Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Advanced Insights (& Patch Insights) Requirements and Prerequisites
Applies to: Advanced and Patch Insights
Advanced Insights is a website portal for Configuration Manager. It is an Internet Information Server-based application that runs on-premises. Please read the documents in this section to review requirements for Certificates, Software and Network configuration.
Applies to: Advanced Insights Inventory Extension
Details the production release history for Patch My PC's Advanced Insights InventoryExtensions.msi, the most recent release being shown first.
Fixed Possible null reference bug across PMPC_UserProfile, PMPC_UserApps and PMPC_BrowserExtension classes.
Updated Dependencies.
Various bug fixes to PMPC_BrowserExtension.
ESR versions of firefox now supported.
Latest versions of Opera now supported.
Chromium based policies that make use of "Secure Preferences" now supported.
Notifications sent from Advanced Insights will now be displayed with custom branding, as configured in Software Center
Updated dependencies.
PMPC_BrowserExtension data now more accurate. Chromium based browsers with multiple profiles configured now have all extensions inventoried across all profiles.
Fixed bug causing Brave Browser extensions to be missed.
Fixed PMPC_Update bug for Windows Server 2016 & 2019.
Servers now only scan against Windows Update services and not Microsoft Update
Fixed PMPC_UserProfile bug for file paths exceeding 260 characters
Fixed PMPC_BrowserExtension bug for invalid extension JSON files.
Now targeting .NET 4.6.2 for better Windows Server support
Better installer experience & logic
More accurate user profile enumeration
PMPC_BrowserExtension now has an Chrome/Edge store ID property
Fixed bug that caused only 1 browser extension to be inventoried from Firefox
Fixed "Invalid Disk" bug on PMPC_Disks enumeration
PMPC_WifiInterface
PMPC_UserProfile
PMPC_BrowserExtension: Now supports more locales.
PMPC_LocalGroups: Added "GroupMember" property to distinguish between users and group members.
PMPC_UserRights
Improved User-Installed App Inventory
ODBC Inventory now excludes the default "Visio Database Samples" connection.
All PowerShell scripts removed from Installer
Further improvements to PMPC_Dock
PMPC_Dock improved detection method
PMPC_Monitors now supports more HP monitors
PMPC_BrowserExtension
Initial release of InventoryExtensions.msi
Supports the following report classes:
PMPC_Batteries
PMPC_Disks
PMPC_Dock
PMPC_LocalGroups
PMPC_Monitors
PMPC_UserApps
PMPC_UserRights
PMPC_ODBC
PMPC_Updates
Applies to: Advanced Insights
Details the production release history for Patch My PC's Advanced Insights, the most recent release being shown first.
This is a bugfix release
Fixed issue with saving layout changes in custom dashboards.
Fixed issue with Local Administrators not being collected when reported in Spanish.
Fixed installer issue for invalid domain entry error on setup
Updated Dotnet runtime to 8.0.14
This is a bugfix release
Add search box to device modal > Software > Inventory & Applications tab
Collection Filters Set on Custom Dashboard Selections Don't Apply or Save
Software > Client Inventory Click through doesn't load data unless Inventory Extensions installed
Update Table Pager so disabled buttons are more distinguishable
Obfuscate Network Proxy Password in Settings and Welcome page
Custom Dashboard Role Permissions' reflect actual value
Removal of delta caching when performing a warranty cache. This should fix missing devices in warranty.
Fix Issue with SMTP Settings > UseDefaultCredentials not saving, which caused SMTP errors for anonymous email servers.
Updated Dotnet runtime to 8.0.13
This is a bugfix release
Fix for Threat analytics click through modal has no data.
Threat Analytics Vulnerabilities tables order by Base/Temporal Score column.
Tooltip styling improvements
This is a bugfix release
Fix Issue with Threat Analytics failing to load due to not handling empty CVE descriptions gracefully.
Fix Collection filter not taking global filter into account when clicking table row.
This is a bugfix release
Fix GetHealthReport noisy logs.
Fix for Single Sign On Lockout issues.
Enable recovery key renderer and add red icon colour for when key is available but no user permission, added icon tooltips explaining why key isn't accessible.
Fix issue with sorting table columns that have a transformed value.
Ensure table column filter icon only shows on filterable columns.
Fix issue with custom logo display and setting.
Fix table click though to list modals not taking Global Collection filter into account.
Added StartDate to warranty table.
Enable Sort and Filter on table columns where applicable.
Increased Table font size.
Fix Device Modal add devices to collection issue.
Fix Bulk Actions from Client Inventory > Applications Table click through Modal
This is a major release.
Updated Base Framework
Replaced Table component with new custom table renderer.
Table export now uses transformed value for time period e.g. Hardware > Storage > PowerOn column shows 7y, 125d, 7h rather than raw value.
Added option to set more than 2 table column filters per column.
Added option to set custom IIS Application Pool Identity via Installer during installation/upgrade/modify.
Added Serial Number column to Hardware > Displays > Connected Displays table.
Added Documentation links to dashboards.
Added Server Can't Connect page to display rather than hanging on load.
Improvements to Software Usage & Metering SQL.
Added ability to set Permissions for missing pages that didn't have the ability previously. This means users will no longer have access to these pages as they wont have the required permissions, an admin will need to apply the necessary permissions to the users/roles that require access for the following dashboards:
Software > ODBC
Software > BrowserExtensions
Operating System > Dashboard
Operating System > Win11
Operating System > LocalAdmins
Operating System > Uptime
Operating System > UserProfiles
Hardware > Wireless
Fix issue with Two Factor Authentication token check.
Fix issue with Warranty key being corrupted on settings upates.
Fix for Warranty when receiving incompatible data from HP server.
Fix issue with bulk actions not working on some modals due to missing Computer Online info.
Added better error handling and logging to Threat Analytics processing.
Fixed browser extensions dashboard not displaying data in table because of incorrect parsing of InstalledDate.
This is an optional bugfix release
Added ability to change timeframe range for Software usage dashboard. You can now select 1, 3 (default) and 6 month as the daterange for the dashboard
Sql performance updates
Dell warranty fix for ID issue with newer warranty requests
Filters in custom dashboard that are part of the description now update correctly.
Fixed custom PMPC client actions not being invoked for a device.
Updated dotnet runtime to 8.0.11
This is an optional bugfix release
Remove multiple selected devices from a collection
Add ability to set Custom Names on Custom Dashboard Items
Global Search updates -
Sort by column on load
Search Inventory
Add export option
After clicking page refresh disable button for 5 seconds
Automatic decryption (if permissions granted) of BitLocker Keys if encrypted
Device Modal shows client boundary group and internet/intranet status
Add Bulk Actions to CVE Modal
Update Vulnerable Nuget Packages
Tooltip shouldn’t show over portlet button menus
Changing Dashstat month bug not taking global filter into account
Bulk action requests fail when request payload is too large
Editing a Custom Dashboard requires it to be saved with a new name
German translation for password change message wrong
Custom dashboard Barchart description shows loading
Add a CreateCollection Permission to be used when creating collection
Fix Device Modal tabs on patch insights.
Intermittent page crash on load due to signal r issue
Some Windows versions incorrectly showing as expired
Client Inventory SQL updates to fix missing data issue.
Updated dotnet runtime to 8.0.10
This is an optional bugfix release
Add Selected Devices to Collection now allows multiple Collections to be selected or created.
Allow Filtering on Client Version Column Client Deployment Modal Table
Collection Modal Bulk Add Devices to Collection icon change and update to allow comma, new line & carriage return separators on input form
Update Window 11 Readiness to include GE24H2 (Win11 24H2)
Update Bitlocker recovery key display to show decrypted if execute permission is granted.
Update dotnet to 8.0.8
Collection Modal Bulk Add Devices to Collection fixes
Fix Collection Modal Remove Device from Collection bug when removing more than 1 device.
Custom Dashboard shouldn't allow saving or editing a dashboard with same name as existing.
Fix database migration for EU Time zones
Software Updates Modal Refresh table fix
Distribution Points List fix when no drive letter found on broken Distribution Point
Show desktops and laptops on BitLocker TPM stats
OSD Dashboard bug fixes
Microsoft Update Dashboard bug fixes
This is an optional bugfix release
Fixed an issue for customers using older versions of SQL Server than 2016 SP1 (13.0.4001) not being able to load any dashboards (Incorrect syntax near 'HINT' ERROR).
Fixed the top row of statistics on the Warranty Dashboard.
Updated dotnet to latest version for security bug fixes (8.0.7).
This is a required bugfix release
Fixed an RBAC based issue with view more information when clicking on an application on the Software Applications dashboard.
Fix issue with Warranty dashstats not showing correct details
Update logic for SQL Server check that decides whether to include cardinality options
Updates to BitLocker recovery at risk data
This is a required bugfix release
Fixed an RBAC based issue with view more information when clicking on an application on the Client Inventory dashboard.
Fixed an RBAC issue when viewing more information about users
Fix clicking on a required update on the device modal and it loading the update details modal
This is a major release.
In the Administration node you will find the “Audit logs” area. This lists all activities in the Advanced Insights portal. The list is filterable by user and can be exported.
You can now create new ConfigMgr collections using Advanced Insights. The Resources - Collections page has a "Create New Collection" button.
You can also create a collection from a device list and automatically add the selected clients to a new collection or add to an existing collection.
We have added a new function to allow you to delete profiles from client devices. This is useful in support scenarios for outdated or orphaned profiles.
The delete action is also available in the device view - Users - User Profiles.
For customers with BitLocker MBAM integrated with Configuration Manager we will now allow you to view the BitLocker Recovery Key in Advanced Insights. Users must have the relevant permission in their Advanced Insights role. The key is accessible via the Device View - Hardware - Disks tab.
We now support the export of any of the tables in the device view.
We have included a new Log Builder application, this is integrated into the Installer wrapper and will execute automatically on failure. It can also be run manually from C:\Program Files (x86)\Advanced Insights\Api\LogCollector\AdvancedInsightsLogDiag.exe. When run it creates a zip file on the desktop with environment details and logs to aid Patch My PC Support in troubleshooting.
Modal views with multiple tabs now load the tabs on-click, making initial load faster.
Filters on dashboard pages are now cached and load only once per-page rather than once per-object.
Modal views now all obey RBAC when being accessed via a shared link.
Fix for modal failing to loading via a shared link.
Month-based software updates dashstat now fixed for custom dashboard load.
Client secrets for warranty providers are now obfuscated in the UI.
This is a minor bugfix release.
Fix for Software Updates dashboard not loading for some customers.
This is a minor release mainly focused on bugfixes.
Modal sharing allows users to share select modals for other to see, allowing collaboration between users who are working on a task together.
Fixes for action buttons on device modal for logs and PMPC actions not working correctly SQL changes for CPU duplication and device modal SQL changes for device resources to ensure obsolete devices are excluded SQL changes for device resource popups to show unknown for manufacturer and model rather than null
Fixed warranty recache not working without settings permission.
Fixed textarea font being wrong
Multiple custom dashboards fixes, mainly around filter selection for certain items.
Global filter selection now filters modals when the dashboard has changed.
This is a major release.
Users can now create a dashboard of their own items from all viewable items for their role. For example, a user can create a dashboard with objects from Resources, Hardware, Software Updates Trend, OSD, all in one view.
Custom dashboards can also be shared with other users or roles (permissions permitting).
We have made hundreds of SQL Cardinality statements to ensure SQL performance is consistent across different SQL Cardinality levels.
New option to specify custom logos for the identity banner in the Advanced Insights portal. The logo file is what is shown when the menu is expanded, the Icon setting is shown when the menu is minimized.
The new Local Administrators dashboard requires the Advanced Insights inventory extensions. The dashboard shows the groups and accounts that are members of the local admins group on all devices.
The OS Uptime dashboard lists each device and its latest uptime.
The Wireless Adapters Dashboard requires the Advanced Insights Inventory Extensions. This dashboard helps to identify the wireless NICs and associated drivers with the versions. Clicking through will show further details about wirless connectivity on the individual device:
The User Profile Dashboard requires the Advanced Insights Inventory Extensions.
This dashboard shows the details for all profiles on client devices. Profiles which are unused for <90 days are highlighted as "Aged Profiles", "Orphaned Profiles" are profiels on devices for which there are no longer valid accounts.
Can now reset Admin password using Modify option in Add/Remove Programs. Can also change certificate, CNAME and port number with this option.
Prior to this release Software Metering reports required the legacy Configuration Manager Software Inventory Agent to be enabled and performing inventory of any executable you wished to report Metering data for. This is no longer the case, Advanced Insights now uses the InstalledExecutable class, which is part of the Asset Intelligence inventory provider. The legacy Software Inventory agent can be disabled if you were only using it to enable Metering reporting.
Fixed bug with "Patch My PC Actions" not working for some customers.
Look and feel clean-up
Updated dependencies and DotNet version to DotNet 8. DotNet 7 components can now be removed from Advanced Insights servers (if not required by other applications).
Boot Performance dashboard. Microsoft removed the dependent dataset from the Configuration Manager product, so we have had to remove this dashboard.
Minor optional release to fix an upgrade issue experienced by users who login via Azure Active Directory (Entra). This release fixes the error "Username '{emailaddress}' is already taken" when logging in.
Minor release to permit upgrade for customers on pre-release version of 2.1.0 and to fix minor version numbering error.
Major release with changes to infrastructure requirements and new functionality.
Dotnet has been update to 7.0.17 for security fixes
Major performance improvements in SQL load time for Home dashboard, Software Updates dashboard and Updates page.
Update Trend dashboard
This new dashboard provides visibility of deployment compliance trend over time. You can plot how long it took from update release to first install, 50% compliance, 90% compliance and total installation. The chart can be expanded under the cog icon to show total deployment data. On first load the update with most deployment data over the past 30 days will be selected, you can use the filter pickers below the chart to select other updates, date ranges and filter by collection.
