The 1606 release of System Center Configuration Manager (ConfigMgr) comes with a whole slew of new features, including a pre-release Microsoft Operations Management Suite (OMS) Connector feature. Learn about ConfigMgr 1606 here. The OMS connector will enable you to sync data such as your collections from ConfigMgr to OMS. Once the collection information is synced to OMS you can then subject any OMS agent-managed endpoint to some action, such as patching, by virtue of its membership in a collection. When you combine this capability with existing system update and other update information that exists in OMS, the practical and other applications are rather evident.
Note that because this is a pre-release feature it is meant for early pre-production testing, and is by no means production ready. Now that we’ve gotten those disclaimers out of the way, let’s have some fun with this.
This post assumes that you are on the 1606 release of ConfigMgr. Before setting up the OMS Connector in ConfigMgr, we have to complete the following tasks:
- Give your ConfigMgr 1606 site consent to use pre-release features and turn on feature
- Register ConfigMgr as a “Web Application and/or Web API” management tool
- Create a client key for the registered app in Azure AD
- Configure Azure AD application permissions to grant ConfigMgr access to OMS
Consent to Use Pre-Release Features
In order to work with the OMS Connector, you will need to give consent for your 1606 site to use this pre-release feature. Note that this feature will not be available for use until you complete this task.
- Navigate to the Administration workspace in your ConfigMgr console, expand Site Configuration and select Sites.
- Click on the Hierarchy Settings tab at the top of your screen
- In the resulting window, select the General tab, and read the disclaimer under the Consent to use Pre-Release features. Check the box, an click OK.
- Expand Cloud Services and Updates and Servicing.
- Select Features to display the list of features and right click to turn on the Pre-release-Microsoft Operations Management Suite (OMS) Connector.
- Select Yes to the message box prompt, and Confirm that the status for this Pre-release feature shows as On.
The OMS Connector option should now be visible under Cloud Services next time you open your ConfigMgr console.
Register ConfigMgr as a Web Application
- Sign in to Azure management portal.
- Scroll down on the resource menu and select Azure Active Directory.
- Select and click on your subscription.
- Select the Applications tab in the resulting window.
- Click the Add button at the bottom of the page and choose “Add an application my organization is developing.“
- In the resulting screen give your application a name, and select the “Web Application and/or web API” radio button and proceed on
- In the application properties screen, enter your sign-on URL and application ID URI. This doesn’t have to be a resolvable URL as users will not actually be authenticating to use this app. Click next to complete this task.
Create a Client Key for the Registered App
In the resulting window, once in your newly created app, click on the Configure tab
Take note of the Client ID and select the duration from the drop down under Keys for the key that will be used with ConfigMgr.
Grant the Application access to OMS
This will need to be done in the Azure Portal
- Sign in to the Azure Portal.
- Navigate to Resource groups and from the list select the resource group for your Log Analytics (OMS) workspace.
- Open the settings for the Resource group.
- select Users to open the users blade.
- On the users blade, select Add to open the Add access blade.
- On the Add access blade, click Select a role and select the Contributor role to open the Add Users blade..
Create Connection to OMS in ConfigMgr
Now creating the Azure AD application, and giving it requisite permissions to OMS. Configure the connection to OMS in ConfigMgr using the app credentials from the steps above.
- Open the ConfigMgr console, and navigate to Administration | Overview | Cloud Services | OMS Connector.
- Right-click OMS Connector and select Create connection to Operations Management Suite.
- Click Next on the General page
- On the Azure Active Directory Page, enter information for Tenant (Azure AD tenant), Client ID and Client Secret key (both of which you noted from steps above).
- click the verify button to verify your credentials, and click Next.On the OMS Connection Window the Azure subscription, Azure resource group, and Operations Management Suite Workspace fields should populate automatically, if not select right options from the respective drop downs.
- Select any device collections that you’d like OMS to get data for.Note: In the OMS Connection window your Azure information SHOULD automatically populate here. If you see blank drop downs, this is because the Application has not been properly granted access to the OMS workspace. Ensure that you’ve granted the Azure AD Application relevant permissions to the OMS workspace. You can do this by reviewing the role you selected and ensuring that the Azure AD App is a member of that role.
- Review the Summary and click Next to complete the task.
You will now see your OMS connector in ConfigMgr.
Viewing the ConfigMgr data in OMS.
Once the connector is created in ConfigMgr, import the ConfigMgr collection memberships into OMS
- Sign into the OMS workspace.
- From the overview page, navigate to Settings
- In the Settings Dashboard, click on the Computer Groups tab and select SCCM.
- Check the box to Import Configuration Manager Collection memberships.
The ConfigMgr collection data will then get sent to and indexed in the service, and you can now see your collection related data in OMS.
You can now glean insights from the indexed ConfigMgr collection data and perform actions against this data using the OMS query language. (A lot more on this in upcoming posts).
OMS queries will now show you some information for your indexed ConfigMgr collection data. For instance, I have a query-based collection of clients that are yet to be upgraded to release 1606. I can enumerate all of the clients that are yet to get the client upgrade by virtue of their membership in the ConfigMgr collection.
Type=ComputerGroup (GroupSource="SCCM") Group="Old Client Version" | measure count() by Computer
Much more on using OMS queries in later posts. Cheers!
Latest posts by Chiyo Odika (see all)
- Zero Trust and the Azure Firewall service - July 9, 2019
- Making the move to Azure Security Center and Azure Sentinel - July 9, 2019
- Azure Monitor Management solution for RDS, Windows VDI and Citrix - February 28, 2019