In my last post I detailed the process for deploying Upgrade Analytics and how to use SCCM to configure workstations to upload their telemetry data for processing in Upgrade Analytics.
Now we have this data available to us in Upgrade Analytics I am going to walk through the process of connecting SCCM to import the available Upgrade Analytics data back into the SCCM console. Doing so enables administrators to create SCCM collections based on the Upgrade Analytics data, and then in turn create deployments to remediate issues that have been identified with apps/drivers etc. that are currently blocking in-place upgrades of Windows 10 to the desired build.
Obviously a pre-requisite to following this guide is to have fully deployed Upgrade Analytics according to my previous blog post.
Create Azure AD Web Application
The first stage of connecting SCCM to our existing Upgrade Analytics instance is to create an Azure AD Web Application which will then, in turn, be used to grant SCCM read permissions to the instance.
Firstly, navigate to http://portal.azure.com and logon with your Azure AD credentials. Then navigate to the exiting Azure Active Directory instance and select ‘App registrations’.
Now click ‘New Application Registration’ and complete the details as below:
- Name – Free text but call this something easily identifiable
- Application Type – Select Web app / API
- Sign-on URL – Does not need to be a valid URL (as we won’t be redirecting users to this address), but must be in a valid URL format with http:// or https:// as a prefix
And click ‘Create’
The Application will then be created and the details presented in the console
Now click ‘Settings’ then ‘Keys’ to be prompted to create a new Key. Complete the name of a new key (maximum 16 characters) and select the length of duration for the key.
Important – At this stage you will now be presented with the key in the form of a 43 character text string. I have deliberately not screenshotted my key, but this is the only time you will be able to read the key so ensure you copy this key now and store in a secure manner. Also, note the Expiry date (although this can be retrieved later).
Also collect the Application ID and App ID URL from the key properties screen.
Grant the New Application permissions to Upgrade Analytics
Now we have successfully created our Azure AD application we need to grant to the required permissions so it can access the data stored in Upgrade Analytics.
To perform this, within the Azure Portal browse to Resource Groups and select the Resource Group that contains the Upgrade Analytics solution
Under ‘Add a role assignment’ select ‘Add’ and complete the presented screen as below, then click ‘Save’.
Note: It is required to assign the permissions at the Resource Group level as later in the process SCCM will need to create a
Configuring SCCM to connect to Upgrade Analytics
Now we have created our new Azure AD app and granted it the correct permissions we are ready to connect SCCM to Upgrade Analytics.
In the SCCM Console browse to Administration-Cloud Services-Azure Services.
Then right-click on ‘Azure Services’ and select ‘Configure Azure Services’. Complete the presented wizard as shown below.
Then ensure ‘AzurePublicCloud’ is selected and click ‘Import’
You will then need to complete the presented screen with all of the details listed below and click ‘Verify’
- Azure AD Tenant Name – Free text field but name it something easily identifiable
- Azure AD Tennant ID – This is the directory ID of your Azure AD instance. This can be found by browsing the properties screen of Azure AD
- Application Name – Free text field but name it something easily identifiable
- Client ID – This is the App ID previously obtained
- Secret Key – This is the Key previously obtained
- Secret Key Expiry – Ensure the same date is selected as the key expires
- APP ID URL – This is the previously collected value
Provided everything verifies successfully click ‘OK’ and then ‘Next’ in the wizard
Ensure that the correct Subscription, Resource Group and Windows Analytics workspace are selected and click ‘Next’
Review the settings and click ‘Next’
Once the wizard completes click ‘Close’. We can now see that the Upgrade Analytics Connecter is listed in Azure Services
Now if we switch to the Monitoring – Upgrade Readiness node in the SCCM console we can see the data is displayed
This completes the configuration of connecting SCCM to Upgrade Analytics