Browser Extensions Dashboard. New dashboard (requires latest inventory extension update)
Warranty dashboard now respects RBAC and Collection filters
Custom Patch My PC actions available to install update, clear the CCM cache, Repair the ConfigMgr client a "Notify" option to send a message a to a device. These functions use the BGB Channel, so will function over CMG as well as on LAN. They are also available in the Bulk Actions lists, allowing you to bulk send a notification, or clear the ConfigMgr Cache on a list of machines.
Draggable modals - you can now move the popup modal views around the screen
Warranty re-caching now works again
If the MSRC API has availability issues, we will now load cached data if possible
Installer PowerShell custom actions rewritten into C#.
Installer now includes modification feature to change the SSL certificate which is used for Advanced Insights.
Dialog text and layout improvements.
Minor release primarily for security and browser engine changes
Dotnet has been update to 7.0.16 for security fixes
Ag-grid has been updated to 31.0.1 for bug fixes
Microsoft version data is now bundled with the application as backup in case docs.microsoft.com is inaccessible
Added additional info to AD settings, detailing how it works
Disabled global filter for warranty dashboard.
Added in additional error messages and checks for AD Auth failures and why
Fixed potential issue with tables not rendering and future EDGE/Chrome release
Fixed filters not being applied on search and dashboards
Multiple SQL changes for speed and accuracy
"View more data" modals that showed no data are now fixed
Minor optional update to add security scope for new graphics dashboard.
Advanced Insights API App pool now runs as Local System instead of Network Service as the API Website has inherited the work of the Controller Website which ran as Local System.
Port 44300 is no longer required for application functionality and firewall rules can be disabled. 44301 is now the only mandatory required port.
Proxy bypass is deprecated as there is no more localhost communication between websites.
Advanced Insights extension PowerShell package is now deprecated and is no longer supported or recommended. Replaced with WMI Provider.
Email and SMS based 2FA have been removed, Google (TOTP) based 2FA is the only support 2FA auth solution.
Extensions now work using WMI Provider and not PowerShell scripts.
Application now consists of just the API and Frontend websites.
Large installer rewrite.
CNAME support.
Global collection filter, allowing full dashboard collection filter with persistence between dashboard changes.
Windows 11 Readiness dashboard.
ODBC Dashboard.
Graphics card dashboard with click through details on device view.
Client actions can now be performed against a list of devices in any data table.
BitLocker compliance now provides "no compliance" reason.
Device power state indicator in lists where a device is shown.
Targeting latest dotnet 7 version and library updates.
Remote control is now bundled with the application in the installation directory.
Additional export functionality for Warranty data.
Partial CVE Search in global search (MSRC Only).
Extensions settings page redesign.
Debug ability to limit amount of concurrent SQL queries being run against the DB
Revised SQL queries for Content DP List for Application Modal.
Visual fixes around colours, spacing and layout.
2FA enablement in users’ profile is now visible.
Misc fixes and optimisations.
Patch Insights - Update-focussed reporting solution for non-Premium SKU customers. The same installer is used, the version of Insights shown to the user is dependent on the Patch My PC Licence.
CVE Dashboard improvement - BaseScore and TemporalScore tooltips added to describe what these mean for threat analytics.
BREAKING CHANGES:
Switched Active Directory authentication to use UPN instead of email address for Active Directory users. If your user's UPN is different from their email address, then a new user will be created in Advanced Insights.
NON-BREAKING CHANGES
Fixed bug removing settings inputs for Azure AD if "disabled" is not selected
Fix issue in Global collection not being set
Switched to using CNIsOnline for device online check in device modal to more reliably display online status. Also show online status in device modal title
Fixed settings page not working for non admin role users
Fixed license revalidate when not an admin user
Modal fixes for View Chart Data for Servicing channel and Release Version
Checkbox visibility improved
Multiple revisions to the SQL queries related to performance
Multiple smaller fixes
Certificates dialog – complete redesign.
Key certificate properties are shown within the dialog and flag any warnings
Upgrade dialog updated.
Now includes info on the current certificate and if there’s any attributes of the certificate which require attention and an option to change the in-use certificate.
Current certificate properties can be viewed in this screen:
Support for non-English versions of Windows "Enterprise" in the Operating System support statements
OSD Dashboard now shows progress for Task Sequences without the standard Apply OS step
Threat Analytics dashboard now shows an error if SQL Functional Level is not at least 130
Further proxy fixes
Accessing the welcome page will reset proxy bypass to false, causing the application to fail to render any dashboards for customers who require this setting to be enabled. To fix, please go to Administration -> Settings -> External Services -> Re-enable Localhost Bypass and save -> Restart the controller website via IIS Manager on the server hosting Advanced Insights.
Proxy settings now allow both Localhost via proxy and Localhost proxy bypass. Proxies are now enabled for Localhost by default.
Fixed application initialisation regression (spinning circle on load).
The installer has new logic to exclude selection of certificates with weak signature algorithms ('SHA1', 'SHA1RSA' etc) and include certificates with algorithms at SHA256 and above.
During the IIS Configuration phase, the installer will now add required MIME Types and HTTP Verbs.
MIME Types
.json - (API, Controller and Warranty site objects)
.jsonId - (API, Controller and Warranty site objects)
.woff - (Frontend site object)
.woff2 - (Frontend site object)
HTTP Verbs
'OPTIONS' = True are set automatically under ‘Request Filtering’ for both API and Controller site objects.
Fix for issue with Advanced Insights when installed on the same server as Patch My PC Publisher. Changes to registry permissions in the Publisher led to an exception in the Advanced Insights portal.
Removed faulty Certificates class from custom inventory
Modified faulty Local Group class to exclude domain controllers
Improvement to proxy handling for proxy servers which route localhost entries.
The login page was limited to 32 character passwords, this restriction has been removed
Warranty tab would not load if General tab had not first been loaded
Office 365 page load failure
First install now finds most appropriate free port for the frontend website, will default to 443 if available, then 444, then 44303 and up.
Certificate selection dialog is now locale independent
Proxy support has been improved. If the Welcome Experience cannot access api.patchmypc.com it will automatically prompt for proxy details at first use. The proxy types supported are http, socks4 and socks5. Please add the correct protocol to the start of your proxies network address e.g. http://x.x.x.x, socks4://x.x.x.x, socks5://x.x.x.x. Ports can be added at the end of the network address e.g. http://x.x.x.x:1234"
Software inventory reports failed with application version strings greater than 32 characters.
Console users and device affinity sometimes missing from device view.
Connected display view in device view was sometimes incorrect in screen display order.
Missing data in "Missing Configuration Items" view in Microsoft Updates page.
NULL Content Sources paths cause exception in Inventory Extensions tab.
License File handling improved for license refresh scenarios.
When using AzureAD Authentication first name and surname mapping was incorrect.
Added functionality to differentiate between workstations and servers on the pending restart reports.
Data Export function missing from Collections, Connected Displays, Batteries data, Physical storage devices.
Fixed a bug that caused roles with an AD group to not be assigned to the user if any other roles were set as default.
Bug with Warranty Service when installing on ConfigMgr database host. If you are not affected by this then you do not need to upgrade. Can also be fixed by carrying out the following process:
In IIS Admin go to Application Pools, find the Advanced Insights Warranty App Pool, select it and click Advanced Settings
Scroll down to the Identity property and change it from NETWORK SERVICE to LOCAL SYSTEM and click OK to that change
Browse to %ProgramData%\AdvancedInsights\Data\Warranty and delete the AdvancedInsightsWarranty.db file
Now go back into Advanced Inisghts and go to Administration - Settings - External Services and uncheck the "Warranty - Is Enabled" checkbox. Save this setting.
Now go back to that tab and re-enable Warranty and Warranty Caching. Save this.
Go back to the Warranty Dashboard and click the Bulk Processing dashstat in the top left.
Installer will install Internet Information Server if it is not already present
SQL Connection dialog allows user to check permissions to database as well as connectivity
Certificates dialog excludes a wider range of invalid certificates (checks DNS/SAN names are FQDN)
Enhanced support for non-English languages (especially French)
Fixed the following bugs:
Distribution Point view showing incorrect drive letter
Device view title not populating with client name
Inventory script for getting battery health times out
CVE view does not load when opening CVE tab from Update view
Remote control helper download link was invalid
AD authenticating users may have group-assigned roles added multiple times
Invalid security permissions removed for "Security Analyst" dashboard
User with access to Collection dashboard has rights to modify collection membership even if that right is not granted
Unable to see all data in Content Sources - CloudDP - Host table
Missing descriptive text on OS Boot Performance dashstats
Task sequence action errors show incorrect year date
AD integrated environments do not assign default roles if group-assigned roles are applicable
Dashboards fail to load when installed on French Language server OS
View Chart Data option on Windows Servicing chart shows correct data
Operating System Page now has Pending Restart data
Software - Client Inventory now includes User Installed Applicaiton info
Added SMTP Configuration settings
IIS Application Pool identities are now NETWORK SERVICE and LOCAL SERVICE instead of LOCAL SYSTEM for API, Warranty and Frontend websites. Controller can run under NETWORK SERVICE (requires manual modification) if running on a server which is not the SCCM site server.
Log files now created in %ProgramData%\AdvancedInsights\Logs folder and with .log extension
Warranty database now created in %ProgramData%\AdvancedInsights\Data
Usability improvements to Welcome experience
Installer will remember last used certificate and SQL server details from this version on - support for silent upgrade for version 1.0.20 onward.
Previous used certificate is highlighted in certificate dialog to help with setup.
Fixed bug for device view title not loading correctly in certain scenarios
Bug where AD user accounts have roles reassigned at each login is resolved
Removed unneeded role entries
Added SMTP configuration settings for email notification to users on account creation and password reset
Fixed bug with users having rights to add devices to collections via collection dashboard when this right was not granted
Internal build, not released publicly.
Internal build, not released publicly.
Installer now shows details of in-use certificate on upgrade so that re-selecting the correct cert is simpler if that is the correct action. You can still pick a different certificate if required.
We stop the App Pools on upgrade to try to alleviate issues with upgrade failing because of files in use.
Fixed a bug when navigating to a CVE record from an Update record
Removed the facility to upload custom logos, as this caused a problem rendering dashboard pages.
User Role functionality errors required a user to have access to Settings area, this is no longer required.
New roles did not function as expected and required an AD Group to be assigned, this is now fixed.
Validation of Active Directory Group name fails when associating a role to a group, this has been fixed.
CORS errors and dashboard load failure when the front end website is installed on port 443, this is now fixed.
HP Devices show invalid data in Warranty dashboard. As the HP Warranty API is now deprecated this functionality has been removed.
Export option missing from Application Compliance views.
Added username to Application Compliance and Update Compliance view.
Added collection filters to Hardware dashboards.
Added RBAC filtering to Collections dashboard.
Added Average Performance column to Operating System - Boot Performance dashboard.
Initial release of Advanced Insights
Applies to: Advanced and Patch Insights
Advanced Insights needs a valid SSL certificate to install and function. (the installer will verify the certificate is valid).
Supported Certificate types:
Server host (FQDN) standard certificate.
Wildcard certificate.
Custom CNAME / Alias certificate.
Self-signed certificate.
The certificate must meet the following minimum requirements:
Support HTTPS / SSL.
Has private key.
Valid in-date (not expired).
Enhanced key usage includes "Server Authentication".
Only modern signature types are supported (e.g. SHA256). Legacy / weak signature algorithms, for example; 'SHA1', 'MD2', 'MD4', 'MD5 are not supported.
Subject Alternative Name (SAN). The certificate SAN requirements depend on the chosen deployment configuration for the Advanced Insights URL.
Scenario 1 - Server Host name certificate.
For Advanced Insights URL deployment using server host name (e.g. https://server01.contoso.local) the certificate SAN must contain an entry which matches the FQDN of the host server where Advanced Insights is installed.
Scenario 2 - Wildcard certificate.
For Advanced Insights URL deployment using a wildcard certificate, an entry must be included in the certificate SAN that represents the wildcard certificate. e.g. ' *contoso.local'.
Scenario 3 - CNAME / Alias certificate.
For Advanced Insights URL deployment using a CNAME / Alias, (e.g. https://AdvancedInsights.contoso.local) the certificate SAN must contain an entry which represents the CNAME / Alias. e.g. 'AdvancedInsights.contoso.local'.
When using a CNAME / Alias or Wilcard certificate for custom Advanced Insights deployment URL, ensure that DNS has been updated to include an entry which represents the chosen CNAME / Alias.
Example:
Certificate SAN values can be also verified within the certificate properties.
Examples:
Example PowerShell outputs:
HP Warranty support. Advanced Insights can now surface HP client device warranty data. There is some configuration required which is detailed here:
The new Configuration Manager console extension brings Advanced Insights right into the ConfigMgr console. Full documentation and download is here
Advanced Insights no longer requires SQL Server for its configuration. Your config will be migrated to a new on first load of the dashboard following upgrade. You can then remove the legacy PMPCAdvancedInsights database from your SQL environment.
On 2024-02-23, an updated installer executable was created to address a failed upgrade issue faced by customers when upgrading from versions older than 1.0.27. If you have upgraded using the previous installer and Advanced Insights no longer loads, please perform a repair on the installation via Add/Remove programs or uninstall and reinstall using this new executable. The new installer is downloadable from
Tables page sizes can now be modified
Version 2.0.1 is a major release of Advanced Insights with breaking changes which require actions by the administrator to deploy the new , replacing the legacy PowerShell solution used in version 1.0.
now relies on the SMS Provider for Hardware Inventory class extensions, which without correct permissions to the SMS Provider cannot install or update existing classes.
The installer is now shorter. Upgrade will also complete using /q for a completely unattended upgrade.
Remote control helper download and functionality fixed (see for details)
You can now include a default ConfigMgr collection for any role or user. This setting will auto-populate all dashboards with this collection as a filter where appropriate. A user can still select other collections they have access to view if desired.
