A new build release has arrived for System Center Configuration Manager Current Branch, Build 1802.
Just look at the crazy treasure in this release, some of which was coded from ideas and work done at the SCCM MVP Hackathon, that took place in Seattle last November and which I attended. Was a amazing experience working so closely with the product group, to realise some of the stuff that landed in this release, there be more treasure from the Hackathon that didn’t make the build cut off date … my treasure may show in future releases. At the Hackathon I suggested Trusted Source content, which I have a UserVoice for, it was partly coded but its too big a change to just slide in, and changes to ADR’s to support the creation of new Packages when the ADR is run, to reduce the size of SUM packages over time, and make them more network-friendly (6 months of ADR for SUM Patches into a single package … Gigs upon gigs …), and I also participated in guiding\steering when we broke out into small groups to work with the product group engineers, intelligent and very friendly bunch of people indeed.
This lot is going to take you a while to play with Enjoy
Reassign distribution point
Many customers have large Configuration Manager infrastructures, and are reducing primary or secondary sites to simplify their environment. They still need to retain distribution points at branch office locations to serve content to managed clients. These distribution points often contain multiple terabytes or more of content. This content is costly in terms of time and network bandwidth to distribute to these remote servers. This feature lets you reassign a distribution point to another primary site without redistributing the content. This action updates the site system assignment while persisting all of the content on the server. For more information, see Reassign a distribution point.
Configure Windows Delivery Optimization to use Configuration Manager boundary groups
You use Configuration Manager boundary groups to define and regulate content distribution across your corporate network and to remote offices. Windows Delivery Optimization is a cloud-based, peer-to-peer technology to share content between Windows 10 devices. Starting in this release, configure Delivery Optimization to use your boundary groups when sharing content among peers. A new client setting applies the boundary group identifier as the Delivery Optimization group identifier on the client. When the client communicates with the Delivery Optimization cloud service, it uses this identifier to locate peers with the desired content. For more information, see Fundamental concepts for content management.
Support for Windows 10 ARM64 devices
Starting in this release the Configuration Manager client is supported on Windows 10 ARM64 devices. Existing client management features should work with these new devices. For example, hardware and software inventory, software updates, and application management. Operating system deployment is currently not supported.
Improved support for CNG certificates
Configuration Manager (current branch) version 1710 supports Cryptography: Next Generation (CNG) certificates. Version 1710 limits support to client certificates in several scenarios.
Starting in this release, use CNG certificates for the following HTTPS-enabled server roles:
- Management point
- Distribution point
- Software update point
- State migration point
Boundary group fallback for management points
Configure fallback relationships for management points between boundary groups. This behavior provides greater control for the management points that clients use. For more information, see Configure boundary groups.
Cloud distribution point site affinity
This feature benefits customers with a multi-site, geographically dispersed hierarchy using cloud distribution points. When an internet-based client searches for content, previously there was no order to the list of cloud distribution points received by the client. This behavior could result in internet-based clients receiving content from geographically distant cloud distribution points. Downloading content from such a distant server is typically slower than a closer server.
With cloud distribution point site affinity, an internet-based client receives an ordered list. This list prioritizes cloud distribution points from the client’s assigned site. This behavior allows the administrator to preserve their design intent for content downloads from site resources.
Management insights in System Center Configuration Manager provide information about the current state of your environment. The information is based on analysis of data from the site database. Insights help you to better understand your environment and take action based on the insight. For details see, Management Insights
In Configuration Manager 1802, the following insights are available:
- Applications without deployments
- Cloud Services:
- Assess co-management readiness
- Enable your devices to be hybrid Azure Active Directory-joined
- Modernize your identity and access infrastructure
- Upgrade your clients to Windows 10, version 1709 or above
- Empty Collections
- Simplified Management:
- Outdated client versions
- Software Center:
- Direct users to Software Center instead of Application Catalog
- Use the new version of Software Center
- Windows 10:
- Configure Windows telemetry and commercial ID key
- Connect Configuration Manager to Upgrade Readiness
Cloud management gateway support for Azure Resource Manager
When creating an instance of the cloud management gateway (CMG), the wizard now provides the option to create an Azure Resource Manager deployment. Azure Resource Manager is a modern platform for managing all solution resources as a single entity, called a resource group. When deploying CMG with Azure Resource Manager, the site uses Azure Active Directory (Azure AD) to authenticate and create the necessary cloud resources. This modernized deployment doesn’t require the classic Azure management certificate. For more information, see CMG topology design.
This capability doesn’t enable support for Azure Cloud Service Providers (CSP). The CMG deployment with Azure Resource Manager continues to use the classic cloud service, which the CSP doesn’t support. For more information, see Available Azure services in Azure CSP.
Improvements to cloud management gateway
Starting in this release, the cloud management gateway is no longer a pre-release feature.
The feature documentation is revised and enhanced. For more information, see the following articles:
Configure hardware inventory to collect strings larger than 255 characters
You can configure the length of strings to be greater than 255 characters for hardware inventory properties. This change applies only to newly added classes and for hardware inventory properties that aren’t keys. For details, see the Extend hardware inventory article.
Deprecation announcement for Linux and Unix client support
Microsoft intends to deprecate the Linux and UNIX client support in System Center Configuration Manager roughly one year from now, such that the clients will not be included in the SCCM 1902 release in early calendar 2019. The Configuration Manager 1810 release, in late calendar 2018, will be the last release to include the Linux and UNIX clients, and they will be supported for the full lifecycle of Configuration Manager 1810. After Configuration Manager 1810, customers should consider Microsoft’s Operations Management Suite for managing Linux servers. OMS has extensive Linux support that in most cases exceed Configuration Manager functionality, including end-to-end patch management for Linux.
Surface device dashboard
The Surface device dashboard provides information about the Surface devices found in your environment. In the console, go to Monitoring > Surface Devices. You can view the items:
- Percent of Surfaces
- Percent of Surface models
- Top five firmware versions
For details, see the Surface dashboard article.
Change in the Configuration Manager client install
| Starting in this release, Silverlight is no longer installed on client devices automatically. For more information, see Prerequisites fo deploying clients to Windows computers
Transition Endpoint Protection workload to Intune using co-management
The Endpoint Protection workload can be transitioned to Intune after enabling co-management. To transition the Endpoint Protection workload, go to the co-management properties page and move the slider bar from Configuration Manager to Pilot or All. For details about the workloads, see Workloads able to be transitioned to Intune. For more information about co-management, see Co-management for Windows 10 devices.
Co-management dashboard in System Center Configuration Manager
Beginning in this release, you can view a dashboard with information about co-management. The dashboard helps you review machines that are co-managed in your environment. The graphs can help identify devices that might need attention. For details, see the Co-management dashboard article.
Microsoft Edge browser policies
For customers who use the Microsoft Edge web browser on Windows 10 clients, create a Configuration Manager compliance settings policy to configure several Microsoft Edge settings. For more information, see Create Microsoft Edge browser profile.
Allow user interaction when installing an application
Allow an end user to interact with an application installation during the running of the task sequence. For example, run a setup process that prompts the end user for various options. Some application installers can’t silence user prompts, or the installation process may require specific configuration values only known to the user. This feature allows you to handle these installation scenarios. For more information, see Specify user experience options for the deployment type.
Do not automatically upgrade superseded applications
Configure an application deployment to not automatically upgrade any superseded version. Now when creating the deployment, on the Deployment Settings page of the Deploy Software Wizard, for either Available or Required install purpose, you can enable or disable the option to Automatically upgrade any superseded versions of this application. For more information, see Specify deployment settings.
Approve application requests for users per device
Starting in this release, when a user requests an application that requires approval, the specific device name is now a part of the request. If the administrator approves the request, the user is only able to install the application on that device. The user must submit another request to install the application on another device. For more information, see Specify deployment settings.
This is an optional feature. For more information, see Enable optional features from updates.
Run scripts improvements
Starting in this release, Run Scripts is no longer a pre-release feature. The script output now returns using JSON formatting. For more information, see Create and run PowerShell scripts from the Configuration Manager console.
Operating system deployment
Windows 10 in-place upgrade task sequence via cloud management gateway
The Windows 10 in-place upgrade task sequence now supports deployment to internet-based clients managed through the cloud management gateway. This ability allows remote users to more easily upgrade to Windows 10 without needing to connect to the corporate network. For more information, see Deploy a task sequence.
Improvements to Windows 10 in-place upgrade task sequence
The default task sequence template for Windows 10 in-place upgrade now includes additional groups with recommended actions to add before and after the upgrade process. These actions are common among many customers who are successfully upgrading devices to Windows 10. For more information, see create a task sequence to upgrade an OS.
Improvements to operating system deployment
This release includes the following improvements to operating system deployment:
- In Windows PE, when launching cmtrace.exe, you are no longer prompted to choose whether to make this program the default viewer for log files.
- Add boot images to the Download Package Content task sequence step.
- Improvements to the Run Task Sequence step:
- Support for all operating system deployment scenarios from Software Center, PXE, and media.
- Improvements to console actions such as copy, import, export, and warning during object deletion.
- Support for the Create Prestaged Content File wizard.
- Integration with deployment verification. For more information, see High-risk task sequence deployments.
- The Run Task Sequence step can now be used across multiple levels of task sequences, not just a single parent-child relationship. Multi-level relationships increase the complexity, so use with caution. These relationships are still checked for circular references.
Deployment templates for task sequences
The deployment wizard for task sequences can now create a deployment template. The deployment template can be saved and applied to an existing or new task sequence to create a deployment.
