Applies to: Advanced and Patch Insights

All setup and configuration instructions are valid for both Advanced Insights and Patch Insights unless stated.

⚙ Installation

To help get you started, we provide a few different guides (documented or video) to help you install the Patch My PC Publisher.

💿 Download the Publisher MSI Installer

Configuration Manager Install

Are you installing the product with Configuration Manager? No problem, click the link below for our Configuration Manager guide! The guide includes a text-based version, video, and the ability to directly schedule a setup call with an engineer!

Intune Install

Are you installing the product for Microsoft Intune? No problem, click the link below for our Intune standalone guide! The guide includes a text-based version, video, and the ability to directly schedule a setup call with an engineer!

📄 Release History

You can also stay up-to-date by subscribing to our catalog release newsletter and RSS feedback to find out the moment we update our catalog with new products and updates!

📅 Schedule a Live Demo

If you're just getting started and need help learning the product no problem we can give you a live interactive demo where we will explain everything you need to know about our product from a deep dive inner workings of the product to licenses and security. 🔒

🤝 Schedule a Guided Install

So you've seen a demo, and you're ready to try the product out in your environment. To get you started off right we offer a FREE guided installation of the product in your environment. We strongly encourage all customers to bring an engineer along for the ride to ensure you get the maximum value out of our product and to ensure smooth sailing. ⛵

❓ Schedule Review Call for Q&A

Something seems not quite right? Maybe you want to brush up and learn about all those cool new features we've been releasing since the last time you had a demo. No worries, you can schedule a review call any time you like and our team will be happy to help you study up and help make sure your environment is in top shape. 🎩

💁‍♂️ Support Case

🏫 Resources

Not everything always works in pure documentation format and for this, we have some links to our most commonly used resources on our website including

Got questions about licensing, subscription types, or how we handle security? Don't worry we get asked those questions all the time.

Ready to head on back to our home page? Don't worry we booked you a ride there.

Applies to: Advanced and Patch Insights

Advanced Insights is a website portal for Configuration Manager. It is an Internet Information Server-based application that runs on-premises. Please read the documents in this section to review requirements for Certificates, Software and Network configuration.

Applies to: Advanced Insights Inventory Extension

Details the production release history for Patch My PC's Advanced Insights InventoryExtensions.msi, the most recent release being shown first.

1.6.3- 2025-04-16

• Fixed Possible null reference bug across PMPC_UserProfile, PMPC_UserApps and PMPC_BrowserExtension classes.

• Updated Dependencies.

1.6.2- 2025-01-13

• Various bug fixes to PMPC_BrowserExtension.

• ESR versions of firefox now supported.

• Latest versions of Opera now supported.

• Chromium based policies that make use of "Secure Preferences" now supported.

1.6.0- 2024-11-26

• Notifications sent from Advanced Insights will now be displayed with custom branding, as configured in Software Center

1.5.5- 2024-11-06

• Updated dependencies.

• PMPC_BrowserExtension data now more accurate. Chromium based browsers with multiple profiles configured now have all extensions inventoried across all profiles.

• Fixed bug causing Brave Browser extensions to be missed.

1.5.3- 2024-08-29

• Fixed PMPC_Update bug for Windows Server 2016 & 2019.

• Servers now only scan against Windows Update services and not Microsoft Update

1.5.2 - 2024-05-29

• Fixed PMPC_UserProfile bug for file paths exceeding 260 characters

• Fixed PMPC_BrowserExtension bug for invalid extension JSON files.

• Now targeting .NET 4.6.2 for better Windows Server support

1.5.0 - 2024-04-29

• Better installer experience & logic

• More accurate user profile enumeration

• PMPC_BrowserExtension now has an Chrome/Edge store ID property

• Fixed bug that caused only 1 browser extension to be inventoried from Firefox

• Fixed "Invalid Disk" bug on PMPC_Disks enumeration

1.4.0 - 2024-03-13

New:

• PMPC_WifiInterface

• PMPC_UserProfile

Improved:

• PMPC_BrowserExtension: Now supports more locales.

• PMPC_LocalGroups: Added "GroupMember" property to distinguish between users and group members.

Removed:

• PMPC_UserRights

1.3.2 - 2024-02-22

• Improved User-Installed App Inventory

• ODBC Inventory now excludes the default "Visio Database Samples" connection.

• All PowerShell scripts removed from Installer

1.3.1 - 2024-02-14

• Further improvements to PMPC_Dock

1.3.0 - 2024-01-25

Bug Fixes:

• PMPC_Dock improved detection method

• PMPC_Monitors now supports more HP monitors

New Inventory Class:

• PMPC_BrowserExtension

1.2.0 - 2024-01-18

Initial release of InventoryExtensions.msi

Supports the following report classes:

• PMPC_Batteries

• PMPC_Disks

• PMPC_Dock

• PMPC_LocalGroups

• PMPC_Monitors

• PMPC_UserApps

• PMPC_UserRights

• PMPC_ODBC

• PMPC_Updates

Applies to: Advanced and Patch Insights

Network Ports

Advanced Insights use the following ports, and the installer will automatically create Windows firewall exceptions for these ports.

• Advanced Insights Frontend - tcp/443 (or whatever you have customised this to in the installer)

• Advanced Insights API - tcp/44301 (cannot be changed)

Internet Access Requirements

The Advanced Insights server needs access to various domains and APIs to function fully.

Essential Addresses

• api.patchmypc.com:443

  • Reason: For licensing

• learn.microsoft.com:443

  • Reason: For ConfigMgr, Windows, and Office 365 release and support statements

Recommended Addresses

• api.msrc.microsoft.com:443

  • Reason: The Threat Analytics dashboard uses data from this external API

• services.nvd.nist.gov:443

  • Reason: The Threat Analytics dashboard uses data from this external API for PMPC CVE data

• access.redhat.com:443

  • Reason: The Threat Analytics dashboard uses data from this external API for PMPC CVE data

• getcallisto.io:443

  • Reason: The Advanced Insights inventory extensions

• api.callisto.co:443

  • Reason: The Advanced Insights Threat Analytics API

• supportapi.lenovo.com:443

  • Reason: To retrieve data from the Lenovo warranty service

• apigtwb2c.us.dell.com:443

  • Reason: To retrieve data from the Dell warranty service

• support.dynabook.com:443

  • Reason: To retrieve data from the Toshiba warranty service

• eu.daas.api.hp.com:443 or daas.api.hp.com:433 (depending on your region)

  • Reason: To retrieve data from the HP Workforce Experience warranty service

Browsers

Applies to: Advanced and Patch Insights

Advanced Insights needs a valid SSL certificate to install and function. (the installer will verify the certificate is valid).

Supported Certificate types:

• Server host (FQDN) standard certificate.

• Wildcard certificate.

• Custom CNAME / Alias certificate.

• Self-signed certificate.

The certificate must meet the following minimum requirements:

• Support HTTPS / SSL.

• Has private key.

• Valid in-date (not expired).

• Enhanced key usage includes "Server Authentication".

• Only modern signature types are supported (e.g. SHA256). Legacy / weak signature algorithms, for example; 'SHA1', 'MD2', 'MD4', 'MD5 are not supported.

• Subject Alternative Name (SAN). The certificate SAN requirements depend on the chosen deployment configuration for the Advanced Insights URL.

  • Scenario 1 - Server Host name certificate.

    • For Advanced Insights URL deployment using server host name (e.g. https://server01.contoso.local) the certificate SAN must contain an entry which matches the FQDN of the host server where Advanced Insights is installed.

  • Scenario 2 - Wildcard certificate.

    • For Advanced Insights URL deployment using a wildcard certificate, an entry must be included in the certificate SAN that represents the wildcard certificate. e.g. ' *contoso.local'.

  • Scenario 3 - CNAME / Alias certificate.

    • For Advanced Insights URL deployment using a CNAME / Alias, (e.g. https://AdvancedInsights.contoso.local) the certificate SAN must contain an entry which represents the CNAME / Alias. e.g. 'AdvancedInsights.contoso.local'.

Certificate SAN values can be also verified within the certificate properties.

Examples:

# Advanced Insights valid certificate check.
Param()

$CertsToExclude = @("ConfigMgr SQL Server Identification Certificate","WMSVC-SHA2")

# Get the FQDN of the machine
$machineFQDN = [System.Net.Dns]::GetHostEntry($env:COMPUTERNAME).HostName

# Certificate filtering

# Algorithms to exclude
$Weakhash = @('SHA1', 'SHA1RSA', 'MD2', 'MD4', 'MD5')

$certs = Get-ChildItem -Path Cert:\LocalMachine\My |
    Where-Object {
        ($_.SignatureAlgorithm.FriendlyName -notin $Weakhash) -and
        ($_.EnhancedKeyUsageList | Where-Object { $_.ObjectId -eq "1.3.6.1.5.5.7.3.1"} ) -and
        ($_.NotAfter -gt (Get-Date)) -and
        ($_.HasPrivateKey -eq $true) -and
        ($_.FriendlyName -notin $CertsToExclude) -and
        (
            ($_.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.17" }) -and
            ($sanExtension = $_.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.17" }) -and
            ($sanNames = $sanExtension.Format(0) -split ', ' | ForEach-Object { $_.Split('=')[1].Trim() })
            
        ) -and
        (Test-Certificate -Cert $_ -Policy SSL)
    } -ErrorAction SilentlyContinue

#$certs.Extensions

Write-Host "############### The following certificates are suitable for Advanced Insights: ###############"`n
foreach ($cert in $certs) {

$SelfSigned = $false    
if ($cert.Issuer -eq $cert.Subject) {
$SelfSigned = $true
}

$sanExtension = $cert.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.17" }

$sanNames = $sanExtension.Format(0) -split ', ' | ForEach-Object { $_.Split('=')[1].Trim() }

