MEM - Endpoint Analytics Setup Operation and Troubleshooting

Hi IT Pros,

Microsoft has just released Endpoint Manager – Endpoint Analytics. It is a cool feature, addressing service desk long time need to monitor and identify the devices which have delay sign-in time and performance issue even before Users make the support calls for help.

I have collected all the information related to setup, operation, troubleshooting of Endpoint Analytics and created this blog article for your reference.

Let’s review and enjoy our new EA feature exploration.

It is common for end users to experience long boot times or other disruptions. These disruptions can be due to a combination of:

• Legacy hardware
• Software configurations that are not optimized for end-user experience.
• Issues caused by configuration changes and updates.

Endpoint analytics, which was released on September 22^nd, 2020, aims to improve user productivity and reduce IT support costs by providing insights into the user experience.

• provides insights to help you understand your devices’ reboot and sign-in times so you can optimize your users’ journey from power on to productivity.  
• helps you proactively remediate common support issues before your users become aware of them and so, reduces the number before your users do.
• allows you to track the progress of enabling your devices to get corporate configuration data from the cloud, making it easier for employees to work from home.

Endpoint Analytics structure

 

• Endpoint Analytics currently focuses on three areas:
  • Start up performance:
    •  Get end-users from power-on to productivity quickly by identifying and eliminating lengthy boot and sign in delays. 
    •     Leverage the startup performance score and a benchmark to compare to other organizations,
    •     Recommended actions to improve startup times. 
  • Proactive remediation scripting:
    • Use built-in scripts for common issues or author your own.
  • Recommended software:
    • Recommendation for optimizing OS and Microsoft software versions.

 

• Prerequisites

You can enroll devices via Configuration Manager or Microsoft Intune.

• To enroll devices via Intune requires:
  • Intune enrolled or co-managed devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Enterprise, or Windows 10 Education.
    • Windows 10 Pro versions 1903 and 1909 required KB4577062.
    • Windows 10 Pro versions 2004 and 20H2 required KB4577063.
  • Windows 10 devices must be Azure AD joined or hybrid Azure AD joined.
  • Telemetry (Diagtrack) service is enabled on Endpoint
  • The Intune Service Administrator role is required to start gathering data.

You can enroll devices via Configuration Manager or Microsoft Intune.

• To enroll devices via SCCM Co-Management:
  •  A minimum of Configuration Manager version 2002 with KB4560496 - Update rollup for Microsoft Endpoint Configuration Manager version 2002 or later
  •  The Configuration Manager clients upgraded to version 2002 (including KB4560496) or later
• Licensing Prerequisites
  • Endpoint analytics is included in the following plans:
  • Enterprise Mobility + Security E3 or higher
  • Microsoft 365 Enterprise E3 or higher.
• Unsupported Windows 10
  • Windows 10 Home
  • Windows 10 long-term servicing channel  (LTSC)
  • BYOD, Azure registered devices (Workspace joined device)
• Firewall URL requirement for SCCM Site System Server
  • https://graph.windows.net
  • https://*.manage.microsoft.com             
• Firewall URL requirement for Intune-managed devices
  • https://*.events.data.microsoft.com

To Enable endpoint analytics

• Navigate to https://endpoint.Microsoft.com,
• Click reports (blade),
• choose Endpoint Analytics
• Click the start button

 

• Configure Intune data collection policy

Click on link as shown:

 

 

Enable Endpoint Analytics in SCCM Console\Cloud Services\Co-Management

\Configure upload

 

• Sign in and Confirm change to Cloud Service Endpoint Manager.

             

• SCCM Client Setting\Computer Agent

Enable Endpoint Analytics data collection:   Yes

             

• Check result in Endpoint Analytics\Settings

 

Set baseline to observe progress made in a period.

Baseline management

• You can compare your current scores and sub scores to others by setting a baseline.
• There is a built-in baseline for All organizations (median), which allows you to compare your scores to a typical enterprise.
•  There is a limit of 100 baselines per tenant.

• Your current metrics will be flagged red and show as regressed if they fall below the current baseline in your reports.
• set a regression threshold, the defaults to 10%. With this threshold, metrics are only flagged as regressed if they have regressed by more than 10%.

         

Endpoint Analytics Overview

• Review the “Insights and recommendations” about devices with slow boot time as shown.

• Review the “Insights and recommendations” about devices with slow GPO processing time.

 

Endpoint Analytics Startup performance

• After Devices are enrolled, the next reboot will be evaluated and scored.         
• Compare boot time based on HDD or SSD disk type.

• Compare boot time based on models and device types.

• Sorted by Group Policy boot time to find the worst device:
  • On the problem devices you need to run gpresult /h X:\temp\filename.htm to find out which GPO cause the delay time problem related to those devices, also check if there is any failed policy:             
  •  Causes of delay when device is applying GPO could be one of the following:

                    - If the Apply Group Policy permission is not set, but the Read permission is, the GPO is                             still inspected (although not applied) by any user or computer that is in the OU                                       hierarchy where the GPO is linked.

                       This inspection process increases logon time slightly for each GPO with read access still                           set after removal of the Apply Group Policy permission. 

