Insights: Intune

Avatar
Nerdio Support

Insights: Intune

Note: This feature is in beta.

Nerdio Manager Intune Insights is a comprehensive endpoint analytics tool that provides data-driven insights, allowing you to proactively address device performance issues, improve user experience, and optimize device configurations.

Note: In this preview release, Intune insights does not currently support Intune scoping functionality. All Intune devices and policies will be returned if Intune insights is enabled. This does not affect licence counts, and billing will occur based on the configured Intune integration scope.

Warning: There is a known issue w hen upgrading from Nerdio Manager v7.0 to v7.1 where you might encounter a 500 (Internal Server Error) when using Intune Insights. For a workaround, see Intune Insights error when upgrading from NME 7.0 to 7.1

Prerequisites

To use Intune insights, ensure the following prerequisites are met:

  • Intune is enabled in your environment.

  • Intune insights are enabled in your environment.

  • Intune insights thresholds are configured.

  • Enable port 443 outbound to https://graph.microsoft.com

For details, see UEM: Enable and configure Intune.

Minimum requirements

The minimum requirements for DB/App Service Plans are as follows:

No. of devices in Intune

App Service Plan

Azure SQL

Up to 20,000

Basic B3 - 4 vCPU, 7GB memory, 10GB storage

S1 (20 DTUs) + 5 GB Data max size

Up to 50,000

Premium v3 P2V3 - 4 vCPU, 8GB memory, 250GB storage

S2 (50 DTUs) + 10 GB Data max size

Up to 120,00 0

Premium v3 P2V3 - 4 vCPU, 8GB memory, 250GB storage

S4 (200 DTUs) + 10 GB Data max size

Port requirements

The following ports are required for Intune insights:

Endpoint

Purpose/Description

Port(s) and direction(s)

eidocentral.eido.cloud

Collects patch inventory from Eido central servers to compare against the list of patches on each device to allow missing patches to be highlighted.

443 out

graph.Microsoft.com

Eido’s connection to Intune. Pulls device inventory, managed apps, config policies, compliance policies and more.

443 out

*.repexpstorage.blob.core.windows.net

The Intune Report APIs we access make their data available as a zip via blob storage using dynamic subdomains of repexpstorage.blob.core.windows.net.

443 out

apigtwb2c.us.dell.com

Connects to Dells warranty APIs to check whether Dell devices have valid warranty.

443 out

profiler.monitor.azure.com

Allows App Insights to collect product error logs and performance insights (held within each Eido deployment, no “call home” functionality is included).

443 out

<region specific prefix>.in.applicationinsights.azure.com eg germanywestcentral-1.in.applicationinsights.azure.com

Allows App Insights to collect product error logs and performance insights (held within each Eido deployment, no call home functionality is included).

443 out

To enable Intune insights:

  1. Select from the following:

    • Classic UI: Navigate to Settings > Integrations, and from the Intune tile, navigate to Intune Insights, and select Disabled.

    • New UI: Navigate to Settings > Environment, and then select the Integrations tab. Navigate to the Intune section, select the arrow to expand the section, navigate to Intune Insights and select the Disabled toggle.

  2. In the Enable Intune Insights dialog box, expand the Customize resources section, and enter the following information:

    • App Service: Enter the details to create a new app service, or, from the drop-down, select an existing app service.

      Note: The following requirements are needed for an existing app service:

      • Type: web app

      • Runtime stack: .NET 8

      • Operating system: Windows

      • Basic authentication: Enabled (Settings > Configuration → SCM Basic Auth Publishing Credentials)

      • Identity: System assigned (Settings > Identity > System assigned)

      • Role assignments: Website contributor or Contributor on the Nerdio Manager service principal

    • App Service Plan: Enter the details to create a new app service plan, or, from the drop-down, select an existing app service plan.

    • Key Vault: Enter the details to create a new key vault, or, from the drop-down, select an existing key vault.

    • Application Insights: Enter the details to create a new applications insight, or, from the drop-down, select an existing application insights.