Write-Host "Certificate Friendly Name: $($cert.FriendlyName)
Certificate Thumbprint: $($cert.Thumbprint)
Enhanced Key Usage: $($cert.EnhancedKeyUsageList)
Certitifcate validity: $($cert.NotAfter)
Private Key present: $($cert.HasPrivateKey)
Subject Alternative Name (SAN): $($sanNames)
Signature Algorithm: $($cert.SignatureAlgorithm.FriendlyName)
Self signed Certificate: $($SelfSigned)" `n
}

# List certificates not captured in $certs
$allCerts = Get-ChildItem -Path Cert:\LocalMachine\My
$uncapturedCerts = $allCerts | Where-Object { $_ -notin $certs }

# Output the uncaptured certificates and their unmatched properties
if ($uncapturedCerts.Count -gt 0) {
    Write-Host "############### The following certificate properties are checked: ###############`n
    1. Enhanced Key Usage
    2. Certitifcate validity
    3. Private Key present
    4. Certificate in exclude list
    5. Subject Alternative Name (SAN)
    6. 'Test-Certificate -Policy SSL' cmdlet is used to check certificate is valid for SSL and root cert can be validated
    7. Signature Algorithm = sha256RSA (Minimum)" `n

    Write-Host "############### The following certificates have one or more property values which are not suitable for Advanced Insights: ###############"`n -ForegroundColor Yellow
    foreach ($cert in $uncapturedCerts) {
        Write-Host "Certificate Friendly Name: $($cert.FriendlyName)
        Certificate Thumbprint: $($cert.Thumbprint)"

        Write-Host "Unsuitable Certificate Properties:"

        # Check Key Usage details
        $SANObjID = $cert.EnhancedKeyUsageList | Where-Object { $_.ObjectId -eq '1.3.6.1.5.5.7.3.1'}        
        if (!$SANObjID) {
            Write-Host "1. Enhanced Key Usage (requires 'Server Authentication') value found: $($cert.EnhancedKeyUsageList)"
        }
        if ($cert.NotAfter -le (Get-Date)) {
            Write-Host "2. A valid, in date certificate is required: Expiration Date found: $($cert.NotAfter)"
        }
        if ($cert.HasPrivateKey -ne $true) {
            Write-Host "3. Private Key present?: Not Found"
        }
        if ($cert.FriendlyName -in $CertsToExclude) {
            Write-Host "4. Certificate in exclude list: Friendly Name: $($cert.FriendlyName)"
        }

        # Check SAN extension
        $sanExtension = $cert.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.17" }
        if (!$sanExtension) {
            Write-Host "5. Subject Alternative Name (SAN) requires at least one entry matches the server FQDN or is a wildcard which matches the server domain name e.g. '*.internaldomain.local. SAN value(s):: Not Found"
        } else
        
        {
            $sanNames = $sanExtension.Format(0) -split ', ' | ForEach-Object { $_.Split('=')[1].Trim() }
            if ([string]::IsNullOrEmpty($sanNames)) {
                Write-Host "5 Subject Alternative Name (SAN) requires at least one entry matches the server FQDN or is a wildcard which matches the server domain name e.g. '*.internaldomain.local. SAN value(s): $($sanNames -join ', ')"
                }
        }
        

        if (!(Test-Certificate -Cert $cert -Policy SSL)) {
            Write-Host "6. Test-Certificate SSL Policy: Failed"
        }
        if ($cert.SignatureAlgorithm.FriendlyName -in $Weakhash) {
            Write-Host "7. Certificate signature algorithm requires a minimum of SHA256 RSA. Legacy / weak algorithms e.g. 'SHA1', 'MD2', 'MD4', 'MD5 are not supported. Signature Algorithm found: $($cert.SignatureAlgorithm.FriendlyName)"`n
        }
        Write-Host
    } Write-Host "############### Certificate Check End ###############"
} else {
    Write-Host "No uncaptured certificates found."
}

Example PowerShell outputs:

Applies to: Advanced and Patch Insights

Server Operating System Requirements

• Windows Server 2016 and later

• 1.5 GB of free disk space

• Minimum 1 CPU Core

• Minimum 8 GB RAM

Windows Server Components and Features

• Internet Information Services (IIS)

• WebSockets (will be added automatically by the installer if missing)

The following is an example of 'OPTIONS' HTTP Verb 'Not allowed' This configuration will prevent the Advanced Insights install from completing successfully.

Additional Software Components

• IIS CORS Module 1.0

• ASP.NET Core Hosting Bundle 8.0

• SQL Server ODBC Driver 17.6 (minimum)

• IIS URL Rewrite 2.1

Configuration Manager SQL Server

• Configuration manager SQL Database must be SQL Server 2016 SP1 or later. We strongly recommend ensuring the latest cumulative update is applied to your SQL Server.

• Database Compatibility Mode must be at least 130 for the Threat Analytics dashboard to load. You will see a warning if this is not met.

Applies to: Advanced Insights

Details the production release history for Patch My PC's Advanced Insights, the most recent release being shown first.

2.4.7 - 2025-04-23

Features:

• In custom dashboards add ability to save spaces between items

• Updated Icons in Custom Dashboard Grid

• Revised Computer Status dashboard to show activity based on last status rather than when an update was released or revised

• Office 365 Support SQL Changes to account for new LTSC channel (2024)

• Improve Table 'Loading' and 'No Data' message appearance.

Bug Fixes:

• Fix table page and row count label issues when removing all rows from table (seen in Custom Dashboards)

• Custom Dashboards cannot filter to User Collections in Dashboard Item Tile Filters

• Custom Dashboard Builder grid Items don't represent actual width.

• Table select all doesn't uncheck properly when performing an action with selected items

• SMTP Settings SSL domain error

• Add to Collection errors in various dashboard screens

• Welcome screen always shows wrong logo

• When changing Table Page Size it shows all rows rather than selected amount

• SQL Fix for Slow Software Usage dashboard

• Software Metering Fix to include CE HINT

Misc Changes

• Updated Dotnet runtime to 8.0.15

2.4.6 - 2025-03-27

This is a bugfix release

• Fixed issue with saving layout changes in custom dashboards.

• Fixed issue with Local Administrators not being collected when reported in Spanish.

• Fixed installer issue for invalid domain entry error on setup

Misc changes

• Updated Dotnet runtime to 8.0.14

2.4.5 - 2025-03-04

This is a bugfix release

• Add search box to device modal > Software > Inventory & Applications tab

• Collection Filters Set on Custom Dashboard Selections Don't Apply or Save

• Software > Client Inventory Click through doesn't load data unless Inventory Extensions installed

• Update Table Pager so disabled buttons are more distinguishable

• Obfuscate Network Proxy Password in Settings and Welcome page

• Custom Dashboard Role Permissions' reflect actual value

• Removal of delta caching when performing a warranty cache. This should fix missing devices in warranty.

• Fix Issue with SMTP Settings > UseDefaultCredentials not saving, which caused SMTP errors for anonymous email servers.

Misc changes

• Updated Dotnet runtime to 8.0.13

2.4.4 - 2025-02-05

This is a bugfix release

• Fix for Threat analytics click through modal has no data.

• Threat Analytics Vulnerabilities tables order by Base/Temporal Score column.

• Tooltip styling improvements

2.4.3 - 2025-01-30

This is a bugfix release

Fixes

• Fix Issue with Threat Analytics failing to load due to not handling empty CVE descriptions gracefully.

• Fix Collection filter not taking global filter into account when clicking table row.

2.4.2 - 2025-01-27

This is a bugfix release

Fixes

• Fix GetHealthReport noisy logs.

• Fix for Single Sign On Lockout issues.

• Enable recovery key renderer and add red icon colour for when key is available but no user permission, added icon tooltips explaining why key isn't accessible.

• Fix issue with sorting table columns that have a transformed value.

• Ensure table column filter icon only shows on filterable columns.

• Fix issue with custom logo display and setting.

• Fix table click though to list modals not taking Global Collection filter into account.

• Added StartDate to warranty table.

• Enable Sort and Filter on table columns where applicable.

• Increased Table font size.

• Fix Device Modal add devices to collection issue.

• Fix Bulk Actions from Client Inventory > Applications Table click through Modal

2.4.1 - 2025-01-06

This is a major release.

Features

• Updated Base Framework

• Replaced Table component with new custom table renderer.

• Table export now uses transformed value for time period e.g. Hardware > Storage > PowerOn column shows 7y, 125d, 7h rather than raw value.

• Added option to set more than 2 table column filters per column.

• Added option to set custom IIS Application Pool Identity via Installer during installation/upgrade/modify.

• Added Serial Number column to Hardware > Displays > Connected Displays table.

• Added Documentation links to dashboards.

• Added Server Can't Connect page to display rather than hanging on load.

• Improvements to Software Usage & Metering SQL.

Breaking Changes

• Added ability to set Permissions for missing pages that didn't have the ability previously. This means users will no longer have access to these pages as they wont have the required permissions, an admin will need to apply the necessary permissions to the users/roles that require access for the following dashboards:

  • Software > ODBC

  • Software > BrowserExtensions

  • Operating System > Dashboard

  • Operating System > Win11

  • Operating System > LocalAdmins

  • Operating System > Uptime

  • Operating System > UserProfiles

  • Hardware > Wireless

Bug fixes

• Fix issue with Two Factor Authentication token check.

• Fix issue with Warranty key being corrupted on settings upates.

• Fix for Warranty when receiving incompatible data from HP server.

• Fix issue with bulk actions not working on some modals due to missing Computer Online info.

• Added better error handling and logging to Threat Analytics processing.

• Fixed browser extensions dashboard not displaying data in table because of incorrect parsing of InstalledDate.

2.3.7 - 2024-11-13

This is an optional bugfix release

Features

• Added ability to change timeframe range for Software usage dashboard. You can now select 1, 3 (default) and 6 month as the daterange for the dashboard

• Sql performance updates

Bug Fixes

• Dell warranty fix for ID issue with newer warranty requests

• Filters in custom dashboard that are part of the description now update correctly.

