Integrated Product Packs
Endpoint Automation includes a set of out-of-the-box policies known as Integrated Product Packs. This section provides information on the Integrated Product Packs provided with the 1E release and includes details on how to upload them into 1E.
A list of the instructions, policies, rules, and fragments is provided on each of the Integrated Product Pack pages. For more detailed information, please click on the link for an instruction, policy, rule, or fragment, to see a description in the 1E DEXPacks reference.
The Integrated Product Packs provided with the 1E release include predefined values determined through testing at 1E. Some of these values can be modified to meet specific environmental requirements. You should review the Integrated Product Pack pages below for guidelines, details of the predefined values and the available customization options, prior to deploying in your environment.
If you need to further customize any of the Policies, contact 1E.
MEMCM Client Health Policy
Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.
The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.
The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:
-
Ensure the correct version of the CM client is installed and running and assigned to the correct site.
-
Ensure the CM client is not stuck in provisioning mode.
-
Ensure that heartbeat discovery, inventory and state messages are being sent regularly.
-
Ensures the CM client cache is set to the correct size.
-
Ensure the CM client log settings are correct.
-
Ensure the BITS service exists, configured to start up automatically and is running.
-
Ensure the Windows Time service exists with correct startup settings.
-
Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running.
-
Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent.
-
Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source.
This policy is intended for deployment to Windows devices only.
Important considerations
Before deploying the MEMCM Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network. By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.
A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Endpoint Automation reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.
MEMCM Client Health Policy reference
For details on the policy, rules, triggers, preconditions, checks and fixes available in the MEMCM Client Health Policy please refer to MEMCM Client Health integrated product pack.
Nomad Client Health Policy
Nomad is included as part of the 1E Client, and as part of that integration, we offer a Nomad client health compliance policy in Endpoint Automation. This verifies common Nomad requirements such as ACP registration, disk availability, firewall exceptions, crash notifications and cache monitoring.
The Nomad client health policy replaces the client health tile in the Nomad dashboard plus additional remediation steps:
-
Keeps content distribution services up and running on Nomad clients, so that users are secure and productive.
-
Ensures Alternative Content Provider (ACP) registration configuration is set.
-
Maintains optimal disk availability and monitors cache size for storage capacity planning.
-
Enforces Firewall exceptions.
This policy is intended for deployment to Windows devices only.
Important considerations
Configuring and verifying
Before deploying the Nomad Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.
-
By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.
-
A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Endpoint Automation reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.
-
Review the following specific considerations before verifying and deploying.
Rule
Considerations
Check rule: Ensure Nomad does not have its content indexed by ConfigMgr software inventory checks
Disable this check rule if the Nomad cache location has been changed from the default C:\ProgramData\1E\NomadBranch.
The corresponding fix rule is disabled by default.
Deploying
-
Target the Policy at separate Management Groups for Distribution Points and Nomad clients, containing only Windows devices.
-
If you have deployed your Nomad clients with different baseline settings then consider creating different Management Groups for them, so that it will be easier to identify the potential differences in compliance. Target all clients to begin with and then target different groups as required.
-
This policy is intended for deployment to Windows devices only, so in a cross-platform estate it is advisable to deploy this policy to a Management Group that is scoped to Windows devices. If you do target non-Windows devices then preconditions for the rules ensure those devices are unaffected and rules are reported as Not Applicable.
Nomad Client Health Policy reference
For details on instructions, policies, check rules, fix rules, triggers and preconditions, that are included in the Nomad Client Health Policy, refer to Nomad Client Health integrated product pack.
Windows Client Health Policy
Over time Windows devices can develop performance problems related to device or service availability. This policy verifies the available storage capacity on devices, notifies of application crashes, monitors WMI health and service function and also checks the behavior of core Windows services.
The Windows client health policy covers all of the following:
-
Manages Windows devices and service availability performance problems.
-
Safeguards disk space integrity, ensuring sufficient storage capacity.
-
Ensures optimum performance of the Configuration Manager client and that WMI is active and integrated.
-
Notifies of application crashes and remediation assists. Investigates root cause for specific issues.
This policy is intended for deployment to Windows devices only.
Important considerations
-
Before deploying the Windows Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network.
-
By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.
-
A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Endpoint Automation reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.
-
The policy contains the rule Check application crash count (not assigned to any policy by default) which by default specifies the Application Name as MyApplication.exe. You do not need to change this before deployment, but you can edit the rule to specify an the executable that you want to monitor, or clone the rule to monitor other executables. You will need to edit the rule and change the name in the Trigger and the Check tabs.
Windows Client Health Policy reference
For details on the policy, rules, triggers, preconditions, checks and fixes available in the Windows Client Health Policy refer to Windows Client Health integrated product pack.
1E Core Utilities
This Integrated Product Pack does not include any instructions, policies or rules. However, it does contain a number of triggers, preconditions, checks and fixes that can be used to help build your own policies, as described in Defining your own policies.
For details on the triggers, preconditions, checks and fixes available in the Core Utilities please refer to Tachyon Core integrated product pack and Trigger templates and preconditions reference.