Provides reports that let you analyze your deployments.
This page provides reports that let you analyze your deployments. Reports are generated on a per-event basis. However, not all events generate corresponding reports. Currently, events of the following types generate reports.
Privilege elevation and process hierarchy control logs
Each time you enable the Privilege elevation and process hierarchy control logs, a corresponding record is generated. We consolidate those records into a single report every four hours. Within the details of each report, administrators can view the logs by subtype. The table includes information such as the filter used, Event time, Event type, Result code, Result summary, Severity, list of agents and users, and the Configuration set. You can choose from the four security aspects to view more details.
EXE privilege elevation. When the EXE privilege elevation subtype is selected, the table provides the logs for the fields Time, Process, Command line, Rule name, and Result. The result of the elevation can either be a success or a failure.
MSI privilege elevation. When the MSI privilege elevation subtype is selected, the table provides the logs for the fields Time, Packages, Command line, Rule name, and Result. The result of the elevation can either be a success or a failure.
Self-elevation. When the Self-elevation subtype is selected, the table provides the logs for the fields Time, Process, Rule name, Reason and Result. The result of the elevation can either be a success or a failure.
Enabling the Show failures only toggle displays only the records with the result Failure and hides the rest.
- Process hierarchy control. When you select the Process hierarchy control subtype, the table provides the logs for the fields Time, Child process, Parent process ID, Rule name, and Result. The result of this selection results in displaying either a blocked or allowed activity.
- You see the error icon on the security aspect tab when at least one failure occurs in each subtype.
- Enabling the Show blocked only toggle displays only the records with the result Blocked and hides the rest.
Action processing results
Each time an action is assigned, a corresponding record is generated. We consolidate those records into a single report every four hours. The report includes all action processing results for the user logged on to the agent machine. You can select an action type to view details in a tabular format. The table includes information such as the name of the action, the user the action is assigned to, the filter used, and the processing result (status). There are three statuses:
- Applied (processed). Means that the action was applied to the target user successfully (or processed successfully).
- Outdated. Means that the action processed is not the latest. This happens when an action gets updated but not yet applied.
- Error. An error occurred while applying the action. To troubleshoot, enable debug mode to view the logs of the agent. See View log files.
Currently, you can view only Group Policy setting and JSON file processing results. To enable results collection, see Monitoring preferences.
- Each time a task runs, a corresponding report is generated. The reports include information about when the task runs, the task execution results, and more.
- Both built-in and custom tasks generate reports. In those reports, we provide predefined report data. When adding custom tasks, you can customize the data to be reported. If the predefined report data does not suit your needs, consider using the extended data for further analysis.
Profile container status
- Each time a profile container is attached, a corresponding attach record is generated. We consolidate those records into a single report on a daily basis. The report includes information about the basic usage data of the profile containers, the status of sessions using the profile containers, the issues detected, and more. With the information, you can track storage usage for profile containers and identify problems that prevent profile containers from working.
Optimization and usage
- With Enable data collection and upload for optimization and usage insights enabled for a configuration set on its Advanced Settings > Insights page, the agent collects and uploads optimization and usage data on a daily basis. A report based on the data collected is generated.
Optimization and usage insights
- Each time you apply insights for a configuration set, a corresponding report on optimization and usage is generated. The reports let you gain insights into application behavior. We aggregate usage and optimization insights into one report.
On the Optimization Insights or the Usage Insights page of Monitoring > Insights, you apply insights by selecting a configuration set and a date range. We maintain only one report for insights applied using the same configuration set and date range. Applying insights using the same configuration set and date range updates the report later.
Profile Management health check
The agent runs Profile Management health checks every 24 hours or on demand. A corresponding report is then generated. The report contains the following elements:
- Date and time when the report was generated
- Detailed information such as the associated agent and configuration set
- Issues (for example, errors and warnings) found, along with fix recommendations
To change your Profile Management settings, go to Profile Management Settings. To customize the scope of settings to cover in a report, go to Advanced Settings > Monitoring Preferences under that configuration set.
Each report appears as a table record. Those reports provide useful diagnostic information that can inform your action. For example, you can check reports based on event severity. Based on the severity level, you can decide what action to take.
We have pre-defined levels of severity for certain reports, for example, built-in scripted task reports.
For a scripted task, the Result code column can provide the following information:
- 0: Indicates that the task has run successfully.
- -4: Appears when attempts to verify the checksum of the executable file you provided failed.
- -5: Appears when attempts to verify the signature of the executable file failed. Possible causes: no valid signature at the end of the executable file, or signature verification failure because of certificate missing.
- -8: Appears when the task was canceled due to a timeout.
For information about result codes (status codes) of profile container status, see the Microsoft documentation https://docs.microsoft.com/en-us/fslogix/fslogix-error-codes-reference. Remember: “-1” means that WEM might not retrieve the status code.
Columns to display and filters
You can customize the display of the table. Click Columns to display to choose which columns you want to display. When customizing columns, you must select at least two columns. After you complete your customization, the table refreshes to display the columns you select.
You can click a column header to sort. You can apply filters to filter reports.
View more details of a report
You can select a report for more detailed information. To do that, locate the report and then click the ellipsis on the right. The report wizard appears. It contains two tabs:
- Details. Provides a detailed result summary.
- Raw data. Provides raw data related to the report. The extended data is in JSON format. If needed, use the extended data for further analysis.
For a scripted task that has Highlight regular expression matches enabled, you can see the following option on the Details tab of its report:
- View regular expression matches. Lets you view regular expression matches in detail.
You can export the data in each report in CSV or JSON format, which opens in programs such as Microsoft Excel. To do that, perform the following steps:
Click Export. The export wizard appears.
Select the export format. Available options: CSV and JSON.
Optionally, select Save a copy of the export to your local machine. The export will be saved to the default download location of your browser.
Click Export to start the export process.
- You can export up to 50,000 records (reports). When the number of records to export exceeds the limit, only the top 50,000 will be exported. We recommend that you use filters to reduce the number of records to 50,000 or fewer.
- While an export is in progress, you cannot perform another export.
- If an export does not complete within 30 minutes, you will no longer receive notifications about it. Go to Files to view the export result later.
- When exporting reports, the export will be saved to the cloud storage. The cloud storage has a storage limit. When you reach the limit, you cannot proceed with the export. In that case, go to Files and delete unnecessary files to free up space. See Files.