Monday, 20 July 2020

Management Insights Preview - Optimize for remote workers

Microsoft Endpoint Configuration Manager has a feature called Management Insights.  This feature is located in the Administrators node and it allows you to gain some understanding into your site's configuration, or aspects of your site's configuration, that may need some attention.  It divides the management into groups which Microsoft consider useful for proactively auditing your site.  The 2007 preview evaluation installation of Microsoft Endpoint Configuration Manager contains the following Insight groups.

Group
Description
Applications
Insights for application management
Cloud Services
Insights to Modernize Configuration Manager so that it integrates with cloud based technologies.
Collections
Insights into managing a healthy population of collections
Configuration Manager Assessment
Insights into settings that may need looking into such as Active Directory discovery intervals.
MacOS and Unix
Insights for MacOS and Unix clients
Operating System Deployment
Insights into Provisioning, for instance determine task sequences that are too large
Optimize for remote workers
Insights into the configuration aspects that affect your mobile workforce
Proactive Maintenance
Insights into how to keep ahead of potential issues, for instance boundary groups with no members
Security
Insights into possible areas where your site is insecure
Simplified Management
Insights into common management concerns such as clients running older versions of the Configuration Manager Client
Software Center
Insights into managing Software Center
Software Updates
Insights for software management updates.

There does not appear to be any option to create your own groups or insights, nor to customize those that currently exist.  In short Microsoft has presented a reporting and action facility that might represent something a consultant would be asked to do - conduct an audit and present areas of action that need attention.

At the time of writing the world is struggling with the Covid-19 pandemic and we are seeing many people now working from home.  Managing those users properly has never been so crucial and so in the 2006 preview version of Configuration Manager Microsoft has implemented the Optimize for Remote Workers Insight group.  In this article I run the Show Insights action to determine which action I might need to take for my installation of Configuration Manager Technical Preview 2007.

In the 2005 CM preview edition Microsoft introduced the VPN Boundary type.  Previously the administrator would have to enter in a subnet based boundary for their VPN users.  Using the VPN boundary simplifies administration of remote users because the IP address based boundary is no longer required.  In my lab I have configured a VPN boundary accepting all the defaults as can be seen.





So let us begin and see how Management Insights might help us view and modify our CM site so that we can be sure it is configured to effectively manage our systems.

We open the CM Admin console and navigate to Administration\Overview\Management Insights.  You are presented with a dashboard with some interesting charts and statistics in respect to your groups and actions that are recommended, optional, critical or completed.  You might like to tick or un-tick the boxes in the top ribbon to gain an insight into each category.




If we scroll down a bit we see a number of Actions Needed against each group.  In this case we can see there are a number of Actions needed: and specifically for this article there is an action for the Optimize for remove workers group.


We can see here that our recommended action is to define a VPN boundary group.  Let's look a bit closer at the needed action.

We now navigate to Administration\Overview\Management Insights\All Insights.  We right click on the Optimize for remote workers group and select Show Insights.




We can then see that we are required to put our VPN Boundary into a VPN Boundary Group.



We can then right click on the Action and select More Details.



The Rule Detail informs us we should Create and Configure a VPN boundary and associate it to a Boundary Group.  This makes sense because we cannot assign a system,  such as a management point, to a boundary.  We need to assign the required site systems to the Boundary Group and then assign the Boundary Group to the Boundary.

And conveniently if we click on the Review Actions button we are then taken to the Boundary Groups section in the Administration blade.


I then click on the Create Boundary Group option in the ribbon.



I enter in the VPN Boundary group name and add my VPN boundary.




I can then click on References and add my site system.


I click on OK and Apply




Once the Boundary Group is created we can then right click on it and select properties.  If we then click on the Options tab we see that the Allow peer downloads in this boundary group option is deselected.  In addition the Prefer cloud based sources over on-premise sources option is selected.  These are the default options and they do make sense given this is a VPN based boundary group.


Now having added the VPN boundary to a VPN boundary group we can then navigate back to Administration\Overview\Management Insights\All Insights\Optimize for remote workers.  If we Right click on the Define VPN boundary group action and select Re-evaluation - the action should then change to Competed.

To monitor and troubleshoot this you can view the sms_dataengine.log file.



It did become apparent that the preview edition I am running is not 100 percent perfect because it did take a while for the action update to complete - even though the log stated no insight rules needed evaluating.  Well this is a technical preview edition so little glitches like this surely are to be expected.  Nevertheless we got there in the end as can be seen.




I hope you enjoyed reading this article.


























No comments:

Post a Comment

Deploy Windows 11 with MDT - Supported

 Introduction The Microsoft Deployment Toolkit (MDT)  has been used by many companies for the provisioning of operating systems.  It does ha...