    • Log Analytics Workspace: Enter the details to create a new log analytics workspace, or, from the drop-down, select an existing log analytics workspace. This contains application insights data.

  3. In the Enable Intune Insights dialog box, expand the Customize resources names section.

  4. Enter names for each of the resources.

    Note: Resource names must be contain between 1 and 255 characters, contain alphanumeric characters, underscores and hyphens, and must be unique in the resource group. If an existing application insights is selected, the value of this field will be ignored.

  5. Expand the Microsoft Graph permissions will be assigned section to display the system-assigned managed identities that will be created for the app service.

  6. Expand the Microsoft Graph permissions will be assigned section to display the system-assigned managed identities that will be created for SQL Server.

  7. Optionally, expand the Customize resource tags.

  8. From the Tag group drop-down, select the tag group.

  9. Select Enable.

Intune insights is now deployed and enabled.

Note: It may talk several minutes to deploy and enable Intune insights. A Deployment in progress... message is displayed during deployment.

To disable Intune insights:

  1. Select from the following:

    • Classic UI: Navigate to Settings > Integrations, and from the Intune tile, navigate to Intune Insights, and select Enabled.

    • New UI: Navigate to Settings > Environment, and then select the Integrations tab. Navigate to the Intune section, select the arrow to expand the section, navigate to Intune Insights and select the Enabledtoggle.

  2. From the Disable Intune Insights dialog box, select the resources you want to deleted and then select Disable

Intune insights is now disabled.

Note: It may talk several minutes to disable Intune insights.

To view Intune insights:

  1. In Nerdio Manager, navigate to Insights > Intune.

    The default Dashboards tab is displayed.

  2. Navigate between the following tabs to view the corresponding insights:

Dashboards

The Dashboards tab provides environment-specific data through widgets. This allows you to quickly assess the status of your environment and identify issues.

You can create customized dashboards to display only the data you need.

Tip: Move widgets around the dashboard or resize them, as needed.

Default dashboard overview

The default dashboard is the starting point for displaying Intune insights. You can edit and customize widgets on the default dashboard, or create a new dashboard.

To create a new dashboard:

  1. In Nerdio Manager, navigate to Insights > Intune.

  2. On the Dashboards tab, in the upper-right corner, select New Dashboard.

  3. In the New Dashboard field, enter a name for the new dashboard.

  4. Perform the following actions:

    • To clear the dashboard, select Clear.

    • To move an existing widget, select and hold the widget, and then move it to a new location.

    • To delete a widget, in the widget's upper-right corner, select the trash can icon.

    • To add a new widget, select Add item, select the widget you wish to add, and then select Create.

  5. Select Save.

To edit a dashboard:

  1. On the Dashboards tab, in the upper-right corner, select Edit.

  2. Perform the following actions as needed:

    • To rename the dashboard, in the dashboard name field, edit the current name.

    • To clear the dashboard, select Clear.

    • To move an existing widget, select and hold the widget, and then move it to a new location.

    • To delete a widget, in the widget's upper-right corner, select the trash can icon.

    • To add a new widget, select Add item, select the widget you wish to add, and then select Create.

  3. Select Save.

Devices

The Devices tab provides information about the status of your Intune devices.

Available actions:

  • Filter: Filter devices based on the available filters, such as Device Status, Ownership, or Major OS.

    • You can also enter specific search terms in the Search box.

  • Drill down: Select any device row to drill down to more details.

  • Export: Select Export to export the data as a CSV file.

The results are displayed using a red (high), amber (medium), and green (healthy) (RAG) status. An unknown status is displayed in black.

The results include the following details:

  • User

  • Device

  • Last Intune sync

  • Compliance status

  • Configuration status

  • Managed app status

  • Patch status

To view device-specific information:

  1. On the Devices tab, select any data in the device row to view detailed information for that device.

    • Select the Last Sync, Compliance Status, Patch Status, and Warranty Status widgets to view details for those components.

