance feature. The following picture is taken from his tweet. Thanks to Panu for the details of SCCM 1903 new features.

SCCM Task Sequence Media Creation

SCCM 1903 added ability to not include Autorun.inf when you build SCCM OSD Task Sequence boot media. This media creation update was also an idea from SCCM User voice item.

[Related PostSCCM OSD Task Sequence Steps by Step Ultimate Guide]

Facebook Live Video – SCCM 1903 Upgrade & New Features Walk Through

You can watch the SCCM 1903 Preview version Upgrade Video Facebook live video published in my Facebook page “How to Manage Devices“.

Another interesting SCCM 1903 new features are discussed in the following SCCM 1903 upgrade video.