• Fixed custom PMPC client actions not being invoked for a device.

Misc

• Updated dotnet runtime to 8.0.11

2.3.6 - 2024-10-23

This is an optional bugfix release

Features

• Remove multiple selected devices from a collection

• Add ability to set Custom Names on Custom Dashboard Items

• Global Search updates -

  • Sort by column on load

  • Search Inventory

  • Add export option

• After clicking page refresh disable button for 5 seconds

• Automatic decryption (if permissions granted) of BitLocker Keys if encrypted

• Device Modal shows client boundary group and internet/intranet status

• Add Bulk Actions to CVE Modal

Bug Fixes

• Update Vulnerable Nuget Packages

• Tooltip shouldn’t show over portlet button menus

• Changing Dashstat month bug not taking global filter into account

• Bulk action requests fail when request payload is too large

• Editing a Custom Dashboard requires it to be saved with a new name

• German translation for password change message wrong

• Custom dashboard Barchart description shows loading

• Add a CreateCollection Permission to be used when creating collection

• Fix Device Modal tabs on patch insights.

• Intermittent page crash on load due to signal r issue

• Some Windows versions incorrectly showing as expired

• Client Inventory SQL updates to fix missing data issue.

Misc

• Updated dotnet runtime to 8.0.10

2.3.5 - 2024-09-11

This is an optional bugfix release

Features

• Add Selected Devices to Collection now allows multiple Collections to be selected or created.

• Allow Filtering on Client Version Column Client Deployment Modal Table

• Collection Modal Bulk Add Devices to Collection icon change and update to allow comma, new line & carriage return separators on input form

• Update Window 11 Readiness to include GE24H2 (Win11 24H2)

• Update Bitlocker recovery key display to show decrypted if execute permission is granted.

Bug Fixes and Misc

• Update dotnet to 8.0.8

• Collection Modal Bulk Add Devices to Collection fixes

• Fix Collection Modal Remove Device from Collection bug when removing more than 1 device.

• Custom Dashboard shouldn't allow saving or editing a dashboard with same name as existing.

• Fix database migration for EU Time zones

• Software Updates Modal Refresh table fix

• Distribution Points List fix when no drive letter found on broken Distribution Point

• Show desktops and laptops on BitLocker TPM stats

• OSD Dashboard bug fixes

• Microsoft Update Dashboard bug fixes

2.3.4 - 2024-08-12

This is an optional bugfix release

Bug fixes

Fixed an issue for customers using older versions of SQL Server than 2016 SP1 (13.0.4001) not being able to load any dashboards (Incorrect syntax near 'HINT' ERROR).

Fixed the top row of statistics on the Warranty Dashboard.

Misc

Updated dotnet to latest version for security bug fixes (8.0.7).

2.3.3 - 2024-08-08

This is a required bugfix release

Bug fixes

Fixed an RBAC based issue with view more information when clicking on an application on the Software Applications dashboard.

Fix issue with Warranty dashstats not showing correct details

Update logic for SQL Server check that decides whether to include cardinality options

Updates to BitLocker recovery at risk data

2.3.2 - 2024-08-06

This is a required bugfix release

Bug fixes

Fixed an RBAC based issue with view more information when clicking on an application on the Client Inventory dashboard.

Fixed an RBAC issue when viewing more information about users

Fix clicking on a required update on the device modal and it loading the update details modal

2.3.1 - 2024-08-01

This is a major release.

New Features

Audit logs

In the Administration node you will find the “Audit logs” area. This lists all activities in the Advanced Insights portal. The list is filterable by user and can be exported.

Create collections

You can now create new ConfigMgr collections using Advanced Insights. The Resources - Collections page has a "Create New Collection" button.

You can also create a collection from a device list and automatically add the selected clients to a new collection or add to an existing collection.

Delete user profile task

We have added a new function to allow you to delete profiles from client devices. This is useful in support scenarios for outdated or orphaned profiles.

The delete action is also available in the device view - Users - User Profiles.

BitLocker Recovery Key view

For customers with BitLocker MBAM integrated with Configuration Manager we will now allow you to view the BitLocker Recovery Key in Advanced Insights. Users must have the relevant permission in their Advanced Insights role. The key is accessible via the Device View - Hardware - Disks tab.

Device View export improvements

We now support the export of any of the tables in the device view.

Configuration Manger Console Extension

Log builder for support cases

We have included a new Log Builder application, this is integrated into the Installer wrapper and will execute automatically on failure. It can also be run manually from C:\Program Files (x86)\Advanced Insights\Api\LogCollector\AdvancedInsightsLogDiag.exe. When run it creates a zip file on the desktop with environment details and logs to aid Patch My PC Support in troubleshooting.

Optimisations

Modal views with multiple tabs now load the tabs on-click, making initial load faster.

Filters on dashboard pages are now cached and load only once per-page rather than once per-object.

Bug fixes

Modal views now all obey RBAC when being accessed via a shared link.

Fix for modal failing to loading via a shared link.

Month-based software updates dashstat now fixed for custom dashboard load.

Misc changes

Client secrets for warranty providers are now obfuscated in the UI.

2.2.3 - 2024-06-28

This is a minor bugfix release.

Fixes

Fix for Software Updates dashboard not loading for some customers.

2.2.2 - 2024-06-27

This is a minor release mainly focused on bugfixes.

New features

Modal sharing allows users to share select modals for other to see, allowing collaboration between users who are working on a task together.

Fixes

Fixes for action buttons on device modal for logs and PMPC actions not working correctly SQL changes for CPU duplication and device modal SQL changes for device resources to ensure obsolete devices are excluded SQL changes for device resource popups to show unknown for manufacturer and model rather than null

Fixed warranty recache not working without settings permission.

Fixed textarea font being wrong

Multiple custom dashboards fixes, mainly around filter selection for certain items.

Global filter selection now filters modals when the dashboard has changed.

2.2.1 - 2024-06-11

This is a major release.

New features

Custom Dashboards.

Users can now create a dashboard of their own items from all viewable items for their role. For example, a user can create a dashboard with objects from Resources, Hardware, Software Updates Trend, OSD, all in one view.

Custom dashboards can also be shared with other users or roles (permissions permitting).

Revised SQL queries for large performance gains

We have made hundreds of SQL Cardinality statements to ensure SQL performance is consistent across different SQL Cardinality levels.

Custom logos

New option to specify custom logos for the identity banner in the Advanced Insights portal. The logo file is what is shown when the menu is expanded, the Icon setting is shown when the menu is minimized.

New Dashboards

Local Administrators dashboard

The new Local Administrators dashboard requires the Advanced Insights inventory extensions. The dashboard shows the groups and accounts that are members of the local admins group on all devices.

OS Uptime dashboard

The OS Uptime dashboard lists each device and its latest uptime.

Wireless adapters dashboard

The Wireless Adapters Dashboard requires the Advanced Insights Inventory Extensions. This dashboard helps to identify the wireless NICs and associated drivers with the versions. Clicking through will show further details about wirless connectivity on the individual device:

User profile dashboard

The User Profile Dashboard requires the Advanced Insights Inventory Extensions.

This dashboard shows the details for all profiles on client devices. Profiles which are unused for <90 days are highlighted as "Aged Profiles", "Orphaned Profiles" are profiels on devices for which there are no longer valid accounts.

Installer Improvements

Can now reset Admin password using Modify option in Add/Remove Programs. Can also change certificate, CNAME and port number with this option.

Software Metering Changes

Prior to this release Software Metering reports required the legacy Configuration Manager Software Inventory Agent to be enabled and performing inventory of any executable you wished to report Metering data for. This is no longer the case, Advanced Insights now uses the InstalledExecutable class, which is part of the Asset Intelligence inventory provider. The legacy Software Inventory agent can be disabled if you were only using it to enable Metering reporting.

Bug Fixes

Fixed bug with "Patch My PC Actions" not working for some customers.

Misc

Look and feel clean-up

Updated dependencies and DotNet version to DotNet 8. DotNet 7 components can now be removed from Advanced Insights servers (if not required by other applications).

Deprecations

Boot Performance dashboard. Microsoft removed the dependent dataset from the Configuration Manager product, so we have had to remove this dashboard.

2.1.2 - 2024-04-10

Minor optional release to fix an upgrade issue experienced by users who login via Azure Active Directory (Entra). This release fixes the error "Username '{emailaddress}' is already taken" when logging in.

2.1.1 - 2024-03-20

Minor release to permit upgrade for customers on pre-release version of 2.1.0 and to fix minor version numbering error.

2.1.0 - 2024-03-19

Major release with changes to infrastructure requirements and new functionality.

Updated dependencies

• Dotnet has been update to 7.0.17 for security fixes

New Functionality

• Major performance improvements in SQL load time for Home dashboard, Software Updates dashboard and Updates page.

• Update Trend dashboard

• This new dashboard provides visibility of deployment compliance trend over time. You can plot how long it took from update release to first install, 50% compliance, 90% compliance and total installation. The chart can be expanded under the cog icon to show total deployment data. On first load the update with most deployment data over the past 30 days will be selected, you can use the filter pickers below the chart to select other updates, date ranges and filter by collection.

• Browser Extensions Dashboard. New dashboard (requires latest inventory extension update)

• Warranty dashboard now respects RBAC and Collection filters

• Custom Patch My PC actions available to install update, clear the CCM cache, Repair the ConfigMgr client a "Notify" option to send a message a to a device. These functions use the BGB Channel, so will function over CMG as well as on LAN. They are also available in the Bulk Actions lists, allowing you to bulk send a notification, or clear the ConfigMgr Cache on a list of machines.

