Configure OMS Connection to ConfigMgr — Step by Step

Chiyo OdikaAZURE, ConfigMgr, Microsoft Operations Management Suite, OMS2 Comments

The 1606 release of System Center Configuration Manager (ConfigMgr) comes with a whole slew of new features, including a pre-release Microsoft Operations Management Suite (OMS) Connector feature. Learn about ConfigMgr 1606 here. The OMS connector will enable you to sync data such as your collections from ConfigMgr to OMS. Once the collection information is synced to OMS you can then subject any OMS agent-managed endpoint to some action, such as patching, by virtue of its membership in a collection. When you combine this capability with existing system update and other update information that exists in OMS, the practical and other applications are rather evident.

Note that because this is a pre-release feature it is meant for early pre-production testing, and is by no means production ready. Now that we’ve gotten those disclaimers out of the way, let’s have some fun with this.

This post assumes that you are on the 1606 release of ConfigMgr. Before setting up the OMS Connector in ConfigMgr, we have to complete the following tasks:

  • Give your ConfigMgr 1606 site consent to use pre-release features and turn on feature
  • Register ConfigMgr as a “Web Application and/or Web API” management tool
  • Create a client key for the registered app in Azure AD
  • Configure Azure AD application permissions to grant ConfigMgr access to OMS

Consent to Use Pre-Release Features

In order to work with the OMS Connector, you will need to give consent for your 1606 site to use this pre-release feature. Note that this feature will not be available for use until you complete this task.

  1. Navigate to the Administration workspace in your ConfigMgr console, expand Site Configuration and select Sites.
  2. Click on the Hierarchy Settings tab at the top of your screen
  3. In the resulting window, select the General tab, and read the disclaimer under the Consent to use Pre-Release features. Check the box, an click OK.image
  4. Expand Cloud Services and Updates and Servicing.
  5. Select Features to display the list of features and right click to turn on the Pre-release-Microsoft Operations Management Suite (OMS) Connector.image
  6. Select Yes to the message box prompt, and Confirm that the status for this Pre-release feature shows as On.

The OMS Connector option should now be visible under Cloud Services next time you open your ConfigMgr console.

Register ConfigMgr as a Web Application

  1. Sign in to Azure management portal.
  2. Scroll down on the resource menu and select Azure Active Directory.
  3. Select and click on your subscription.
  4. Select the Applications tab in the resulting window.
  5. Click the Add button at the bottom of the page and choose “Add an application my organization is developing.image
  6. In the resulting screen give your application a name, and select the “Web Application and/or web API” radio button and proceed onimage
  7. In the application properties screen, enter your sign-on URL and application ID URI. This doesn’t have to be a resolvable URL as users will not actually be authenticating to use this app. Click next to complete this task.

image

 

Create a Client Key for the Registered App

In the resulting window, once in your newly created app, click on the Configure tab

image

Take note of the Client ID and select the duration from the drop down under Keys for the key that will be used with ConfigMgr.

Click Save, and note the key and validity period.
image

 

Grant the Application access to OMS
This will need to be done in the Azure Portal

  1. Sign in  to the Azure Portal.
  2. Navigate to Resource groups and from the list select the resource group for your Log Analytics (OMS) workspace.
  3. Open the settings for the Resource group.image
  4. select Users to open the users blade.
  5. On the users blade, select Add to open the Add access blade.
  6. On the Add access blade, click Select a role and select the Contributor role to open the Add Users blade..

image

 

Create Connection to OMS in ConfigMgr

Now creating the Azure AD application, and giving it requisite permissions to OMS. Configure the connection to OMS in ConfigMgr using the app credentials from the steps above.

  1. Open the ConfigMgr console, and navigate to Administration | Overview | Cloud Services | OMS Connector.
  2. Right-click OMS Connector and select Create connection to Operations Management Suite.
  3. Click Next on the General page
  4. On the Azure Active Directory Page, enter information for Tenant (Azure AD tenant), Client ID and Client Secret key (both of which you noted from steps above).
  5. click the verify button to verify your credentials, and click Next.imageOn the OMS Connection Window the Azure subscription, Azure resource group, and Operations Management Suite Workspace fields should populate automatically, if not select right options from the respective drop downs.
  6. Select any device collections that you’d like OMS to get data for.imageNote: In the OMS Connection window your Azure information SHOULD automatically populate here. If you see blank drop downs, this is because the Application has not been properly granted access to the OMS workspace. Ensure that you’ve granted the Azure AD Application relevant permissions to the OMS workspace. You can do this by reviewing the role you selected and ensuring that the Azure AD App is a member of that role.image
  7. Review the Summary and click Next to complete the task.

You will now see your OMS connector in ConfigMgr.

image

 

Viewing the ConfigMgr data in OMS.

Once the connector is created in ConfigMgr, import the ConfigMgr collection memberships into OMS

  1. Sign into the OMS workspace.
  2. From the overview page, navigate to Settings
  3. In the Settings Dashboard, click on the Computer Groups tab and select SCCM.
  4. Check the box to Import Configuration Manager Collection memberships.

The ConfigMgr collection data will then get sent to and indexed in the service, and you can now see your collection related data in OMS.

image

 

You can now glean insights from the indexed ConfigMgr collection data and perform actions against this data using the OMS query language. (A lot more on this in upcoming posts).

image

OMS queries will now show you some information for your indexed ConfigMgr collection data. For instance, I have a query-based collection of clients that are yet to be upgraded to release 1606. I can enumerate all of the clients that are yet to get the client upgrade by virtue of their membership in the ConfigMgr collection.

Much more on using OMS queries in later posts. Cheers!

The following two tabs change content below.
Chiyo's expertise spans multiple platforms. He holds Microsoft Private Cloud, and Server Infrastructure certifications, and avidly enjoys working on deployments of Microsoft's Server and Cloud Platforms, including Microsoft Systems Center, Windows Server, and Microsoft Azure.

Latest posts by Chiyo Odika (see all)

Chiyo OdikaConfigure OMS Connection to ConfigMgr — Step by Step
  • Christopher Rhoda

    In the step: Create Connection to OMS in ConfigMgr, I only get the Azure subscriptions line auto-populated. All others below (like resources) are blank. I’ve double checked user/role permissions. Any idea why?

    • Hi Christopher, if you’ve granted ConfigMgr the necessary access rights to OMS, ensure that you’ve entered the correct tenant, client ID and secret key information, as this is what ConfigMgr will use to locate and authenticate to your OMS workspace. Furthermore, provided all that information is correct, it should be able to informatin for your Log Analytics workspace(including workspace, and resource group information). Again, this likely comes back to permissions for ConfigMgr to connect to your OMS workspace. HTH