Microsoft Endpoint Analytics Overview

Salaam, Namaste, Ola and Hello!

It has been a while since I did a blog due to focusing on YouTube content so I had a small list of topics I wanted to write about whilst I have a bit of a break! The first topic is Endpoint Analytics and this is a service I recently demoed for a client who was looking for a way to monitor their existing EUC estate that was using Microsoft Endpoint Manager to manage devices.

In this blog I will coer the following topics?

• What is Endpoint Analytics?

• Requirements

• Features

• What benefits does it give organizations?

• Video Demo of the service

What is Endpoint Analytics?

Microsoft Endpoint Analytics is the monitoring service used by Microsoft Endpoint Manager which enables organizations to obtain granular and detailed data on their Windows 10 EUC estate. It is also part of the Microsoft Productivity score, (https://docs.microsoft.com/en-us/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide) which provides metrics, insights and recommended actions you can take to utilize Microsoft 365 more efficiently.

The insights you obtain from the reports in Endpoint Analytics allow administrators to understand how the users in the business are working as well as the how Windows 10 is behaving. This in turn enables you to understand information on the quality of the experience the business is giving to its end users without getting direct feedback from the users themselves.

Endpoint Analytics focuses on the following main features that we will discuss later in this post:

• Startup Performance

• Proactive remediations

• Recommended Software

• Application Reliability (Preview)

• Work from Anywhere (Preview)

At the time of this blog, both ‘Application Reliability’ and ‘Work from Anywhere’ are in preview.

Requirements

There are prerequisite requirements that need to be met from a licensing perspective, when enrolling devices via Intune and via Configuration Manager, proactive remediation scripting requirements, and permission requirements.

• Licensing Requirements: You require a valid license for devices that are enrolled into Endpoint Analytics which is essentially anything that has an Intune subscription. These include Microsoft 365 Business Premium, Microsoft 365 E3 & E5. For Proactive remediation’s, any of the following licenses (or any subscription that includes them) is required: Windows 10 Enterprise E3 or E5 (which are included in Microsoft F3, E3, or E5), Windows 10 Education A3 or A5 (which is included in Microsoft 365 A3 or A5) and Windows 10 Virtual Desktop Access (VDA) per users.

• Requirements when enrolling devices via Intune: Windows 10 Pro, Pro education, Enterprise or Education are only supported and it must be version 1903 or later. The Windows 10 device has to be either Azure AD Joined or Hybrid AD joined. You need to ensure you have clear connectivity to the Microsoft public cloud and finally Intune Service Administrator role is required to start information gathering (but we will go into more detail around permissions shortly)

• Requirements when enrolling devices via Configuration Manager: The minimum version of Configuration Manager to enroll devices is 2002 with KB4560496 or later. You are also required to configure Microsoft Endpoint Manager tenant attach to be enabled (https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/device-sync-actions) and finally you need to ensure you enable Endpoint Analytics for devices that are uploaded to Microsoft Endpoint Manager (https://docs.microsoft.com/en-us/mem/analytics/enroll-configmgr#bkmk_cm_upload).

• Proactive Remediation Scripting Requirements: To start with, devices must either be Azure AD joined or hybrid AD joined meet the following criteria: Be managed by Intune and have either Windows 10 Enterprise, Pro, or Education, or be co-managed running Windows 10 version 1093 or later.

• Permission Requirements: For Endpoint Analytics permissions the following is required: An appropriate role under the Endpoint Analytics, Organization or School Administrator categories. Read permission under the Help Desk Operator, or Endpoint Security Manager Intune roles and finally Reports Reader Azure AD role (https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#reports-reader). To utilize Proactive Remediation’s you need to grant the appropriate role that comes under the Device Configurations category.

