Provisioning Windows 10 devices with Autopilot (User-Driven Azure AD Joined Scenario Step by Step Guide)

Windows Autopilot is a Microsoft cloud based deployment and its a collection of technologies used to set up and pre-configure new windows 10 devices, getting them ready for productive use. You can also use Windows Autopilot to reset, repurpose and recover existing Windows 10 devices that are enrolled in Intune.

Its simplifies lifecycle of a device as this moves administrators away from the efforts of creating, deploying and managing custom images for various scenarios like wipe-reload, refresh etc. Once a device enters Windows Autopilot lifecycle, the device can be repurposed or assigned to other user with very little efforts from administrators.

Autopilot configured devices can be shipped to the users directly by OEMs, user just has to power on the device -> connect to WiFi ->  Enter Azure AD credentials to initiate Autopilot deployment. Rest all configuration tasks are automated. Autopilot devices are deployed and managed with speed and ease of cloud MDM solution like Intune.

In this article I will describe the step by step process to implement Windows Autopilot and provision Windows 10 devices with User-driven Azure AD joined scenario.

Windows Autopilot Requirements

  • Supported version of Windows 10
  • Licensing requirements like Microsoft Intune Subscription and Azure Active Directory Premium Subscription
  • Device must have the internet access
  • Intune configuration requirements like Configure device settings, Configure Azure Active Directory automatic enrollment, Configure Azure Active Directory custom branding (to add company logo), Create dynamic group, Device registration and Deployment profile configuration.

Autopilot Configuration Steps

Configure Device settings

  • Sign in to Azure Portal and Navigate to Azure Active Directory > Devices > Device Setting
  • Under Users may join devices to Azure AD select All and then Save. If you wish to not enable this for all, click selected -> add users or groups.

Configure Azure Active Directory automatic enrollment (MDM User Scope)

  • Sign into Azure Portal -> Azure Active Directory -> Mobility (MDM and MAM) -> Select Microsoft Intune
  • Now configure MDM user scope to All MDM user scope -> Click Save. If you do not need to enable this for all click Some -> select Groups. This setting specifies which user’s devices are to be managed by Intune.

Configure Custom branding (Optional)

Branding is configured from Azure Active Directory -> Company Branding -> Configure required feilds as per below and save

Create Dynamic Group for Windows Autopilot Devices

One of the prerequisites for Autopilot experience is to create a Dynamic group for grouping of Windows Autopilot devices.

To Create go to Intune Portal->Groups or Azure AD -> Groups and Click on New Group and provide all the information

Add the dynamic membership rules as (device.devicePhysicalIDs -any _ -contains “[ZTDId]”) and save.

Import Windows 10 device for Autopilot in Intune portal

Device registration is performed by the OEM, reseller, or distributor. We can also register device to Autopilot service by collecting hardware ID and uploading them manually either via Microsoft Store for Business or Endpoint Manager admin center. Following are the steps to manually extract Hardware IDs from devices and Register the same to Windows Autopilot:

Launch PowerShell as administrator and run following script
Set-Location c:\\HardWareID Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv

Below are the steps to Upload Hardware IDs to Windows Autopilot deployment Service
Sign into Intune Portal -> Navigate to Devices -> Windows -> Windows Enrollment -> click Devices

Click Import -> Browse for csv file containing hardware ID -> click and Import

Import is successful and Device has been added

Select device and click Assign user to Assign user for the autopilot device

Type the device name (Host name which you want to assign)

Autopilot device has been updated successfully.

Enrollment Status Page Configuration (Optional)

The Enrollment Status Page (ESP) displays provisioning progress after a new device is enrolled, as well as when new users sign into the device. This enables IT administrators to optionally prevent (block) access to the device until it has been fully provisioned, while at the same time giving users information about the tasks remaining in the provisioning process.

Though this is an optional step because a default ESP exists but its configured to not show configuration progress during the enrollment. It is recommended to configure existing one to show progress or create new one to provide a better user experience. Here I am using the default profile.

Create Windows Autopilot deployment profile

Deployment profiles are used to customize deployment behavior during out-of-box experience (OOBE) phase of Autopilot devices. We can have multiple deployment profiles with different settings targeted to different device groups. 

Deployment profile can be created via Intune as well as Microsoft Store for Business portal. Deployment profiles created using Endpoint Manager admin center gets synced with Microsoft Store for Business.