We don't recommend using a self-signed certificate long-term in production as it won't be trusted by other client browsers by default. You can replace a self-signed certificate or modify the certificate in use using the Add/Remove Programs "Change" option as detailed .
Details of port and external site requirements and supported browsers.
Applies to: Advanced and Patch Insights
Advanced Insights use the following ports, and the installer will automatically create Windows firewall exceptions for these ports.
Advanced Insights Frontend - tcp/443 (or whatever you have customised this to in the installer)
Advanced Insights API - tcp/44301 (cannot be changed)
The Advanced Insights server needs access to various domains and APIs to function fully.
api.patchmypc.com:443
Reason: For licensing
learn.microsoft.com:443
Reason: For ConfigMgr, Windows, and Office 365 release and support statements
Important: To activate and use Advanced Insights, you must permit outbound access for api.patchmypc.com:443
api.msrc.microsoft.com:443
Reason: The Threat Analytics dashboard uses data from this external API
services.nvd.nist.gov:443
Reason: The Threat Analytics dashboard uses data from this external API for PMPC CVE data
access.redhat.com:443
Reason: The Threat Analytics dashboard uses data from this external API for PMPC CVE data
getcallisto.io:443
Reason: The Advanced Insights inventory extensions
api.callisto.co:443
Reason: The Advanced Insights Threat Analytics API
supportapi.lenovo.com:443
Reason: To retrieve data from the Lenovo warranty service
apigtwb2c.us.dell.com:443
Reason: To retrieve data from the Dell warranty service
support.dynabook.com:443
Reason: To retrieve data from the Toshiba warranty service
eu.daas.api.hp.com:443 or daas.api.hp.com:433 (depending on your region)
Reason: To retrieve data from the HP Workforce Experience warranty service
To use these features of Advanced Insights, you will need outbound access to the above addresses.
We do not support Internet Explorer for Advanced Insights. Please use Firefox, Edge, Chrome or any other modern browser to access Advanced Insights.
Applies to: Advanced and Patch InsightsAdvanced Insights stores configuration data in a SQLite database. This database is created automatically by the application in the following location:
%ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db
It is recommended to backup this file as it contains all of the configuration data for your Advanced Insights environment.
The configuration guides will help you setup the Patch My PC Publisher with Microsoft Configuration Manager and Microsoft Intune.
To help get you started, we provide a few different guides (documented or video) to help you install the Patch My PC Publisher.
Are you installing the product with Configuration Manager? No problem, click the link below for our Configuration Manager guide! The guide includes a text-based version, video, and the ability to directly schedule a setup call with an engineer!
Are you installing the product for Microsoft Intune? No problem, click the link below for our Intune standalone guide! The guide includes a text-based version, video, and the ability to directly schedule a setup call with an engineer!
You can also stay up-to-date by subscribing to our catalog release newsletter and RSS feedback to find out the moment we update our catalog with new products and updates!
If you're just getting started and need help learning the product no problem we can give you a live interactive demo where we will explain everything you need to know about our product from a deep dive inner workings of the product to licenses and security. 🔒
So you've seen a demo, and you're ready to try the product out in your environment. To get you started off right we offer a FREE guided installation of the product in your environment. We strongly encourage all customers to bring an engineer along for the ride to ensure you get the maximum value out of our product and to ensure smooth sailing. ⛵
Something seems not quite right? Maybe you want to brush up and learn about all those cool new features we've been releasing since the last time you had a demo. No worries, you can schedule a review call any time you like and our team will be happy to help you study up and help make sure your environment is in top shape. 🎩
Not everything always works in pure documentation format and for this, we have some links to our most commonly used resources on our website including
Got questions about licensing, subscription types, or how we handle security? Don't worry we get asked those questions all the time.
Ready to head on back to our home page? Don't worry we booked you a ride there.
Server OS, SQL and Dependencies
Applies to: Advanced and Patch Insights
Windows Server 2016 and later
1.5 GB of free disk space
Minimum 1 CPU Core
Minimum 8 GB RAM
Internet Information Services (IIS)
WebSockets (will be added automatically by the installer if missing)
For an existing IIS Server - 'OPTIONS' HTTP Verb must not be BLOCKED at server level.
The following is an example of 'OPTIONS' HTTP Verb 'Not allowed' This configuration will prevent the Advanced Insights install from completing successfully.
IIS CORS Module 1.0
ASP.NET Core Hosting Bundle 8.0
SQL Server ODBC Driver 17.6 (minimum)
IIS URL Rewrite 2.1
Configuration manager SQL Database must be SQL Server 2016 SP1 or later. We strongly recommend ensuring the latest cumulative update is applied to your SQL Server.
Database Compatibility Mode must be at least 130 for the Threat Analytics dashboard to load. You will see a warning if this is not met.
These Install Instructions are valid for installing both Patch Insights and Advanced Insights.
Applies to: Advanced and Patch Insights
Run the installation
Ensure the Software requirements have been reviewed here: Software Requirements
Start the installation by double-clicking the downloaded AdvancedInsights.exe
Once the installation starts, you will likely be greeted by the prerequisite screen in our installer wizard, click Next.
Any required prerequisites are listed. These can all install without requiring a restart. Confirm the requirements and click Next.
Once the required prerequisites have been installed, you must accept the Terms and Conditions of use. Tick the "I agree" box and click Next.
Advanced Insights requires approximately 1.5GB of storage space. Confirm the installation directory and click Next.
Network port and IIS Application Pool Identity
Applies to: Advanced and Patch Insights
Advanced Installer will create two websites and related application pools. The Dashboard website (Advanced Insights Frontend) is the site you will access to view dashboards and reports, the other site (Advanced Insights Api) is internally referenced only.
Ensure the network requirements are reviewed here: Network Requirements
The IIS Configuration page allows you to set the dashboard port and IIS application pool identity to your requirements. The port is what will be used when browsing the portal (e.g., https://adv01.contoso.com:444). The API port is read-only. Firewall rules will be automatically created for the dashboard, and API websites.
The IIS Application Pool identity used for both the Advanced Insights Frontend and Api application pools is 'LocalSystem' by default. An alternative identity (Active Directory account) can be used if required. More details on IIS application pool identity here: IIS Application Pool Identity
When setting a custom ID for the IIS application pools, you must ensure the Active Directory account being used has the required SQL permissions to the Configuration Manager database. See: SQL Permissions
Examples:
In this example, the installer automatically determined that the best available port was 444. IIS Application Pool left as default 'LocalSystem'.
In this example a custom IIS application pool identity has been set:
Confirm the required Dashboard Port and if required, IIS application pool identity and click Next.
Applies to: Advanced and Patch Insights
Installation Summary
This completes the pre-install configuration of Advanced Insights, a summary screen is shown and you can review and click Install to begin the installation.
Installation
The installer may take up to 30 minutes to complete.
Advanced Insights SSL Certificate configuration.
Applies to: Advanced and Patch Insights
Advanced Insights requires a valid SSL certificate to bind to the application websites and supports the following types:
Server host (FQDN) standard certificate.
Wildcard certificate.
Custom CNAME / Alias certificate.
Self-signed certificate.
Ensure the SSL certificate requirements are reviewed here: Certificate Requirements
Scenario 1 - Server Host name certificate.
For Advanced Insights URL deployment using server host name (e.g. https://server01.contoso.local) follow steps described in section:Standard Server host name certificate
Scenario 2 - Wildcard certificate.
For custom Advanced Insights URL deployment using a wildcard certificate (e.g. *.contoso.local) follow steps described in section: Wildcard certificate
Scenario 3 - CNAME / Alias certificate.
For custom Advanced Insights URL deployment using a CNAME / Alias, (e.g. https://AdvancedInsights.contoso.local) follow steps described in section: CNAME / Alias certificate
Scenario 4 - Self-signed certificate.
For Advanced Insights URL deployment using a Self-signed certificate follow steps described in section: Self-signed certificate
Select the certificate which represents the server host name (FQDN).
Once selected, no further certificate configuration is required.
Click Next to proceed to the Advanced Insights SQLite Database page.
Select the certificate which represents the wildcard certificate.
Click the 'Set CNAME / Alias' button.
In the CNAME / Alias configuration page, the installer will automatically pre-populate the domain wildcard property from the selected certificate.
The CNAME / Alias property value box will need to be updated with a chosen CNAME / Alias prefix. For example:
'AdvancedInsights.corp.contoso.local'
Then click 'Set CNAME - Alias'.
Click Next to proceed to the Advanced Insights SQLite Database page.
When using a wildcard certificate, if no CNAME / Alias is set using the CNAME / Alias configuration page, the installer will automatically default to setting the Advanced Insights URL to the server host name FQDN. Example:
https://server01.corp.contoso.local
Select the certificate which represents the CNAME / Alias certificate.
Click the 'Set CNAME / Alias' button.
In the CNAME / Alias configuration page, the installer will automatically pre-populate the CNAME / Alias property based on the available SAN entries from the selected certificate.
In this example, the selected certificate has one SAN entry which has been automatically pre-populated:
Confirm the CNAME / Alias configuration by clicking the 'Set CNAME / Alias' button.
Click Next to proceed to the Advanced Insights SQLite Database page.
To deploy Advanced Insights using a self-signed certificate, on the certificate selection page, click the 'Create Self -Signed Cert' button:
The installer will then automatically proceed to the Advanced Insights SQLite Database dialog page.
Change the Advanced Insights IIS website port.
Applies to: Advanced and Patch Insights
This section describes the steps required to change the frontend network port used for an existing Advanced Insights deployment.
The ability to change the network port using the modify feature is supported in version 2.2.1 and later.
In the configuration modification page, select the checkbox for 'Frontend SSL Port Configuration' then click 'Change SSL Port':
Click 'Edit port' in the 'Advanced Insights' section and enter a new port number, then click 'Next'
Click 'Install
The installer will make the required configuration changes and display a summary once complete.
Click 'Finish'
Details of the upgrade process
Applies to: Advanced and Patch Insights
When you run the installer, it will prompt for you to accept the license terms.
You will be presented with the upgrade summary page. There is also the option to change the certificate, network port or IIS application pool identity if required.
If upgrading from 1.0.x and 2.0.x versions of Advanced Insights, the upgrade summary page will also include summary information about the Advanced Insights SQL DB migration to SQLite.
If you wish to do so, click the 'View / Change Cert' button will show additional information about any warnings being flagged.
Following this, click Install to start the upgrade process.
The upgrade success page is displayed upon completion.
Reset password for the Advanced Insights default admin account.
Applies to: Advanced and Patch Insights
This section describes the steps required to reset the password for the default 'admin' account for an existing Advanced Insights deployment.
The ability to reset the default admin password using the modify feature is supported in version 2.2.1 and later.
In the configuration modification page, select the checkbox for 'Default Admin Password Reset' then click 'Reset Password':
The password reset confirmation is then displayed. Click 'Close'
Click 'Finish'
On next login using the default 'admin' account, you will be prompted to change the password.
Modify configuration.
Applies to: Advanced and Patch Insights
The ability to use the modify feature is supported in version 2.1.0 and later.
The following configurations can be modified for an existing Advanced Insights deployment. SSL certificate.
Advanced Insights website frontend network port.
Reset default admin password.
If the install executable version that was originally used to deploy Advanced Insights is available, you can start the modify process by rerunning the original installer. Otherwise, locate the Advanced Insights listing in the add - remove programs list and select 'Modify'.
Click 'Modify'
Click 'Yes'
Click 'Modify'
Select the required modification option checkbox to enable the related 'Change' button
Applies to: Advanced and Patch Insights
Version 2.1 of Advanced Insights removes SQL Server dependency. Advanced Insights configuration data previously stored in SQL Server will now be maintained in a SQLite database which is stored in %ProgramData%\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db
Example upgrade summary page when migrating from SQL to SQLite db:
All data will be migrated to this new database from SQL Server when the application first starts up following upgrade.
Once this is complete (you can confirm this by logging into Advanced Insights post-install) you can safely remove the PMPCAdvancedInsights SQL database. If you had installed SQL Express to support this requirement, this can also be removed.
Don't feel like going it alone? You canwith a Patch My PC engineer to help you install correctly first-time in your environment.
Curious about what fixes and new features we've added to the Publisher? You can check out our release history in the release history section for our and releases:
When all else fails and you can't find the answers you need we will always be there for you. While we do have a lot of written sometimes those just aren't enough. If you ever find that to be the case, or something is going disastrously wrong you can always with our talented team of experts.
Curious about where we are going and what we are planning to do we make all that information publicly available on our .
Is there something we are missing? Maybe a new document, a new feature, or a new app? If you head on over to our you can submit new ideas for us and make recommendations.
Want to learn more about who we are and what we do? Head on over to our page to learn more about who we are and our company's core values.
If you have any feedback or comments on our docs, please email .
If you experience performance degradation in the ConfigMgr Console or Advanced Insights when running the default recommended Compatibility Mode level for your version of SQL Server, reassess whether you may have to change the level to 110. Microsoft have further reading on this here
Download the latest installer for Advanced Insights by clicking the .
You can view the release history for Advanced Insights on our .
If you have any feedback or comments on our docs, please email .
Review the network requirements here:
To upgrade Advanced Insights, we need to re-run the installer using the latest version downloaded from .
See section:
Advanced Insights & Patch Insights share a base install, the functionality provided is governed by the license key you provide when first using the interface.
Applies to: Advanced and Patch Insights
All setup and configuration instructions are valid for both Advanced Insights and Patch Insights unless stated.
Change the Advanced Insights SSL Certificate.
Applies to: Advanced and Patch Insights
This section describes the steps required to change the SSL certificate used for an existing Advanced Insights deployment.
The ability to change the SSL certificate using the modify feature is supported in version 2.1.0 and later.
In the configuration modification page, select the checkbox for 'SSL Certificate' then click 'Change Certificate':
Use the drop down list to select the SSL certificate which represents the CNAME / Alias you wish to use.