• Draggable modals - you can now move the popup modal views around the screen

Bug fixes

• Warranty re-caching now works again

• If the MSRC API has availability issues, we will now load cached data if possible

Installer Improvements

• Installer PowerShell custom actions rewritten into C#.

• Installer now includes modification feature to change the SSL certificate which is used for Advanced Insights.

• Dialog text and layout improvements.

2.0.3 - 2024-02-15

Minor release primarily for security and browser engine changes

Updated dependencies

• Dotnet has been update to 7.0.16 for security fixes

• Ag-grid has been updated to 31.0.1 for bug fixes

New features

• Microsoft version data is now bundled with the application as backup in case docs.microsoft.com is inaccessible

• Added additional info to AD settings, detailing how it works

Bug fixes

• Disabled global filter for warranty dashboard.

• Added in additional error messages and checks for AD Auth failures and why

• Fixed potential issue with tables not rendering and future EDGE/Chrome release

• Fixed filters not being applied on search and dashboards

• Multiple SQL changes for speed and accuracy

• "View more data" modals that showed no data are now fixed

2.0.2 - 2024-01-17

Minor optional update to add security scope for new graphics dashboard.

2.0.1 - 2024-01-16

Breaking changes

• Advanced Insights API App pool now runs as Local System instead of Network Service as the API Website has inherited the work of the Controller Website which ran as Local System.

• Port 44300 is no longer required for application functionality and firewall rules can be disabled. 44301 is now the only mandatory required port.

Deprecated functionality

• Proxy bypass is deprecated as there is no more localhost communication between websites.

• Advanced Insights extension PowerShell package is now deprecated and is no longer supported or recommended. Replaced with WMI Provider.

• Email and SMS based 2FA have been removed, Google (TOTP) based 2FA is the only support 2FA auth solution.

Major changes

• Extensions now work using WMI Provider and not PowerShell scripts.

• Application now consists of just the API and Frontend websites.

• Large installer rewrite.

• CNAME support.

• Global collection filter, allowing full dashboard collection filter with persistence between dashboard changes.

• Windows 11 Readiness dashboard.

• ODBC Dashboard.

• Graphics card dashboard with click through details on device view.

• Client actions can now be performed against a list of devices in any data table.

• BitLocker compliance now provides "no compliance" reason.

• Device power state indicator in lists where a device is shown.

Minor changes

• Targeting latest dotnet 7 version and library updates.

• Remote control is now bundled with the application in the installation directory.

• Additional export functionality for Warranty data.

• Partial CVE Search in global search (MSRC Only).

• Extensions settings page redesign.

• Debug ability to limit amount of concurrent SQL queries being run against the DB

Bug fixes

• Revised SQL queries for Content DP List for Application Modal.

• Visual fixes around colours, spacing and layout.

• 2FA enablement in users’ profile is now visible.

• Misc fixes and optimisations.

1.0.27 - 2023-11-27

Features:

• Patch Insights - Update-focussed reporting solution for non-Premium SKU customers. The same installer is used, the version of Insights shown to the user is dependent on the Patch My PC Licence.

• CVE Dashboard improvement - BaseScore and TemporalScore tooltips added to describe what these mean for threat analytics.

Bug fixes:

BREAKING CHANGES:

• Switched Active Directory authentication to use UPN instead of email address for Active Directory users. If your user's UPN is different from their email address, then a new user will be created in Advanced Insights.

NON-BREAKING CHANGES

• Fixed bug removing settings inputs for Azure AD if "disabled" is not selected

• Fix issue in Global collection not being set

• Switched to using CNIsOnline for device online check in device modal to more reliably display online status. Also show online status in device modal title

• Fixed settings page not working for non admin role users

• Fixed license revalidate when not an admin user

• Modal fixes for View Chart Data for Servicing channel and Release Version

• Checkbox visibility improved

• Multiple revisions to the SQL queries related to performance

• Multiple smaller fixes

1.0.26 - 2023-10-02

Installer Improvements

• Certificates dialog – complete redesign.

  Key certificate properties are shown within the dialog and flag any warnings

• Upgrade dialog updated.

  Now includes info on the current certificate and if there’s any attributes of the certificate which require attention and an option to change the in-use certificate.

• Current certificate properties can be viewed in this screen:

Product Improvements

• Support for non-English versions of Windows "Enterprise" in the Operating System support statements

• OSD Dashboard now shows progress for Task Sequences without the standard Apply OS step

• Threat Analytics dashboard now shows an error if SQL Functional Level is not at least 130

• Further proxy fixes

Known Issues

• Accessing the welcome page will reset proxy bypass to false, causing the application to fail to render any dashboards for customers who require this setting to be enabled. To fix, please go to Administration -> Settings -> External Services -> Re-enable Localhost Bypass and save -> Restart the controller website via IIS Manager on the server hosting Advanced Insights.

1.0.25 - 2023-09-15

Product Improvements

• Proxy settings now allow both Localhost via proxy and Localhost proxy bypass. Proxies are now enabled for Localhost by default.

• Fixed application initialisation regression (spinning circle on load).

Installer Improvements

• The installer has new logic to exclude selection of certificates with weak signature algorithms ('SHA1', 'SHA1RSA' etc) and include certificates with algorithms at SHA256 and above.

• During the IIS Configuration phase, the installer will now add required MIME Types and HTTP Verbs.

  • MIME Types

    • .json - (API, Controller and Warranty site objects)

    • .jsonId - (API, Controller and Warranty site objects)

    • .woff - (Frontend site object)

    • .woff2 - (Frontend site object)

  • HTTP Verbs

    • 'OPTIONS' = True are set automatically under ‘Request Filtering’ for both API and Controller site objects.

1.0.24 - 2023-09-13

Product Improvements

• Fix for issue with Advanced Insights when installed on the same server as Patch My PC Publisher. Changes to registry permissions in the Publisher led to an exception in the Advanced Insights portal.

1.0.23 - 2023-08-30

Installer Improvements

Product Improvements

• Removed faulty Certificates class from custom inventory

• Modified faulty Local Group class to exclude domain controllers

• Improvement to proxy handling for proxy servers which route localhost entries.

• The login page was limited to 32 character passwords, this restriction has been removed

• Warranty tab would not load if General tab had not first been loaded

• Office 365 page load failure

1.0.22 - 2023-08-18

Installer Improvements

• First install now finds most appropriate free port for the frontend website, will default to 443 if available, then 444, then 44303 and up.

• Certificate selection dialog is now locale independent

Product Improvements

• Proxy support has been improved. If the Welcome Experience cannot access api.patchmypc.com it will automatically prompt for proxy details at first use. The proxy types supported are http, socks4 and socks5. Please add the correct protocol to the start of your proxies network address e.g. http://x.x.x.x, socks4://x.x.x.x, socks5://x.x.x.x. Ports can be added at the end of the network address e.g. http://x.x.x.x:1234"

• Software inventory reports failed with application version strings greater than 32 characters.

• Console users and device affinity sometimes missing from device view.

• Connected display view in device view was sometimes incorrect in screen display order.

• Missing data in "Missing Configuration Items" view in Microsoft Updates page.

• NULL Content Sources paths cause exception in Inventory Extensions tab.

• License File handling improved for license refresh scenarios.

• When using AzureAD Authentication first name and surname mapping was incorrect.

• Added functionality to differentiate between workstations and servers on the pending restart reports.

• Data Export function missing from Collections, Connected Displays, Batteries data, Physical storage devices.

• Fixed a bug that caused roles with an AD group to not be assigned to the user if any other roles were set as default.

1.0.21 - 2023-07-14

Product Improvements

• Bug with Warranty Service when installing on ConfigMgr database host. If you are not affected by this then you do not need to upgrade. Can also be fixed by carrying out the following process:

  1. In IIS Admin go to Application Pools, find the Advanced Insights Warranty App Pool, select it and click Advanced Settings

  2. Scroll down to the Identity property and change it from NETWORK SERVICE to LOCAL SYSTEM and click OK to that change

  3. Browse to %ProgramData%\AdvancedInsights\Data\Warranty and delete the AdvancedInsightsWarranty.db file

  4. Now go back into Advanced Inisghts and go to Administration - Settings - External Services and uncheck the "Warranty - Is Enabled" checkbox. Save this setting.

  5. Now go back to that tab and re-enable Warranty and Warranty Caching. Save this.

  6. Go back to the Warranty Dashboard and click the Bulk Processing dashstat in the top left.

1.0.20 - 2023-07-12

Installer Improvements

• Installer will install Internet Information Server if it is not already present

• SQL Connection dialog allows user to check permissions to database as well as connectivity

• Certificates dialog excludes a wider range of invalid certificates (checks DNS/SAN names are FQDN)

• Enhanced support for non-English languages (especially French)

Product Improvements

• Fixed the following bugs:

• Distribution Point view showing incorrect drive letter

• Device view title not populating with client name

• Inventory script for getting battery health times out

• CVE view does not load when opening CVE tab from Update view

• Remote control helper download link was invalid

• AD authenticating users may have group-assigned roles added multiple times

• Invalid security permissions removed for "Security Analyst" dashboard

• User with access to Collection dashboard has rights to modify collection membership even if that right is not granted

• Unable to see all data in Content Sources - CloudDP - Host table

• Missing descriptive text on OS Boot Performance dashstats

• Task sequence action errors show incorrect year date

• AD integrated environments do not assign default roles if group-assigned roles are applicable

• Dashboards fail to load when installed on French Language server OS

• View Chart Data option on Windows Servicing chart shows correct data

New Features / Changes

• Operating System Page now has Pending Restart data

• Software - Client Inventory now includes User Installed Applicaiton info

• Added SMTP Configuration settings

• IIS Application Pool identities are now NETWORK SERVICE and LOCAL SERVICE instead of LOCAL SYSTEM for API, Warranty and Frontend websites. Controller can run under NETWORK SERVICE (requires manual modification) if running on a server which is not the SCCM site server.