To create a deployment profile:

Sign into Microsoft Endpoint Manager admin center. Navigate to Devices -> Windows -> Windows enrollment -> Select Deployment Profiles

Click Create Profile

Type the deployment profile name and description

The option to convert all targeted devices to Autopilot can automatically convert managed devices by Intune

Configure Out-Of-Box experience (OOBE) for Autopilot

In Assignment click on Select groups to include Autopilot devices Group

Autopilot devices group has been included

Review the setting and click Create

Windows Autopilot deployment profile has been created successfully. Also we can see profile status is assigned.

Windows Autopilot deployment Experience

All the required configuration is in place, device is imported and deployment profile is assigned, next step how end user experience is going to be when user powers on the device.

I am using windows 10 virtual machine, we need to reset before provisioning (settings-> Recovery-> Reset this PC). Once we reset the windows 10 and restart the device.

We will get a personal welcome message as below, User need to enters the password -> clicks Next

I have enabled two way authentication, type the authentication code

All assigned policies, configuration and apps are installed we can access the desktop.

Device is joined to Azure AD

Device reflected successfully in Azure portal

Device reflected as Azure AD joined in Intune portal successfully.

Thank You for reading this post!

Refer this link for more details:- https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot#:~:text=Windows%20Autopilot%20is%20a%20collection,them%20ready%20for%20productive%20use.&text=Using%20cloud%2Dbased%20services%2C%20Windows,%2C%20managing%2C%20and%20retiring%20devices.

I hope this post has given you an understanding of Provisioning Windows 10 devices with Autopilot.

Deploying Company Portal App using Intune

In this post we will go through the steps to deploy Company portal Application to devices using Intune. Company Portal is the app that lets you, as an employee of your company, securely access to corporate apps, data, and resources. To manage devices and install apps, users can install the Company Portal app themselves from the Microsoft Store. However if we want to enable without user interaction on larger environment, we can deploy Windows 10 Company Portal app directly from Intune.

Add Company Portal Application into Business Store

The Microsoft Store for Business gives you a place to find and purchase apps for your organization individually or in volume. By connecting the store to Microsoft Intune, you can manage volume-purchased apps from the Azure portal. We can synchronize the list of apps we have purchased (or that are free) from the store with Intune.

As a pre-requisite, associate Microsoft Store for Business account with Intune and Sign into the Microsoft Store for Business using the same tenant account that we use to sign into Intune.

Search the Windows Store and select the application which you want to deploy to Windows store for Business (private store). In this scenario, I selected company portal application.

Click on the Get the App button to add this application to Windows store for business. Once you click on Get the App option as mentioned in the tab, you will get distribution options. Click OK on the message Started adding the app to your private store. Once added, add company portal application into the tenant Collection as per below,

Company portal app has been added and Collection updated

Synchronize Microsoft store for business apps with Intune

Here I have already associated Microsoft Store for Business account with Intune admin, Now we can manually sync Microsoft Store for Business apps with Intune using the following steps.

  1. Select Tenant administration > Connectors and tokens > Microsoft Store for Business.
  2. Click Sync to get the apps that we have purchased from the Microsoft Store into Intune.

After Sync completion, we’ll see company portal application in addition to Microsoft Store for Business default apps.

Upon selecting the Company Portal app, its overview is displayed.

Select Properties and Edit Assignments (This is similar to SCCM deployment, here we have to configure Assignment Type(type of the deployment) and target groups)

Options for Assignment type are Available, Required and Uninstall.

Here I have selected deployment type as Required for the forceful installation and then click on Select Groups to which we want to deploy the application (Below screenshot I have selected Intune Devices Group)

Review Assignments and Save.

Now Company portal App Assigned status has been changed to YES

After few minutes assignment of the deployment, We could see the application has been successfully installed on the targeted Devices.

Below is the Device installation Status for the specific Company portal app.

Thank You for reading this post!

I hope this post has given you an understanding of WSFB apps Deployment.

Windows 10 Intune Enrollment -Azure AD Joined & Azure AD Registration

Azure AD Registration

Azure AD registered devices is to provide support for the Bring Your Own Device (BYOD) or mobile device scenarios. In these scenarios, a user can access your organization’s Azure Active Directory controlled resources using a personal device.

