Panel |
---|
borderColor | black |
---|
borderWidth | 1 |
---|
borderStyle | solid |
---|
title | Table of Contents |
---|
|
|
Remove Retired Devices
Why remove stale devices? So that resources can be focused on managing devices that actually require management. It also gives you a better picture of your environment.
ConfigMgr will automatically remove stale data, however the deletion time depends on the type of data. The Inactive Client discovery data is automatically deleted after 180 days (object exists in AD) while the Obsolete Client Discovery Data (object removed from AD) is deleted after 30 days. For better hygiene, you can manually delete the host from AD, which would then fall under the Obsolete Client Discovery Data and thus be removed after 30 days. For faster removal, you can manually delete the host(s) from AD and then from ConfigMgr.
Collections
Collection refreshes are a heavy process on site server resources.
If a collection does not need to be updated, remove the evaluation interval from the collection by unchecking the box(es). Be sure the interval is cleared as seen below.
Deployment Maintenance
Deployments
Delete and remove any deployments that are no longer in use.
If the deployment compliance for an application is 100% and no longer necessary, delete it. If you For example, if you created and ran a test deployment that has now completed, you can delete it.
Admin Accounts
They must be managed and separate from personal use, i.e. not tied to a personal EID which are typically used for email, web browsing and other productivity tasks.
Establish lifecycle management for administrative accounts. Ensure you have a process for disabling or deleting administrative accounts when admin personnel leave (or leave their administrative position).
Quantity
For business continuity and resiliency, it is recommended that each CSU have 2 admins. However, limit the number of admin accounts to those that need access for their job tasks as well as to reduce potential risks.
Workstation Security
Install the MECM console on a virtual machine or on a different physical workstation that is not used for day-to-day activities like internet browsing, email, etc.
Filter by label (Content by label) |
---|
excludeCurrent | true |
---|
cql | label = "configmgr" and label = "administration" and space = currentSpace() |
---|
|