This post has been republished via RSS; it originally appeared at: Configuration Manager Blog articles.
Update 2006 for Microsoft Endpoint Configuration Manager current branch is now available. Microsoft Endpoint Manager is an integrated solution for managing all your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center.
On our minds and we are sure yours too, are the challenges posed with working from home. Previously we have blogged some guidance for these scenarios.
- Managing remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager
- Managing Patch Tuesday with Configuration Manager in a remote work world
- Use CMPivot to gather troubleshooting data from remote clients
- Cloud management gateway: addressing common challenges
In March, we made the decision to close the Microsoft Redmond campus and ask all of our engineers to work from home for three weeks to help curb the spread of COVID19. At the time, three weeks sounded like a long time – little did we know that 6 months later we would still not set foot on campus. It was certainly an adjustment for everyone – but fortunately the tools and investments that Microsoft made in the name of employee flexibility and empowerment (Cloud identity using Azure Active Directory, Cloud provisioning using AutoPilot, Cloud Management from Microsoft Endpoint Configuration Manager and Intune ) also enabled employees to more easily work from home.
But of course as we were forced to rely on our tools to work remotely 100% of the time, we found opportunities to improve: allowing clients to upgrade on metered networks, making it easier to download content from the cloud instead of a VPN, and simplifying remove provisioning among other things. So, we committed to focusing our ConfigMgr 2006 release on making these improvements and making them available to you.
Look below for the Work from Anywhere tag to find these features and others.
This release is brought to you by team members in Florida, Washington, British Columbia, Massachusetts, Pennsylvania, Maine, North Carolina, Michigan, Utah, California, Georgia, Shanghai and Suzhou China, and ‘Undisclosed’ – and we hope it will help make it easier to continue to manage your devices wherever they may be.
This release includes:
Microsoft Endpoint Manager tenant attach
Import previously created Azure AD application during tenant attach onboarding - During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach.
Endpoint Analytics Preview - the Endpoint Analytics preview is available. Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and proactively make changes without disrupting end users or generating a help desk ticket.
Endpoint analytics data collection enabled by default – In 2006, the Enable Endpoint analytics data collection client setting is now enabled by default for tenants attaching for the first time. This setting allows your managed endpoints to send data, such as startup performance insights, to your Configuration Manager site server. This change affects local data collection only. Endpoint analytics data isn't uploaded to the Microsoft Endpoint Manager admin center until you enable data upload in Configuration Manager. The new default value applies to the default client settings and any custom client settings created after upgrading to version 2006.
VPN boundary type - To simplify managing remote clients, you can now create a new boundary type for VPNs. Previously, you had to create boundaries for VPN clients based on the IP address or subnet. Now when a client sends a location request, it includes additional information about its network configuration. Based on this information, the server determines whether the client is on a VPN.
Management insights to optimize for remote workers - This release adds a new group of management insights, Optimize for remote workers. These insights help you create better experiences for remote workers and reduce load on your infrastructure. The insights in this release primarily focus on VPN:
- Define VPN boundary groups
- Configure VPN connected clients to prefer cloud-based content sources
- Disable peer to peer content sharing for VPN connected clients
Improved support for Windows Virtual Desktop - The Windows 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
Intranet clients can use a CMG software update point - Intranet clients can now access a CMG software update point when it's assigned to a boundary group. You can allow intranet devices to scan against a CMG software update point in the following scenarios:
- When an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.
- If the only software update point for the boundary group is the CMG software update point, then all intranet and internet devices will scan against it.
Notification for Azure AD app secret key expiration - If you configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:
- One or more Azure AD app secret keys will expire soon
- One or more Azure AD app secret keys have expired
Use Microsoft Azure China 21Vianet for co-management - You can now select the Azure China Cloud as your Azure environment when enabling co-management.
The following improvements have been made in CMPivot -
- CMPivot from the console and CMPivot standalone have been converged
- Run CMPivot from an individual device or multiple devices without having to select or create a collection
- From CMPivot query results, you can select an individual device or multiple devices then launch a separate CMPivot instance scoped to your selection.
