Operationalize Lenovo devices in an Intune only environment

Operationalize Lenovo devices in an Intune only environment

Most environments I worked with 2-3 years back were all configuration manager. I see that picture changing constantly. When using Configuration Manager you are used to have rich data available and the data you do not have, you extend the MOF file and get your clients to upload what you need.
It is not as easy in the cloud or is it? I will try to give you a solution to how you would operationalize e.g. Lenovo devices using only cloud based technology.
If you are interested in having a nice way to show these data, then follow along!

Steps in this guide

  • Download necessary bits and bytes.
  • Ingest new ADMX template to Intune.
  • Assign Lenovo policies to devices.
  • Assign Lenovo Commercial Vantage application to devices.
  • Ingest data to log analytics
  • Create workbook to show data for hardware life cycle management and operational state of device.

Download bits and bytes

Go to Lenovo Commercial Vantage – Lenovo Support US and download Lenovo Commercial Vantage for Windows

Lenovo policies

Go to Devices – Microsoft Endpoint Manager admin center

If you unpack the source downloaded from Lenovo, this is what you get and where to find the GPO files

Import ADMX and ADML file found in the downloaded package from Lenovo

Wait for the ingestion to happen

You are good to go when this message appears

Go to Configuration Profiles Windows – Microsoft Endpoint Manager admin center

Create profile

Choose Windows 10 and later and Templates. There you will see the possibility to use the imported ADXM file.

Give it a good name

You see all your newly imported settings. To be able to get battery and warranty information’s we need a certain policy.

Write warranty information to WMI table – enabled

Accept EULA Automatically – enabled

Write battery information to WMI table – enabled

Create the policy

INFO:
Please be patient when you look for results. Intune only sync approximately every 8 hour.

On your device this will result in policies applying where we usually looked for applied group policies when using on-prem solutions.

Proceed to add the commercial vantage application to Intune and assign it to your devices.

Commercial Vantage as win32 app

Phil Jorgensen from Lenovo has provided a great blog how to do this here and therefore I will not cover this part, as I made the exact steps from his post and it just works!

Assign the package to your devices, it will automatically detect if your system is a Lenovo or not, as that was catered for in the detection of the Win32 package creation guide.

Ingest data to log analytics

Download this script from my GitHub and paste it into PowerShell ISE

Save the script to your desktop.

Go to Proactive Remediation in the Intune Portal

Depending how often you like to ingest data set the Schedule accordingly. Remember that it might have a cost if you ingest a lot of data to log analytics. It depends, but generally you will have 5GB data per subscription.

TIP
You can add a filter to your deployment to only allow the script to run on Lenovo hardware. The filter could look like this:
(device.manufacturer -eq “LENOVO”)

TIP
Proactive Remediation scripts can easily be read on an endpoint, why having secrets or sensitive data such as Workspace ID and Commercial ID can be a bad idea. To enhance this you can utilize a much more secure way to ingest data into log analytics created by the MSEndpointMgr team here

Once you have verified data in your log analytics workspace you are good to go to proceed making a nice shell for data exploring.

Create a workbook

Download the workbook file from here

Copy all of the workbooks content

Go to Portal.azure.com -> log analytics -> choose your log analytics workspace where your Lenovo logs are located.

Click done editing, save it and add a propper name to your workbook.

Now you know what happens on your devices in your environment, and you can make choices on a good basis of information.
Thanks to Lenovo, Philip Jorgensen and Damien for making some good ressources to read and play around with!

Happy deployment!

Ressources:

+ posts

Mattias Melkersen is a community driven and passionate modern workplace consultant with 20 years’ experience in automating software, driving adoption and technology change within the Enterprise. He lives in Denmark and works at Mindcore.

He is an Enterprise Mobility Intune MVP, Official Contributor in a LinkedIn group with 41.000 members and Microsoft 365 Enterprise Administrator Expert.

Mattias blogs, gives interview and creates a YouTube content on the channel "MSEndpointMgr" where he creates helpful content in the MEM area and interview MVP’s who showcase certain technology or topic.

Official Contributor here "Modern Endpoint Management":
https://www.linkedin.com/groups/8761296/

Table of Contents

Share this post
Search blog posts
Search
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.

Modern Workplace consultant and a Microsoft MVP in Windows and Devices.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & security specialist with focus on Microsoft 365.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.

follow us in feedly
Categories

Follow on SoMe