Windows Analytics

This is the first in a series of blogs about Windows Analytics. This blog will give an overview of what Windows Analytics does, it’s benefits and how it works.
This was configured using a MSDN Azure subscription with a test Windows 10 Client and a couple of test Azure Virtual Machines.

What is Windows Analytics? Windows Analytics is an Azure Cloud based service that analyses gathered data from Endpoints to provide “Insights” that are displayed using Dashboards.
An “Insight” is the output or result of the data analysed. Windows Analytics primary focus is to provide data-driven insights for Windows 10 Clients / Windows 2016 Servers which will be referenced Endpoints.
Windows Analytics is based on the Windows Telemetry Service that gathers data from Endpoints and then uses solutions in Microsoft Operations Management Suite (OMS) to perform actions on that data. Log Analytics is the central Azure management role that collects the Windows Telemetry data from a variety of sources and combined with a rich query language provides three Powerful analytical solutions:

– Upgrade Readiness – Collects computer, application and driver data for Endpoints (including Windows 8.1 and Windows 7 SP1 operating systems) identifying issues that may impact an organisations Windows 10 upgrade/deployment plan. In addition, it will suggest fixes or remediation actions some of which can be automated.

– Update Compliance – This provides an at-glance view of an organisations Windows Update and Windows Defender Antivirus status for Windows 10 devices. It shows gaps in critical update coverage and administrators can drill-down to specific issues, it also provides trend analysis of the data.

– Device Health – This helps an organisation proactively monitor the health of a Windows 10 workstation/laptops and Windows 2016 servers. This also provides suggested fixes for issues and remediation actions.

Benefits of Windows Analytics
– No additional cost beyond normal windows licenses and an Azure subscription
– Helps organisations plan for a windows 10 upgrade or deployment identifying compatibility issues
– Data provided is analysed by Microsoft and helps improve product features
– An organisation is provided with a comprehensive inventory of Windows 10 environment proactively identifying and remediating top end-user impacting issues
– Can integrate with existing device management infrastructure such as Group Policy / SCCM / Intune
– Data Privacy as data is hosted in secure Microsoft data centers linked to your tenant

How does it work?
– A customer is set up with their own Analytics Azure Storage area during the sign-up process.
– A diagnostic data management service in Azure (Windows Telemetry Service) receives diagnostic data from the clients.
– A daily snapshot of this data is copied to the organisations own Analytics Azure Storage
– Log Analytics processes the diagnostics and presents the data-driven Insights via the OMS Workspace Portal.
– Administrators can view, configure and control the reported data via the OMS Workspace Portal

How to set it up? To get started all you need is a registered Microsoft account or workplace Azure AD account?
1. Login to https://www.microsoft.com/en-us/cloud-platform/operations-management-suite with your Microsoft or Workplace Azure AD account
2. Select Create an OMS Workspace, it will prompt you for a few basic details such as Workspace Name, your name, email etc.
3. Link the workspace to your Azure subscription or create a new one.
4. Go to the solutions gallery in your workspace and select a solution and subscribe to it. e.g. Upgrade readiness, Update Compliance or Device Health.

This will get you an OMS workspace ready to start collecting data, the next step is to get your endpoint communicating with Azure windows telemetry service
Before the clients/servers are configured some Microsoft, endpoint whitelisting is required on Firewall/proxy servers used to communicate out to the internet. (In an enterprise environment)

To enable the Endpoint Windows Telemetry service on clients/ servers you need to enable the service via a script using your OMS “Commercial ID”. A “Commercial ID” is a unique identifier for the OMS workspace for your organisation and is displayed in the OMS workspace settings page in the portal. The steps to configure the “Commercial ID” for Windows 10 / Windows Server 2016 will be discussed in a later blog.
Once the service is enabled on Endpoints data will take around 24/48 Hrs to appear in the OMS Portal.
With only a few Endpoints configured the dashboards looked very empty therefore, I turned on a demo mode. The demo mode imports live demo data into the OMS solution from Microsoft.
This provided fully populated views that could be used to see how Insights are displayed and examples of issues to remediate.

Below are some examples of dashboards presented:-

Watch out for future blogs which will explain and show how to configure the individual solutions in more depth.

About the author