With the appropriate SSL certificate selected, click 'Set CNAME / Alias'
In the set CNAME / Alias dialog page, the dialog will be prepopulated with a value for the CNAME / Alias based upon the selected certificated.
Modify the prepopulated URL value if required.
Click 'Set CNAME / Alias'
Click 'Next'
Click 'Install'
The installer will make the required configuration changes and display a summary once complete.
Click 'Finish'
New Advanced Insights URL
Advanced Insights welcome page
Applies to: Advanced and Patch Insights
On first logon, you will see the welcome page. You can access this page any time by clicking your username in the top right of the screen.
The welcome screen needs your Patch My PC license key and your ConfigMgr site server details.
If Advanced Insights is installed on the same server as the Patch My PC Publisher we will read the license key automatically. Alternatively, please add your license key and click to verify.
Provide the server name and database name of your ConfigMgr primary site and click to connect.
As long as the IIS application pool identity running the Advanced Insights Controller website has permission to read the database, you should be good to go.
Once the license key and SQL sections are successfully completed, click Go to Dashboard in the final step to complete setup.
Change the Advanced Insights IIS application pool identity.
This section describes the steps required to change the IIS Application pool identity used for an existing Advanced Insights deployment.
The ability to change the IIS application pool identity using the modify feature is supported in version 2.4.1 and later.
In the configuration modification page, select the checkbox for 'IIS Application Pool Identity' then click 'Change Identity':
Select 'Local System' or to set a custom identity using an Active Directory account, select 'Specific User':
In this example we will set a custom identity using an Active Directory account. After entering the account username and password, (The domain value should already be pre-populated by the installer) the 'Check Credentials' button can be used to validate the account credentials entered.
Click OK
The confirmation page is then displayed. Click close to exit the installer.
This completes the steps required to modify the IIS Application Pool identity.
Advanced Insights ConfigMgr SQL Permissions requirements
Applies to: Advanced and Patch Insights
Advanced Insights needs read access to the ConfigMgr SQL database. If Advanced Insights is installed on a server that is not the ConfigMgr site server, or a custom Active Directory account is used for the IIS application pools, you will need to grant some SQL permissions.
Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database
Execute the following script replacing the domain\computername and CM_XXX database name
Advanced Insights access to the Configuration Manager SQL database can be configured to use a Active Directory user account. This account is set as the IIS application pool identity.
Open SQL Management Studio and connect to the required SQL instance for your ConfigMgr database
Execute the following script replacing the domain\username and CM_XXX database name
Applies to: Advanced and Patch Insights
Advanced Insights stores all application configuration in a SQLite database located in the following folder:
Advanced Insights stores all warranty data in a SQLite database located in the following folder:
These files can be backed up by any file backup solution.
To restore the configuration in the event of loss or server move, simply re-install Advanced Insights and copy the backup files into the same location, overwriting the blank database supplied by the installer.
Granting Advanced Insights a role in ConfigMgr. Not required for Patch Insights.
Applies to: Advanced and Patch Insights
For various Configuration Manager console actions and features to work, the accounts running the IIS App Pools need to have permissions to connect to your SMS Provider Server.
By default, the IIS App Pools run under the local computer account of your Advanced Insights Server.
Open the ConfigMgr console and navigate to Administration > Security > Administrative Users > click Add User or Group
Choose the User/Computer account running your IIS App Pools. In our example we are adding the local computer account of our server named "SCCM"
If you wish to adhere to the "Principle of Least Privilege" then you can download the XML file below and import it as a security role into ConfigMgr. This role grants the lowest possible privileges.
To import the security role XML file, open the ConfigMgr console and navigate to Administration > Security > Security Roles > click Import Security Role.
Applies to: Advanced and Patch Insights
Completion
When the installer has completed the final wizard screen is shown. This includes a link to go to the welcome experience dashboard. The first use username is admin the initial password is 123qwe which you will be prompted to change.
Review the SSL Certificate requirements here:
In this example, we are changing the SSL certificate to a CNAME / Alias type as described here - If you want to change the SSL certificate to a server host name only type, select the appropriate certificate and then click 'Next'. Configuring a server host name type URL described here -
If you have a problem at this stage, please see for details on granting SQL permissions.
Review the IIS Application pool identity details here:
Alternatively, a custom ID can be used. See:
See:
Assign them the Operations Administrator role
Instructions for removing Advanced Insights
Applies to: Advanced and Patch Insights
To completely remove the product we will carry out the following actions:
Remove the Advanced Insights Inventory Extensions (if deployed)
Uninstall the Advanced Insights product
Remove the Advanced Insights database
You can manually remove the Inventory Extensions from a ConfigMgr Console under: Administration > Client Settings > Default Client Settings > Hardware Inventory > Set Classes ...
Carefully Select and delete each PMPC_ Inventory Class from this window individually. This will remove them from your Hardware Inventory Schema and delete their data from the database:
The uninstall is automated from Settings / Add Remove programs, simply select the application and click remove.
The uninstall will leave behind some customization files, including the Advanced Insights SQLite DB. This can all be removed by deleting the following folder:
Applies to: Advanced Insights
Advanced Insights (this is not relevant for Patch Insights) can access device warranty information from a variety of vendors. For access to Dell warranty information you will need an API key provided by Dell. The process to apply for a key is shown here.
Once you have successfully obtained your API key log into Advanced Insights and navigate to the Administration area. Go to Settings - External Services and check the "Is Enabled" and "Enable Warranty Caching" option.
Enter the provided Dell warranty text for Client ID, Client Secret and click save all.
*Please only enter in the text in-between the brackets for the API Client Secret.
Applies to: Advanced Insights
Clients with the Inventory Extensions MSI installed will support the use of our custom client actions:
If you see this message when using any of the custom client actions:
This means you have the "Additional Script Approver" setting enabled in ConfigMgr. To approve our script, please follow these steps:
Open your ConfigMgr Console
Go to Software Library > Scripts
Right click and approve the "Advanced Insights Client Actions" script
Install Updates - Installs all updates which are advertised to the device which are targeted as available or required. This is the same action as pressing Install All in the Software Center.
Repair Client - Executes the ccmrepair.exe
Clear CCM Cache - Clears all ccmcache items on the client (including persistent cache)
First you will browse to and register or log in, you will need to be associated with your Dell Company account. Once all that is sorted you can select to go to the APIs section.
Advanced Insights must be granted the correct permissions to your SMS Provider for these actions to work. See .
Notify - Sends a message box to all users logged in on the client, this message includes the
Applies to: Advanced Insights
Several features of Advanced Insights (this is not relevant for Patch Insights) require the deployment of our Inventory Extensions. This process adds additional reports and functionality to Configuration Manager.
To setup the Inventory Extensions, there are two actions to complete:
Navigate to the Administration > Settings page
Select the Advanced Insights Inventory Extensions tab
Click Update Hardware Inventory via Advanced Insights
Download AdvancedInsights_SMS_DEF.mof
In the ConfigMgr Console, navigate to Administration > Client Settings > Default Client Settings > Hardware Inventory > Set Classes...
From this page click Import... and select the AdvancedInsights_SMS_DEF.mof
Tick/untick the imported Inventory Classes as required
If you have previously deployed the "PMPC Data Collection" PowerShell Package, please ensure you delete its deployment before deploying the new InventoryExtensions.msi
Windows 10/11, Windows Server 2012 - 2022 (64-bit)
.NET Framework 4.8
You can deploy the Inventory Extensions product via Patch My PC Publishing Service
1. Open the Patch My PC Publisher, navigate to the ConfigMgr/Intune Apps tab and select Patch My PC > Advanced Insights Inventory Extensions (MSI-x64)
2. To quickly sync this app to ConfigMgr/Intune without having to wait for all other selected apps and updates in the Publisher to evaluate and process, right click the Advanced Insights Inventory Extensions (MSI-x64) app and select Publish this product during the next manual sync. (Selective sync).
3. On the Sync Schedule tab, click Run Publishing Service Sync.
4. Verify the Inventory Extensions x.x.x.x (MSI-x64) application was created and deploy it to your desired collection(s).
Select whether to collect Microsoft Update Compliance Data
Seeing this message suggests you need to configure . We recommend configuring permissions instead of proceeding with a manual install.
Technical detail for the Inventory Extensions
Applies to: Advanced Insights
The Inventory Extensions MSI is a .NET WMI Provider. This provider code is loaded by the WMI Service on Windows clients. The provider returns data that the client processes into a hardware inventory report where it is then submitted to the ConfigMgr site server and entered into the SQL database.
WMI stands for Windows Management Instrumentation. It is a set of specifications from Microsoft for consolidating the management of devices and applications in a network from Windows-based systems. WMI provides a standardized way for systems administrators to manage and query information about their systems.
The heart of WMI is the WMI Service, known as Winmgmt
and part of the Windows OS, this service runs in the background on all Windows systems. This service acts as a broker between WMI Clients (ConfigMgr client) and the WMI Providers (Inventory Extensions MSI) that deliver the actual data.
ConfigMgr's existing hardware inventory data is collected from WMI. We simply extend ConfigMgr's default hardware inventory policy with the new definitions of our Inventory Extensions data. This allows the ConfigMgr clients to query our WMI Provider through the WMI Service during its normal hardware inventory task - just like it would for any existing hardware inventory class.
For this reason we do not consider the Inventory Extensions MSI as an "Agent". We do not install any services on clients, instead the existing WMI Service brokers the connection between our Inventory Extension MSI code and the ConfigMgr client for us. The only time this code runs on clients is during a Hardware Inventory task or when a custom client action is invoked, after which the WMI Service handles the unloading of our WMI Provider.
Applies to: Advanced Insights
Advanced Insights (this is not relevant for Patch Insights) can access device warranty information from a variety of vendors. For access to HP warranty information you will need to sign up to HP Workforce Experience, enrol all the HP devices you want to collect warranty data on and set up a developer account to access the warranty data.
You will need to be a HP Workforce Experience customer for this to work, please speak to your HP representative about becoming a customer.
First, we will create the developer account needed to interact with the HP Workforce Experience api.
First, you will need to create an account if you do not have one already. If you have a HPID for HP Workforce Experience, you can use this account.
Once you have registered, you will need to message your HP representative and request access to the HP Proactive Insights APIs tech group for your developer account.
Please visit the link above to open the credentials generation page. You will be show the following options below. Click Get Credentials in the HP Proactive Insights Analytics section.
If the page has an error screen like shown below, HP have not enrolled your developer account in the HP Proactive Insights APIs tech group. Please contact HP again to have your account enrolled in the HP Proactive Insights API tech group.
You will need to provide the following information:
Credentials name: We recommend "Advanced Insight Warranty"
Description: We recommend "API Keys for Advanced Insight Warranty"
Developer Redirect Url: This will be used by HP to redirect when you log in. This needs to be your Advanced Insights in the following format https://FQDN:PORT/app/main/view/warranty. Example https://contoso.local:444/app/main/view/warranty
Client ID: Leave blank
Tick Read Checkbox
Click create and you will be redirected back to the previous page.
Once you have been redirected, there will be a green success banner on top of the page. Please now click the "My API Credentials" link in the banner.
Now click on the newly created app by click the app name, this will load the app details page.
Here you will see information about the newly created app.
We need to copy
The API ClientId
The API Secret (click "Show Secret" to get this entry)
It's a good idea to double check that the Redirect URL is correct. You can come back to this page if you receive a redirect URL error when trying to authenticate. You will also want to change the URL if your installation FQDN of Advanced Insights changes in the future.
We now need to copy API ClientId and API Secret to Advanced Insights.
Go to Administration -> Settings -> External Services
Based on the location of the HP Workforce Experience portal you used, select US or EU.
Copy and paste the API Client ID into the Client ID input
Copy and paste the API Client Secret into the Client Secret input
Save settings.
If you are already a HP Workforce Experience customer, you may not need to do the registration steps below but you will need access to the HP Workforce Experience Portal.
HP has two versions of HP Workforce Experience, one for US (and ASIA) customers and one for EU customers.
You will need to sign up to the appropriate version based on your companies location.
Mistakes here will cause issues in the future. Here are the access urls.
When you have registered and logged in, you will be greeted by the home experience of HP Workforce Experience. On the left hand side, you will need to click "Assets" to begin importing your HP devices into HP Workforce Experience.
HP Workforce Experience allows you to import your device using four different mechanisms. Currently only Intune Import and Asset enrolment allow for warranty data collection, manual and csv upload do not trigger warranty collection by design. To begin importing devices, please click the "Add" button in the top left of the page.
To begin importing from Intune, please click the Intune Import button then click next.
You will be now asked to provide your Intune Domain Name, this can be found by going to the Intune portal, clicking Tenant Administration on the left hand menu and copying the Tenant name from the Tenant Status page.
You will now be greeted by the Microsoft Login flow, please log in using your microsoft credenitals as normal. You will be then presented the list of permission HP requests to perform the Intune import.
All of the permissions requested by HP is for the HP Workforce Experience platform. They are not defined/requested by Patch My PC. Advanced Insights does not use or read any of your Intune data.
Once you have accepted the permission, the connection to Intune will be completed by HP.
You will now be asked if you wish to import Assets from Intune Groups, or to import all of your assets.
We shall continue using Group import only.
When you click on Import assets only from Intune groups, you will be presented with a full list of all your groups in Intune. You can filter out the groups you want to import and you can import multiple groups. Select the groups you want to import and click Import.
Intune will now begin importing your selected devices. You will receive a notification on begin and completion of the import.
You can also check progress by navigating to the logs link on the left hand side.
To enrol your device by Asset Enrolment, please use the following HP documentation to distribute the agent.
Once the devices are imported, HP Workforce Experience will begin collecting warranty information. This process can take some time, depending on how many devices you have imported.
Collecting warranty in Advanced Insights works in the same way as the other providers, but you will need to log into HP on bulk caching.
