Endpoint Services, MECM, Device Collection Membership Best Practices
This article describes best practices for creating and maintaining device collection membership.
Microsoft Endpoint Configuration Manager (MECM)
University of Illinois IT Pros leveraging MECM, hosted by Technology Services' Endpoint Services team
Every device collection has a limiting collection from which its membership will derive, regardless of the collection's membership rules. In most cases this will be a unit's All Systems collection, however, an IT Pro may wish to further restrict this to better match the collection's purpose. To do this, right-click the collection, select "Properties", then select "Browse" next to the "Limiting collection" field.
Membership rules determine how a collection is populated, and can be configured in one of five ways:
- Direct Rule: Add a device directly by one of its System Resource properties (typically name). Such devices will remain in the collection unless manually removed, or excluded by another membership rule.
- Query Rule: Add any number of devices that meet criteria specified by a WQL query. This can be useful when creating collections of a particular type of device, devices located within a particular OU in AD, or devices that meet a broad range of criteria. Query rules can be written in directly or constructed using the GUI. Input in one reflects in the other, which can be useful for learning WQL or making quick edits.
- Device Category: This option is not typically leveraged in our environment. It is recommended that one of the other methods be used instead.
- Include Collections: Add devices that are also members of specified collections. Akin to nesting.
- Exclude Collections: Devices that belong to specified collections will not be included. This can be useful for preventing overlap with collections that change membership frequently.
We recommend careful consideration of limiting collections and membership rules when defining a collection's membership. For example, broad query rules may result in unwanted additions, and direct rules should be audited regularly. It is generally better to have more collections that individually serve a specific purpose than it is to have fewer that multitask.
Collections should only be configured to update their membership on a schedule in the "Membership Rules" tab of a collection's properties. Incremental updates should not be selected as they trigger every few minutes, and in doing so collectively degrade performance across the environment. We therefore ask that IT Pros only use the schedule option; preferably either at the default (weekly) or of hours or days. When a membership rule is changed (e.g. a new machine is imported), MECM triggers an update of that collection automatically, so an aggressive schedule is often unnecessary. Updates can also be triggered at-will, by right-clicking a collection and selecting 'Update Membership'. Please contact EPS if you need to create a collection that requires incremental updates.
Collection evaluation time can be viewed under '\Monitoring\Overview\Collection Evaluation' in the MECM console. Ideally, a collection shouldn't take more than a couple of seconds at most to evaluate. Collections that take longer to evaluate should have their membership rules audited to ensure better performance and to keep the environment running smoothly for all users.
- Additional Microsoft documentation:
- For support please contact the Technology Services Endpoint Services Team: