An intro to Windows Analytics: Managing upgrades, updates & health across Windows, apps & drivers – Howtoshtab – how to, lifehacks, tips and tricks

(music) – Hello, and welcome to Microsoft Mechanics Live. Coming up, we’re gonna take look at managing Windows-powered devices with analytics capabilities that make it possible to manage compatibility concerns across applications, drivers, and devices. As you upgrade from Windows 7 or 8.1 to Windows 10, keep devices secure and up-to-date on Windows 10 with the latest critical security fixes, feature updates, and Windows Defender signature files, continuously monitor the health of your IT ecosystem for OS app, driver, and network health. And also, keep watching to learn about new analytics coming soon that are gonna allow you to take advantage of this cloud-based, modern management capability at your own pace. And today, my partner in crime is Rama Shastri from the Windows analytics team.

Give a warm welcome. (applause) – Great to be here. – Alright, so, Microsoft 365. It’s new. It’s bringing together Office 365, Windows 10, and it’s adding cloud-based productivity and security and management across the EMS. To really take advantage of continuous innovation and evolving security controls… If you’re in IT, you’ll often be updating Windows and Office more frequently, maybe, than you had in the past. What’s the team building to help with this new cadence? – Microsoft 365 is fundamentally changing how we define, build, and operate IT services that are needed to deliver the modern desktop. So, what we’ve done, is we’ve built Windows Analytics to assist in three areas: Upgrade Readiness focuses on compatibility, Update Compliance helps to keep your devices up-to-date, and, lastly, Device Health cuts the support cost by providing proactive alerts.

All of these three services will allow you to manage the modern desktop from the Azure portal. – Right. And a lot of folks here are probably in the process of upgrading Windows 10 or planning their move or staying up-to-date with the most recent semi-annual updates. What can we help with in terms of Upgrade Readiness, in terms of helping them move to the newer versions? – Whether you’re coming from an older version of Windows or you’re preparing to do semi-annual update, Upgrade Readiness can give you a review of your devices, apps, and drivers and their readiness as you move through the migration of Windows. Let me show you a couple of things. Here, I’ve got Upgrade Readiness up and running. Most of you are familiar with the UI of this. So, here’s a medium-sized company with about 5,000 machines, but the first thing you observe is that the total number of apps in this company is about 8,000. This is very typical of a company, a commercial entity. A large number of applications in the environment. And what we do is we help you rationalize this with a risk-based approach by taking the applications that are installed on less than 2% of the machines, and moving it into this low install-count bucket and marking them ready to upgrade.

That immediately cuts down the long tail of the apps, and gets you focused on about 600 apps in this case. But wait! It gets better. Jeez, I sound like a car salesman. – [Jeremy] (laughs) Don’t do that. – [Rama] (laughs) So, the next step here is, Microsoft will share with you anything that we know about application issues. In this case, there’s 23 applications that we know about that don’t work on 1703. The next step is this low-risk apps. What we’ve done is we’ve taken your application inventory, and joined it with Ready For Windows data. And Ready For Windows gives you support statements from your app developers and ISV partners, as well as gets you telemetry signals that give you the confidence that your apps or the specific version of apps that you’re running are running healthy on other Windows 10 commercial machines.

– This is a big deal. I used to work in Windows. I was doing application compatibility for about five years, and the window’s seven days. And I remember we had to communicate with all the different ISVs and make sure that we can get their data. We didn’t have all the telemetry coming in like we’ve got from the Windows 10 upgrade process, so all of that is really informing this tool effectively. But you’re getting a scoped view for your own organization of that data and how it impacts your users, your apps. – That’s exactly right. So, if you look here, there’s 467 apps. They’ll be already tagged as low-risk based on signals from Ready For Windows. If you look at it, we started out from 8,000 apps, and we kind of created this funnel that reduced this down to about 100 apps that you got to focus your app compat testing on. How cool is that? The other alternative, or the feedback that people ask us, is, “Can you take this data “and put a device-specific view on it?” And what we’ve done with this prioritize app and driver-testing view is create just that.

Here’s another view. If you take 526 apps and drivers in your environment and if you just rationalize those, they will move 80% of your machines to a ready-to-upgrade state. That gives you a straight-forward view, a ranked view, to go focus on those applications and drivers, and then focus your app compat testing on that. So, that’s a cool way to go use Upgrade Readiness. Not only from seven to 10, but also from 10 to 10 feature upgrades. – Let’s keep going, ’cause I know you go through the entire set of provisioning steps and things you’re gonna do before you get there, right? – Absolutely. Here’s step three. As you rationalize your apps and drivers, what you’re gonna see is in the step three, you’re gonna see the number of machines that are gonna move to ready-to-upgrade state. As you move more and more apps and drivers to ready-to-upgrade state, you’re gonna move more and more machines to upgrade state. At that point in time, you can export it or go into your SCC– your configure management console, and start your deployment task sequence.

