Tenant Attach extras #3 – The Power of CMPivot in the Admin Center

Here’s another Tenant Attach extra blog post. Remember that all these Tenant Attach extra posts are currently Technical Preview only. You can’t run them in Current Branch yet. You need to be running Technical Preview 2005.

In this blog post I’ll show you a simple CMPivot query. If you don’t know about CMPivot then please check out a blog post I did about this cool tool, previously.


You’ll need Tenant Attach up and running. Follow that blog post first to get yourself in a good shape.

You’ll also need:

  • One of the following browsers:
    • Microsoft Edge v77 or later
    • Google Chrome
  • A user account discovered with AAD and Active Directory user discovery (see the Tenant Attach blog post for details on AAD user discovery).

The following permissions are required for this cool feature to operate:

  • Read permissions on the device’s collection in ConfigMgr
  • ConfigMgr permissions for CMPivot.
    • Read permission on the SMS Scripts object
    • Run Scripts permission on the Collection.
      • Alternatively, you can use Run CMPivot on Collection. Run Scripts is a super set of the Run CMPivot permission.
    • Read permission on Inventory Reports
    • The default scope.
  • Added as an admin user in the Configuration Manager Microservice application in Azure AD.

To become a admin user in the Configuration Manager Microservice application search for Enterprise Applications in the Azure Portal.

Under All applications, you’ll see the Configuration Manager Microservice. Click on the application.

Click the 1. Assign users and groups box.

Click the Add user link and add in an account or group of users you wish to assign admin user access.

You’ll also need the following to use CMPivot:

  • Latest version of the ConfigMgr client
  • Minimum of PowerShell v4 on targeted devices
  • PowerShell v5 if targeting for the following:
    • Administrators
    • Connection
    • IPconfig
    • SMBconfig

Running CMPivot via Tenant Attach

In the ConfigMgr console, go to \Assets and Compliance\Overview\Devices and right click a device which has been uploaded via the Tenant Attach process.

Select Start\Admin Center Preview.

Authenticate with the account which has been assigned the access as an admin user.

When the Admin Center loads up highlighting the particular device you selected in the ConfigMgr console, click CMPivot. You’ll see the CMPivot script window and some useful Getting started documentation.

Enter a CMPivot script and click the Run icon. Not long after you’ll get the results from your query.

Take a look at some sample scripts, provided by Microsoft, here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s