Navigate to the warranty dashboard.
To begin, click the "Bulk Processing" statistic to begin re-caching warranty.
You will be asked to log in to HP, click yes and Advanced Insights will go to HP to log in.
If you receive a redirect url is incorrect error. Please go back to your developer app and check the redirect url provided.
Once you have logged in, HP will redirect you back to Advanced Insights and warranty will begin caching warranty data.
The url for the HP developer portal is
The link to generate api credentials is:
US portal:
EU portal:
Applies to: Advanced Insights
Advanced Insights (this is not relevant for Patch Insights) will display the warranty status of Lenovo devices in the device modal display. We need to provide a warranty API token to be able to get this data.
To apply for a warranty API token you need to request one from your Lenovo account manager.
Once you have successfully obtained your API key log into Advanced Insights and navigate to the Administration area. Go to Settings - External Services and check the "Is Enabled" and "Enable Warranty Caching" option.
Enter the provided Lenovo warranty text for the Lenovo API Client token and click save all.
You can then navigate to the Warranty dashboard and click the Bulk Processing object in the top left to initiate warranty lookup.
Using a Advanced Insights with a Proxy Server
Applies to: Advanced and Patch Insights
Advanced Insights supports http, socks4 and socks5 network proxies.
Please add the correct protocol to the start of your proxies' network address e.g. http://x.x.x.x, socks4://x.x.x.x, socks5://x.x.x.x. Ports can be added at the end of the network address e.g. http://x.x.x.x:1234"
If Advanced Insights cannot automatically access our licensing service at https://api.patchmypc.com we will automatically prompt for you to supply proxy details.
Proxy configuration can also be added in the Administration - Settings - External Services tab
Definition and technical description of each of our custom WMI Classes
Applies to: Advanced Insights
DeviceID: Identifier that uniquely names the physical disk.
BusType: The interface the disk is connected by.
MediaType: Media type of the physical disk
*Manufacturer: The name of the manufacturer
*HealthStatus: A high-level indication of device health.
*OperationalStatus: Status further explaining a given health status.
*Model: This field represents the model number of the hardware
*PowerOnHours: Length of time, in hours, the storage device has been powered on since manufacture.
*ReadErrorsTotal: Total read errors encountered by the device.
*SerialNumber: Serial Number of the battery
*Temperature: The current temperature of the storage device in Celsius
*TemperatureMax: The maximum temperature in Celsius at which the storage device is capable of normal operation.
*Wear: Storage device wear indicator, in percentage. At 100 percent, the estimated wear limit will have been reached.
*WriteErrorsTotal: Total write errors encountered by the device.
These properties are collected via SMART. Not all devices may support SMART monitoring
BatteryID: String identifying the battery.
DesignCapacity: The design capacity of the battery in milliwatt-hours.
FullChargeCapacity: The full charge capacity of the battery in milliwatt-hours.
Health: Comparison of the FullChargeCapacity to the DesignCapacity property is used to determine the health of the battery. (100 = Healthy)
*Chemistry: Describes the batteries chemistry.
*Manufacturer: The name of the manufacturer
*ManufacturerDate: The date the battery was manufactured
*SerialNumber: Serial Number of the battery
DataSourceName: Name of the ODBC
Database: The Display Name of the Application
Description: The reported version of the application.
Driver: The driver used for the ODBC
DriverVersion: The specific file version of the driver
Platform: Specifies whether the ODBC is 64/32 bit
User: The name of the user that owns the ODBC (if applicable).
InstallLocation: The folder location in which the application is installed
DisplayName: The Display Name of the Application
DisplayVersion: The reported version of the application.
InstallDate: The date the application was installed.
Publisher: The name of the publisher of the application.
QuietUninstallString: command line string to uninstall the application.
UninstallString: command line string for silent uninstall of the application.
User: The name of the user that installed the application.
GroupName: Name of the local group.
Members: List of user members belonging to that local group.
GroupMembers: List of sub groups that are members of the local group
If a member cannot be identified the SID will be displayed instead.
Please note that collection of this data requires additional software from the vendors to be installed on clients:
DeviceName: Identified name of the dock device.
*Firmware: The firmware version currently installed on the dock
*Manufacturer: Manufacturer of the dock
*SerialNumber: Serial Number of the dock if applicable (For dell this is the same as service tag)
PnPID: Device "PnP" Id, this is only used if we werent able to identify the dock model
InstanceName: Unique Identifier for the monitor
DeviceName: Name of the monitor
InchSize: Diagonal size of monitor
ConnectionType: The cable used to connect to monitor
Primary: Whether this monitor is configured as the primary display. True or False.
ResolutionHorizontal: Maximum horizontal pixel count
ResolutionVertical: Maximum vertical pixel count
*Model: Model of the monitor
*SerialNumber: Serial number of monitor (service tag for DELL)
*Manufacturer: Name of manufacturer
*ManufactureYear: Year the monitor was made
UpdateId: unique ID that represents the update
Title: Title of the update.
Status: Missing or Installed.
Service: The Update Service used to discover this update.
Product: Product associated with the update
ProductID: ProductID associated with the update
InstalledOn: Date the update was Installed On
DatePosted: Date the updated was release or revised
ArticleId: KB article ID identifying the update
GUID: unique ID that represents the Wifi Interface
Description: Name / description of the interface
Authentication: Type of authentication used (e.g., WPA2, WEP, Open)
Band: Frequency band used (e.g., 2.4GHz, 5GHz)
Channel: Current operating channel
Cipher: Encryption cipher used (e.g., AES, TKIP)
ConnectionMode: Mode of connection
Driver Version: Version of the driver software controlling the interface
PhysicalAddress: MAC address of the interface
RadioType: Type of wireless radio (e.g., 802.11n, 802.11ac)
Signal: Percentage signal strength of the connection
SSID: Name of the wireless network
State: Current state of the interface (e.g., connected, disconnected)
SID: Security Identifier associated with the user profile
Path: File path where the user profile is stored
LastLoggedIn: Date and time of the user's last login
AccountName: Name of the user account
SizeGB: Size of the user profile in gigabytes
InstallPath: Path of the extension content and manifest
Name: Name of the extension
Author: The reported author of the browser extension acording to the manifest
Browser: The browser that the extension is installed in.
User: The user that has the extension installed. (All browser extensions are per user)
ID: ID of the Browser Extension associated with Chrome / Edge store
Version: The version of the browser extension
Associating roles in Advanced Insights to Active Directory Groups
Applies to: Advanced Insights
Active Directory Group Authentication enables the Advanced Insights administrator to associate Advanced Insights Roles with AD Security Groups. This ensures that a new user is automatically granted the relevant rights in the portal without the need for manual user creation.
Once this is configured, we can assign an existing role to an Active Directory Group, or create a new role for a group. N.B. There is currently no support for nested groups.
Assigning a Role to an Active Directory Group
Navigate to Administration > Roles.
Click Create new role
Enter a name for the role (in this example, "Helpdesk"
Type the name of the associated Active Directory Security Group, here, we are using "sg-Helpdesk". Ensure the group name is validated on save.
Now click the Permissions tab and select the pages and permissions you want to grant to this role.
Logging on with an account in the helpdesk role, the user is granted only the access stated in the role configuration:
Enabling user authentication using Azure Active Directory
Applies to: Advanced Insights
Advanced Insights supports authentication using Entra ID credentials using OpenID. To configure this is a two-step process:
Create an App Registration in Entra
Enter the App Registration details to Advanced Insights
Navigate to the Entra Admin Centre and log in with an account that has permissions to create App Registrations.
You will add a name for the App Registration (for example "AdvancedInsights").
In Supported Accounts select "Accounts in this organizational directory only"
Redirect URI
Example redirect URI:
https://advinsightsserver01.contoso.local:444/account/login
Select "Single-Page Application (SPA)" from the dropdown list in the "Redirect URI" section, and enter the URI.
When you have filled in the required properties click Register.
You will be shown the App Registration overview screen. We need to copy some properties from here.
Copy Application (client) ID and Directory (tenant) ID values into a Notepad document.
Now click the "Authentication" link on the left in the "Manage" section.
In the "Implicit grant for hybrid flows" section, tick both options for:
"Access tokens (used for implicit flows)"
"ID tokens (used for implicit and hybrid flows)"
This grants the application permissions to issue the tokens used by Advanced Insights to validate login.
To save changes, click 'Save'.
Click "Certificates and secrets", then within the "Client secrets" section, click "New client secret".
Name the secret and set an expiry duration that is suitable for your environment.
Click 'Add' to save the "Client secret" configuration.
Now you can copy the "Value" of your client secret and add it to your Notepad document:
This completes the configuration work in the Azure Portal.
Log into Advanced Insights with an administrator role account and navigate to the 'Administration' > 'Settings' menu. Select the "AzureAD" tab.
Clear the "Deactivate" checkbox.
Enter the value for your Application ID/ClientID.
Enter the value for your Client Secret.
Enter the value for your Directory (tenant) ID.
Select 'Save All'.
Log into Advanced Insights with an administrator role account and navigate to the 'Administration' > 'Settings' menu. Select the "User Management" tab.
Enable "New registered users are active by default." checkbox.
Select 'Save All'.
This completes the configuration for adding the Entra ID App Registration details to Advanced Insights.
The Advanced Insights logon screen will now show a "Sign in with Microsoft" button.
At first logon, an Azure administrator will have to consent to the application registration requested permissions.
You should check in the Users area in Advanced Insights that there are no existing user accounts with email addresses that match the Entra ID accounts you are going to have logging in. If you do, you can delete these accounts and they will be recreated on first login by that user.
You will always be able to log in as the Advanced Insights "Admin" to make configuration changes.
If the Entra ID account a user logs into Advanced Insights with has a matching on-prem AD Account with the same Email Address set, any RBAC role they have in ConfigMgr for their on-prem AD account will be maintained in Advanced Insights.
For example, if a log in with this Entra ID Account is used:
The on-premises Active Directory object of this account has the users Entra ID UPN set as the email property:
Advanced Insights Update scanning (this is not relevant for Patch Insights)
Applies to: Advanced Insights
If you use Intune to manage your windows updates (Windows Update for Business) then none of that compliance data is visible from ConfigMgr. This requires you to have to read compliance data from BOTH ConfigMgr and Intune.
You get complete visibility of all update compliance from Advanced Insights
We supplement your ConfigMgr compliance data with additional data from Microsoft Update.
Our Inventory Extensions WMI Provider runs on clients and scans against Microsoft Update to find update compliance data. This data is then pulled into ConfigMgr via Hardware Inventory for reporting.
Clients must be configured to use Windows Update for Business
HP -
Lenovo -
DELL - (or DSIA)
To use this feature, first enable Active Directory Authentication using Administration - Settings - User Management, more details .
You must complete the implementation steps in the
Using AD accounts for authentication into Advanced Insights
Applies to: Advanced and Patch Insights
Advanced and Patch Insights support integration with Active Directory for user authentication. This feature is enabled by an administrator in Administration > Settings > User management. Once enabled, this will ensure that any users signing in can use their AD username and password. If users have an RBAC role defined in Configuration Manager, Advanced Insights will adhere to that role, only showing the clients they are permitted to view.
To enable Active Directory authentication capabilities:
Check the box for Enable Active Directory Authentication
Optionally Enter your Active Directory domain name (normally only required if the authenticating domain is different from the domain the Advanced Insights server is installed in)
Optionally Enter a username and password used to connect to Active Directory, this is only required if the Advanced Insights App Pool identity (Local System by default) has been restricted from reading Active Directory, which is uncommon
After you have entered these details, you can now log in with your Active Directory UPN or username.
If this is your first time logging in to Advanced Insights, you will receive whatever role is assigned as "default" or roles your Active Directory Group membership assigns.
You can read more about assigning roles to Active Directory Groups in the article below:
Technical requirements to enable Remote Control from the Advanced Insights Device Details pane. (this is not relevant for Patch Insights).
Applies to: Advanced Insights
To launch the Configuration Manager remote control action from the client actions menu in Advanced Insights the user must have some files from the Configuration Manager console install directory and an Advanced Insights utility. If the ConfigMgr console is installed on the user’s computer then no additional configuration is required.
To run the ConfigMgr remote control agent we need a copy of:
CmRcViewer.exe
RdpCoreSccm.dll
the relevant locale folder for the RC Tools, for example 00000409
All of these are copied from \\SiteServerName\SMS_ABC\AdminConsole\bin\i386
On each Advanced Insight user’s computer, copy these files and folder to a location accessible by the user, for example C:\CMTools or %AppData%\CMRCtools.
We also need a copy of the Advanced Insights utility AdvInsRemoteControl.exe stored in the same location. The user is prompted to download and run this from the Advanced Insights portal the first time they try to use remote control if the app has not already been executed.
AdvInsRemoteControl.exe is included with the installation of Advanced Insights in the folder C:\Program Files (x86)\Advanced Insights\Api\Installers. It is a DotNet Core application which handles calling the Configuration Manager Remote Control utility from the Advanced Insights website. On first run AdvInsRemoteControl.exe registers itself in the Registry as a class type under Computer\HKEY_CURRENT_USER\Software\Classes\cmrc
This allows the Advanced Insights website to invoke the ConfigMgr Remote Control agent when required. If you delete or move the AdvInsRemoteControl.exe you can reregister it simply by running it again from Windows Explorer.
The application will check for the correct Configuration Manger files and folders when it runs and will alert you to any configuration errors.
Adding Advanced Insights to the ConfigMgr Console
Applies to: Advanced Insights
To provide easy access to all dashboards and individual devices, collections, updates, etc. Advanced Insights is provided with an optional Configuration Manager Console Extension. This adds a node to the Assets and Compliance view of the console as well as providing an additional option in the context menu when right-clicking certain object types in the console.
Download and unzip the Console Extension using the link below.