• Log files now created in %ProgramData%\AdvancedInsights\Logs folder and with .log extension

• Warranty database now created in %ProgramData%\AdvancedInsights\Data

• Usability improvements to Welcome experience

1.0.19 - 2023-06-06

Installer Improvements

• Installer will remember last used certificate and SQL server details from this version on - support for silent upgrade for version 1.0.20 onward.

• Previous used certificate is highlighted in certificate dialog to help with setup.

Product Improvements

• Fixed bug for device view title not loading correctly in certain scenarios

• Bug where AD user accounts have roles reassigned at each login is resolved

• Removed unneeded role entries

• Added SMTP configuration settings for email notification to users on account creation and password reset

• Fixed bug with users having rights to add devices to collections via collection dashboard when this right was not granted

1.0.17

Internal build, not released publicly.

1.0.18

Internal build, not released publicly.

1.0.16 - 2023-05-19

Installer Improvements

• Installer now shows details of in-use certificate on upgrade so that re-selecting the correct cert is simpler if that is the correct action. You can still pick a different certificate if required.

• We stop the App Pools on upgrade to try to alleviate issues with upgrade failing because of files in use.

Product Improvements

Fixed a bug when navigating to a CVE record from an Update record

1.0.15 - 2023-05-16

Improvements

• Removed the facility to upload custom logos, as this caused a problem rendering dashboard pages.

• User Role functionality errors required a user to have access to Settings area, this is no longer required.

• New roles did not function as expected and required an AD Group to be assigned, this is now fixed.

• Validation of Active Directory Group name fails when associating a role to a group, this has been fixed.

• CORS errors and dashboard load failure when the front end website is installed on port 443, this is now fixed.

• HP Devices show invalid data in Warranty dashboard. As the HP Warranty API is now deprecated this functionality has been removed.

• Export option missing from Application Compliance views.

• Added username to Application Compliance and Update Compliance view.

• Added collection filters to Hardware dashboards.

• Added RBAC filtering to Collections dashboard.

• Added Average Performance column to Operating System - Boot Performance dashboard.

1.0.1 - 2023-05-01

• Initial release of Advanced Insights

Applies to: Advanced and Patch InsightsAdvanced Insights stores configuration data in a SQLite database. This database is created automatically by the application in the following location:

%ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db

It is recommended to backup this file as it contains all of the configuration data for your Advanced Insights environment.

Applies to: Advanced and Patch Insights

Advanced Insights requires a valid SSL certificate to bind to the application websites and supports the following types:

• Server host (FQDN) standard certificate.

• Wildcard certificate.

• Custom CNAME / Alias certificate.

• Self-signed certificate.

Certificate configuration scenarios

• Scenario 1 - Server Host name certificate.

  • For Advanced Insights URL deployment using server host name (e.g. https://server01.contoso.local) follow steps described in section:Standard Server host name certificate

• Scenario 2 - Wildcard certificate.

  • For custom Advanced Insights URL deployment using a wildcard certificate (e.g. *.contoso.local) follow steps described in section: Wildcard certificate

• Scenario 3 - CNAME / Alias certificate.

  • For custom Advanced Insights URL deployment using a CNAME / Alias, (e.g. https://AdvancedInsights.contoso.local) follow steps described in section: CNAME / Alias certificate

• Scenario 4 - Self-signed certificate.

  • For Advanced Insights URL deployment using a Self-signed certificate follow steps described in section: Self-signed certificate

Standard Server host name certificate

Select the certificate which represents the server host name (FQDN).

Once selected, no further certificate configuration is required.

Click Next to proceed to the Advanced Insights SQLite Database page.

Wildcard certificate

Select the certificate which represents the wildcard certificate.

Click the 'Set CNAME / Alias' button.

In the CNAME / Alias configuration page, the installer will automatically pre-populate the domain wildcard property from the selected certificate.

The CNAME / Alias property value box will need to be updated with a chosen CNAME / Alias prefix. For example:

'AdvancedInsights.corp.contoso.local'

Then click 'Set CNAME - Alias'.

Click Next to proceed to the Advanced Insights SQLite Database page.

CNAME / Alias certificate

Select the certificate which represents the CNAME / Alias certificate.

Click the 'Set CNAME / Alias' button.

In the CNAME / Alias configuration page, the installer will automatically pre-populate the CNAME / Alias property based on the available SAN entries from the selected certificate.

In this example, the selected certificate has one SAN entry which has been automatically pre-populated:

Confirm the CNAME / Alias configuration by clicking the 'Set CNAME / Alias' button.

Click Next to proceed to the Advanced Insights SQLite Database page.

Self-signed certificate

To deploy Advanced Insights using a self-signed certificate, on the certificate selection page, click the 'Create Self -Signed Cert' button:

The installer will then automatically proceed to the Advanced Insights SQLite Database dialog page.

Applies to: Advanced and Patch Insights

Advanced Installer will create two websites and related application pools. The Dashboard website (Advanced Insights Frontend) is the site you will access to view dashboards and reports, the other site (Advanced Insights Api) is internally referenced only.

The IIS Configuration page allows you to set the dashboard port and IIS application pool identity to your requirements. The port is what will be used when browsing the portal (e.g., https://adv01.contoso.com:444). The API port is read-only. Firewall rules will be automatically created for the dashboard, and API websites.

The IIS Application Pool identity used for both the Advanced Insights Frontend and Api application pools is 'LocalSystem' by default. An alternative identity (Active Directory account) can be used if required. More details on IIS application pool identity here: IIS Application Pool Identity

Examples:

In this example, the installer automatically determined that the best available port was 444. IIS Application Pool left as default 'LocalSystem'.

In this example a custom IIS application pool identity has been set:

Confirm the required Dashboard Port and if required, IIS application pool identity and click Next.

Applies to: Advanced and Patch Insights

Installation Summary

This completes the pre-install configuration of Advanced Insights, a summary screen is shown and you can review and click Install to begin the installation.

Installation

The installer may take up to 30 minutes to complete.

Applies to: Advanced and Patch Insights

The following configurations can be modified for an existing Advanced Insights deployment. SSL certificate.

Advanced Insights website frontend network port.

Reset default admin password.

Starting the modify process.

If the install executable version that was originally used to deploy Advanced Insights is available, you can start the modify process by rerunning the original installer. Otherwise, locate the Advanced Insights listing in the add - remove programs list and select 'Modify'.

Click 'Modify'

Click 'Yes'

Click 'Modify'

Select the required modification option checkbox to enable the related 'Change' button

Applies to: Advanced and Patch Insights

Version 2.1 of Advanced Insights removes SQL Server dependency. Advanced Insights configuration data previously stored in SQL Server will now be maintained in a SQLite database which is stored in %ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db

Example upgrade summary page when migrating from SQL to SQLite db:

All data will be migrated to this new database from SQL Server when the application first starts up following upgrade.

Once this is complete (you can confirm this by logging into Advanced Insights post-install) you can safely remove the PMPCAdvancedInsights SQL database. If you had installed SQL Express to support this requirement, this can also be removed.

Applies to: Advanced and Patch Insights

When you run the installer, it will prompt for you to accept the license terms.

You will be presented with the upgrade summary page. There is also the option to change the certificate, network port or IIS application pool identity if required.

If upgrading from 1.0.x and 2.0.x versions of Advanced Insights, the upgrade summary page will also include summary information about the Advanced Insights SQL DB migration to SQLite.

See section: Upgrading to Advanced Insights 2.1 and later from 1.0.x and 2.0.x versions

If you wish to do so, click the 'View / Change Cert' button will show additional information about any warnings being flagged.

Following this, click Install to start the upgrade process.

The upgrade success page is displayed upon completion.

Applies to: Advanced and Patch Insights

Completion

When the installer has completed the final wizard screen is shown. This includes a link to go to the welcome experience dashboard. The first use username is admin the initial password is 123qwe which you will be prompted to change.

Applies to: Advanced and Patch Insights

Run the installation

Start the installation by double-clicking the downloaded AdvancedInsights.exe

Prerequisites Screen

Once the installation starts, you will likely be greeted by the prerequisite screen in our installer wizard, click Next.

Select Prerequisites

Any required prerequisites are listed. These can all install without requiring a restart. Confirm the requirements and click Next.

License Terms and Conditions

Once the required prerequisites have been installed, you must accept the Terms and Conditions of use. Tick the "I agree" box and click Next.

Installation Folder

Advanced Insights requires approximately 1.5GB of storage space. Confirm the installation directory and click Next.

Applies to: Advanced and Patch Insights

To completely remove the product we will carry out the following actions:

1. Remove the Advanced Insights Inventory Extensions (if deployed)

2. Uninstall the Advanced Insights product

3. Remove the Advanced Insights database

Removing the Inventory Extensions

You can manually remove the Inventory Extensions from a ConfigMgr Console under: Administration > Client Settings > Default Client Settings > Hardware Inventory > Set Classes ...

Carefully Select and delete each PMPC_ Inventory Class from this window individually. This will remove them from your Hardware Inventory Schema and delete their data from the database:

Uninstall Advanced Insights

The uninstall is automated from Settings / Add Remove programs, simply select the application and click remove.

The uninstall will leave behind some customization files, including the Advanced Insights SQLite DB. This can all be removed by deleting the following folder:

%ProgramData%\AdvancedInsights

Applies to: Advanced and Patch Insights

This section describes the steps required to change the frontend network port used for an existing Advanced Insights deployment.

In the configuration modification page, select the checkbox for 'Frontend SSL Port Configuration' then click 'Change SSL Port':

Click 'Edit port' in the 'Advanced Insights' section and enter a new port number, then click 'Next'

Click 'Install

The installer will make the required configuration changes and display a summary once complete.

Click 'Finish'

Applies to: Advanced and Patch Insights

This section describes the steps required to reset the password for the default 'admin' account for an existing Advanced Insights deployment.

