Patch My PC Advanced Insights

by | Aug 10, 2023 | Blog

In the years that you have had Microsoft Configuration Manager deployed in your environment, it has built up a vast database of compliance and inventory across a wide range of your devices. This data is useful to technical and management teams, but is often only accessible to Configuration Manager administrators, mostly because the interfaces to the data are complex and unwieldy.

A second frustration with the Configuration Manager dataset is that the inventory profile hasn’t kept pace with the features of the modern operating system, so we are missing out on reporting on features such as battery health, disk health, monitor configuration, and many more classes.

Finally, there are external data sources available, which can greatly enhance the data held in Configuration Manager building on security, warranty, and support information to further leverage the dataset we have constructed.

Patch My PC Advanced Insights addresses each of these areas and makes this data available across platforms, requiring only a web browser, no need to have the ConfigMgr Console installed, and is accessible on desktops, mobile, and tablets. The interface performs greatly better than the native SQL Reporting Services solution and provides a more fluid experience for the user.

Our approach to making the data in Configuration Manager more useful and accessible in your organization uses modern web technologies to provide an attractive, intuitive, and accessible portal to all ConfigMgr disciplines. We build high-level dashboard views of data such as software update compliance to provide at-a-glance information about the entire update landscape with all components of the dashboard being clickable to drill through for more data.

The dashboards are actionable, with the integration of ConfigMgr console actions, remote control, and collection modifications available in the portal. And we build on the native ConfigMgr dataset with our custom Patch My PC WMI Provider to enhance inventory and compliance. Useful OS properties including battery and SSD health, user-based applications, monitor configuration, certificate status, user rights, and more, make Advanced Insights the optimal interface for Configuration Manager.

Finally, we enhance the Configuration Manager dataset through integration with APIs from Microsoft Security Research Center, NIST, Dell, Lenovo, and several APIs we have developed in-house to provide support and security data constructed on the native dataset.

Let’s look at each of these areas in a bit more detail.

Data Presentation and Useability

Here is a quick scenario where Configuration Manager native data presentation makes the admin’s job more difficult. I want a report of all laptops with 8GB RAM or less. In Configuration Manager, there’s no in-built concept of a laptop, so the first thing I might do is create a Collection of All Laptops, I need to use the “Chassis Types” property with a query that includes something like this:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM_ENCLOSURE on SMS_G_System_SYSTEM_ENCLOSURE.ResourceID = SMS_R_System.ResourceId where  SMS_G_System_SYSTEM_ENCLOSURE.ChassisTypes in ( “8”, “9”, “10”, “14” )

ChassisTypes 8, 9, 10, and 14 are Portable, Laptop, Notebook, and Sub Notebook, respectively.

I can then use this Collection to filter my reports. Or so you’d think… In the Reports node of the ConfigMgr console the Hardware – Memory folder contains five reports, The “Computers with low memory (less than or equal to specified MB)” report looks like a good candidate for my requirement.

Computers with low memory

Unfortunately, there’s no collection filter here. Once exported I could exclude servers easily using the Operating System Name, but I’ve got no way of separating laptops and desktops. The report also does nothing to help me identify the user or model of the devices.

Advanced Insights will present us with a more graphical, intuitive route to this data via the Resources dashboard. We can filter the charts on this page by collection, pivot the charts to show memory, manufacturer, disk space, etc., and export the filtered dataset, which includes all of the properties I need to identify the user, make, model, and configuration of a laptop client.

Presenting the Configuration Manager data in this way is one example of how making the data more accessible enables better and wider use of the data in your organization.

Advanced Insights Memory Reporting

Extended Inventory

Configuration Manager has not kept up to date with some useful properties from the modern operating system. Advanced Insights custom WMI Provider adds new properties to the inventory schema and then presents the data generated alongside the default properties from Configuration Manager.

The Advanced Insights property schema is growing all the time and currently includes:

  • Battery Health

  • Disk Health

  • Monitor Configuration

  • User Installed Applications

  • Update compliance for Microsoft Update

  • Driver details from Microsoft Update

We’ll look at the monitor data as that is a great example of where Advanced Insights adds value to the ConfigMgr dataset, presenting a useful interface for the support team. Configuration Manager knows little natively about the user’s display devices. It has some video card information and it knows some basic information about monitors. If a user needs a monitor or cable replaced or is just having difficulties with screen configuration, it is useful to be able to see what they are seeing. Advanced Insights will provide this view.

The Displays dashboard shows me all devices and their connected displays, the details of model, manufacturer, and connectivity, and the physical layout of the devices as viewed from the user’s perspective.

Advanced Insights Extended Inventory - Monitors

Enhanced Data

We can build on the data held in Configuration Manager through integration with external APIs. These provide us with support, warranty, and security information. For example, the Advanced Insights Threat Analytics page takes required update information for the Microsoft and Patch My PC Catalogs and then presents that data combined with CVE information from the Microsoft Security Research Center, NIST, and RedHat security APIs. This allows us to view the security posture of the environment from an updates perspective and rapidly ascertain where the biggest risks lie and how we should work to remediate them.

Advanced Insights Threat Analysis

Advanced Insights also enables us to act against vulnerable machines to invoke update deployment tasks, invoke a restart, etc.

Advanced Insights Device View Actions

Summary

Patch My PC Advanced Insights builds on your Configuration Manager investment to deliver an attractive, intuitive, responsive interface for support teams, managers, and analysts across your organization. Advanced Insights extends Configuration Manager into new areas to improve support, asset management, and security.

View Full SCUP Catalog