Warning: The console extension will not work if you are using a self-signed certificate.
To import the Extension, navigate to the Administration node of the Configuration Manager console and expand the Updates and Servicing node. Right click Console Extensions and select "Import Console Extension".
Browse to the location of the unzipped Console Extension download.
Select the AdvancedInsightsConsoleExtension.cab file and click Open, then click Next, next and Close.
The newly imported Console Extension will be listed alongside any other extensions you have deployed. You must now Approve the Extension by right clicking and selecting "Approve".
Once approved the Extension can be Installed:
You will be prompted to restart the ConfigMgr Console. When it reloads the Advanced Insights node will have been added tot he Assets and Compliance view:
When you click the Advanced Insights node, a dialog is displayed in the detail pane asking for the details of your Advanced Insights portal.
Provide the relevant URL, including https:// prefix and any required port, for example https://server.contoso.com:444 and click OK. If the address is correct, the Advanced Insights login page will be displayed. You can re-run the configuration step any time by right clicking the Advanced Insights node and selecting "Configuration".
The first obvious use of the Extension is to display the Advanced Insights portal right there in the ConfigMgr Console:
The second use scenario is to access the rich display capabilities of Advanced Insights when working with Console objects. For example, right-clicking a client and selecting "View in Advanced Insights" will open a new browser window and automatically display the device view for that client.
This functionality is available for Devices, Collections, and Updates in the ConfigMgr console.
Getting started with custom dashboards.
Applies to: Advanced Insights
Custom Dashboards are created and maintained in the Administration node.
Click Create New to open the dashboard editor.
Here I have provide a name, description and chosen an icon for my dashboard. I have filtered the "page" column of the dashboard items column to find the objects I want.
Each item I add to my custom dashboard can have dedicated filter options applied. Here I have selected the update I wish to see the trend data for and have set that I want to render data from the date posted. I will add a second Update Installation Trend chart top my dashboard and set it to show the state of a different update.
Having saved my dashboard, it now shows up in the menu and I can select it to render my chosen charts.
Creating, editing and sharing Custom Dashboards
Applies to: Advanced Insights
Introduced in Advanced Insights 2.2.1, the Custom Dashboard feature enables users to create their own dashboards and share them with other users, if permitted.
Overview of Advanced Insights dashboards
Applies to: Advanced Insights
Applies to: Advanced Insights
Using Advanced Insights to access ConfigMgr Remote Control tools (this is not relevant for Patch Insights)
Applies to: Advanced Insights
Anywhere in the Advanced Insights portal when you click a computer name you will be shown the Device View. If the device is online the Remote Control button in the top right hand corner will be available.
A confirmation message is shown
Following which the Remote Control tool will launch.
Clicking yes will take you to the Requirements for Remote Control documentation page. You must complete the rest of the requirements above to be able to use the tool.
A user with the relevant permissions can share custom dashboards
Applies to: Advanced Insights
When creating or editing a Custom Dashboard, if the user has Create Public Dashboards permissions, the dashboard being created can be shared with individual users, or assigned to an existing role.
To give access to additional roles and/or users when editing a Custom Dashboard, you can use the section at the bottom of the editor page to grant access.
CCusom Dashboards can also be assigned to roles and users in the Administraion node, for example to add a custom dashboard to a Role:
Collections in your environment
Applies to: Advanced Insights
The Collections dashboard has significant functionality below the surface.
Each collection is shown, with its relevant metadata and device count. The Quick Search feature helps to rapidly location a specific Collection, the containing console folder is shown in the Path column.
Clicking an individual collection opens the Collection Members view:
This view allows you to remove members with the delete button (for direct members only). You can also access all of the client actions available for one or more selected clients using the Bulk Actions menu.
The list icon hosts an Add Resources option. Clicking this allows you to import a CSV of resources to add to the selected collection.
The collection modification process will verify that the listed devices are valid clients, and are not already members, before adding to the collection, the results of the action will be shown on completion.
Applies to: Advanced Insights and Patch Insights
The Home Dashboard is the first screen shown to you when first logging on to Advanced Insights. This page is designed to be a "daily check" type of view for your Configuration Manager environment, with a focus on software updates.
The statistics across the top will show you details about your Configuration Manager environment and how long it has left in support, the number of devices in your environment which are under configuration, management versus devices that don't have the SCCM/ConfigMgr client install. We'll show you the number of updates in the environment which are required by at least one device, and we'll also show you any issues that you may be having with distribution of content across the Config manager infrastructure.
As with everything in the Advanced Insights interface, you can click on any of these stats to see further information about the devices or the infrastructure that is listed behind them. For example, clicking the Managed Devices box, will show a list of the machines and their managed/unmanaged state.
The next row of statistics are doughnut charts, which show you information about your Configuration Manager client count. In our demo environment we see that there are three devices running an old version of the client, two that are on a more recent version and everything else is fully up to date.
The next doughnut chart shows us details about Windows 10 and Windows 11 devices, and their support status. This chart can be pivoted to some of the other metrics that we have about Windows 10 and Windows 11. So for example, the servicing channel and we can also see things like the editions and the release version.
We can view all of the data used to build this chart by clicking the view chart data button under the cog icon.
We also show the same support and edition information for the Office 365 client if you have that deployed in the environment.
The chart on the right hand side will show us the status of the software updates scan cycle in your in your client estate. So here you can see that currently we have one machine which is running the software update scan and two have completed successfully. There are no errors. If everything is green in this chart, then that means that your software updates scan environment is healthy.
The final row on the home dashboard will show as computer compliance, sorted by default by your least compliant computers from a software update perspective.
We have several machines that have not sent in any software update compliance data for a while and so their compliance status is unknown against more recent updates. We can scroll through this list and can expand out the number of records that are being shown to show you a longer list.
Clicking on any machine will take you to the detailed device view for that client where we show you the software update state for that individual machine.
This view shows detail of update agent configuration and scan health as well as required and installed updates. The Actions row allows us to invoke client actions against the device, such as an update deployment evaluation, reboot, etc.
The final view on the home dashboard is of deployed updates compliance.
We have dedicated Software Updates dashboards for a more detailed view of this data, but on the home page we can see our least compliant updates, and we can click through to see significant detail about each object, its deployment state, etc.
How to modify an existing custom dashboard
Applies to: Advanced Insights
To modify an existing custom dashboard, we navigate to the 'Custom Dashboards' node in the 'Administration' section and click the 'Edit' option.
To add new items to the dashboard, select them from the list and click 'Add to Dashboard'.
To rearrange items on the dashboard, you can click and drag.
Description of the layout of the Devices page
Applies to: Advanced Insights
This dashboard shows details for device properties from within Configuration Manager.
The top row of statistics gives you quick access to Managed Devices (Devices with a Configuration Manager client), Virtual Devices, Portable Devices and Desktop Devices.
Click through any of these dash stats to be able to load a table with all the information.
From this table you are able to do several different functions. You have the ability to multi select devices and perform one of the many built-in right click options available to you in the Configuration Manager Console and also some of the PatchMyPC actions too.
There is an export button at the top right corner (Cog) where you can export the dataset to a CSV file.
At the bottom of the table page you can also make the page size large in rows and also by selecting a device or multi devices add them into a collection.
The next row of statistics are doughnut charts, which show you information about your Configuration Manager client count, Client Heartbeat, Client Hardware Inventory and Client Device Properties.
In this Donut chart you can see all the different versions of Configuration Manager clients you managing in your environment. This is a handy stat to see after a Configuration Manager upgrade to see. When you click on the cog in the top right you will have an option to View Chart Data or refresh data.
When you click on the View Chart Data button you will get a whole list view of all the clients and their Configuration Manager client versions.
Filter the data by any of the titles to make a more customised report for yourself.
In this Donut chart you can see how long since a Configuration Manager had sent its Heartbeat Discovery to Configuration Manager. This can be from Today, 3, 7, over 7, 14 and 30 days.
In this Donut chart you can can see how long is been since devices have submitted their hardware inventory data to Configuration Manager.
In this Donut chart we have the option to pivot the data to different options
Manufacturer
Memory - Installed (GB)
Cpu - Type
Disk- free disk space (C:)
Bitlocker Status (C:)
BIOS Version (Top 20)
Description of the layout of the Users page
Applies to: Advanced Insights
This dashboard shows User details that have been imported through discoveries into Configuration Manager.
The top row of the data gives you a quick overview of the number of Active Directory Users, Azure AD Users, All Active Directory User Groups and Primary Device Users.
Click through any of these dash stats to be able to load a table with all the information you have selected
This table list users which have been discovered from Configuration Manager.
This table list all the Active Directory User Groups which have been discovered from Configuration Manager.
Details of external displays
Applies to: Advanced Insights
The Displays donut chart lists several properties, by default Manufacturer is shown, but this can be pivoted to Model, Connection Type, Year of Manufacture, Size and Resolution by clicking the property button:
The Connected Displays table lists all machines and their individual display configurations.
Clicking any device listed will take you to the Device View, with the Hardware - Display tab selected:
This view shows you the physical horizontal layout of the monitors on the user's desk (note, vertical positioning is not shown). The primary monitor is indicated with the Windows logo. The hover over text lists additional monitor properties, also listed in the table below.
If you are missing the setup outlined in the "" document, you will be shown this message.
Advanced Insights must be granted the correct permissions to your SMS Provider for these actions to work. See .
This dashboard requires deployment of the
Storage device data collected by Advanced Insights in your environment
Applies to: Advanced Insights
This dashboard hosts two primary tables.
The top table lists physical disk, the partitions defined on that disk and the logical drives created on that partition. For example:
Here, a a machine has five physical disks, Disk #0 has three partitions, but only one of these partitions has a logical drive with a drive letter (C:) defined (the "missing" partitions in this instance are the Windows Recovery Partition and the EFI System Partition). That partition is allocated 232.3GB of a 232.9GB disk (~100% of the drive) and the logical disk is 232.3GB in size with 168.2GB free space, i.e. it is 27.6% used.
The storage health statistics are gathered from Windows S.M.A.R.T. (Self-Monitoring, Analysis and Reporting Technology) tools.
Each disk presents the data it supports (not all disks report PowerOn statistics, or temperature, these are listed where available). We can see the wear statistic reported by SMART. The higher the wear percentage, the more likely it is that the disk will fail.
Inventoried video adapters for managed client devices
Applies to: Advanced Insights
This page shows a filterable list of each device and the video adapters inventoried by Configuration Manager. Where a device has multiple adapters, multiple rows are listed.
Click-through shows the device view with all inventoried adapters and their driver versions.
This dashboard requires deployment of the
Information on the hardware dashboards
Applies to: Advanced Insights
Client computer batteries
Applies to: Advanced Insights
Advanced Insights will display battery health data for managed devices. The table lists all devices with battery data. The design capacity (in mWh) is listed alongside the current Charge Capacity. The Health percentage shows the ratio of Charge Capacity to Design Capacity. As the battery loses capability to hold charge, the percentage shown will be lower. 100% Health is Good, 0% Health is bad.
This data is gathered by the Advanced Insights inventory extensions using the Powercfg.exe utility included with Windows.
Clicking an individual machine will show some additional detail about the device battery in the device view.
Enabled wireless adapters on client devices
Applies to: Advanced Insights
This page helps to track which wireless adapters are present in the environment. The device name and driver version are shown along with MAC Address.
Click through shows connection history in the device view.
This dashboard requires deployment of the
This dashboard requires deployment of the
Applies to: Advanced Insights
Software Applications provided by Configuration Manager
Applies to: Advanced Insights
This dashboard shows details for all Applications defined in the Configuration Manager console.
The top row of statistics give you quick access to any applications modified recently as well as enabling you to see unused applications which can potentially be retired.
The table lists all applications and their aggregated deployment status, i.e. if there are multiple deployments for an application this level provides an overall summary of all deployments. This table can be filtered to a chosen collection.
Click through to any individual application shows additional detail, including individual deployment compliance:
The General Information tab lists the metadata for the application and details of the distribution point status for the application.
The Deployment Types tab lists all deployment types defined for the application, the relevant technology and content size with the source path.
The deployments tab lists each deployment and its related compliance.
The compliance tab lists each targeted client and its overall application deployment compliance. Clicking any individual machine will take you to the device view focused on the software - applications tab.
Metered Software Usage
Applies to: Advanced Insights
This dashboard shows software usage which you have enabled from Configuration Manager Console. Ensure that the metering rules you have created are the correct executable name, version and language.
You can drill further down to the individual application to see which devices and users run the app.
On this tab you can see the application you have selected and list which users have run this exe.
This tab displays the details of the software usage.
This portlet displays statistics for enabled metering rules. To accurately present the metering data, you must also of the Installed Executable Class from Asset Intelligence.
Software Registered in Add/Remove Programs
Applies to: Advanced Insights
The Client Inventory dashboard provides you with high-performance access to Configuration Manager's software inventory data.
The statistics across the top list the counts of applications installed in the user profiles across your estate and how many devices have applications installed in this way. Plus a count of 32 and 64-bit applications.
The table lists all apps in a quickly searchable and filterable way. Each discovered application is listed by Publisher and Display name. Where multiple versions of an application are present in the environment a count of versions is shown.
The User Installed Apps data on this page requires the deployment of the
Open Database Connectivity (ODBC) connections
Applies to: Advanced Insights
This dashboard will display all the Open Database Connectivity (ODBC) connections reported. We can see the name of the Computer, DataSource name, Server name, Database and Driver version.
Installed Web Browser Extensions
All the information on this page are the web browsers extensions installed in the web different browsers.
Microsoft 365 Apps Installations and Support
Applies to: Advanced Insights
On this dashboard we show you data with regards to the Microsoft 365 Apps. The information shown in the donut charts are:
Support Status
Servicing Channel
Platform (Architecture)
Release Version
Build Version
The table shows the latest support data from Microsoft.
When you click on the cog on any of these donuts you will be able to view the whole chart data.
