Integrate OMS with SCCM

• Author
• Recent Posts

Mohamed Wali

Mohamed is a cloud infrastructure expert with experience in engineering and implementation in AWS and Azure. He currently works as a Cloud Infrastructure Architect at Amazon Web Services.

Latest posts by Mohamed Wali (see all)

• EC2 Image Builder: Build your golden VM images on AWS - Wed, Jan 19 2022
• Configuring DFS Namespaces for Amazon FSx for Windows file servers - Fri, Jan 7 2022
• AWS Systems Manager Session Manager: Securely connect EC2 instances - Wed, Dec 22 2021

When it comes to results retrieval and visualization about the monitored environments, you will be using queries. So imagine a scenario wherein you want to retrieve results from different computers.

In this case, you would need to create computer groups to trigger the queries against it. In SCCM you must have different collections within which you classify your servers and clients and so on. Once you integrate SCCM with OMS, you can import all SCCM collections as computer groups in OMS.

Prerequisites

Before starting the integration, you need to meet the following prerequisites:

• The SCCM version must be at least 2012 R2 build 5.0.0.8412.100 published in August 2016 or the current branch 1606.
• Add the Service Connection point system role to SCCM and in online mode.
• Log the analytics workspace.

Application registration

First off, we need to add a new application registration to Azure Active Directory (AD) to provide secure authorization for SCCM in the OMS workspace. To do so, you need to follow these steps:

1. Navigate to Azure Active Directory -> Application registrations, as shown in the following figure.
   

   Application registration blade

2. Click on New application registration, and a new blade opens up wherein you need to specify the following:
   1. Name: Specify a descriptive name for the application registration.
   2. Application type: Select Web app/API.
   3. Sign-on URL: Specify a URL for the application (note that you can change it later).
   

   Creating application registration

3. Click on Create, which will finish the application registration within a moment.

Assign permissions for the registered app on the OMS workspace

SCCM will use this registered app to communicate with Azure resources, so you will need to assign permissions for it on the resource group within which the OMS workspace exists. To do so, follow these steps:

1. Navigate to the resource group within which you have created your OMS workspace -> Access control (IAM) and click on Add as shown in the following figure.
   

   Access control blade

2. After clicking on Add, a new blade opens up wherein you have specify the role and the user to which you want to assign permissions to, as shown in the following figure.
   

   Assign permissions for the registered app over the resource group

3. Then you can click on Save.

Generate a key for the registered app

To let SCCM communicate with Azure, SCCM will need to know a key by which it is going to communicate with the services over which the registered app has permissions. Therefore, we need to navigate back to the registered app created earlier and do the following:

1. After navigating to the application registration, click on Keys, as shown in the following figure.
   

   Registered app blade

2. 1. Description: a description for the purpose of the key.
   2. Expires: Specify when this key should expire.
   3. Then click on Save.A new blade opens up wherein you need to define the following:
   

   Creating a key for the registered app

3. Clicking on Save should display the key. (Note that you need to copy this key and store it in some safe place, because closing this blade will hide the key forever).
   

   Registered app key

Retrieve the required values for the integration

Before navigating to the SCCM, we need to collect some more values from the Azure portal to use during the integration, such as the:

• Azure AD tenant name: The name of the Azure AD within which you have added a new registered application. You can retrieve it by navigating to: Azure Active Directory -> Properties ‑> Name.
• Azure AD Tenant ID: The ID of the Azure AD within which you have added a new registered application. You can retrieve it by navigating to: Azure Active Directory -> Properties -> Directory ID.
• Application Name: The name of the registered app you have created. You can retrieve it by navigating to: Azure Active Directory -> App registrations.
• Client ID: The ID of the registered app created earlier. You can retrieve it by navigating to: Azure Active Directory -> App registrations -> (the registered app created earlier) -> Application ID.
• Secret Key: The key created earlier for the registered app. I hope you have copied it, because if you have not so far, you will have to create a new one and copy the new key.
• Secret Key Expiry: The expiry date of the key.
• App ID URI: The ID URI of the registered app. You can retrieve it by navigating to: Azure Active Directory -> App registrations -> (the registered app created earlier) -> Settings -> Properties -> App ID URI.

Integrate SCCM (updated 2012 R2/1606)

These versions introduced OMS integration as a prerelease feature, and the integration process was different than it is currently. Therefore, if you have any of these versions, you need to follow the steps below to integrate SCCM with OMS.

1. When you navigate to Administration -> Cloud Services, you will not see the OMS connector, because in this version, it is available as a prerelease feature, and you have to enable it manually.
2. To enable the OMS connector as a prerelease feature, you need to navigate to Administration -> Site Configuration. Right-click on Sites and select Hierarchy Settings.
3. A new wizard will appear wherein you need to enable Consent to use Pre-Release features, as shown in the following figure.
   

   Enable the prerelease features for SCCM

4. After that, you need to navigate to Administration -> Updates and Servicing -> Features. Then right-click on Prerelease – Microsoft Operations Management Suite (OMS) connector.
5. After doing this, you might want to restart the SCCM console to see the OMS connector available under Cloud Services.
6. Right-click on OMS Connector and select Create connection to Operations Management Suite, as shown in the following figure.
   

   Creating connection to OMS

7. A new wizard opens, telling you the instructions to have a successful integration with OMS, as shown in the following figure.
   

   Instructions for integrating SCCM with OMS

8. Then it will ask you to enter only the Tenant name, Client ID, and Client secret key you retrieved earlier, as shown in the following figure.
   

   Configure the connection settings to Operations Management Suite (OMS)

9. Clicking on Next will retrieve the Azure subscription, resource group within which the OMS workspace exists, and the OMS workspace with which you want to integrate. You also need to add the collections you want to export to OMS, as shown in the following figure.
   

   Adding the device collections

10. Then you can proceed with the wizard, which will summarize the settings you've specified and complete the configuration.

Integrate SCCM (versions after 1606)

With the latest versions of SCCM, the OMS connector exists as a functioning part of the SCCM, not just as a prerelease feature like in the earlier versions. To integrate it with OMS, you need to follow these steps:

1. Navigate to Administration -> Cloud Services.
2. Right-click on Azure Services and select Configure Azure Services, as shown in the following figure.
   

   Configure Azure services

3. A new wizard opens wherein you need to specify a name for the cloud service you want to use and the cloud service itself, which would be OMS Connector, as shown in the following figure.
   

   Select the cloud service you want to integrate with

4. Next, you need to specify the Azure environment you are using and import the web app settings you retrieved earlier, as shown in the following figure.
   

   Specifying the web app settings

5. After this, it will retrieve the Azure subscription, resource group within which the OMS workspace exists, and the OMS workspace with which you want to integrate. You then need to add the collections you want to export to OMS, as in the screenshot above (adding the device collections).
6. Next, you can proceed with finalizing the configuration of the integration.

Importing the collection into OMS workspace

Finally, you need to import the collections into OMS workspace. To do so you only need to navigate to OMS workspace -> Settings -> Computer Groups -> SCCM. Then, tick Import Configurations Manager collection memberships, as shown in the following screenshot.

Importing the collections into OMS

Conclusion

OMS is a seamless IT management solution, and to make its management much better, you need to use computer groups to get better results from the queries.