After we have looked at the three categories of Device Management, Application Management and Endpoint Security, this blog will follow with the Reporting section of MEM. Thanks to everyone who read the preceding blogs and gave me feedback. But it’s not over with very powerful and helpful features in MEM. Also in the reporting section you will find features that can make your daily work easier as an administrator and with which you can greatly increase the user experience. With Endpoint Analytics there is a very powerful feature which is continuously developed and improved. But let’s take a closer look at it below.
More blogs from this series:
- Part 1 – Devices
- Part 2 – Applications
- Part 3 – Endpoint Security
- Part 4 – Reports – this blog
- Part 5 – User and Groups
Let’s have a look at the reporting options
The reporting options of MEM can be found in the menu on the left side under the heading “Reports”.
Not all reports that Intune offers are grouped under this section. There are also reports that are located directly in the categories Device, Applications and Endpoint Security.
Overview
In this welcome screen you get a short overview of what to expect in the report category. Here you will find a short description of the different report types (Organizational reports, Trends reports, Advanced reports).
Device compliance
This report gives you an overview of the device compliance across all operating systems. It also shows the status of devices managed by Config Manager. Additionally there are 2 more reports in the report menu (“Device compliance” and “Device compliance Trent”).
Device compliance: Listing of all devices with the option to filter on compliance status, OS and ownership.
Device compliance Trent: History chat how the compliance status of the devices has changed over time.
Device configuration
Overview of all configuration policies and their status on how many devices they were successfully applied to and on how many devices there was an error or conflict. Under the Reports menu there is also the extended Profile configuration status report. Here you can filter on OS and Profile Type. Also here you have the possibility to export the report.
Group policy analytics
In my first blog in this series, I discussed the Group Policy analytics feature. How to upload a group policy report to get suggestions for mdm policies. In this report you can see a summary of the ready for migration and non supported policies. Via the group policy migration readiness report in the reports menu you can see the individual objects and you have the possibility to filter on migration readiness, profile type and CSP name.
Windows updates
This report provides a summary of your update profiles / update rings. You can see how the status of the policies are in your environment and on how many devices this worked or on how many there was an error. Under Reports you find again extended reports. In this option it is the Windows Feature Update Report and the Windows Expedited Update Report. In these reports you can select an update profile and you get an exact evaluation per device. This is once for feature and once for expedited updates. It is possible to filter on the status and on the ownership of the devices.
Cloud attached devices
This report brings transparency to the status of your devices that are eligible for co-management. Co Managed devices are devices that have a Config Manager agent installed and are also managed via Intune. A workload management determines which configurations come from where.
On the start page you get an overview of how many devices are ready for co-management and what is still missing on the other devices. You can see what is running via Intune and what is running via Config Manager. This data is reported via the Config Manager connected to Intune.
In the Reports menu you will find the Co-Management Eligibility and the Co-Managed Workloads Report. Here again you get a device listing to the information that can be seen on the home page with extensive filtering options.
Microsoft Defender Antivirus
This report gives you an overview of the Windows Defender Antivirus status of the devices. You can see how many devices have no problem and on how many devices e.g. a scan is pending.
In the report menu you can find the following reports:
Antivirus agent status: List of all devices with the status e.g. was a threat found on the device, which defender version is installed, are there other problems or is everything ok. Here you can also filter by status and export the results.
Detected malware: Overview of the detections that Windows defender has made on the devices. You get the name, the category of the malware and the severity e.g. here. Here you can filter on severity and execution state.
Firewall
This menu does not contain a summary on the stating page like the others. Here there is only the MDM Firewall status for Windows 10 and later report. This gives you an overview if the firewall on the devices is enabled, disabled, temporarily disabled or limited. You can also filter by this status.
Endpoint analytics
Endpoint analytics is a very powerful feature that microsoft introduced in 2020. We get to see new features and enhancements here on a regular basis. For example, it was announced that we can expect a Windows 11 readiness report soon. I would now like to go into the reports / features of endpoint analytics.
Overview
High level overview of the complete landscape. Here you get an Endpoint analytics score
in which all data are included and where you can see the current state of your landscape at a glance.
You also get the score broken down into the different categories Startup performance, Recommended software, Application reliability and Work from anywhere. Through Insights and recommendations
you get suggestions about possible optimization needs or automatic evaluations.
Settings
In the settings you can first see if EA is enabled for Intune and/or Config Manager devices. Secondly, you can see if the Consent to share data conditions have been accepted. In the Baseline section you can set a baseline for the Endpoint Analytics score.
Startup performance
In this report you get a lot of information about the boot behavior of your devices. You can see how much time is spent in which booting step and which process consumes how much time of it. Here you can group on models to see which ones take the longest time to boot. Furthermore you get information what are the reasons for a restart. E.g. an update installation or would the restart be triggered by a user.
Proactive remediations
Probably the most important feature in the report category is the proactive remediation feature. With proactive remediation you can detect problems through detection scripts and fix them directly through remediation actions. These scripts can be executed once or time triggered. You can also use these scripts only for reporting to query certain values on the client.
Recommended software
Here you can get suggestions on how to improve the performance of your devices, e.g. by switching to Windows 10.
Application reliability
With application reliability you can detect app crashes. You can see how often which app is installed and how often the app crashes. Here you can see the differences between the different Windows versions. You can also group here on models.
Work from anywhere
With this report you get a work from anywhere score. This score describes how well prepared you are for the remote working scenario. You have here a reporting of Windows (Which version is installed), Cloud identity (Are the devices joined in the AAD), Cloud management
(Are the devices managed with Intune), Cloud provisioning (Are the devices enrolled via Autopilot). So you get more or less the information that you can see in the recommend software report here again in detail.
Data warehouse
In this menu you get an OData url to access the Intune data warehouse. You can access this warehouse e.g. with Power BI and create reports, analyses and dashboards. This offers infinite possibilities to work with the existing data and combine it with other data sources.
Diagnostic settings
Here you can configure that audit logs, operational logs, device compliance data or device information are stored in a log analytics or other data storage.
Log analytics
Here, the Log Analytics workspace can be accessed and via KQL queries various custom reports can be created.
Workbooks
In this area, workbooks can be built on the basis of Log Analytics. Here, various KQL queries with diagrams and charts can be compiled on one screen.
Thank you for reading the penultimate blog in this series. In the next blog we will take a look at all the other features that Intune has in addition. I would be happy if you share this blog if you liked it.
We hear us in the next part of this series.
Until then:
Stay healthy, Cheers
Jannik
Modern Device Management 
[…] Part 4 – Reports […]
LikeLike
[…] Part 4 – Reports […]
LikeLike
[…] Part 4 – Reports […]
LikeLike
[…] Part 4 – Reports […]
LikeLike