In this data you filter on any of the headings and also export the data too.
The ODBC Connections data on this page requires the deployment of the
The Web Browser Extensions data on this page requires the deployment of the
Applies to: Advanced Insights
Members of the local administrators group
Applies to: Advanced Insights
On this report we can see all the groups members and users part of the Local Administrators group on client devices.
Windows 11 Upgrade Readiness for Windows 10 Client Devices
Applies to: Advanced Insights
On the top bar of this page we are showing:
Windows 11 - Count of all Windows 10 and 11 client devices that are inventoried as Windows 11
Unappraised - Count of all Windows 10 client devices missing Windows 11 upgrade appraisal data
Ready for Upgrade - Count for all managed Windows 10 client devices that can be immediately upgraded to Windows 11
Cannot Upgrade - Count of all managed Windows 10 client devices that cannot be upgraded to Windows 11
The donut chart for OS Upgrade Readiness and Cannot Upgrade Reason you have a properties which you can toggle between the different versions of Windows 11. On these two donut charts you also have the ability to view the chart data and export from the cog icon.
The last chart on the left is the Windows 11 Upgrade Readiness Issues chart where you can see the reasons for why the devices are unable to upgrade to Windows 11.
The Reasons column have the following conditions which are flagged if a device is marked as unable to upgrade (Red) to Windows 11:
If a system doesn't support TPM 2.0 (RedReason=Tpm)
If the system isn't Secure Boot Capable (RedReason=UefiSecureBoot)
If the system has less than 4 GB of RAM (RedReason=Memory)
If the system doesn't have 2 processor cores (RedReason=CPU)
If the CPU doesn't support 1 ghz and higher speed (RedReason=CPU)
If the CPU doesn't support the Windows 11 approved CPU generation (RedReason=CpuFms)
If the system is in SMode and not a home (core) sku (RedReason=SModeState)
If the system drive size is < 64 Gb (RedReason=SystemDriveSize)
The Local Administrators data on this page requires the deployment of the
This information is listed on
Operating Systems Dashboard
Applies to: Advanced Insights
On this operating system dashboard we are showing the following information:
Pending Restarts - all devices
Pending Restarts - Windows Updates
Server
Workstations
Client Computer Operating Systems
Windows OS Servicing
When you select Pending Restarts for one of the 4 options at the top you get a table with the device information, but also you get to see what the client has reported it is pending a restart for.
In this donut chart you can pivot the information using the properties button to show either the following information:
Support Status
Servicing Channel
Release Version
Edition (SKU)
Build Version
From selecting a property you can then go and select for example build version and get a report just on one particular build version.
Or by clicking on the cog and then selecting View all Chart data you can get a table with all the devices in that property selected.
Operating system last boot time data
Applies to: Advanced Insights
This dashboard displays the Windows OS Uptime data and when the last hardware inventory occured from the device clients.
User profiles inventoried on client devices
Applies to: Advanced Insights
The User profiles dashboard is data collected from the Inventory Extensions. Here we are able to display information on:
Aged Profiles - Users profiles with last logon greater than or equal to 90 days.
Unknown Age Profiles - User profiles with no last logon date data.
Orphaned User Profiles - User profiles with no associated user account.
Conflicting Paths - User profiles on the same device that share the same user profile path.
On each of these reports you will be able to see the Computer name, Account name, Last logged in date, Age and Size of the user profile.
The donut chart breaks down profiles based on size on disk.
The User Profiles chart gives you a full list of inventoried user profiles on client devices but also you have the ability to delete a users profile from a device too.
The User Profiles data on this page requires the deployment of the
The Delete user profile button on this page requires the Approval of the run Script
Applies to: Advanced Insights and Patch Insights
Applies to: Advanced Insights and Patch Insights
The Dashboard under Software Updates page give you an overview of the data for Software Update health and compliance.
Along the top bar in the this dashboard you get shown the Synchronisation status of the top level Software Update Point, Updates that are Required by 1 or more devices which need deploying, last months update compliance and also the current month update compliance.
In this dashboard we show all the Software Updates Point site and their synchronisation status. If you have multiple downstream Software Update Points you will see their status here too.
When you click through on this dashboard statistic you get a dashboard with the number of Critical and Security Updates that are not in any active deployments and are required my at least one computer in your environment. This excludes superseded and expired updates.
On these click through charts you can see a report on the Last and Current Months device compliance against deployed Critical and Security Updates released or revised in that month, this also includes Superseded updates.
On the previous month box you can toggle back to previous months to view the device compliance for that month.
In this chart it will show us the status of the software updates scan cycle in your in your client estate. So here you can see on the previous day we have 24 devices have failed to complete a software update scan and 459 have completed successfully. If everything is green in this chart, then that means that your software updates scan environment is healthy.
The computer compliance, sorted by default by your least compliant computers from a software update perspective.
We have several machines that have not sent in any software update compliance data for a while and so their compliance status is unknown against more recent updates. We can scroll through this list and can expand out the number of records that are being shown to show you a longer list.
The final view on the Software Update dashboard is of deployed updates compliance. This is sorted by the least compliant update.
Applies to: Advanced Insights and Patch Insights
This dashboard displays all the software updates and compliance data including superseded updates. You can also create custom reports by using the search and filter functions on this page.
Applies to: Advanced Insights
Applies to: Advanced Insights and Patch Insights
The Software Update Groups dashboard shows high-level compliance for each SUG in the environment, with drill-through for additional compliance detail.
Clicking through to an update group shows the update group view:
This lists the basic metadata associated with the SUG and shows the compliance of all devices.
The Members tab shows the individual updates included in the selected update group:
The Deployments tab shows deployment details with start and deadline dates:
You can click through each deployment to see the reported deployment statistics including the enforcement state of each individual client.
Applies to: Advanced Insights and Patch Insights
The Software Update Deployments dashboard shows high-level compliance for each Software Update Deployments in the environment.
Clicking through the Software Updates deployments you can see the general information about the deployment.
You can toggle the DeploymentStatus to show you the following fields:
Compliant
Enforcement State Unknown
Pending System Restart
Downloaded Update(s)
Applies to: Advanced Insights and Patch Insights
This dashboard you can see the compliance data where a windows feature upgrade is detected as needed or installed.
Applies to: Advanced Insights and Patch Insights
In this dashboard you can see the last installation status for deployed software updates for computers needing the update.
Applies to: Advanced Insights
At the top of this dashboard you can see how many devices have reported Microsoft Update Inventory Data, count of Critical and Security updates required by one or more devices, Drivers required by one of more devices and Classifications and/or Products for required updates that you are not currently synchronising into Configuration Manager.
On the Windows Update Scanning Sources Donut chart you have 2 sources:
Windows Updates - Only does updates for the Windows Operating system itself. These updates also include Windows components such as Internet Explorer, DirectX, .NET and Windows Media Player. It also includes security and service pack updates.
Microsoft Update - Includes all of the items that Windows Update covers as well as other Microsoft products such as Office, SQL and Exchange all in one place.
On the All Required Updates report you get a list of updates available from Microsoft which 1 or more device require an update for which are not sync'd in your software update point for deployment.
BitLocker Drive Encryption data when integrated and managed by Endpoint Configuration Manager
Applies to: Advanced Insights
This will ensure the BitLocker Unmanaged and Recovery at Risk statistics are populated.
The top row of statistics help to identify where configuration errors may be causing compliance issues.
The first statistic, "BitLocker Unmanaged" shows Computers which have a BitLocker Encrypted Operating System Drive but are not under the control of a Configuration Manager or integrated MBAM Agent Management Policy. These devices may not conform to the required standard and will not report compliance.
Recovery at risk lists computers which have a BitLocker Encrypted Operating System Drive but have not yet escrowed a recovery key into the Configuration Manager database. You may be unable to access these devices in the event of a BitLocker Recovery prompt.
Inactive TPM portable devices lists laptops machines which do not show an activated TPM chip.
Non-Compliant Computers shows BitLocker Encrypted computers which do not conform to the BitLocker policies set in your environment. Clicking through will show the compliance conflicts:
The row of donut charts show the BitLocker status for all workstation clients (off, on, suspended or unknown). We show the BitLocker Cipher in use by the clients (this requires the MBAM integration listed above). We show the TPM version of the clients and the TPM Status (Activated, Enabled, Unknown). TPM "Enabled" is ready for activation by the OS, but is not currently in use.
Applies to: Advanced Insights
The Update Installation Trend dashboard shows the deployment trend of installation of a update.
The top row of shows how many days it took for the first device to install the update, 50%, 90% and 100% Installation targeted.
You can filter the chart by collection, select which update and the number of days you want to see the trend for.
This portlet shows enforcement activity for managed client devices for this update.
This dashboard requires deployment of the
For full functionality of this dashboard, MBAM should be integrated with ConfigMgr as outlined in this document:
How 2FA works in Advanced/Patch Insights. You will need to be an Administration to enable 2FA.
2FA - Administrator settings
To enable 2FA, first go to Administration -> Settings -> Security and tick Enable two factor user login.
Once enabled, you can also enable the ability to allow users to trust the browser they are using. This skips 2FA on subsequent logins but this is optional.
As an admin, you can also enable and disable 2FA for a user. This will override the users 2FA settings.
Go to Administration -> Users -> and click on the Actions button for the user you want to modify. Then on the dropdown click Edit.
On the user properties modal, click Two factor authentication enabled and then Save.
When logged in, click on your user profile in the top right of the webpage, then click My Settings from the dropdown.
You will now be presented with your users settings. You will see a banner at the bottom to enabled 2FA
Click Enable, then the modal will load with the steps to enable 2FA.
Scan the QR code using your authenticator app of choice.
Enter the code generated by your autenticator app to confirm correct settings
Click Download on the security code, the continue button will now enable.
Your account will now have 2FA enabled, click done.
Once you have enabled 2FA, you will be greeted on login for a code.
To disable 2FA, go back into My Settings, on the bottom you will see two new buttons called Recovery codes and disable. Click disable and then enter the code generated in your 2FA app.
Applies to: Advanced Insights
In order to function and to help improve our product and services, Advanced Insights collects and stores the following telemetry data.
Installer Telemetry
To track installations and their success state.
Activation
Collected by our licensing API to tell us which products have been activated.
Installed version
Collected by our licensing API to tell us which version of software has been installed.
Advanced Insights IIS Application Pool Identity
Starting with version 2.4.1, the installation of Advanced Insights supports the configuration of a custom IIS Application Pool identity. A default installation of Advanced Insights sets 'LocalSystem' as the identity for both the Advanced Insights Api and Frontend IIS application pools.
A custom identity (Active Directory account) can be set as part of the installation either for a new install or upgrade. When using a custom identity, the account is also granted full control file system permissions on the following directory path: C:\ProgramData\AdvancedInsights.
See - IIS Configuration selection
The IIS application pool identity can also been modified for existing installs too.
This guide will walk you through the process of installing the publisher in a Configuration Manager environment.
Applies to: On-premises Publisher
Here are a few important resources below you get started.
Tip: Did you know you can schedule a free setup call with an engineer if you prefer to have an engineer from Patch My PC perform a guided install with you in your environment?
If you prefer using a video guide, you can watch the video version below.
Next up, start with the requirements
Applies to: Advanced Insights
Sometimes we need you to provide log files, including information about your Advanced Insights instance. Your Advanced Insights deployment includes the Log Collector executable that can be used to collect all required logs.
This page provides details about what information the AdvancedInsightsLogDiag.exe collects.
The contents of the following directory are collected, which consist of the 'AdvancedInsightsApi.log' and any 'AdvInsights_Verx.x.x.zip' installer logs.
C:\ProgramData\AdvancedInsights\Logs
The Windows Application Event log data is collected and output into 'Application_EventLog.log' with a filter applied for the following event sources:
".NET Runtime"
"Advanced Insights"
"MsiInstaller" - if required to diagnose install problems, the filter will include
The 'ConfigManagerLocation' and 'ConfigManagerDatabase' value are collected from the Advanced Insights SQLite database file located at:
'C:\ProgramData\AdvancedInsights\Data\Api\AdvancedInsightsConfig.db'
The following information is queried from the SQL Server instance where the Configuration Manager database is located: SQL Master db:
Configuration Manager database name
Configuration Manager databaste state (ONLINE/OFFLINE)
Configuration Manager database compatibility level
Configuration Manager database .mdf file path
Configuration Manager database file size
Configuration Manager database log file .ldf path
Configuration Manager database log file size
SQL Server version
SQL Server Product Level
SQL Server Edition
SQL Server Engine Edition
SQL Server Product build
SQL Server Product Major version
SQL Server Product minor version
SQL Server Product update version
SQL Server Installed updates
SQL Server remote query timeout value
SQL Server maximum degree of parallelism value
SQL Server Minimum size of server memory (MB)
SQL Server Maximum size of server memory (MB)
Configuration Manager SQL database:
Advanced Insights Inventory Extensions class names and data counts.
Advanced Insights Inventory Extensions Configuration Manager application information. For example 'Name', 'created date', 'version', 'number of deployments'.
Configuration Manager database level SQL configured properties:
MAXDOP
LEGACY_CARDINALITY_ESTIMATION
PARAMETER_SNIFFING
QUERY_OPTIMIZER_HOTFIXES
Information related to the Advanced Insights IIS websites and application pools are collected.
Advanced Insights Api
Advanced Insights Frontend
Website name
HTTPS bindings included the current SSL certificate properties
The version of Advanced Insight currently installed.
The install date of Advanced Insights.
The install path of Advanced Insights.
The install source of Advanced Insights.
Server CPU properties.
Installed Server RAM
Server disks including total size and free space
Windows OS version
Check for Server pending restart.
List Windows updates installed in the last 30 days.
Before you get started, make sure you take advantage of our !
Prerequisites for installing the Publisher with Configuration Manager.
