Type the URL that is giving you the bad request into a web browser on the Site Server and check if the site is trusted. You may be missing a public root cert on your server.
MEMCM Desktop Analytics - Bad Request 400 in logs
MEMCM 2103
I have set up Desktop Analytics which is partially working. Clients are sending telemetry to the DA workspace, however MEMCM is still showing the 300 or so devices as Awaiting Enrollment in the Connection Health node. The M365AUploadWorker log shows GET and POST successes but the final log entry (i.e. the failure point) reports BAD REQUEST 400. It appears that the MEMCM sync is not working but everything else is. I have confirmed I have the correct permissions, accounts etc set up on App Registration and DA Workspace
Happy to fill in another blanks. This isn't my first set up for DA, and I've not encountered this issue before. It's always been pretty seamless. it just seems like the final sync isn't working.
2 answers
Sort by: Most helpful
-
-
Colin Ford 1,026 Reputation points
2021-11-03T05:17:49.607+00:00 Are you going through a proxy? If so, check that there is no SSL interception going on.
https://learn.microsoft.com/en-us/mem/configmgr/desktop-analytics/enable-data-sharing
For privacy and data integrity, Windows checks for a Microsoft SSL certificate (certificate pinning) when communicating with the diagnostic data endpoints. SSL interception and inspection aren't possible. To use Desktop Analytics, exclude these endpoints from SSL inspection.
I will add that the URL list includes https://login.live.com, and the documentation doesn't call it out but some orgs need to use SSL interception on this URL in order to block Microsoft consumer apps as per https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions.
Additionally, the tenant restrictions feature now supports blocking the use of all Microsoft consumer applications (MSA apps) such as OneDrive, Hotmail, and Xbox.com. This uses a separate header to the login.live.com endpoint, and is detailed at the end of the document.
I have implemented Desktop Analytics and kept SSL interception on this particular URL and it still works for me.