The Microsoft Endpoint Configuration Manager Administration Service Guide

This post is dedicated to the System Center Configuration Manger (SCCM/ConfigMgr) Administration Service (AdminService for short). Please check back here for helpful links and to blog posts, documentation and examples for using the AdminService. Please note, I wasn’t sure what the name was officially when I first started, and I didn’t expect to keep posting new info about it, so sorry if it’s disjointed.

Update: 11/3/2109 - I am updating this post to show information for the the latest ConfigMgr Current Branch release. Trying to keep track of changes between releases is not all that useful except for in Technical Previews.

Original Posts

Latest AdminService News

Community Blogs

The Basics

The AdminService is a REST API that runs as a service, independent of the other web components in IIS on your site servers.


You can check the status of the service in the console under \Monitoring\Overview\System Status\Component Status - SMS_REST_PROVIDER

Files and Registry Keys

There are several files to be aware of. Below are the key files of interest.

  • Service components
    • \bin\X64\CMRestProvider\sccmprovidergraph.exe
    • \bin\X64\CMRestProvider\sccmprovidergraph.exe.config
  • Logs
    • Locations
      • \Logs
      • Application Event Log - Source - CMRestProviderService
    • Files
      • SMS_REST_PROVIDER.log - Logs the status of the provider service
      • AdminService.log - logs commands run against the AdminService
  • Registry


Beginning in 1810 CB, you will see the SMS Provider API as an option during setup. This feature enables the AdminService REST API. You also have the option to install the SMS Provider role on additional site servers. When you do this, the AdminService will also be included on this new server. See info here:

Additionally, you can configure the AdminService to communicate through the Cloud Management Gateway CMG by configuring the SMS Provider role.


My earlier posts linked above show the progression of testing that I performed with the AdminService. Below is a summary and key changes between releases. You can test using PostMan or another REST API testing tool.


There are 2 main Routes in the AdminService - v1.0 and wmi. v1.0 is for items newer items that have been transitioned from WMI to OData/SQL. These are already in use for several item including parts of the SCCM console and Application Approvals. The wmi routes should match the WMI class names that you should already be familiar with - most beginning with **SMS_**.

Versioned Route Controllers

WMI Route Controller

Read-Only Query Basics

Note: All queries in this section use a HTTP GET method. Also, everything is CASE SenSiTiVe.

  • Get all Devices https://<ServerName>/AdminService/wmi/SMS_R_System
  • Get All Users https://<ServerName/AdminService/wmi/SMS_R_User
  • Get Device By ResourceID (same syntax for users) https://<ServerName>/AdminService/wmi/SMS_R_System(12345678)
  • Get User By ResourceID https://<ServerName>/AdminService/wmi/SMS_R_User(12345678)
  • Retrieve related class information. This example gets Operating System information for a specific device. https://<ServerName>/AdminService/wmi/SMS_R_System(12345678)/SMS_G_System_OPERATING_SYSTEM

You can find more query examples in my previous posts.

Create and Edit Methods using wmi Controller

In my recent testing, this doesn’t seem to work with 1906 CB but does work with 1910 TP. Will update if this changes with the next release. The general concept should apply moving forward - you can use POST and a body to create new objects.

Create a new Package

POST - https://<ServerName>/AdminService/wmi/SMS_Package
BODY - {"Name": "Test Package", "Manufacturer": "ASD"}

You should be able to see your new package in the console or you can use the AdminService to query SMS_Package to find it.

GET - https://<ServerName>/AdminService/wmi/SMS_Package?$filter=Name eq 'Test Package'

Editing A Package

Using the methods above, we can edit the package that we just created. First we have to get the ResourceID for the package. GET - https://<ServerName>/AdminService/wmi/SMS_Package?$filter=Name eq 'Test Package'

