Hi everyone, the Microsoft 365 Apps Rangers would like to share some tips & tricks with you on our latest set of features released to the Apps Admin Center. No idea what we’re talking about? Take a minute and review the Road map to modern management for Microsoft 365 Apps. This article will highlight how you can benefit from these new features (Apps health, Inventory, Servicing Profiles and Monthly Enterprise Channel). Takes just 5 minutes!

When you enable the new inventory feature (preview) and start getting insights across all the Microsoft 365 Apps installed and connected to your tenant, you might run into scenarios where some devices do not appear in the portal. Below you will find the two most common root causes for devices not showing up in inventory and steps on how you can resolve them:

• The device is running a version of Microsoft 365 Apps that does not support inventory.
• The device cannot connect to the Apps Admin Center due to a failure retrieving the Tenant Association Key.

This post will walk you through the steps to identify and fix these issues. We will do our best to update and expand this post as issues are identified.

Step 1 - Identify devices that are running an outdated build of the Microsoft 365 Apps

First things first: we need to check if your devices are running a version of the Microsoft 365 Apps that supports the new features in Apps Admin Center. This is a prerequisite for onboarding devices to the new service. The Microsoft 365 Apps need to be running version 2008 (16.0.13127.21064) or higher. Here are the steps:

• If you are running Microsoft Endpoint Configuration Manager, implement dynamic collections to identify which channels are actually in use.
• Then implement a dynamic collection to identify devices which are running releases older than version 2008.
• The first set of dynamic collections will show you which channels are in use within your environment. Deploy the latest update to the collection containing devices running releases older than version 2008.
• Trigger a Software Updates Deployment Evaluation Cycle for all contained devices. They will only download the deltas for their matching channel.
• Monitor progress. To speed things up, trigger the following actions:
  • Machine Policy Retrieval & Evaluation Cycle
  • Software Updates Scan Cycle
  • Hardware Inventory Cycle
• If you find some devices are not moving, review the ConfigMgr agent. Consider repairing the ConfigMgr agent and/or verifying that the devices can access their update source.

When this step is completed, all devices should be running on version 2008 or newer. Within a few hours they should start registering with the new service and appearing in inventory.

Step 2 - Identify devices that have not onboarded with Apps Admin Center

The next step is to identify devices that meet the minimum app version requirement, but failed at one of the following stages:

• Making the initial connection to the Apps Admin Center by fetching and storing the Tenant Association Key used to connect to the service.
• Collect and upload the initial inventory.

The net result of both issues is that the devices are not visible in the Apps Admin Center.

The Ranger team has crafted a configuration baseline for Microsoft Endpoint Configuration Manager to help automate the detection and remediation of these issues. The content is provided AS-IS and is hosted on GitHub for your reference. To leverage the baseline, proceed as follows:

• Download and import the baseline.
• Deploy the baseline to your devices with remediation turned off.

• Run a report on the baseline results to review how many devices are impacted. You can use the built-in report: Summary compliance by configuration items for a configuration baseline.

• To remediate non-compliant devices with a missing Tenant Association Key, update the configuration item with your tenant’s unique key. Note: Do not generate a new Tenant Association Key in the Apps Admin Center, just copy and insert the existing one.
• Enable remediation for your baseline deployment and verify if devices start to appear in inventory.

The remediation script will stamp the Tenant Association Key into the registry, which acts as a token to make the connection to your tenant. This will mitigate any issues which are rooted in the device’s inability to fetch the key for itself.

With the next launch of an Office application, the onboarding process should kick off and the device should become visible in inventory within the next few hours.

Feedback

We value your feedback as you use the Apps Admin Center and if you wish, you can use the feedback tool in Apps Admin Center to provide feedback directly to the team working on the different features. Optionally you can also add your email address to the feedback, so the team can get in contact with you.

Wrap-up

At the time of writing this post, the Apps Admin Center features (Apps health, inventory, and Servicing Profiles) are in Public Preview, so things might change over time. We will try to keep this post as current as possible. We are happy to answer any questions or take your feedback in the comments below.

The Ranger team is a small team of die-hard experts when it comes to deploying, servicing and managing Microsoft 365 Apps. The above guidance is based on our experience working during the Preview phase with the new products and is provided as-is.

In addition to this information, we have an Ignite session available for viewing that walks through the device onboarding process in greater detail. For more information about this session and our other content check out aka.ms/IgniteAACLinks.

Change Log:

• 03/03 - Initial Release