  2. In the device details view, navigate the following tabs for deeper insights:

    • Details: The Details tab displays device properties, hardware details, and enrollment information, along with advanced properties. Mobile-only details are available in a separate section.

      Expand each section to analyze its details.

    • Patches: Displays the current status for the listed patches.

    • Compliance: Displays the current policy status.

    • Config Policies: Displays the current configuration policy status.

    • Managed Apps: Displays a list of Intune-managed apps installed on the device.

    • All Apps: Displays all applications installed on the device.

Patch status

The Patch Status tab displays patch status details for all devices, using a red, amber, and green (RAG) status to indicate whether a patch is up to date, overdue (medium or high), or unsupported.

Available actions:

  • Filter: Filter patches by their status, OS version, or the OS SKU.

    • You can also enter specific search terms in the Search box.

  • Drill down: Select any patch row to drill down to more details.

  • Export: Select Export to export the data as a CSV file.

Apps

The Apps tab displays all installed applications across all devices. It provides the number of versions for each app and the total number of installations.

Available actions:

  • Filter: Filter apps based on their metered status.

    • You can also enter specific search terms in the Search box.

  • Drill down: Select any app row to drill down to more details.

  • Export: Select Export to export the data as a CSV file.

OS health

The OS Health tab displays details related to the OS status, indicating whether the OS is supported. It also displays the end-of-life date for the listed OSs and the number of devices affected.

Available actions:

  • Filter: Filter the OS health data based on the support status and the OS name.

    • You can also enter specific search terms in the Search box.

  • Drill down: Select any OS row to drill down to more details.

  • Export: Select Export to export the data as a CSV file.

Certificates

The Certificates tab displays details related to certificates installed on devices.

Available actions:

  • Filter: Filter certificates based on the customer, certificate, and tenant.

    • You can also enter specific search terms in the Search box.

  • Drill down: Select any certificate row to drill down to more details.

  • Export: Select Export to export the data as a CSV file.

Trends

The Trends tab allows you to generate a report that displays device trends within your environment.

To run the Trends report:

  1. On the Trends tab, provide the following information:

    • Period: From the drop-down list, select Days or Months, and then enter the number of days or months to include in the report.

      For Months, additionally select the monthly data roll-up method:

      • Avg (average)

      • Min (minimum)

      • Max (maximum)

    • Show: Select the details you want to include.

    • Filters: Choose whether to exclude red or amber issues.

  2. Once configured, select Run Report.

Issues

The Issues tab allows you to view all current issues within your environment.

The issue information includes the issue severity indicated by the red, amber, and green (RAG) status, categorized as high, medium, or low.

Additionally, affected devices and their corresponding issue types are also presented.

Available actions:

  • Filter: Select Open or Resolved depending on what issues you want to view. Then, narrow down the issues list based on available filters, such as Severity, Issue Category, or Issue Type.

    • You can also enter specific search terms in the Search box.

  • Drill down: Select a severity box to view detailed information about an issue.

  • Export: Select Export to export the data as a CSV file.

Reports

The Reports tab provides the following built-in reports on Intune devices:

  • Warranty: Provides the devices' warranty status.

    Note: The Warranty report currently supports only Dell devices.

  • Inventory: Provides a list of devices.

  • Encryption: Provides the device encryption and TPM information.

  • Mobile: Provides details on mobile devices.

  • Battery: Provides the devices' battery health status.

  • Device Guard: Provides details on devices' virtualization-based security.

  • Disk: Provides details on devices' disk space and capacity.

  • Intune Cert: Provides details on Intune management certificate expiry.

To run a report:

  1. On the Reports tab, select the report you wish to run.

  2. In the Filter & Search pane, apply available filters to narrow down the report information.

    • You can also enter specific search terms in the Search box.

    The report results are displayed in the right pane.

  3. In the report view:

    • Select a device row to view detailed information about that device.

    • Select Export to export the data as a CSV file.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Related articles

Comments (0 comments)

Please sign in to leave a comment.