 2    "@odata.context": "https://cmtp1-cm1.asd.lab/AdminService/wmi/$metadata#SMS_Package",
 3    "value": [
 4        {
 5            "@odata.etag": "TP100009;",
 6            "ActionInProgress": 0,
 7            "BaseBoardProductID": "",
 8            "DefaultImageFlags": 0,
 9            "Description": "",
10            "DriverManufacturer": "",
11            "DriverModel": "",
12            "DriverOSVersion": "",
13            "DriverPkgVersion": "",
14            "ForcedDisconnectDelay": 5,
15            "ForcedDisconnectEnabled": false,
16            "ForcedDisconnectNumRetries": 2,
17            "Icon": null,
18            "IgnoreAddressSchedule": false,
19            "IsPredefinedPackage": false,
20            "IsVersionCompatible": true,
21            "ISVString": "",
22            "Language": "",
23            "LastRefreshTime": "2019-02-12T06:28:44Z",
24            "LocalizedCategoryInstanceNames": [],
25            "Manufacturer": "ASD",
26            "MIFFilename": "",
27            "MIFName": "",
28            "MIFPublisher": "",
29            "MIFVersion": "",
30            "Name": "Test Package",
31            "NumOfPrograms": 0,
32            "ObjectPath": "/",
33            "PackageID": "TP100009",
34            "PackageSize": 0,
35            "PackageType": 0,
36            "PkgFlags": 0,
37            "PkgSourceFlag": 1,
38            "PkgSourcePath": "",
39            "PreDownloadRule": "",
40            "PreferredAddressType": "",
41            "Priority": 2,
42            "SecuredScopeNames": [
43                "Default"
44            ],
45            "SedoObjectVersion": "3E8D6AB8-D17A-4B0D-BB4B-515DD092760F",
46            "ShareName": "",
47            "ShareType": 1,
48            "SourceDate": "2019-02-12T06:28:18Z",
49            "SourceSite": "TP1",
50            "SourceVersion": 1,
51            "StoredPkgPath": "",
52            "StoredPkgVersion": 1,
53            "TransformAnalysisDate": "1980-01-01T06:00:00Z",
54            "TransformReadiness": 0,
55            "Version": "",
56            "__GENUS": 2,
57            "__CLASS": "SMS_Package",
58            "__SUPERCLASS": "SMS_PackageBaseclass",
59            "__DYNASTY": "SMS_BaseClass",
60            "__RELPATH": "SMS_Package.PackageID=\"TP100009\"",
61            "__PROPERTY_COUNT": 48,
62            "__DERIVATION": [
63                "SMS_PackageBaseclass",
64                "SMS_BaseClass"
65            ],
66            "__SERVER": "CMTP1-CM1",
67            "__NAMESPACE": "root\\sms\\site_TP1",
68            "__PATH": "\\\\CMTP1-CM1\\root\\sms\\site_TP1:SMS_Package.PackageID=\"TP100009\""
69        }
70    ]

Edit the Package object

POST - https://<SERVERNAME>/AdminService/wmi/SMS_Package
Body - {"PackageID": "TP100009", "Name": "Test Package #1", "Manufacturer": "A Square Dozen"}

You can also return just the properties that you want, however in 1906 the $select operator doesn’t work - but it does on 1910 TP and previous builds.

GET - https://<SERVERNAME>/AdminService/wmi/SMS_Package?$filter=Name eq 'Test Package %231'&$select=PackageID,Name,Manufacturer

 2    "@odata.context": "https://cmtp1-cm1.asd.lab/AdminService/wmi/$metadata#SMS_Package",
 3    "value": [
 4        {
 5            "@odata.etag": "TP100009;",
 6            "Manufacturer": "A Square Dozen",
 7            "Name": "Test Package #1",
 8            "PackageID": "TP100009",
 9            "__GENUS": 2,
10            "__CLASS": "SMS_Package",
11            "__SUPERCLASS": "SMS_PackageBaseclass",
12            "__DYNASTY": "SMS_BaseClass",
13            "__RELPATH": "SMS_Package.PackageID=\"TP100009\"",
14            "__PROPERTY_COUNT": 3,
15            "__DERIVATION": [
16                "SMS_PackageBaseclass",
17                "SMS_BaseClass"
18            ],
19            "__SERVER": "CMTP1-CM1",
20            "__NAMESPACE": "root\\sms\\site_TP1",
21            "__PATH": "\\\\CMTP1-CM1\\root\\sms\\site_TP1:SMS_Package.PackageID=\"TP100009\""
22        }
23    ]

Console Connections

Navigate to \Administration\Overview\Security\Console Connections in the Admin Console to see a list of all Admin Consoles that are connected and their versions. Check the AdminService.log to see the query that gets executed.


Look for the Console Heartbeat feature coming soon.

Application Approvals

Depending on whether you’ve enabled the AdminService to communicate through the CMG or not, the email approvals will include a URL to approve an application request. The URL can only be used once since the email GUID is removed from the database once the URL is clicked.

Check this box to allow the AdminService to use the Cloud Management Gateway
Check this box to allow the AdminService to use the Cloud Management Gateway

Application Approval Request Email
Application Approval Request Email

Internal URL


Read more about it here.

PowerShell Usage

You can use the above queries in PowerShell as well. I have several sample scripts on my GitHub Repo here. It’s just for demo purposes and isn’t complete but it should give you a good starting point. Feel free to reach out if you have questions.

Cloud Management Gateway (CMG)

Check my GitHub Repo for a sample script to query the AdminService from the internet through the CMG.

Read more about it here.


I’m having trouble getting this to work in 1906 and 1910 TP at the moment. Since the AdminService uses OData, it can be integrated directly into PowerBI with no need to understand the database or SQL queries.


I plan to update this page as new AdminService features are released. Please check back for more info. Also, I’d love to hear what things you’ve tested out. Check out my ConfigMgrAdminService GitHub Repo for more sample files in the future.