Remove Retired Devices

Why remove stale devices? So that resources can be focused on managing devices that actually require management. It also gives you a better picture of your environment.

ConfigMgr will automatically remove stale data, however the deletion time depends on the type of data. The Inactive Client discovery data is automatically deleted after 180 days (object exists in AD) while the Obsolete Client Discovery Data (object removed from AD) is deleted after 30 days. For better hygiene, you can manually delete the host from AD, which would then fall under the Obsolete Client Discovery Data and thus be removed after 30 days. For faster removal, you can manually delete the host(s) from AD and then from ConfigMgr.

Collections

Collection refreshes are a heavy process on site server resources.

• Limit the number of incremental collections
• Do not use both Full and Incremental on the same collection

If a collection does not need to be updated, remove the evaluation interval from the collection by unchecking the box(es). Be sure the interval is cleared as seen below.

Deployment Maintenance

Delete and remove any deployments that are no longer in use.

If the deployment compliance for an application is 100% and no longer necessary, delete it. If you ran a test deployment that has completed, you can delete it.

Admin Accounts

They must be managed and separate from personal use, i.e. not tied to a personal EID which are typically used for email, web browsing and other productivity tasks.

Establish lifecycle management for administrative accounts. Ensure you have a process for disabling or deleting administrative accounts when admin personnel leave (or leave their administrative position).

Quantity

For business continuity and resiliency, it is recommended that each CSU have 2 admins. However, limit the number of admin accounts to those that need access for their job tasks as well as to reduce potential risks.

Workstation Security

Install the MECM console on a virtual machine or on a different physical workstation that is not used for day-to-day activities like internet browsing, email, etc. 

Related Information

• Page:
  Common Tasks and Procedures (Endpoint Management)

  • configmgr
  • administration
• Page:
  Maintenance Windows and Business Hours (Endpoint Management)

  • configmgr
  • maintenance
  • administration
  • troubleshoot
• Page:
  Deploying Software Updates (Endpoint Management)

  • configmgr
  • administration
• Page:
  CM Deploying 3rd Party Updates to Collections (Patch My PC) (Endpoint Management)

  • configmgr
  • administration
  • updates
  • pmpc
• Page:
  3rd Party Updates List (Endpoint Management)

  • configmgr
  • administration
  • updates
  • pmpc
• Page:
  CM Client Settings (Endpoint Management)

  • configmgr
  • informational
  • administration
• Page:
  Recommended Practices (Endpoint Management)

  • configmgr
  • administration