When implementing a update concept there is always one important question open: How do I select devices for the pilot/test phase?
My customers most often answer this with one of the following solutions:
- Manually selecting the devices and check from time to time if there are still enough devices in the collection. This can be done based on:
- primary users like for example two devices per department.
- all IT department users.
- IT department and some important application owners.
- Automatically selecting devices based on for example the last character of the SMS GUID, Hostname or MAC Address.
All these used procedures are not optimal. They do not guarantee a good testing coverage. Selecting just the IT department is often not covering the most important business applications or the IT admins have admin permissions and if something fails, they fix it by themselves instead of informing the responsible team. Additionally, it’s problematic to manage the pilot rings manually because if a device is restaged or a user leaves the company, nobody will remember that this user was part of the pilot and therefore the pilot ring will always be getting smaller over time.
Pilot selection solution for MEMCM
I built a script which executes a SQL query against MEMCM DB which returns a good set of resource id’s which can be added to the pilot collection.
Key Features
- Scope to specific device collections (Only Apps and HW models of devices in this collection are validated)
- Specify already tested scenarios by device collection (Apps and HW models are marked as already tested.)
- Automatic provisioning of pilot collection (Scheduled tasks can be used to execute the script in scheduled intervals)
- Changes to pilot collection are minimized by always selecting lower resource id's first.
Prerequisites
- User account with read access to the MEMCM DB and the permission to add Devices to a collection.
- Collection for the Pilot (I recommend for testing purposes to create a new collection without any deployments)
Configuration
- First you need to download the solution from GitHub which consist of two files(PilotDevices.sql / Invoke-PilotDeviceSelection.ps1).
- Customizing the PowerShell Script. Modify the variables in the “Manual Variable Definition” section of the script. Each variable has a short explanation within the script:
## Manual Variable Definition
########################################################
# MEMCM Environment
##############
# Define the SQL Server of the CM database
$SqlServer = "SCCM01"
$SqlDb = "CM_P01"
# Site configuration
$SiteCode = "P01" # Site code
$ProviderMachineName = "SCCM01.kurcontoso.ch" # SMS Provider machine name
#Collections
##############
# Define a collection which contains all devices which should be
# in focus for the pilot. Only apps installed on these devices and
# hardware models of these devices will be used for the calculation.
$CollectionId_InScope = "SMS00001"
# Define the Collection where the pilot devices should be added. During testing you can just specify
# a new empty collection.
$CollectionId_Pilot = "P0100028"
# Optionally you can define a collection which contains devises which
# are in earlier stages already targeted. These devices (the apps
# installed and hardware models) will be marked as already tested.
$CollectionId_Insider = ""
# Model Selection
##############
# How many devices per model should be in Pilot ring?
$DevicesPerModel = 1
# How man devices of a model need to be in use to be in focus for the pilot?
$MinDeviceModelCount = 1
# App Selection
##############
# How many devices per app should be in Pilot ring?
$DevicesPerApp = 1
# How man installations of a app are need to be in focus for the pilot?
$MinInstallCount = 1
# Do you want to exclude specific publishers? Specify the exact name as the publisher is written in the MEMCM DB.
$ExcludedPublishers = @("Microsoft Corporation")
When all variables are adjusted you can execute the script and the pilot group will be provisioned.
Known Issues
The following list contains known issues or possible optimizations for the future:
- The selection of devices is not optimized because when a device is added the whole pilot group is not again reviewed if another could be removed. In my tests this could lead to have around 5-10% more devices in the pilot than really required.
Future
Yes, it is planned to adapt this solution also for MEM Intune. For the moment you need to sync your collection with an Azure AD group to leverage Windows Update for Business.
So stay tuned!
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
1 Comment
Build better pilot rings for Updates with MEM Intune - Workplace Ninja's · June 13, 2021 at 09:43
[…] few weeks back I wrote about creating better pilot rings within a MEMCM environment. Because of the feedback and some projects I transferred the solution for Intune only […]