A few more final requirements you need to be aware of is making sure that if you do any type of proxy in between your devices and Endpoint Analytics that you ensure the following URLs are accessible:

• https://graph.windows.net
• https://*.manage.microsoft.com
• https://*.events.data.microsoft.com

There also needs to be a minimum of 10 x Windows 10 devices enrolled into Intune (Azure AD joined or Co-managed/Hybrid joined) in your tenant before Endpoint Analytics will start to collect data, and it will take up to 72 hours (from experience) for the tenant to report on what it has found.

Features

As mentioned earlier in the post has 5 main features that we will now discuss in more detail –

Startup Performance: This section of Endpoint Analytics is broken down into the following areas:

• Startup Score: This is a weighted average of the core boot score and core sign-in score. In this section the core boot phase includes group policy processing (computer GPOs) and the time it takes to get to the sign-in screen. The core sign-in phase includes group policy processing (user GPOs), the average time between sign-in and when the desktop renders and the average time between when the desktop renders and when CPU usage falls below 50%.

• Model Performance: This section shows a comparison of startup and restart times for all the different device make and models in your Microsoft 365 tenant. You will only see device models that have at least 10 devices of the same type associated with your tenant (for example you need at least 10 Microsoft Surface Pro devices before it will show in this tab)

• Device Performance: This section allows you to have an overview of all device that are enrolled into your tenant. You can click on an individual device to then dig deeper and get further insights into its behavior.

Proactive Remediation’s: In this section you have the ability to create and run script packages that will proactively fix the top support issues in the tenant. By default you have two scripts in this section – Restart stopped Office C2R svc and Update stale Group policies. You can the status of the script as well as the number of device that had issues found by the script and devices where no issues were found by the script.

Recommended software: In this section you can review the ‘Software adoption score’ for your tenant. The score is made up of 4 categories:

• Windows 10: This is the percentage of devices that are running Windows 10

• Cloud identity: This metric is the percentage of devices that are registered with Azure AD

• Cloud Management: This metric is the percentage of devices that are enrolled into Intune

• Windows Autopilot: this shows the percentage of devices that are enrolled using Autopilot.

Application Reliability: This feature is one of two which are still in preview and is broken down into three sub-sections –

• App reliability score
• App Performance
• Model Performance

Work from anywhere: This section is also in preview and shows how prepared your tenant is to enable users to work form anywhere. It is broken down into four sub-sections:

• Overview: This gives an overall view of your tenant and shows an average score. The average score is calculated from four areas: Windows 10, Cloud identity, Cloud Management and Cloud Provisioning.

• Windows 10: This section shows you devices that are evaluated in the Windows 10 metric. Here you can see the device name, how the device is managed (co-managed or Intune) as well as the Windows and OS versions.

• Cloud Identity: This section shows devices that are either hybrid Azure AD or Azure AD joined ad evaluates them with the cloud identity metric.

• Cloud Management: This section shows devices that are managed by Configuration Manager and Intune as well as co-managed devices and evaluates them with the Cloud management metric.

What benefits does it give an organization?

Endpoint Analytics gives organizations a granular view on how its EUC Windows 10 estate is performing which in turn give them insight into what the user experience is. It gives you access to information about login times and performance without having to look through millions of events which can be hugely time consuming.

This service allows organizations to test how windows updates will affect pilot groups and mitigate risk to users and Windows 10 devices. You can proactively fix potential issues before they occur and quickly report on trends to predict problems before they occur.

The main aim of the Endpoint Analytics service is to improve productivity or users and minimize IT admin overhead. It does this by enabling organization’s to have greater insights into the end user experience and Windows 10 device performance. This in-turn enables them to improve end-user experience with the proactive support approach I mentioned earlier.

Demo Video

The following video is a short walk-through the Microsoft Endpoint Analytics which will show all the features we have discussed in more detail.

I hope you enjoyed this blog and video and that you find it useful. Please feel free to comment on the blog or video as feedback and questions are always appreciated. Do not forget to subscribe to my YouTube channel – https://youtube.com/iamitgeek