Azure AD registered devices are signed in to using a local account like a Microsoft account on a Windows 10 device, but additionally have an Azure AD account attached for access to organizational resources. Access to resources in the organization can be further limited based on that Azure AD account and Conditional Access policies applied to the device identity.

Azure AD joined

Azure AD devices is for corporate owned and managed devices. These devices authenticated using corporate azure AD account. Azure AD join mainly intended for organizations that want to be cloud-first or cloud-only. Any organization can deploy Azure AD joined devices no matter the size or industry. Azure AD join works even in a hybrid environment, enabling access to both cloud and on-premises apps and resources.
Administrators can secure and further control Azure AD joined devices using Mobile Device Management (MDM). Azure AD join can be accomplished using self-service options like the Out of Box Experience (OOBE), bulk enrollment, or Windows Autopilot.

Prerequisite for Windows 10 Intune Enrollment  -Azure AD Join & Registration

  • Azure active directory & Intune subscription, setup, and configuration needs to be completed
  • Admin User needs to be created and appropriate License/access needs to be assigned for enrollment
  • Configure MDM User scope for Auto enrollment

We need to Configure MDM User scope. Specify which users’ devices should be managed by Microsoft Intune. These Windows 10 devices can automatically enroll for management with Microsoft Intune. There are three options,

  • None – MDM automatic enrollment disabled
  • Some – Select the Groups that can automatically enroll their Windows 10 devices
  • All – All users can automatically enroll their Windows 10 devices

(below is the reference screenshot, here we have selected some and User group has been added for Auto Enroll)

Join Windows 10 Device to Azure AD

Below are the manual steps to join the Windows 10 device with Azure AD

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school
  • Click on Join this Device to Azure Active Directory link from Alternate Actions
  • Enter Corporate Email ID and Password
  • Click on Next to start the Azure AD registration process (Enabled Authenticator) – Enter the Authentication Code
  • Click on JOIN button from the popup Windows Make sure this is your organization.
  • Click on DONE button to Finish Windows 10 Azure AD Join process

Windows 10 Device has been joined Azure AD successfully.

We could see the Device in Azure Portal as Azure AD Joined

We could see the Device in Intune Portal as Corporate (Ownership)

Register Windows 10 Device to Azure AD

Below are the steps to register the Windows 10 BYOD (Personal) device with Azure AD

  • Login to Windows 10 with an Administrator account
  • Go to Start and click Start Menu -> Settings
  • Select Accounts > Access work or school > Connect
This image has an empty alt attribute; its file name is image-5.png
  • Enter Corporate Email ID and Password (Do not required to Select the alternate option)
  • Enter Authentication Code by Using Mobile App
  • Click on Done to complete the Azure AD registration process

Windows 10 Device has been Registered in Azure AD successfully.

We could see the Device in Azure Portal as Azure AD registered

Since this BYOD scenario, We could see the device has been automatically enrolled as Personal device in Intune Portal.

Thank You for reading this post!

Reference Link: https://docs.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join

I hope this post has given you an understanding of windows 10 Intune enrollment on AAD join and Registration scenario’s.

Setup was Unable to Compile the file Discovery Status.MOF Error Code 80041002

The below error received during SCCM client manual Installation on windows server 2016 and CCMsetup.log shows as “Setup was Unable to Compile the file Discovery Status.MOF Error Code 80041002”

File C:\Windows\ccmsetup\{E6F27809-FF66-4BAA-BOFB-E4A154A6A388}\client.msi installation failed. Error text: ExitCode: 1603

Resolution:

1. Open CMD in the administrator command prompt
2. Navigate to C:\Program Files\Microsoft Policy Platform
3. Type and enter mofcomp ExtendedStatus.mof
4. Retry the CM client installation and installation will be successful.

Thank You!