                       Solution: remove unassigned group from Delegation (permission) tab

 

 

- Use WMI filters primarily for exception management only. WMI filters are evaluated every time Group Policy is processed, make sure WMI query time is fast, it increases startup and logon time

  Solution: Limit use of WMI filter and make WMI query run efficiently.

 

- Broken Policy link result in failed applying policy process with timeout delay.

 

- Corruption of  Sysvol\domain policies could cause big delay and need to be fixed on DFS replication end. The example of policies in Sysvol of a Domain Controller:

Solution: Fixing DFS replication for domain policies.

• In Startup processes tab, sorting by Median delay (seconds) to find the worst delay process and number of affected devices.

 

Endpoint Analytics Proactive Remediation

•   Proactive remediations are script packages that can detect and fix common support issues on a user's device.
• Use Proactive remediations to help increase your User experience score.
• You can create your own script package or deploy one of the downloaded script packages.
• Each script package consists of a detection script, a remediation script, and metadata.
• Microsoft is actively developing new script packages and would like to know about your experiences when you were using them.

There are 2 built-in script packages:

You could create your own script package which includes detection script and remediation script, it is similar to SCCM Configuration Item with Compliance rule and SCCM Baseline Remediation, script example shown in the image:

The example results of Proactive remediation script running, is shown in the following image:

  

 

Endpoint Analytics Recommended Software

The infrastructure software recommended for the whole corporation environment such as Windows 10, Azure Active Directory, Cloud Management, …

• The Software adoption score is a number between 0 and 100. The score represents a weighted average of the percentage of devices that have deployed with recommended software.
• Windows 10 score: the percent of devices on Windows 10 versus an older version of Windows.
• Autopilot score:     the percent of Windows 10 devices that are registered for Autopilot
• Azure Active Directory:   the percent of devices enrolled in Azure AD
• Cloud Management:        the percentage of PCs that have attached to the Microsoft 365 cloud

Endpoint Analytics new feature - Application Reliability:

Application reliability provide the important information about applications' s performance, how many crash times of each application during the last 14 days, mean time to failure and reliability score (the higher number is better). The feature also provide information about application usage and the number of devices with the installed application.

Endpoint Analytics Troubleshooting

• Troubleshooting device enrollment and startup performance
  •  The overview page shows a startup performance score of zero with a banner showing it is waiting for data,
  •  Device performance tab shows fewer devices than you expect.

    Solution:

• Ensure devices meet the prerequisites:

Prerequisites for Intune managed devices

Prerequisites for Configuration Manager managed devices

Prerequisites for Proactive remediations

• Check configuration as per KB https://docs.microsoft.com/en-us/mem/analytics/troubleshoot#bkmk_enrollment_tshooter
• For SCCM devices, check the logs: SensorManagedProvider.log, SensorEndpoint.log, UXAnalyticsUploadWorker.log

             check Resultant client settings if there is an overriding client setting and endpoint analytics is disabled.

• Update Stale Group Policies script return with error 0x87D00321?

0x87D00321 is a script execution timeout error. This error typically occurs with machines that are connected remotely. A potential mitigation might be to only deploy to a dynamic collection of machines that have internal network connectivity.

• Hardware inventory for devices may fail to process after enabling endpoint analytics.

        Errors in the Dataldr.log file:

        Begin transaction: Machine=<machine>

 *** [23000][2627][Microsoft][SQL Server Native Client 11.0][SQL Server]Violation of PRIMARY KEY constraint 'BROWSER_USAGE_HIST_PK'. Cannot insert duplicate key in object 'dbo.BROWSER_USAGE_HIST'. The duplicate key value is (XXXX, Y). : dbo.dBROWSER_USAGE_DATA

ERROR - SQL Error in

ERROR - is NOT retyrable.

Rollback transaction: XXXX

Mitigation: Disable the collection of the Browser Usage (SMS_BrowerUsage) hardware inventory class. This class is not currently leveraged by Endpoint analytics.

• Script requirements for Proactive remediations

If the option Enforce script signature check is enabled in the Settings page of creating a script package, then make sure that the scripts are encoded in UTF-8 not UTF-8 BOM.

• Error code -2016281112 (Remediation failed)
  • There is a known issue where customers may see profile assignment errors, where affected devices show an error code of -2016281112 (Remediation failed). Microsoft is working on this.
  • More info: https://docs.microsoft.com/en-us/mem/analytics/troubleshoot#bkmk_enrollment_tshooter

More Features will be added to Endpoint Analytics soon

This release is just the beginning. Microsoft will be rapidly rolling out new insights for other key user-experiences soon after the initial release. 

___________________

Reference

• https://docs.microsoft.com/en-us/mem/analytics/overview
• https://docs.microsoft.com/en-us/mem/analytics/enroll-intune
• https://docs.microsoft.com/en-us/mem/analytics/enroll-configmgr
• https://docs.microsoft.com/en-us/mem/analytics/proactive-remediations
• https://docs.microsoft.com/en-us/mem/analytics/troubleshoot#bkmk_enrollment_tshooter
• Endpoint Analytics Demo Video https://youtu.be/9XZSe138HQo?t=1391

 

Disclaimer

The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.