Phased deployments for task sequences
Phased deployments is a pre-release feature. Phased deployments automate a coordinated, sequenced rollout of a task sequence across multiple collections. You can create phased deployments with the default of two phases, or manually configure multiple phases. Phased deployment of task sequences does not support PXE or media installation.
Install multiple applications in Software Center
If an end user or desktop technician needs to install multiple applications on a device, Software Center now supports installing multiple selected applications. This behavior allows the user to be more efficient while not waiting for one installation to finish before starting the next. For more information, see Install multiple applications in the new Software Center user guide.
Use Software Center to browse and install user-available applications on Azure AD-joined devices
If you deploy applications as available to users, they can now browse and install them through Software Center on Azure Active Directory (Azure AD) devices. For more information, see Deploy user-available applications on Azure AD-joined devices.
Hide installed applications in Software Center
Installed applications can now be hidden in Software Center. Applications that are already installed will no longer show in the Applications tab when this option is enabled under client settings. This option is set as the default when you install or upgrade to Configuration Manager 1802. Installed applications are still available for review under the installation status tab. Hide installed applications in Software Center has additional details.
Hide unapproved applications in Software Center
When this client setting option is enabled, user available applications that require approval are hidden in Software Center. Hide unapproved applications in Software Center has additional details.
Software Center shows user additional compliance information
When using Device Health Attestation status as a compliance policy rule for conditional access to company resources, Software Center now shows the user the Device Health Attestation setting that is not compliant.
Schedule automatic deployment rule evaluation to be offset from a base day.
Automatic deployment rules can be scheduled to evaluate offset from a base day. Meaning, if patch Tuesday actually falls on Wednesday for you, the evaluation schedule can be set for the second Tuesday of the month offset by one day. For details, see Automatically deploy software updates.
Report for default browser counts
Now there is a new report to show the count of clients with a specific web browser as the Windows default. See the Default Browser counts report in the Software – Companies and Products reports group. For more information, see the List of reports.
Report on Windows AutoPilot device information
Windows AutoPilot is a solution for onboarding and configuring new Windows 10 devices in a modern way. For more information, see an Overview of Windows AutoPilot. One method of registering existing devices with Windows AutoPilot is to upload device information to the Microsoft Store for Business and Education. This information includes the device serial number, Windows product identifier, and a hardware identifier. Use Configuration Manager to collect and report this device information with the new report, Windows AutoPilot Device Information, in the Hardware – General reports node. For more information, see New Windows 10 devices in preparing for co-management.
Report on Windows 10 Servicing details for a specific collection
The Windows 10 Servicing details for a specific collection report displays general information about Windows 10 servicing for a specific collection. This report shows Resource ID, NetBIOS name, OS name, OS release name, build, OS branch, and servicing state for Windows 10 devices. For more information, see the List of reports
Improvements to Configuration Manager Policies for Windows Defender Exploit Guard
New host interaction settings for Windows Defender Application Guard
For Windows 10 version 1709 and later devices, there are two new host interaction settings for Windows Defender Application Guard:
- Websites can be given access to the host’s virtual graphics processor.
- Files downloaded inside the container can be persisted on the host.
Configuration Manager console
Improvements to the Configuration Manager console
This release includes the following improvements to the Configuration Manager console.
- Device lists under Assets and Compliance, Devices, now display the primary user by default. This column only displays in the Devices node. The last logged on user can also be added as an optional column. Enable user and device affinity client settings for the site to associate a primary user with a device.
- If a collection is a member of another collection and it is renamed, then the new name is updated under membership rules.
- When using remote control on a client with multiple monitors at different DPI scaling, the mouse cursor now correctly maps between them.
- The Office 365 Client Management dashboard displays a list of relevant devices when graph sections are selected.
I also see that the Cloud Management Gateway documentation has been revised (thanks Aaron and Co!)
Don’t forget, UserVoice works, if you post an idea or feedback there, it does get read, and much of it is being woven into the product.
If you have an idea for ConfigMgr, or want something changed or even fixed, post on UserVoice, and vote for other peoples suggestions to keep things well-oiled!
Thanks Product Group for another bulky release … we just wouldn’t see this kind of stuff if we didn’t have the Servicing model! Remember how it took like 3 to 5 years per release, and years for an SP which was mostly bug fixes back then, things sure have changed.
Patch not showing yet? Then wait … or go into the fast lane with a PowerShell script, but note that if you enter the fast lane there is a chance you may have an additional patch delivered once the product has rolled out, we’ve seen this take happen before.
Note: As the update is rolled
out globally in the coming weeks, it will be automatically downloaded,
and you will be notified when it is ready to install from the “Updates
and Servicing” node in your Configuration Manager console. If you can’t
wait to try these new features, this PowerShell script
can be used to ensure that you are in the first wave of customers
getting the update. By running this script, you will see the update
available in your console right away.