Configuration Manager Firewall Ports Requirement

The below listed Firewall ports are required to allow in Microsoft Endpoint Manager infrastructure during the implementation in order to get Site communication, client communication, Distribution Point and WSUS/SUP communication . I gathered this information from TechNet articles

Reference Link https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports?redirectedfrom=MSDN

SourceDestinationUDPTCPDescriptionDirection
ClientManagement Point 10123/80/443Client Notification/http/httpsUni
ClientSoftware Update Point 80/8530/443/8531http/httpsUni
ClientState Migration Point 80/443/445http/https/SMBUni
ClientNDES 80/443http/httpsUni
ClientDistribution Point 80/443http/httpsUni
ClientDP with Multi Cast63000-64000445Multi Cast/SMBUni
ClientDP with PXE67/68/69/4011 DHCP/TFTP/BINLUni
ClientFallback Status Point 80httpUni
ClientApp Catalog Website Point 80/443http/httpsUni
ClientState Migration Point 80/443/445http/https/SMBUni
Distribution PointManagement Point 80/443http/httpsUni
Site ServerSQL Server 1433SQL Over TCPUni
Reporting pointSQL Server 1433SQL Over TCPUni
Asset Intelligence Sync PointSQL Server 1433SQL Over TCPUni
App Catalog Web Serv PointSQL Server 1433SQL Over TCPUni
Management PointSQL Server 1433SQL Over TCPUni
SMS ProviderSQL Server 1433SQL Over TCPUni
State Migration PointSQL Server 1433SQL Over TCPUni
Management PointSite Server 135/RPC Dyn/445RPC EPM/RPC Dynamic/SMBBi
Software Update PointUpstream WSUS Server 80-8530/443-8531http/httpsUni
SQL ServerSQL Server 4022/1433SQL Over TCP/SQL SSBUni
Site ServerSoftware Update Point 445/80/8530/443/8531http/https/SMBBi
Site ServerSite Server 445SMBBi
Site ServerApp Catalog Web Serv point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerApp Catalog Website Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerAsset Intelligence Sync Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerDistribution Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUni
Site ServerCertificate Registration Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerEnd Point Protection135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerEnrollment Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerEnrollment Proxy Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerFallback Status Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerReporting Service Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBi
Site ServerSQL Server135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUni
Site ServerSMS Provider135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUni
Site ServerState Migration Point135445/135RPC EPM/SMBBi
Site ServerSite System135135/RPC DynRPC EPM/RPC DynamicUni

Thank You!

ConfigMgr Compliance Settings to Check specific Windows Event ID

Compliance settings is one of the ConfigMgr feature to manage the configuration and compliance of clients in your organization. Compliance Settings can be used to ensure clients meet a pre-configured baseline. For instance, if we want to make sure that all clients machines have a particular windows Event ID in System Event viewer within last 7 days, we can do this through compliance settings. The below settings illustrate how to create a Configuration Item and Configuration Baseline for this requirement.

Prerequisites

So before we look at implementing a configuration baseline we must ensure that clients have the prerequisite client settings enabled as below.

For reporting, the Reporting Services Point role must also be installed

Create a Configuration Item

Configuration Items are the individual’s settings that you want to set for a particular client. You can simply check for compliance and report back or remediate these settings if they are non-compliant. These configuration items can be grouped into Configuration Baselines.The first step to implementing a CB (Configuration Baseline) is to create individual CI’s to evaluate set conditions.

In the ConfigMgr console, under the Assets and Compliance workspace, expand Compliance Settings and select Configuration Items. From the ribbon, click on Create Configuration Item and Mention name of the Configuration Item

Choose which operating systems you would like to assess for the configuration item.

Type Name of the Rule and Click Discovery Script

Enter your Power shell script, Here i have used script to check the specific windows System Event ID 5823 for the past 7 days.

Script,

$EventID = (Get-EventLog system -after (get-date).AddDays(-7) | where {$_.InstanceId -eq 5823})
 if ($EventID -eq $null)
{$Compliance = “No”}
Else
{$Compliance = “YES”}
 $Compliance

Specify the Compliance condition for this setting as per below,

Create a Configuration Baseline

We need to add it to a Configuration Baseline in order to deploy it to a client machine.

Give your new configuration baseline a name and click Add > Configuration Items to pick and choose the CIs that you would like to include in the configuration baseline, Here I have included Event ID configuration Item

Deployment

The configuration baseline you’ve created will not be effective until you’ve deployed it to your target collection. Here I have deployed to “test” Collections

Reporting

Once your compliance baseline has had time to run through its evaluation schedule, apart from viewing the compliance count in the Configuration Baseline section of the console, you can also use the Reporting node in the Monitoring section of the console or the Reporting Web Instance to pull down reports.

