Creating Report Subscriptions

Small followup post to the report i released yesterday

The reason i released that particular report is that i saw a discussion somewhere (Reddit or the winadmins slack) on that people outside the Configmgr team never use reports or any other means of staying updated on how well the clients are managed.
I can understand that for a sysadmin/manager that don't work with Configmgr on a daily basis the wall of reports with vague names can be confusing and hard to use.

Half of the solution to this is creating custom reports that are easy to use and read, the other part of the solution is subscriptions. I don't expect that the users them self are going to find the relevant reports and setup subscriptions ,I create the subscription for them.

We have 18-19 sites that have their own local IT-staff ,they get the "Collection Summary" report for their site(Collection) by email every Monday. I also have  a few other reports that i send out on a regular basis.
Some of them are just lists of things that are broken. I call them "fix lists" that are so simple that anyone can start working on them ,they don't have to be an Configmgr expert and know where to find deployment errors in the console.
The report bellow is sent to the helpdesk team leader every Monday ,he then splits it into support cases for the team to take care of.

The picture is the actual list that will be sent out tomorrow. It used to be loooong ,but after we started doing this it has shrunk down to 8 machines.

In our experience 1603 errors needs to be fixed manually, but a lot of the other error codes sort them self out. That's why I only list 1603 errors. 

1603 Errors report.
The color squares are indicators for when the machine last was online. (start working on the green ones ,the red ones are of the network.)

Here is another example of a fix list that i send to the helpdesk. All computers that have a Windows Update that's in an error state.
 Lot if these reports are ugly ,I haven't bothered making them look good.

Windows Update Errors for a Collection. 

The reports i send to the helpdesk and other IT people tend to be error focused. This is stuff you need to fix!

I also have i few reports that i sent to managers, but they tend to emphasis on the good parts:-)
Like this one for application deployment success rate.

Application Deployment Successrate (Also does Software Update and Task sequences)

Collection Summary Report ,3 in one Report! (Windows Update ,Endpoint Protection ,OS and Computer Model)

Finally got around to tweaking and translating my "Collection Summary" Report.

I created this report to replace several other reports that i force feed our site admins on a weekly basis:-)
The report is designed to be an e-mail report, sent out once a week that gives them a quick overview of whats going on at their site(collection).
This report have 3 sections ,Computer Details(OS,Model and Inactive Clients), Endpoint Protection and Windows Update.

I decided to focus on these 3 tings in the first version of this report. There are probably hundred of other things i could have put in the report that would have been useful ,but can't have everything in one report.

Collection Summary Report

Download

Note! The Collection Parameter dropdown list only shows Endpoint Enabled Collections. This is because Endpoint summary data is only collected for Endpoint Collections.
(Right Click the Collection --> Properties -->Alerts Tab --View this Collection in the Endpoint Protection Dashboard)

The report is divided in 3 sections ,Computers ,Endpoint Protection and Windows Update.

Computers:

The OS and Model chart should be pretty self explanatory ,but on the boxes on the right is meant to give some information on how many of the clients are inactive.

Endpoint Protection

The two graphs show Antivirus pattern age and Engine version. 

The list in the middle give a quick count of malware detected in the collection the last 14 days.

The boxes on the right shows summarized endpoint data ,how many endpoint clients in collection ,how many inactive clients and how many clients that are "at risk".

You can click the plus sign in the At Risk box to show a list of clients and whats wrong with them.

Windows Update

Windows Update shows you Compliant vs Non-Compliant pie chart and a Last scan graph. while the boxes on the right shows deployment and scan errors.

The Deployment and Scan Error Boxes can be clicked to bring up a details list ,giving some info on the problem. 

There's a tool-tip on the error codes that tries to resolve the error code.

The query for the Compliant vs Non-Compliant might not be what you expect it to be ,it's tuned to show what the site admins should worry about.

If you look at the where statement bellow I'll explain the reasoning behind this query.

• We only look at the status "need update" ,if a client haven't evaluated an update yet and don't know if it needs it or not(unknown state) we just assume it'll be OK.
• We only look at updates with severity of "low" or higher ,unclassified updates don't count:-)
• We only look at deployed updates. If I haven't deployed the update they don't need to worry about it.
• We don't care about expired and superseded updates!
• We don't count update newer that 14 days ,giving the us a "graceperiod" where the clients can install the update before they're considered non-compliant. 

WHERE a.status = 2 AND b.severity >= 2

AND b.daterevised < dateadd(day,-14,getdate()) 

AND b.isDeployed = 1 AND b.isExpired = 0 AND b.isSuperseded = 0

This can  be tweaked to match your SLA.
If you don't have an SLA just ask yourself this ,how long after you've deployed an update before you expect that all clients have it installed. if the answer is 30 days ,set the grace-period to 30 days:-)

The Grace-period and minimum Severity is easily changed in the report. The if you need to change the other things you have to edit the query. 

If you don't like the Grace-period concept,just set it to zero:-)