Applies to: On-premises Publisher
When installing the Publisher for Configuration Manager, please ensure you meet the following requirements:
Internet connection
Install the Publisher on top-most WSUS/Software Update Point in the environment
Appropriate disk space depending on the number of products enabled
Install the Configuration Manager console
Supported Operating Systems
Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2019 and Windows Server 2025
Windows Server Update Services (WSUS) installed and configured
The Publisher is a lightweight Windows application with a GUI frontend and a Windows service backend. The hardware requirements can be found below.
CPU: 2 CPU or more
Memory: 8GB of RAM or more
Disk Space: 80GB of disk space or more
The amount of disk space required will depend on the number of selected products.
Download the latest version of the Patch My PC Publisher and walk through the installation.
Applies to: On-premises Publisher
Start the installation by double-clicking the downloaded MSI.
Once the installation starts you'll be greeted by the welcome screen in our installer wizard, click Next.
Read the End-User License Agreement. After that, select I accept the terms in the License Agreement and click Next.
Ensure the option Enable Microsoft Intune standalone mode is not selected. Enabling this will disable any prerequisite checks for integration with WSUS/ConfigMgr and also hide options for publishing to WSUS/ConfigMgr after installation.
This option is for customers who intend to publish only to Microsoft Intune.
Click Next.
By default the Publisher is installed in C:\Program Files\Patch My PC\Patch My PC Publishing Service. This location is where we store all of the product's configuration information.
Click Install.
Once the Publisher has finished installing, click Finish to close the installation wizard.
Before you get started, make sure you take advantage of our !
4.6.2 or above
The relevant
More information on supported Configuration Manager and WSUS versions can be found at
Initial Updates configuration. It's always a good idea to start with the basics.
Applies to: On-premises Publisher
To enable products to publish, check the Enable publishing of third-party updates checkbox.
Once the option is selected, you'll be able to enable other products.
Tip: When first getting started with the product, it is recommended that you only choose one or two products to reduce the time of the first sync and to validate your implementation quickly. We have found that Notepad++ and 7-Zip tend to be great initial use case tests.
To find and enable these products, you can search the list of updates using Ctrl + F or by clicking on the magnifying glass in the lower right corner.
When you select the search button a dialogue will open, type in one of our example products and hit enter, or click OK.
Once you have found the product you want to patch, click the checkbox for your preferred architecture choice and click Apply.
Tip: You can right-click All Products, Vendors, or individual Products to apply custom installation options as described in the article below.
Next, you will need to enable the product in Configuration Manager to ensure the updates appear and become deployable via Configuration Manager. To do this first, you will need to complete a normal publisher sync. This will insert the updates into the WSUS database for each product selected. Once the updates are in the WSUS database, we will then need to pull them into ConfigMgr with a Software Update Point sync. You can run a publisher sync at any time from the sync schedule tab. Within that tab, there is an option to “Trigger SCCM software update point sync when new third-party updates are published”. With that option enabled, a Software Update Point sync will occur after the publisher sync. Alternatively, you can leave that box unchecked and run a SUP sync manually. Upon completion of the publisher and SUP sync a new product called 'Patch My PC' will become available in the software update point configuration tab. To reach this tab you will need to navigate to sites, right click the primary or CAS, select configure site components and choose Software Update Point.
Once this loads, select products and check the entire Patch My PC category.
Once enabled, the next software update point sync will pull in all updates created by Patch My PC.
Getting started with a Sync Schedule for the patch my pc publisher and understanding product timing.
Applies to: On-premises Publisher
By default, we recommend the Publisher sync runs on a daily basis. The sync schedule only controls when updates or applications are published to your environment. Patch My PC does not automatically create deployments in Configuration Manager for you.
Tip: Generally, Patch My PC releases an update to the catalog three to five times a week. These updates are released usually posted by 4:00 PM Eastern Time.
When Patch My PC releases these new updates, the sync schedule is what automates the publication process. You can also manually start the sync and publication process at any time by selecting the Run Publishing Service Sync option.
When working with a Configuration Manager or WSUS implementation, proper certificate configuration is crucial. Microsoft requires all updates to be signed.
Applies to: On-premises Publisher
When working with a Configuration Manager or WSUS implementation, proper certificate configuration is crucial. One way Microsoft helps ensure an update is considered secure and from a trusted source is through the utilization of a code signing certificate. This requirement means all custom updates must be code signed before injection into WSUS. We provide three different ways to configure the certificate.
In most organizations, allowing Configuration Manager to manage the certificate is acceptable and the easiest option. There may be external requirements that prevent the usage of self-signed certificates. To read our in-depth guide on certificates click the link below.
If a self-signed certificate managed by Configuration Manager, is acceptable for your organization complete the steps below.
If you are running SCCM 1806 or newer, you can enable the option for “Configuration Manager manages the certificate” in the Software Update Point configuration. To configure this setting complete the following steps.
Begin by opening the configuration manager console and then
Select Administration
Expand Site Configuration and select sites
Select your topmost Site (If you have a CAS, select the CAS) - Right click the site
Select Configure Site Components
Select Software Update Point from the fly-out.
This will open up the software update point management component tab. From this window complete the following steps if not already done.
Select the Third Party Updates Tab
Validate Enable third-party software updates is checked.
Validate Configuration Manager manages the certificate option is selected.
Select Apply
Note: Switching WSUS to require SSL does not require client authentication certificates on all devices, it only requires a SSL certificate on the WSUS server that clients trust.
Once enabled, SCCM will automatically generate the signing certificate during the next software update point sync. You can force a software update point sync at any time. To force a software update point sync, complete the following steps.
Browse to Software Library
Expand and Software Updates > Right-click All Software Updates
Select Synchronize Software Updates
Hit OK on the pop-up message.
If you want to watch, and confirm the certificate is properly created, you can open the wsyncmgr.log this log is located in %ConfigMgr Install Directory%\Logs\wysnmgr.log. Alternatively, you can click the button displayed below in the Publisher General Tab.
With the log file open you'll want to watch for the entry stating the certificate was inserted. This indicates the certificate has been generated and is ready to be used.
You can ascertain if the certificate exists and is ready for use by clicking the Show Certificate button in the publisher.
How to get your Patch My PC license, properly assigned in the publisher service.
Applies to: On-premises Publisher
When the publisher first launches, you will be required to provide a license key. If you have not yet purchased and received your license key, we provide two additional free options for testing our product.
If the license validation is successful, it should look like the below image.
Getting notified when there are new updates available to deploy, or when something doesn't quite go as expected.
Applies to: On-premises Publisher
To keep you informed when new updates are ready for deployment in your environment, we provide three different ways to get notifications in your environment:
Configurations for SMTP can vary greatly between environments, use the image below as a reference for your environment.
Select a Common Provider if applicable
Enable The feature to send e-mails
Specify YOUR sender e-mail
Specify who should receive the e-mail
Configure Email Authentication
Provide login details as needed, and security port details
If you have issues setting up SMTP emails, check out our troubleshooting guide below.
The Microsoft Teams webhook is a simple way to get a notification for each application as it is prepared for your environment. Simply create a new connector in teams, and paste the Web URL into the field.
Need help creating the webhook in teams? No problem, check out our complete guide to creating a Teams webhook.
The Slack webhook is another simple way to get a notification for each application as it is prepared for your environment. Simply create a new webhook in Slack, and paste the Web URL into the field.
Need help creating the webhook for Slack? No problem, check out our complete guide to creating a Slack webhook.
If your site system is remote from the site server, SSL needs to be for the option Configuration Manager manages the certificate to work. If SSL is not configured in this scenario, you will need to use an alternative method described here .
The first option is to enable the This limited trial mode does have some restrictions including a limited number of products as covered in the link above. We encourage you to from our website. When you receive your full-trial or customer license email, it will contain your 20 character license key.
The contains all features and access to all products.
If you receive an error when clicking Validate URL, please review our knowledge base article . License activation errors are often related to firewall or proxy configurations.
Getting started with Configuration Manager Apps. Please note, this portion of the guide is for base installations. For more in depth recommendations check out our configuration guides.
Applies to: On-premises Publisher
To activate any of the tabs in Patch My PC Publisher, the corresponding checkbox must be checked. If you do not check this option the product selection tree for the corresponding tab cannot be used.
If you are using the ConfigMgr Apps tab, these options are NOT optional. You must configure them to be able to create applications.
The application Options button has a lot of different features. This installation guide will not cover the options in detail but instead give you a quick, straightforward guide to getting the product installed. For more detailed documentation, click the more info links in the Publisher.
Let's get started to begin, click the Options button next to the enablement checkbox.
This will load the options panel in the Publisher.
After clicking the Configure option, the below pop-up will appear.
Once you enter the name of the server select Test to validate the configuration.
Important: The connection to the SMS Provider is performed using the SYSTEM account of the server where the Publisher is installed.
In the event the test result fails, you will instead see the following message.
If the connection fails, click Create ConfigMgr Security Role to automatically create a new security role with the minimum required permissions. Please see the article below for more details.
Once you have completed a successful connection to the SMS provider select OK to finalize the configuration.
Next, you'll want to provide a UNC share to store the application content. This path needs to be accessible by the computer account of the machine running the publisher as well as the ConfigMgr site server, or a dedicated service account
Important: As the Patch My PC Publisher will run in the SYSTEM context, therefore computer account the Publisher is installed on will need WRITE permissions to the share configured for source content of ConfigMgr Apps.
When you choose a path, we will create a sub-folder called Applications and then create a folder for each vendor and product in use. Keep this in mind when selecting the UNC path you will use to store source files.
The above configuration would create the below folder structure similar to the structure below.
Below are the default settings which will work fine for most setups. Our product provides a lot of customization options.
To learn the details about all items on this page, check out the article below.
Once you have the base options selected, you are ready to check out a simple application for testing. We recommend using 7-zip. Its small size makes it ideal for testing. Use the search icon in the bottom right or the Ctrl+F key combination to search for Igor
Select Apply. We do provide a large number of right-click options to fully customize the application installation process, those steps as described in the article below.
First Select the Configure. This is how you will ensure that the system where the Publisher is installed has access to the configuration manager site.
If the server that the Publisher is installed on is remote from the SMS Provider, the SYSTEM Account of the Publisher server may need to be added to the SMS Admins Group, or DCOM permissions may need to be updated ()
Tip: If you need to create the security role, you will need to manually add the computer account to the role after it's automatically created as described .
This guide will walk you through the process of installing the publisher in an Intune Only environment.
Applies to: On-premises Publisher
Here are a few important resources below to get you started.
If you prefer using a video guide, you can watch the video version below.
Next up, start with the requirements
The Advanced tab contains many features related to troubleshooting and completing complicated maintenance tasks for WSUS. Our install guide covers two important components.
Applies to: On-premises Publisher
The products that need to be downloaded and stored locally are listed below.
All settings within the publisher are backed up the publisher is closed using the "OK" button, or the "Apply" button. These settings are stored in the backup directory where the Publisher is installed. You can get an immediate backup of the publisher at any time using the options in the Advanced tab.
Before you get started, make sure you take advantage of our !
Tip: Did you know you can schedule a free setup call with an engineer if you prefer to have an engineer from Patch My PC perform a guided install with you in your environment?
Certain require the content to be downloaded ahead of time into a known folder. This typically is related to specific vendors who's content can only be downloaded after logging in or paying for the software.
Product Name
Download Location
Cisco AnyConnect Suite
Oracle Java Runtime Environment 8
Oracle Java SE Development Kit 8
Mimecast for Outlook
Right Click Tools
Bluebeam Revu
BluebeamOCR
Pulse Connect Secure
Kofax Power PDF 4 Advanced
Duo Authentication for Windows Logon
TeamViewer MSI
Prerequisites for installing the Publisher with Intune.
Applies to: On-premises Publisher
When installing the Publisher for an Intune-only configuration, ensure you meet the following requirements:
An Internet connection
Appropriate disk space depending on the number of products enabled
Supported Operating Systems
Windows 10 or Windows 11
Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025
When using Windows Server, only the WSUS API component needs to be installed, not full WSUS.
The Publisher is a lightweight Windows application with a GUI frontend and a Windows service backend. The hardware requirements can be found below.
CPU: 2 CPU or more
Memory: 8GB of RAM or more
Disk Space: 80GB of disk space or more
The amount of disk space required will depend on the number of selected products.
Before you get started, make sure you take advantage of our !
4.6.2 or above
The relevant
When using Windows 10/11, the needs to be installed.
See the section of the Knowledge Base article for details on how to install RSAT.
See the Knowledge Base article for details on how to resolve this.
You've got the requirements, now lets go over where you can download the newest version of the Product, and walk through the installation.
Applies to: On-premises Publisher
You can always download the latest MSI installer of the publishing service using the following URL:
Start the installation by double clicking the downloaded MSI.
Once the installation starts you'll be greeted by the welcome screen in our installer wizard, click next.
The next step will be to accept the EULA. Make sure you select the "I accept the terms in the Agreement" and hit next.
When installing the product we provide an option called Intune Standalone mode. If you do NOT intend to use the product with Configuration Manager, ensure the option is checked and select next.
By default, we install the publisher service in C:\Program Files\Patch My PC\Patch My PC Publishing Service\ This location is where we store all of the products configuration information.
You are now ready to install the product! Click Install, and grab a drink of water.
Once the publisher has finished installing, just hit the finish button to close the install wizard.
How to get your Patch My PC license, properly assigned in the publisher service.
Applies to: On-premises Publisher
When the publisher first launches, you will be required to provide a license key. If you have not yet purchased and received your license key, we provide two additional free options for testing our product.
If the license validation is successful, it should look like the below image.
The first option is to enable the This limited trial mode does have some restrictions including a limited number of products as covered in the link above. We encourage you to from our website. When you receive your full-trial or customer license email, it will contain your 20 character license key.
The contains all features and access to all products.
If you receive an error when clicking Validate URL, please review our knowledge base article . License activation errors are often related to firewall or proxy configurations.