We can see the status from one of the ConfigMgr Default Report, Report Name: “Summary Compliance by Configuration baseline

The below machine has the specific Event ID and shows as “Compliance”

The below machine doesn’t have the specific Event ID and shows as “Non-Compliance”

Thank You!

SCCM Query to Get Hardware Inventory Report for Specific Collection

A query is a specific set of instructions that extract information about a defined set of objects. SCCM Query is one of the feature to generate Report and Create Query based Device Collections. In this Post I have shared the SCCM Query to get Hardware inventory report for the specific Collection

SCCM Query

select SMS_R_System.NetbiosName, SMS_G_System_CH_ClientSummary.ClientActiveStatus, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_PROCESSOR.Name, SMS_G_System_PC_BIOS.SerialNumber, SMS_G_System_OPERATING_SYSTEM.Name, SMS_G_System_OPERATING_SYSTEM.BuildNumber, SMS_G_System_SYSTEM.SystemType, SMS_R_System.LastLogonTimestamp, SMS_R_System.LastLogonUserName, SMS_R_System.MACAddresses from  SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_CH_ClientSummary on SMS_G_System_CH_ClientSummary.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_PROCESSOR on SMS_G_System_PROCESSOR.ResourceID = SMS_R_System.ResourceId

Query Output

We can Get the below Output from the Generated Query. (HostName,Client Status, Manufacturer, Model, Processer Name, PC Serial Num, Oparating System Nmae, OS Build Version, System Type, Last Login, Last Logon User Name and MAC address.

ThankYou!

SCCM Query to Get Secure Boot Not Enabled Machines and BIOS Info

A query is a specific set of instructions that extract information about a defined set of objects. SCCM Query is one of the feature to generate Report and Create Query based Device Collections. In this Post I have shared the SCCM Query to Get Secure Boot Non-Compliance machines & BIOS Info.

SCCM Query to Get Secure Boot Not Enabled Machines

Secure Boot in BIOS

Secure Boot is one feature of the latest Unified Extensible Firmware Interface (UEFI). The feature defines an entirely new interface between operating system and firmware/BIOS.

When enabled and fully configured, Secure Boot helps a computer resist attacks and infection from malware. Secure Boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system. Hence Its an Mandatory Setting which we need to enable in BIOS. To identify not enabled machines, We can use this Query in SCCM.

SCCM Query

select SMS_R_System.Name, SMS_G_System_FIRMWARE.SecureBoot, SMS_R_System.SystemOUName from  SMS_R_System inner join SMS_G_System_FIRMWARE on SMS_G_System_FIRMWARE.ResourceID = SMS_R_System.ResourceId where SMS_G_System_FIRMWARE.SecureBoot = 0 order by SMS_R_System.Name

Query Output

We Will get the System Name and Secure Boot Not Enabled Machines (Result “0” is the Not Enabled Status in BIOS)

SCCM Query to Get BIOS Manufacturer & BIOS Version

To get PC BIOS manufacturer and BIOS version for a specific Collection, We can use this below Query in SCCM

SCCM Query

select SMS_R_System.Name, SMS_G_System_PC_BIOS.Manufacturer, SMS_G_System_PC_BIOS.SMBIOSBIOSVersion, SMS_GH_System_PC_BIOS.BIOSVersion from  SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_GH_System_PC_BIOS on SMS_GH_System_PC_BIOS.ResourceId = SMS_R_System.ResourceId

Query Output

We Will get System Name, PC BIOS Manufacturer and BIOS Version details as Below

Thank You!

Configure SCCM Reporting Services Point

In this article I will install the SCCM Current Branch Reporting Services Point role. The SCCM Reporting Services Point role will allow you to manage reports in Configuration Manager. The role must be configured on a server with Microsoft SQL Server Reporting Services installed and running. In the following section I will detail the prerequisites before installing the role.

Prerequisites

1.SQL Server Reporting Services (SSRS) is one of the requirements for SCCM CB reporting services point. The SQL reporting service is part of SQL server installation.

2.Site system role dependencies for the computers that run the reporting services point. Read about it here. These are the two main prerequisites.

