The aim of this post is to show you how to run device actions from the MEM admin center. From the admin center you can trigger or run Sync Machine Policy, Sync User Policy and App Evaluation Cycle.
Starting in Configuration Manager version 2002, you can upload your Configuration Manager devices to the cloud service. You can run device actions from the Devices blade in the MEM admin center.
In SCCM version 1906, you could enable co-management for Endpoint Manager (Intune) devices in the Azure Public Cloud. This is indeed a prerequisite before you run device actions in the MEM admin center.
In my previous blog post I showed you how to enable SCCM tenant attach. Before you run device actions from MEM admin center, you must enable the tenant attach.
Run Device Actions from MEM Admin Center
In the Microsoft Endpoint Manager admin center you can run three device actions. The device actions are visible only when you select a Windows device.
- Sync Machine Policy
- Sync User Policy
- App Evaluation Cycle
To run device actions from MEM admin center, in the MEM admin center, go to Devices and click Windows. From the list of the devices select any device and you can run device actions.
Run Sync Machine Policy from MEM Admin Center
From the list of actions, we will first run Sync Machine Policy. Select a device and click on Sync machine policy in the Microsoft Endpoint Manager console.
When you run the sync machine policy, the Configuration Manager will request the client to download computer policy. To continue this operation, click Yes.
Now you see the status as Sync machine policy pending. Under the device action status, you see the status as Pending connection to Microsoft Endpoint Configuration Manager site. You also see a Date/Time stamp.
When you run device actions from Microsoft Endpoint Manager admin center, open the CMGatewayNotificationWorker.log on service connection point.
Within the same log file look for the line – Received new notification. Validating basic notification details…
That confirms the Sync Machine Policy action is in progress.
Let’s take a look at PolicyAgent.log on the client machine. The PolicyAgent.log is located in C:\Windows\CCM\Logs folder on client computer. Open this log file with CMtrace tool.
In the PolicyAgent.log you see Requesting Machine policy assignments from MEM authority SMS:MEM (MEM is my ConfigMgr site code).
You can also look at the date and time in the log file and compare with the time when you triggered the sync machine policy from MEM admin center. They both should closely match.
Finally in the Microsoft Endpoint Manager admin center, we see the Sync machine policy:Completed. Under the device actions status, we see the status as complete.
Run Sync User Policy from MEM Admin Center
From the Microsoft Endpoint Manager admin center, you can Sync User Policy. This pretty much works similar to Sync machine policy.
Select a device in the admin center and click Sync user policy. Configuration Manager will request the client to download the policy for the currently logged on user. To continue this operation, click Yes.
On the ConfigMgr service connection point, you can monitor progress of sync user policy in the CMGatewayNotificationWorker.log. You see the line Received new notification. Validating basic notification details.
You also see the following lines in the CMGatewayNotificationWorker.log.
Authorized to perform client action. TemplateID: RequestUserPolicyForAllUsers
Forwarded BGB remote task. TemplateID: 4 TaskGuid: 783c0544-919b-4273-bf5e-8de61e642fc8 TaskParam: TargetDeviceIDs: 1 SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker
Meanwhile you should see status as Pending connection to Microsoft Endpoint Configuration Manager site in admin center.
However once the sync is complete, in the MEM admin center you should see Sync user policy Completed.
Run App Evaluation Cycle from MEM Admin Center
From the Microsoft Endpoint Manager admin center you can run App Evaluation cycle. This device action allows Configuration Manager to request the client to reevaluate the requirement rules for all deployments. Any missing applications will be reinstalled.
Select a device in the admin center and run the app evaluation cycle. On the confirmation box, click Yes. In the admin center you will see App evaluation cycle pending.
Monitor the CMGatewayNotificationWorker.log file to see the progress of App Evaluation cycle. You should find the below info.
Received new notification. Validating basic notification details
Authorized to perform client action. TemplateID: ApplicationDeploymentEvaluation
Forwarded BGB remote task. TemplateID: 8 TaskGuid: a2954544-eeb5-43d3-b146-b07cd8ec3f72 TaskParam: TargetDeviceIDs: 1 SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker
Now open the AppDiscovery.log on the client computer. This log file is located in C:\Windows\CCM\Logs folder. Look for the line.
Entering ExecQueryAsync for query select * from CCM_AppDeliveryType
Since there are no required application deployments on clients, we don’t see much logging being done in AppDiscovery.log. In the Microsoft Endpoint Admin center, we see we have run all the action cycles successfully.
Run Device Actions Log Files
Here are the log files associated with Run Device actions and you can use them whenever you trigger a specific device action.
| Run Device Actions Name | Device Actions Log Files |
| Sync Machine Policy | CMGatewayNotificationWorker.log, PolicyAgent.log |
| Sync User Policy | CMGatewayNotificationWorker.log, PolicyAgent.log |
| App Evaluation Cycle | CMGatewayNotificationWorker.log, AppDiscovery.log, AppEnforce.log, AppIntentEval.log |
Hi Prajwal,
If we have not using Intune in Co-managed state we have not find App discovery.log, or policyagent.log am i right?