MNSCUG December 2018 Meeting Notes

Once again, many thanks to Andre Dupre for taking notes. Really nice job and very appreciated.

Keep your modern desktop current with Desktop Analytics

by Deepam Dubey

Why did Microsoft build Analytics?

Typically when enterprises adopt windows they'd spend years validating all of their apps + deployment planning time + actual deployment = very high effort. Then they stay on that OS for 5-7 years.

Microsoft wants to change it to smaller, more frequent, lower effort upgrades by reducing the cost of deployments of new versions of Windows.

Want to use Analytics to provide data to help you plan the deployment by helping you to focus only on critical apps/services. Also provides info back to Microsoft about problems.

Windows Analytics includes

  • Upgrade readiness
    • Identify devices ready to upgrade or show where blockers are
  • Update Compliance
    • Feature and quality updates, security updates, etc.
  • Device Health
    • How to reduce support costs by proactively identify top issues.
    • App crashing, BSOD, etc.

Key Learnings:

  • Customers don't manage the install base
    • You manage groups
  • Need to set the target OS differently for different groups
    • For example: some need to eval for 1709, some for 1703, etc.
  • Similar insights for Office migration - these are often done together so having a common strategy would be useful.
  • Guidance on how to operationalize the update rings
  • App and driver health feedback needs to plug into upgrade decision
  • Want deep integration with SCCM
  • Want low latency for certain critical insights
  • Data compliance and private cloud offerings

Desktop Analytics aiming for public preview in early 2019, but no hard date yet.

Benefits

  • Provides single pane of glass for all upgrade readiness insights (office and windows)
  • Allows for pilot ring creation
  • Better app and office macro insights (app health)
    • Toolkits available for deploy to help get more info from less used/unknown apps
  • Deep integration with SCCM

NOTE: The below is all pre-production. Some stuff may change.

Getting started:

  • Access the DA portal from the Device Management console

Onboarding

  • Requires Global Admin
  • Setup the workspace
  • Obtain the Commercial ID

Connect to CM

  • Use the commercial ID to tie together, should start data flow quickly/easily.

Requires E3 and above to use

Can setup workspace owners and contributors (RBAC)

When you first setup it will take a little while for the data to show up.

Connecting CM and DA

  • Add an Azure Service
  • Pick DA and give it a name (unique)
    • Only available in CM 1810+
  • Pick the collections that you want to sync to DA
  • You can pick telemetry settings (diagnostic settings), requires at least "Enhanced (limited)" at minimum
    • There is a table that describes what the different versions mean.
  • Done!

Mini Demo:

Home page of DA shows overview of total devices, % of Windows and office security and feature updates. Shows how many apps and office add-ins.

Deployment Plan

  • Think of this as a workflow to help you efficiently move from the current release to the next release.
  • You're on 1703 right now, want to go to 1809, so you create a Deployment Plan to target the devices.
  • Need to
    • Prep
      • you should go and specify which AppId's are your critical ones.
      • Identify pilot devices
        • Your CM collections will show up as selectable
      • Resolve any known issues with critical apps
    • Pilot
      • Deploy to pilot devices
      • Resolve any issues
      • Sign off on the pilot assets
    • Deploy
      • Once pilot is successful you move on to deploy to all devices.
    • You can have multiple deployment plans, doesn't all have to be one big one.
    • Within a Deployment Plan you will see all your devices, apps, office versions, add-ins, etc.

Prepare

  • Identify Importance
    • When preparing it recommends noteworthy apps from install base percentage.
      • You still need to go through and manually pick which are your critical apps, and sign off on them after issues are resolved.
      • Does give you insight on based on Compat data from the rest of the world.
      • Same applies for Office Add-ins
    • Identify Pilot
      • Based on the important apps you picked it will recommend pilot devices for your.
        • Concept: choose a minimum number of devices from the total population, which contain all the important/critical apps you pick
        • You can manage/create your own list of devices that you want to be included or excluded in every pilot
          • Example, you always want to include your early adopters devices
          • Example: you always want to exclude my Manufacturing and Exec computers.
        • Prepare pilot
          • Here you will be shows any expected issues. Resolve them now.

Pilot

  • Deploy status
    • Gives you status/overview and any error info on the upgrade
  • Prepare Production Deployment
    • Can review app crashes pre/post upgrade.
    • Sign off on apps

Deploy

  • Deployment Status
    • Same as above
  • Monitor Health
    • Continues to monitor the health of the Apps and devices.

Advanced App Analysis

Toolkit to help analyze custom Line of Business apps and helps you generate risk segmentation.

Toolkit can be deployed via SCCM. Runs automatically, user doesn't need to run

Uses predefined rules to identify risk factors like Java dependency or UAC violations, driver dependencies, silverlight, etc.

The risk factors shows up in the console

Readiness Toolkit for Office

Similar as Adv. App Analysis but for Office add-ins and macros.

SCCM

Think of DA as recipes (recommendations from insights) but SCCM is still the chef. The one executing.

You get a Deployment Plan node in CM console. Here you can create phased deployments based on these plans.

More coming in the future to make this a bit more seamless.

Converting from Windows Analytics

Continue using it for now if you're already there. They will have a path to transition.

Best way to prep for DA is to enroll in Windows Analytics now and upgrade CM to 1810 soon-ish.

