- Created by Katelyn Russell, last modified by Daniel Vega on Jun 01, 2023
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 2 Next »
Remove Retired Devices
Why remove stale devices? So that resources can be focused on managing devices that actually require management. It also gives you a better picture of your environment.
ConfigMgr will automatically remove stale data, however the deletion time depends on the type of data. The Inactive Client discovery data is automatically deleted after 180 days (object exists in AD) while the Obsolete Client Discovery Data (object removed from AD) is deleted after 30 days. For better hygiene, you can manually delete the host from AD, which would then fall under the Obsolete Client Discovery Data and thus be removed after 30 days. For faster removal, you can manually delete the host(s) from AD and then from ConfigMgr.
Collections
Collection refreshes are a heavy process on site server resources.
- Limit the number of incremental collections
- Do not use both Full and Incremental on the same collection
If a collection does not need to be updated, remove the evaluation interval from the collection by unchecking the box(es). Be sure the interval is cleared as seen below.
Before | After |
---|---|
Deployment Maintenance
Delete and remove any deployments that are no longer in use.
If the deployment compliance for an application is 100% and no longer necessary, delete it. If you ran a test deployment that has completed, you can delete it.
Admin Accounts
They must be managed and separate from personal use, i.e. not tied to a personal EID which are typically used for email, web browsing and other productivity tasks.
Establish lifecycle management for administrative accounts. Ensure you have a process for disabling or deleting administrative accounts when admin personnel leave (or leave their administrative position).
Quantity
For business continuity and resiliency, it is recommended that each CSU have 2 admins. However, limit the number of admin accounts to those that need access for their job tasks as well as to reduce potential risks.
Workstation Security
Install the MECM console on a virtual machine or on a different physical workstation that is not used for day-to-day activities like internet browsing, email, etc.
Related Information
-
Page:
-
Page:Maintenance Windows and Business Hours (Endpoint Management)
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.
- No labels