Most environments I worked with 2-3 years back were all configuration manager. I see that picture changing constantly. When using Configuration Manager you are used to have rich data available and the data you do not have, you extend the MOF file and get your clients to upload what you need.
It is not as easy in the cloud or is it? I will try to give you a solution to how you would operationalize e.g. Lenovo devices using only cloud based technology.
If you are interested in having a nice way to show these data, then follow along!
Steps in this guide
- Download necessary bits and bytes.
- Ingest new ADMX template to Intune.
- Assign Lenovo policies to devices.
- Assign Lenovo Commercial Vantage application to devices.
- Ingest data to log analytics
- Create workbook to show data for hardware life cycle management and operational state of device.
Download bits and bytes
Go to Lenovo Commercial Vantage – Lenovo Support US and download Lenovo Commercial Vantage for Windows
Lenovo policies
Go to Devices – Microsoft Endpoint Manager admin center
If you unpack the source downloaded from Lenovo, this is what you get and where to find the GPO files
Import ADMX and ADML file found in the downloaded package from Lenovo
Wait for the ingestion to happen
You are good to go when this message appears
Go to Configuration Profiles Windows – Microsoft Endpoint Manager admin center
Create profile
Choose Windows 10 and later and Templates. There you will see the possibility to use the imported ADXM file.
Give it a good name
You see all your newly imported settings. To be able to get battery and warranty information’s we need a certain policy.
Write warranty information to WMI table – enabled
Accept EULA Automatically – enabled
Write battery information to WMI table – enabled
Create the policy
INFO:
Please be patient when you look for results. Intune only sync approximately every 8 hour.
On your device this will result in policies applying where we usually looked for applied group policies when using on-prem solutions.
Proceed to add the commercial vantage application to Intune and assign it to your devices.
Commercial Vantage as win32 app
Phil Jorgensen from Lenovo has provided a great blog how to do this here and therefore I will not cover this part, as I made the exact steps from his post and it just works!
Assign the package to your devices, it will automatically detect if your system is a Lenovo or not, as that was catered for in the detection of the Win32 package creation guide.
Ingest data to log analytics
Download this script from my GitHub and paste it into PowerShell ISE
Save the script to your desktop.
Go to Proactive Remediation in the Intune Portal
Depending how often you like to ingest data set the Schedule accordingly. Remember that it might have a cost if you ingest a lot of data to log analytics. It depends, but generally you will have 5GB data per subscription.
TIP
You can add a filter to your deployment to only allow the script to run on Lenovo hardware. The filter could look like this:
(device.manufacturer -eq “LENOVO”)
TIP
Proactive Remediation scripts can easily be read on an endpoint, why having secrets or sensitive data such as Workspace ID and Commercial ID can be a bad idea. To enhance this you can utilize a much more secure way to ingest data into log analytics created by the MSEndpointMgr team here
Once you have verified data in your log analytics workspace you are good to go to proceed making a nice shell for data exploring.
Create a workbook
Download the workbook file from here
Copy all of the workbooks content
Go to Portal.azure.com -> log analytics -> choose your log analytics workspace where your Lenovo logs are located.
Click done editing, save it and add a propper name to your workbook.
Now you know what happens on your devices in your environment, and you can make choices on a good basis of information.
Thanks to Lenovo, Philip Jorgensen and Damien for making some good ressources to read and play around with!
Happy deployment!