Q&A

Q: If we're already using Analytics and we're not on E3, will Windows Analytics go away?

A: currently, no sunset plan. But expect it to do so at some future point.

Q: What part of DA requires E3?

A: you have to be on E3 or above subscription license.

Q: What about Device readiness/health info? That needed an E5, right?

A: You can't even onboard to DA without E3, but E3+ is all that is required for all of DA. These are no longer 3 distinct products.

Q (Brian): how many people plan to look at or use it? Is E3 a show stopper?

A: Almost everyone is planning to look or use. One person in Edu space is going through contract renegotiations doesn't currently have E3 at the moment.

Q: Will this impact Azure cost or log analytics (OMS)?

A: Log Analytics was free for Windows Analytics, this will continue for DA as well. No additional Azure cost.

Q: Is this in 1810 right? I don't see it available in my 1810 CB

A: Its still in preview for select customers so you don't see it yet.

Additional questions can be sent to Deepam. Would love to get feedback to the team. Slides should be posted.

Elections

VP and President

VP helps to put the meetings together (work with sponsors, speakers, MVPs, etc.). It is a time commitment 5-6 hours per month. President is here to help make sure VP is doing their job.

Kyle W. volunteers to run as VP

Matthew T. volunteers to run as President

  • Wants to help ensure that sponsors and speakers are lined up
  • Make sure we've got good food available
  • Would like to engage or increase community

People who want to get involved but are unsure or worried it would be too much there are plenty of people who are also helping out - you're not alone. If anyone wants to help out in other ways please do volunteer, we can probably find something for you to do.

Vote for Kyle as VP - passes!

Vote for Matthew as P - hesitation… (laughter) - passes!

Round Table Discussion

Moving to COLO

We're moving "everything" to a Colo but they want to separate out content (told space is the constraint). Primary site will end up at colo only holding content for servers. DP/MP back in old data center holding content for workstation clients. What's a good way to go about this, any concerns?

Will need a remote content library in order to separate out the content because even if the content's path is a different server the Primary Site will copy over all the data so it can then distribute it to the DPs. Group did have concerns about traffic across WAN and how everything would flow.

USMT Error

Brady D with Medtronic - USMT to do data migrations during OSD. Hitting a max character path error (error code 123). For example, one that failed the path was 270 characters long with filename that is 120 characters long.

Does the entire thing fail? No, we've got it set to continue. But they have a goal for 100% data migration. Reason for 100% has been given as "various legal reasons" so they have to do it.

One recommendation was to run full wim backup (groans from room). Had to do that for Dept of Health, also for legal/retention reasons.

Could create script to parse log file output, look for path of failure, truncate and then move it over outside of USMT.

Best case solution - find out if you need it, especially if the problem is random files in Box Sync or OneDrive local cache - do they really really need that? Really?

Java end of support

Oracle no longer offering free updates of java after 2018.

There are updates available form OpenJDK for free but they aren't supported.

You can pay for license/support in order to get updates.

Probably good time just to yank it if your users don't need it. Put into motion plan to sunset it.

Parallels got bought by Corel

Not sure what this might mean for the future of Parallels.

Question from President

Is 3:30 too early?

Not for most. Good time for more questions.

Should we do more round tables, maybe use the earlier time for that?

Sure!

Bios Management

Anyone else using the Modern Bios Management from Mike Terrill?

A few - Brady made a PowerShell module for it.

Brady has been volunteered to present on this next January.

Another user uses the Dell Command suite to tell the machine to go direct to the internet and update.

Really good since there's now support for BitLocker

Image Factory MDT for Server/Desktop WIM Servicing

Fully automated… except now its taking a long time - might be servicing stack updates.

What about offline servicing and then just using a thin imaging?

Nothing wrong with doing that…

Recommend starting with base release from VLSC, then apply latest SSU then latest CU then latest dynamic.

Don't use the in-console servicing. Just script the DISM commands.

VMWare, exploring Hyper-V

Anyone else using shared storage on the back with very large data requirements (100's of TBs). Anyone done a large scale migration to shared storage in Hyper-V, maybe up to a petabyte? MVPs Nystrom and Hosking have.

Merging 2 CM Ecosystems

A is on 1806, B is on 1802

Should we merge or rebuild new?

Wells merged with another and decided to just build new. There's a great benefit to build new since you really get to define all the new rules, don't have to carry over any junk.

3rd Party Patching

What else are others using?

Lotta love for Patch My PC. Support is real good/responsive.

They're coming out with a solution for people who will be paying or Java.

One recommendation not to use the in-console 3rd party servicing tools quite yet. Not quite great yet.

Anyone successfully made modifications to MDT?

…nope. Sorry.

Gary dumped MDT… its going fine in Lab for now. They don't use it other than to get variables in TS. There is a way to collect those variables without needing to run gather steps if that's all you use it for.

Gary's blog post on going MDT free https://garytown.com/so-long-mdt-native-cm-for-me

CCM Exec Service not Stopping

Client stuck in Stop Pending state. Uses up all the memory, client can't do anything. Only 2-3% of clients.

Client upgrade may have failed?

Brian had similar - opened case with Microsoft.

Could it be WMI corruption or someone who likes to push scripts that willy nilly modify WMI.

Restarting and reinstalling client works.

  • Created on .
Copyright © 2019 - The Minnesota System Center User Group