In the configuration modification page, select the checkbox for 'Default Admin Password Reset' then click 'Reset Password':

The password reset confirmation is then displayed. Click 'Close'

Click 'Finish'

Applies to: Advanced and Patch Insights

This section describes the steps required to change the SSL certificate used for an existing Advanced Insights deployment.

In the configuration modification page, select the checkbox for 'SSL Certificate' then click 'Change Certificate':

Use the drop down list to select the SSL certificate which represents the CNAME / Alias you wish to use.

With the appropriate SSL certificate selected, click 'Set CNAME / Alias'

In the set CNAME / Alias dialog page, the dialog will be prepopulated with a value for the CNAME / Alias based upon the selected certificated.

Modify the prepopulated URL value if required.

Click 'Set CNAME / Alias'

Click 'Next'

Click 'Install'

The installer will make the required configuration changes and display a summary once complete.

Click 'Finish'

New Advanced Insights URL

This section describes the steps required to change the IIS Application pool identity used for an existing Advanced Insights deployment.

In the configuration modification page, select the checkbox for 'IIS Application Pool Identity' then click 'Change Identity':

Select 'Local System' or to set a custom identity using an Active Directory account, select 'Specific User':

In this example we will set a custom identity using an Active Directory account. After entering the account username and password, (The domain value should already be pre-populated by the installer) the 'Check Credentials' button can be used to validate the account credentials entered.

Click OK

The confirmation page is then displayed. Click close to exit the installer.

This completes the steps required to modify the IIS Application Pool identity.

Applies to: Advanced and Patch Insights

Advanced Insights stores all application configuration in a SQLite database located in the following folder:

%ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db

Advanced Insights stores all warranty data in a SQLite database located in the following folder:

 %ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsWarranty.db

These files can be backed up by any file backup solution.

To restore the configuration in the event of loss or server move, simply re-install Advanced Insights and copy the backup files into the same location, overwriting the blank database supplied by the installer.

Applies to: Advanced and Patch Insights

Advanced Insights needs read access to the ConfigMgr SQL database. If Advanced Insights is installed on a server that is not the ConfigMgr site server, or a custom Active Directory account is used for the IIS application pools, you will need to grant some SQL permissions.

Assigning Rights to ConfigMgr SQL

Option 1 - Using the Advanced Insights Computer Account

1. Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database

2. Execute the following script replacing the domain\computername and CM_XXX database name

Use Master
DECLARE @ADVINSTSERVERNAME AS VARCHAR(100)
DECLARE @CMDBNAME AS VARCHAR(100)
SET @ADVINSTSERVERNAME ='domain\computername$' -- Replace 'domain\computername$' - Example 'contoso\sccmsqlsvr$'
SET @CMDBNAME ='CM_XXX' -- Replace with the name of your ConfigMgr database name
DECLARE @LOGIN_nonquoted AS VARCHAR(100) = @ADVINSTSERVERNAME
DECLARE @LOGIN AS VARCHAR(100) = QUOTENAME(@LOGIN_nonquoted)
DECLARE @CMDBNAME_nonquoted AS VARCHAR(100) = @CMDBNAME


EXEC ('CREATE LOGIN ' + @LOGIN + ' FROM WINDOWS');
EXEC ('USE' +' '+@CMDBNAME+';' + 'CREATE USER ' + @LOGIN + ' FOR LOGIN ' + @LOGIN);
EXEC ('USE' +' '+@CMDBNAME+';' + 'ALTER ROLE db_datareader ADD MEMBER' + @LOGIN)

Option 2 - Using a user account for Advanced Insights

Advanced Insights access to the Configuration Manager SQL database can be configured to use a Active Directory user account. This account is set as the IIS application pool identity.

See: IIS Application Pool Identity

1. Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database

2. Execute the following script replacing the domain\username and CM_XXX database name

Use Master
DECLARE @ADVINSTSERVERNAME AS VARCHAR(100)
DECLARE @CMDBNAME AS VARCHAR(100)
SET @ADVINSTSERVERNAME ='domain\username' -- Replace 'domain\username' - Example 'contoso\john'
SET @CMDBNAME ='CM_XXX' -- Replace with the name of your ConfigMgr database name
DECLARE @LOGIN_nonquoted AS VARCHAR(100) = @ADVINSTSERVERNAME
DECLARE @LOGIN AS VARCHAR(100) = QUOTENAME(@LOGIN_nonquoted)
DECLARE @CMDBNAME_nonquoted AS VARCHAR(100) = @CMDBNAME


EXEC ('CREATE LOGIN ' + @LOGIN + ' FROM WINDOWS');
EXEC ('USE' +' '+@CMDBNAME+';' + 'CREATE USER ' + @LOGIN + ' FOR LOGIN ' + @LOGIN);
EXEC ('USE' +' '+@CMDBNAME+';' + 'ALTER ROLE db_datareader ADD MEMBER' + @LOGIN)

Applies to: Advanced and Patch Insights

For various Configuration Manager console actions and features to work, the accounts running the IIS App Pools need to have permissions to connect to your SMS Provider Server.

By default, the IIS App Pools run under the local computer account of your Advanced Insights Server.

⚙ Add the IIS Pool Account To ConfigMgr Security Role

1. Open the ConfigMgr console and navigate to Administration > Security > Administrative Users > click Add User or Group

2. Choose the User/Computer account running your IIS App Pools. In our example we are adding the local computer account of our server named "SCCM"

⚙ Use a Custom Security Role (Optional)

If you wish to adhere to the "Principle of Least Privilege" then you can download the XML file below and import it as a security role into ConfigMgr. This role grants the lowest possible privileges.

To import the security role XML file, open the ConfigMgr console and navigate to Administration > Security > Security Roles > click Import Security Role.

Applies to: Advanced and Patch Insights

On first logon, you will see the welcome page. You can access this page any time by clicking your username in the top right of the screen.

The welcome screen needs your Patch My PC license key and your ConfigMgr site server details.

License Key

If Advanced Insights is installed on the same server as the Patch My PC Publisher we will read the license key automatically. Alternatively, please add your license key and click to verify.

Configuration Manager Database Details

Provide the server name and database name of your ConfigMgr primary site and click to connect.

As long as the IIS application pool identity running the Advanced Insights Controller website has permission to read the database, you should be good to go.

Once the license key and SQL sections are successfully completed, click Go to Dashboard in the final step to complete setup.

Applies to: Advanced Insights

Several features of Advanced Insights (this is not relevant for Patch Insights) require the deployment of our Inventory Extensions. This process adds additional reports and functionality to Configuration Manager.

To setup the Inventory Extensions, there are two actions to complete:

⚙ Extend ConfigMgr's Hardware Inventory Schema

1. Navigate to the Administration > Settings page

2. Select the Advanced Insights Inventory Extensions tab

4. Click Update Hardware Inventory via Advanced Insights

⚙ Manual Steps to Extend Hardware Inventory Schema

1. Download AdvancedInsights_SMS_DEF.mof

2. In the ConfigMgr Console, navigate to Administration > Client Settings > Default Client Settings > Hardware Inventory > Set Classes...

3. From this page click Import... and select the AdvancedInsights_SMS_DEF.mof

4. Tick/untick the imported Inventory Classes as required

💿 Deploy the Inventory Extensions MSI to clients

Client-Side Requirements for the Inventory Extensions MSI

• Windows 10/11, Windows Server 2012 - 2022 (64-bit)

• .NET Framework 4.8

To deploy the Advanced Insights Inventory Extensions from the Patch My PC Publisher

You can deploy the Inventory Extensions product via Patch My PC Publishing Service

1. Open the Patch My PC Publisher, navigate to the ConfigMgr/Intune Apps tab and select Patch My PC > Advanced Insights Inventory Extensions (MSI-x64)

2. To quickly sync this app to ConfigMgr/Intune without having to wait for all other selected apps and updates in the Publisher to evaluate and process, right click the Advanced Insights Inventory Extensions (MSI-x64) app and select Publish this product during the next manual sync. (Selective sync).

3. On the Sync Schedule tab, click Run Publishing Service Sync.

4. Verify the Inventory Extensions x.x.x.x (MSI-x64) application was created and deploy it to your desired collection(s).

Applies to: Advanced Insights

Inventory Extensions Process Visualized

What is the Inventory Extensions MSI?

The Inventory Extensions MSI is a .NET WMI Provider. This provider code is loaded by the WMI Service on Windows clients. The provider returns data that the client processes into a hardware inventory report where it is then submitted to the ConfigMgr site server and entered into the SQL database.

What is WMI?

WMI stands for Windows Management Instrumentation. It is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows-based systems. WMI provides a standardized way for systems administrators to manage and query information about their systems.

The heart of WMI is the WMI Service, known as Winmgmt and part of the Windows OS, this service runs in the background on all Windows systems. This service acts as a broker between WMI Clients (ConfigMgr client) and the WMI Providers (Inventory Extensions MSI) that deliver the actual data.

How does this integrate with ConfigMgr?

ConfigMgr's existing hardware inventory data is collected from WMI. We simply extend ConfigMgr's default hardware inventory policy with the new definitions of our Inventory Extensions data. This allows the ConfigMgr clients to query our WMI Provider through the WMI Service during its normal hardware inventory task - just like it would for any existing hardware inventory class.

For this reason we do not consider the Inventory Extensions MSI as an "Agent". We do not install any services on clients, instead the existing WMI Service brokers the connection between our Inventory Extension MSI code and the ConfigMgr client for us. The only time this code runs on clients is during a Hardware Inventory task or when a custom client action is invoked, after which the WMI Service handles the unloading of our WMI Provider.

Applies to: Advanced and Patch Insights

Advanced Insights supports http, socks4 and socks5 network proxies.