– So, you can actually use this to basically funnel those computers, filter them into config manager’s collection as ready-to-upgrade collection that you might actually automate the deployment with and start configuring task sequences to go out and start upgrading those machines. – That’s right. You’re getting ahead of me. – Really cool. – We’ve got a Upgrade Readiness connector in config manager that you can use to go export this data directly into the config manager console. Once this data shows up over there, configure your collection around these machines, and start your deployment task sequence. And you could go really fast with your deployments. That’s the whole intent of Upgrade Readiness: is helps you cut down your app compat rationalization time so that you can deploy your upgrades really fast. – Did I already give away step four? (laughs) Can we keep going? – This is the new stuff.

We’re announcing this at Ignite. This is new for Upgrade Readiness. Let me dig through it. Let’s assume that you’ve actually used the config manager console to deploy your machines. This monitor view gives you a post-upgrade monitoring view for it. So, how many machines did really upgrade and are there machines that failed an upgrade. And most important thing is to be able to drill into that and see one of the common issues because of which these machines did not upgrade. And then you can drill in and take action and remediate these and restart your upgrade process. That’s what we’re trying to do with this upgrade progress. The next blade that you see here is about driver issues. This is the dreaded yellow bang in your device manager. Most of the time, your users are looking at it going, “Hey, my keyboard’s not working. My mice is not working. “My printer’s not working.

” It’s usually because there’s a yellow bang in the device manager somewhere. What we’ve done is we’ve taken all of this analytics, aggregated it, and given you a view of all the drivers’ errors that are existing after you upgrade. Usually it’ll be broken down by, either, the driver’s not installed or the driver’s installed but hasn’t started because there’s some issue. You can go in and get the latest driver either from Windows update or reach out to the OEM to get the latest driver package and update your machines. – Very cool. And you’ve added Office add-ins as well. – We’ve added Office add-ins, but before I get to that, I wanna focus on this user feedback. Now, this is a new feature. If you’re familiar with Windows 10, there’s the feedback app where users can go in and give feedback. In the past, that feedback all used to go to Microsoft, and we used to go in and look at that stuff and fix issues or pass those feedback back to our partners. What we’ve done now is aggregated that feedback that’s relevant for your organization, and bring it right here into Upgrade Readiness.

That gives you a view into the issues your users are running into after you upgrade their machines. As Jeremy mentioned, Office add-ins… A pain point for Office compatibility. You’ve got an inventory of Office add-ins in here. We’re gonna add more richer analytics around it with usage and Ready For Windows type data in there to make it helpful for you to upgrade Office along with Windows. Lastly, for Upgrade Readiness: site discovery. This is the enterprise mode IE feature. What we’ve done is we’ve plugged that in here so that you could look at, not only, all the sites that your users are going to for being able to validate those. But also, get insights into your DocMode– which is a site compatibility thing– so that you can make decisions on how to modernize your websites if there’s legacy stuff running onto it. – Very cool. So, we covered the fact that you can also pipe the stuff into config manager directly. Now, why don’t you show us something that’s new in terms of the update compliance tool set because once you’re on Windows 10, you’ve gotta keep rolling in those monthly updates.

We’re gonna be very in compliance settings or compliance majors that you gonna wanna keep track of. How dow that help me there? – Absolutely. Here’s Update Compliance. The first thing that you observe is this overview blade which we’ve laid out in a hub and spoke model so that the overview blade is a hub, and then you’ve got the various views around– “needs attention,” “security update status,” “Windows Defender AV,” and then “feature update.” Those are the key areas that we’re focusing on. On “needs attention,” the two key insights we’ve got is here’s the number of machines that are missing multiple security updates. This is a big issue. This need attention right now. So we’re letting you focus on the most egregious issues out there so that you can take action on them right away. And then, of course, update issues. If there are any failures or progress is stalled, these also need your attention. So, we kinda wanna bubble that up so that you can take action on them right away.

Next, I’m gonna just over to “security updates status.” – [Jeremy] So this is about things like Defender, signature files or firewall settings? Those types of things? – [Rama] Actually, this one is about quality, the monthly quality updates as well as the security updates. – [Jeremy] Yep. – [Rama] As you can tell, if I get my OMF loading, you could get insights into basically what updates are already deployed and how is the update progress for those. As well as for security updates, you can see the same update progress, if there are any failures so that you could drill in and take action against those. – Very cool. So that’s giving you that real-time report in terms of the updates. Maybe you’ve already pushed them out through varying processes you can use to manage updates. This is gonna give you telemetry back as to how successful those updates are. – Exactly.