SSRS Report Manager Components and Purpose

  • Configuring the Report Server Service Account: By default, we provide default account details while we initially set up the reporting server. But using the SQL Server Reporting Services Configuration Manager, we can add a new account, or we can change the password.
  • Create or Configure the Report Server Database: By default, the Reporting server generates two Databases (ReportServer and ReportServerTempDB) for internal storage. We can use the SQL Server Reporting Services Configuration Manager to create a New Database or to manage the existing Database
  • Symmetric Keys: We can use the SQL Server Reporting Services Configuration Manager to Backup or restore or replace the symmetric key. These keys are used to encrypt stored connection strings and credentials.
  • Configure Web server URLs: We can use the SQL Server Reporting Services Configuration Manager to configure the Web server URLs for each application. It is the URL we are going to use for, Deploying SSRS Projects or Reports
  • Configure Report URLs: We can use the SSRSS Configuration Manager to configure the Report URLs for each application. It is the URL we are going to use for, Viewing or Securing SSRS Projects or Reports.
  • Configuring Email: Use the SQL Server Reporting Services Configuration Manager to configure the SMTP Server. The SMTP Server is used to send Emails about report processing or report delivery etc.

Configure SQL Server Reporting Services (SSRS)

SQL Server Reporting Services is a server-based reporting platform that provides comprehensive reporting functionality for a variety of data sources. The reporting services point in Configuration Manager communicates with SQL Server Reporting Services to copy Configuration Manager reports to a specified report folder, to configure Reporting Services settings, and to configure Reporting Services security settings. Reporting Services connects to the Configuration Manager site database to retrieve data that is returned when you run reports.

To verify if that SQL Server Reporting Services is installed and running correctly, On the SQL installed SCCM Server, click Start, click All Programs, click Microsoft SQL Server 2016 and then click Reporting Services Configuration Manager.

In the Reporting Services Configuration Connection dialog box, specify the name of the server that is hosting SQL Server Reporting Services, on the menu, select the instance of SQL Server on which you installed SQL Reporting Services, and then click Connect.

On the Report Server Status page, verify that Report Service Status is set to Started. If it is not, click Start.

Configure Service Account

Apply Web service Url

Configure database as per below and Apply

Apply Web Portal Url and test the connection to the report folder.

Since we are not utilizing the other features, We can skip the other options like Email Settings & Subscription Settings.

Add Reporting Services Point Role 

The reporting services point is a site system role that must be configured on a server with Microsoft SQL Server Reporting Services installed and running. Reporting Services Point role can be installed on a central administration site and primary sites, and on multiple site systems at a site and at other sites in the hierarchy. The reporting services point is not supported on secondary sites.

To install the Reporting Services Point role, Launch the Configuration Manager Console. Under Site Configuration, click on Sites. On the right hand side right click the Site and click “Add Site System Roles“.

Select Reporting Services Point role

Select Folder Name, Instance and Service account and Click Next

Review and Click Next and Add site System Wizard Completed Successfully and click Close

Now We can see the SRS Reporting Point in Component Status

Also we can see the Successful installation status on srsrp.log

Once installation is completed, launch SCCM console, navigate to Monitoring \ Reporting. On Right Pane, you will be able to see following links

Report Manager : http://sccm01/Report
Report Server : http://sccm01/ReportServer.

Click http://sccm01/Report and this will launch the web URL for reporting services where you can browse all kinds of reports specified under various categories

Thanks You!

if you found this article useful, share it with your friends.
If you have any questions or suggestions, leave your comment.

SCCM Distribution Point Maintenance Mode

SCCM Distribution point maintenance mode is a new feature available from SCCM 1902. We can set a distribution point in maintenance mode. Enable maintenance mode when you’re installing software updates, or making hardware changes to the server.

While the distribution point is in maintenance mode, it has the following behaviors:

  • The site doesn’t distribute any content to it.
  • Management points don’t return the location of this distribution point to clients.
  • When you update the site, a distribution point in maintenance mode still updates.
  • The distribution point properties are read-only. For example, you can’t change the certificate or add boundary groups.
  • Any scheduled task, like content validation, still runs on the same schedule.

Enable SCCM DP Maintenance Mode

  • In the SCCM console
  • Go to Administration / Distribution Points
  • Right-click the desired distribution point and click Enable Maintenance Mode

At the warning click Ok to confirm that you want to enable Maintenance Mode

Now the Maintenance Mode Enabled

We can see more details in status messages

  • MessageID 40411 is message about enabling maintenance mode
  • MessageID 40412 is messages about disabling maintenance mode

The distmgr log file will show that the distribution point is in Maintenance Mode.

Thank You