Please add the correct protocol to the start of your proxies' network address e.g. http://x.x.x.x, socks4://x.x.x.x, socks5://x.x.x.x. Ports can be added at the end of the network address e.g. http://x.x.x.x:1234"

Adding a proxy server in the Welcome page

If Advanced Insights cannot automatically access our licensing service at https://api.patchmypc.com we will automatically prompt for you to supply proxy details.

Adding a proxy server in the Settings page

Proxy configuration can also be added in the Administration - Settings - External Services tab

Applies to: Advanced Insights

Advanced Insights (this is not relevant for Patch Insights) will display the warranty status of Lenovo devices in the device modal display. We need to provide a warranty API token to be able to get this data.

To apply for a warranty API token you need to request one from your Lenovo account manager.

Once you have successfully obtained your API key log into Advanced Insights and navigate to the Administration area. Go to Settings - External Services and check the "Is Enabled" and "Enable Warranty Caching" option.

Enter the provided Lenovo warranty text for the Lenovo API Client token and click save all.

You can then navigate to the Warranty dashboard and click the Bulk Processing object in the top left to initiate warranty lookup.

Applies to: Advanced Insights

If you use Intune to manage your windows updates (Windows Update for Business) then none of that compliance data is visible from ConfigMgr. This requires you to have to read compliance data from BOTH ConfigMgr and Intune.

Solution

• You get complete visibility of all update compliance from Advanced Insights

How does it work?

We supplement your ConfigMgr compliance data with additional data from Microsoft Update.

Our Inventory Extensions WMI Provider runs on clients and scans against Microsoft Update to find update compliance data. This data is then pulled into ConfigMgr via Hardware Inventory for reporting.

Requirements

2. Clients must be configured to use Windows Update for Business

Applies to: Advanced Insights

Advanced Insights (this is not relevant for Patch Insights) can access device warranty information from a variety of vendors. For access to Dell warranty information you will need an API key provided by Dell. The process to apply for a key is shown here.

Once you have successfully obtained your API key log into Advanced Insights and navigate to the Administration area. Go to Settings - External Services and check the "Is Enabled" and "Enable Warranty Caching" option.

Enter the provided Dell warranty text for Client ID, Client Secret and click save all.

*Please only enter in the text in-between the brackets for the API Client Secret.

Applies to: Advanced Insights

Advanced Insights (this is not relevant for Patch Insights) can access device warranty information from a variety of vendors. For access to HP warranty information you will need to sign up to HP Workforce Experience, enrol all the HP devices you want to collect warranty data on and set up a developer account to access the warranty data.

Developer account creation

First, we will create the developer account needed to interact with the HP Workforce Experience api.

Initial setup

API Enrolment

First, you will need to create an account if you do not have one already. If you have a HPID for HP Workforce Experience, you can use this account.

Creating credentials

Please visit the link above to open the credentials generation page. You will be show the following options below. Click Get Credentials in the HP Proactive Insights Analytics section.

Credentials creation flow

You will need to provide the following information:

1. Credentials name: We recommend "Advanced Insight Warranty"

2. Description: We recommend "API Keys for Advanced Insight Warranty"

3. Developer Redirect Url: This will be used by HP to redirect when you log in. This needs to be your Advanced Insights in the following format https://FQDN:PORT/app/main/view/warranty. Example https://contoso.local:444/app/main/view/warranty

4. Client ID: Leave blank

5. Tick Read Checkbox

Click create and you will be redirected back to the previous page.

Viewing app

Once you have been redirected, there will be a green success banner on top of the page. Please now click the "My API Credentials" link in the banner.

Now click on the newly created app by click the app name, this will load the app details page.

Here you will see information about the newly created app.

We need to copy

1. The API ClientId

2. The API Secret (click "Show Secret" to get this entry)

HP Settings in Advanced Insights

We now need to copy API ClientId and API Secret to Advanced Insights.

1. Go to Administration -> Settings -> External Services

2. Based on the location of the HP Workforce Experience portal you used, select US or EU.

3. Copy and paste the API Client ID into the Client ID input

4. Copy and paste the API Client Secret into the Client Secret input

5. Save settings.

Register for HP Workforce Experience

Using HP Workforce Experience

When you have registered and logged in, you will be greeted by the home experience of HP Workforce Experience. On the left hand side, you will need to click "Assets" to begin importing your HP devices into HP Workforce Experience.

Importing devices

HP Workforce Experience allows you to import your device using four different mechanisms. Currently only Intune Import and Asset enrolment allow for warranty data collection, manual and csv upload do not trigger warranty collection by design. To begin importing devices, please click the "Add" button in the top left of the page.

Intune import

To begin importing from Intune, please click the Intune Import button then click next.

You will be now asked to provide your Intune Domain Name, this can be found by going to the Intune portal, clicking Tenant Administration on the left hand menu and copying the Tenant name from the Tenant Status page.

You will now be greeted by the Microsoft Login flow, please log in using your microsoft credenitals as normal. You will be then presented the list of permission HP requests to perform the Intune import.

Once you have accepted the permission, the connection to Intune will be completed by HP.

You will now be asked if you wish to import Assets from Intune Groups, or to import all of your assets.

We shall continue using Group import only.

When you click on Import assets only from Intune groups, you will be presented with a full list of all your groups in Intune. You can filter out the groups you want to import and you can import multiple groups. Select the groups you want to import and click Import.

Intune will now begin importing your selected devices. You will receive a notification on begin and completion of the import.

You can also check progress by navigating to the logs link on the left hand side.

Asset Enrolment

To enrol your device by Asset Enrolment, please use the following HP documentation to distribute the agent.

Collecting Warranty

Collecting warranty in Advanced Insights works in the same way as the other providers, but you will need to log into HP on bulk caching.

Navigate to the warranty dashboard.

To begin, click the "Bulk Processing" statistic to begin re-caching warranty.

You will be asked to log in to HP, click yes and Advanced Insights will go to HP to log in.

Applies to: Advanced Insights

Clients with the Inventory Extensions MSI installed will support the use of our custom client actions:

⚙ Script Approval

If you see this message when using any of the custom client actions:

This means you have the "Additional Script Approver" setting enabled in ConfigMgr. To approve our script, please follow these steps:

1. Open your ConfigMgr Console

2. Go to Software Library > Scripts

3. Right click and approve the "Advanced Insights Client Actions" script

Custom Action Descriptions

• Install Updates - Installs all updates which are advertised to the device which are targeted as available or required. This is the same action as pressing Install All in the Software Center.

• Repair Client - Executes the ccmrepair.exe

• Clear CCM Cache - Clears all ccmcache items on the client (including persistent cache)

Applies to: Advanced Insights

PMPC_Disks

DeviceID: Identifier that uniquely names the physical disk.

BusType: The interface the disk is connected by.

MediaType: Media type of the physical disk

*Manufacturer: The name of the manufacturer

*HealthStatus: A high-level indication of device health.

*OperationalStatus: Status further explaining a given health status.

*Model: This field represents the model number of the hardware

*PowerOnHours: Length of time, in hours, the storage device has been powered on since manufacture.

*ReadErrorsTotal: Total read errors encountered by the device.

*SerialNumber: Serial Number of the battery

*Temperature: The current temperature of the storage device in Celsius

*TemperatureMax: The maximum temperature in Celsius at which the storage device is capable of normal operation.

*Wear: Storage device wear indicator, in percentage. At 100 percent, the estimated wear limit will have been reached.

*WriteErrorsTotal: Total write errors encountered by the device.

These properties are collected via SMART. Not all devices may support SMART monitoring

PMPC_Batteries

BatteryID: String identifying the battery.

DesignCapacity: The design capacity of the battery in milliwatt-hours.

FullChargeCapacity: The full charge capacity of the battery in milliwatt-hours.

Health: Comparison of the FullChargeCapacity to the DesignCapacity property is used to determine the health of the battery. (100 = Healthy)

*Chemistry: Describes the batteries chemistry.

*Manufacturer: The name of the manufacturer

*ManufacturerDate: The date the battery was manufactured

*SerialNumber: Serial Number of the battery

PMPC_ODBC

DataSourceName: Name of the ODBC

Database: The Display Name of the Application

Description: The reported version of the application.

Driver: The driver used for the ODBC

DriverVersion: The specific file version of the driver

Platform: Specifies whether the ODBC is 64/32 bit

User: The name of the user that owns the ODBC (if applicable).

PMPC_UserApps

InstallLocation: The folder location in which the application is installed

DisplayName: The Display Name of the Application

DisplayVersion: The reported version of the application.

InstallDate: The date the application was installed.

Publisher: The name of the publisher of the application.

QuietUninstallString: command line string to uninstall the application.

UninstallString: command line string for silent uninstall of the application.

User: The name of the user that installed the application.

PMPC_LocalGroups

GroupName: Name of the local group.

Members: List of user members belonging to that local group.

GroupMembers: List of sub groups that are members of the local group

If a member cannot be identified the SID will be displayed instead.

PMPC_Dock

DeviceName: Identified name of the dock device.

*Firmware: The firmware version currently installed on the dock

*Manufacturer: Manufacturer of the dock

*SerialNumber: Serial Number of the dock if applicable (For dell this is the same as service tag)

PnPID: Device "PnP" Id, this is only used if we werent able to identify the dock model

PMPC_Monitors

InstanceName: Unique Identifier for the monitor

DeviceName: Name of the monitor

InchSize: Diagonal size of monitor

ConnectionType: The cable used to connect to monitor

Primary: Whether this monitor is configured as the primary display. True or False.

ResolutionHorizontal: Maximum horizontal pixel count

ResolutionVertical: Maximum vertical pixel count

*Model: Model of the monitor

*SerialNumber: Serial number of monitor (service tag for DELL)

*Manufacturer: Name of manufacturer

*ManufactureYear: Year the monitor was made

PMPC_Updates

UpdateId: unique ID that represents the update

Title: Title of the update.

Status: Missing or Installed.

Service: The Update Service used to discover this update.