That’s right. This is the client telemetry piece. This is directly coming from your clients and who are reporting what their statuses are. The next feature is around feature update. Pretty much like the monthly and security updates, except this is happening twice a year. In an organization, you can have a spread of various feature updates deployed on machines. What this view is gonna give you is it’s status of all the feature updates and whether you’re keeping up-to-date and if you have any updates going out of support so that you can start planning for the next feature update deployment. And then lastly– – [Jeremy] There’s the Defender one. That’s the one I thought you were gonna click on. – [Rama] That’s right. The last one is what Jeremy was talking about. This is the Defender AV status. Brand new inside, we’ve plugged in really cool insides. “Hey, are my signatures up-to-date/out-of-date? “Are my machines actually having real-time “protection or not?” Even when a threat is detected, whether the threat was remediated or not.

This is really cool stuff to make sure that your machines are secure. – And almost every type of malware, almost anything that’s spoofing an anti-virus engine tries to disable Defender, for example– you might not want that on the machine, so this will give you a nice view of that. – Exactly. You could also drill into machines that are not reporting a Defender status so that you could tell, exactly Jeremy was talking about, if a machine got Defender turned off by some malware so that you can drill in and make sure that you are remediating those as well. – Why don’t we move on to Device Health, ’cause this is a brand new piece that we’ve built in terms of being able to monitor things that are maybe instigating crashes and various things within your environment. A lot of time those are because of drivers and things, but why don’t you explain what Device Health is all about? – Absolutely. Device Health is about monitoring environment so that you’re getting these proactive alerts about the health of your environment in general. This is also one of our newest offerings, so we’re still kinda building upon it.

We started off with the dreaded blue screen of death. This first view that you see is about frequently crashing devices. If you can see, these are devices that encountered these many crashes in the last 14 days. If you see a large number of crashes, then these devices are probably due for a wipe and reload, because probably outta whack. The most common reason for a blue screen of death are drivers, are driver issues. What we’ve done next is give you these driver views which are causing the most amount of driver crashes. You could drill down into these and get a deeper analysis of the trend that you see of the driver crashes as well as the driver version spread. This is very typical in an enterprise where there are so many different versions of the same driver that is installed, then people are struggling to keep track of which driver’s healthy, which driver’s not healthy.

You know what? You’ve got those insights in your hands now with Device Health. You could tell which driver’s healthy, then drive the healthy driver across your organization for a consistent, healthy environment. – Very cool. Beyond this, though, people are probably wondering, “How do I get all this wired up and configured “so I can start using all of these different tools “within the Azure or the OMS consoles?” – I’m glad you asked. Let me switch over to our Windows Analytics page. This is aka dot OMS whack Windows Analytics. If you go here– I’m already an OMS customer. I’m gonna click on that, and what you’re gonna see is once you register your workspace, you’re gonna get all of these three solutions added as a bundle into your workspace. And from that point on, you can do the client configuration. This requires a simple deployment script, or you can use GP or CSP settings that we enable through config manager or Intium, and drive all those client settings so that the data starts flowing.

Remember that you might need to go enable some proxy settings in your environment for this data to flow into Microsoft, and once you’re done with that, you can just reap the benefits of analytics, and the IT operational efficiency. – But there are a couple of group policy or MDM, CSP controls that you’re going to have to configure in terms of getting your machines to log up into the analytics environment. So why don’t you explain a couple things around that. – There’s a group policy setting around a goh-ed. We require you to take a goh-ed and stamp all your client machines so that we can group all the machines that belong to a single commercial entity. And you can get that goh-ed from OMS once you’re registered. What we do is that can be set through a GPO on Windows 10, as well as the Defender AV status that I showed you on update compliance requires a GPO setting. You can find details of all of this on our (inaudible) starter guides on docs.microsoft.

com. That’s where we have elaborate documentation on how to get this configured and also how to use it to get the right analytics for your IT operation. – It’s really great to see all these analytic tools really help us get on the journey of Windows as a service, and really the Office 365 Pro Plus. Servicing model with quality and feature updates, landing monthly for quality and every six months for the feature updates, but what’s next? Where can people go to learn more? – First of all, thank you to all the early adopters and members of the Device Health preview. One of the things I want to reiterate is this service is free. Even though you’ll see that OMS usage is chargeable, remember that when you are using the Windows analytic solutions, you do not get billed for usage. There were a lot of people had kept asking me this question in the Windows Analytic booth on the expo floor, and I want to reiterate that this solution is truly free. Of course, you can learn more about analytics and the progress of everything that I’ve shown you today. Please keep giving us feedback, because we take the feedback and keep innovating really fast in this area.

– It’s great to see all this information. You can also learn more at the link shown on the screen. Thanks, Rama. It was great to have you on the show, and show us all about Upgrade Readiness, Update Compliance, as well as Device Health. Of course, we keep attracting all these changes through Microsoft Mechanics, so stay tuned to future episodes on those evolutionary steps of the tools. That’s all the time we have for this show. Thanks for watching. We’ll see you next time. (applause) (music).

You may also like