Product: Product associated with the update

ProductID: ProductID associated with the update

InstalledOn: Date the update was Installed On

DatePosted: Date the updated was release or revised

ArticleId: KB article ID identifying the update

PMPC_WifiInterface

GUID: unique ID that represents the Wifi Interface

Description: Name / description of the interface

Authentication: Type of authentication used (e.g., WPA2, WEP, Open)

Band: Frequency band used (e.g., 2.4GHz, 5GHz)

Channel: Current operating channel

Cipher: Encryption cipher used (e.g., AES, TKIP)

ConnectionMode: Mode of connection

Driver Version: Version of the driver software controlling the interface

PhysicalAddress: MAC address of the interface

RadioType: Type of wireless radio (e.g., 802.11n, 802.11ac)

Signal: Percentage signal strength of the connection

SSID: Name of the wireless network

State: Current state of the interface (e.g., connected, disconnected)

PMPC_UserProfile

SID: Security Identifier associated with the user profile

Path: File path where the user profile is stored

LastLoggedIn: Date and time of the user's last login

AccountName: Name of the user account

SizeGB: Size of the user profile in gigabytes

PMPC_BrowserExtension

InstallPath: Path of the extension content and manifest

Name: Name of the extension

Author: The reported author of the browser extension acording to the manifest

Browser: The browser that the extension is installed in.

User: The user that has the extension installed. (All browser extensions are per user)

ID: ID of the Browser Extension associated with Chrome / Edge store

Version: The version of the browser extension

Applies to: Advanced Insights

Active Directory Group Authentication enables the Advanced Insights administrator to associate Advanced Insights Roles with AD Security Groups. This ensures that a new user is automatically granted the relevant rights in the portal without the need for manual user creation.

Once this is configured, we can assign an existing role to an Active Directory Group, or create a new role for a group. N.B. There is currently no support for nested groups.

Assigning a Role to an Active Directory Group

Navigate to Administration > Roles.

1. Click Create new role

2. Enter a name for the role (in this example, "Helpdesk"

3. Type the name of the associated Active Directory Security Group, here, we are using "sg-Helpdesk". Ensure the group name is validated on save.

Now click the Permissions tab and select the pages and permissions you want to grant to this role.

Logging on with an account in the helpdesk role, the user is granted only the access stated in the role configuration:

Applies to: Advanced and Patch Insights

Advanced and Patch Insights support integration with Active Directory for user authentication. This feature is enabled by an administrator in Administration > Settings > User management. Once enabled, this will ensure that any users signing in can use their AD username and password. If users have an RBAC role defined in Configuration Manager, Advanced Insights will adhere to that role, only showing the clients they are permitted to view.

To enable Active Directory authentication capabilities:

1. Check the box for Enable Active Directory Authentication

2. Optionally Enter your Active Directory domain name (normally only required if the authenticating domain is different from the domain the Advanced Insights server is installed in)

3. Optionally Enter a username and password used to connect to Active Directory, this is only required if the Advanced Insights App Pool identity (Local System by default) has been restricted from reading Active Directory, which is uncommon

After you have entered these details, you can now log in with your Active Directory UPN or username.

If this is your first time logging in to Advanced Insights, you will receive whatever role is assigned as "default" or roles your Active Directory Group membership assigns.

You can read more about assigning roles to Active Directory Groups in the article below:

Applies to: Advanced Insights

To launch the Configuration Manager remote control action from the client actions menu in Advanced Insights the user must have some files from the Configuration Manager console install directory and an Advanced Insights utility. If the ConfigMgr console is installed on the user’s computer then no additional configuration is required.

Files and Folders

To run the ConfigMgr remote control agent we need a copy of:

• CmRcViewer.exe

• RdpCoreSccm.dll

• the relevant locale folder for the RC Tools, for example 00000409

All of these are copied from \\SiteServerName\SMS_ABC\AdminConsole\bin\i386

On each Advanced Insight user’s computer, copy these files and folder to a location accessible by the user, for example C:\CMTools or %AppData%\CMRCtools.

We also need a copy of the Advanced Insights utility AdvInsRemoteControl.exe stored in the same location. The user is prompted to download and run this from the Advanced Insights portal the first time they try to use remote control if the app has not already been executed.

The AdvInsRemoteControl.exe file

AdvInsRemoteControl.exe is included with the installation of Advanced Insights in the folder C:\Program Files (x86)\Advanced Insights\Api\Installers. It is a DotNet Core application which handles calling the Configuration Manager Remote Control utility from the Advanced Insights website. On first run AdvInsRemoteControl.exe registers itself in the Registry as a class type under Computer\HKEY_CURRENT_USER\Software\Classes\cmrc

This allows the Advanced Insights website to invoke the ConfigMgr Remote Control agent when required. If you delete or move the AdvInsRemoteControl.exe you can reregister it simply by running it again from Windows Explorer.

The application will check for the correct Configuration Manger files and folders when it runs and will alert you to any configuration errors.

Applies to: Advanced Insights

Anywhere in the Advanced Insights portal when you click a computer name you will be shown the Device View. If the device is online the Remote Control button in the top right hand corner will be available.

A confirmation message is shown

Following which the Remote Control tool will launch.

Clicking yes will take you to the Requirements for Remote Control documentation page. You must complete the rest of the requirements above to be able to use the tool.

Applies to: Advanced Insights

Advanced Insights supports authentication using Entra ID credentials using OpenID. To configure this is a two-step process:

1. Create an App Registration in Entra

2. Enter the App Registration details to Advanced Insights

Creating the App Registration

Navigate to the Entra Admin Centre and log in with an account that has permissions to create App Registrations.

You will add a name for the App Registration (for example "AdvancedInsights").

In Supported Accounts select "Accounts in this organizational directory only"

Redirect URI

Example redirect URI:

https://advinsightsserver01.contoso.local:444/account/login

Select "Single-Page Application (SPA)" from the dropdown list in the "Redirect URI" section, and enter the URI.

When you have filled in the required properties click Register.

You will be shown the App Registration overview screen. We need to copy some properties from here.

Copy Application (client) ID and Directory (tenant) ID values into a Notepad document.

Now click the "Authentication" link on the left in the "Manage" section.

In the "Implicit grant for hybrid flows" section, tick both options for:

"Access tokens (used for implicit flows)"

"ID tokens (used for implicit and hybrid flows)"

This grants the application permissions to issue the tokens used by Advanced Insights to validate login.

To save changes, click 'Save'.

Click "Certificates and secrets", then within the "Client secrets" section, click "New client secret".

Name the secret and set an expiry duration that is suitable for your environment.

Click 'Add' to save the "Client secret" configuration.

Now you can copy the "Value" of your client secret and add it to your Notepad document:

This completes the configuration work in the Azure Portal.

Adding settings to Advanced Insights

1. Log into Advanced Insights with an administrator role account and navigate to the 'Administration' > 'Settings' menu. Select the "AzureAD" tab.

2. Clear the "Deactivate" checkbox.

3. Enter the value for your Application ID/ClientID.

4. Enter the value for your Client Secret.

5. Enter the value for your Directory (tenant) ID.

6. Select 'Save All'.

New users

1. Log into Advanced Insights with an administrator role account and navigate to the 'Administration' > 'Settings' menu. Select the "User Management" tab.

2. Enable "New registered users are active by default." checkbox.

3. Select 'Save All'.

This completes the configuration for adding the Entra ID App Registration details to Advanced Insights.

First login - Consent to Permissions

The Advanced Insights logon screen will now show a "Sign in with Microsoft" button.

At first logon, an Azure administrator will have to consent to the application registration requested permissions.

User requirements

You should check in the Users area in Advanced Insights that there are no existing user accounts with email addresses that match the Entra ID accounts you are going to have logging in. If you do, you can delete these accounts and they will be recreated on first login by that user.

You will always be able to log in as the Advanced Insights "Admin" to make configuration changes.

If the Entra ID account a user logs into Advanced Insights with has a matching on-prem AD Account with the same Email Address set, any RBAC role they have in ConfigMgr for their on-prem AD account will be maintained in Advanced Insights.

For example, if a log in with this Entra ID Account is used:

The on-premises Active Directory object of this account has the users Entra ID UPN set as the email property:

Applies to: Advanced Insights

To provide easy access to all dashboards and individual devices, collections, updates, etc. Advanced Insights is provided with an optional Configuration Manager Console Extension. This adds a node to the Assets and Compliance view of the console as well as providing an additional option in the context menu when right-clicking certain object types in the console.

Download

Download and unzip the Console Extension using the link below.

Installing the Console Extension

To import the Extension, navigate to the Administration node of the Configuration Manager console and expand the Updates and Servicing node. Right click Console Extensions and select "Import Console Extension".

Browse to the location of the unzipped Console Extension download.

Select the AdvancedInsightsConsoleExtension.cab file and click Open, then click Next, next and Close.

The newly imported Console Extension will be listed alongside any other extensions you have deployed. You must now Approve the Extension by right clicking and selecting "Approve".

Once approved the Extension can be Installed:

You will be prompted to restart the ConfigMgr Console. When it reloads the Advanced Insights node will have been added tot he Assets and Compliance view:

First Run

When you click the Advanced Insights node, a dialog is displayed in the detail pane asking for the details of your Advanced Insights portal.

Provide the relevant URL, including https:// prefix and any required port, for example https://server.contoso.com:444 and click OK. If the address is correct, the Advanced Insights login page will be displayed. You can re-run the configuration step any time by right clicking the Advanced Insights node and selecting "Configuration".

Using the Extension

The first obvious use of the Extension is to display the Advanced Insights portal right there in the ConfigMgr Console:

The second use scenario is to access the rich display capabilities of Advanced Insights when working with Console objects. For example, right-clicking a client and selecting "View in Advanced Insights" will open a new browser window and automatically display the device view for that client.

This functionality is available for Devices, Collections, and Updates in the ConfigMgr console.