Install and upgrade the client on a metered connection -Previously, if the device was connected to a metered network, new clients wouldn't install. Existing clients only upgraded if you allowed all client communication. Starting in this release, client install and upgrade both work when you set the client setting Client communication on metered internet connections to Allow or Limit. With this setting, you can allow the client to stay current, but still manage the client communication on a metered network.
Improvements to managing device restarts - Configuration Manager provides many options to manage device restart notifications. You can now configure the client setting Configuration Manager can force a device to restart to prevent devices from automatically restarting when a deployment requires it. By default, Configuration Manager can still force devices to restart
Improvements to available apps via CMG - This release fixes an issue with Software Center and Azure Active Directory (Azure AD) authentication. For a client detected as on the intranet but communicating via the cloud management gateway (CMG), previously Software Center would use Windows authentication. When it tried to get the list of user-available apps, it would fail. It now uses Azure Active Directory (Azure AD) identity for devices joined to Azure AD. These devices can be cloud-joined or hybrid-joined.
Microsoft 365 Apps for enterprise - Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise on April 21, 2020. Starting in version 2006, the following changes have been made:
- The Configuration Manager console has been updated to use the new name. This change also includes update channel names for Microsoft 365 Apps.
- A banner notification was added to the console to notify you if one or more automatic deployment rules reference obsolete channel names in the Title criteria for Microsoft 365 Apps updates.
Operating system deployment
Task sequence media support for cloud-based content - Task sequence media can now download cloud-based content. Instead of further taxing the WAN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources.
Improvements to task sequences via CMG - This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):
- Support for OS deployment: With a task sequence that uses a boot image to deploy an OS, you can deploy it to a device that communicates via CMG. The user needs to start the task sequence from Software Center.
- This release fixes the two known issues from Configuration Manager current branch version 2002. You can now run a task sequence on a device that communicates via CMG in the following circumstances:
Improvements to BitLocker task sequence steps
- You can now specify the disk encryption mode on the Enable BitLocker and Pre-provision BitLocker task sequence steps. By default, the steps continue to use the default encryption method for the OS version.
- The Enable BitLocker step also now includes a setting to Skip this step for computers that do not have a TPM or when TPM is not enabled. When you enable this setting, the step logs an error on a device without a TPM or a TPM that doesn't initialize, and the task sequence continues.
Management insight rules for OS deployment - When the size of the task sequence policy exceeds 32 MB, the client fails to process the large policy. The client then fails to run the task sequence deployment. To help you manage the policy size of task sequences, this release includes the following management insights:
- Large task sequences may contribute to exceeding maximum policy size
- Total policy size for task sequences exceeds policy limit
Improvements to OS deployment - This release includes the following additional improvements to OS deployment:
- Use a task sequence variable to specify the target of the Format and Partition Disk step. This new variable option supports more complex task sequences with dynamic behaviors.
- The Check Readiness step now includes a check to determine if the device uses UEFI. It also includes a new read-only task sequence variable, _TS_CRUEFI.
- If you enable the task sequence progress window to show more detailed progress information, it now doesn't count enabled steps in a disabled group. This change helps make the progress estimate more precise.
- Previously, during a task sequence to upgrade a device to Windows 10, a command prompt window opened during one of the final Windows configuration phases. The window was on top of the Windows out-of-box experience (OOBE), and users could interact with it to disrupt the upgrade process. Now the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts from Configuration Manager include a change to hide this command prompt window.
- Some customers build custom task sequence interfaces using the IProgressUI::ShowMessage method, but it doesn't return a value for the user's response. This release adds the IProgressUI::ShowMessageEx method. This new method is similar to the existing method, but also includes a new integer result variable, pResult.
CMG support for endpoint protection policies - While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domain controllers. Starting in this release, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.
BitLocker management support for hierarchies - You can now install the BitLocker self-service portal and the administration and monitoring website at the central administration site.
Configuration Manager console
Community hub and GitHub - (First introduced in June 2020)
The IT admin community has developed a wealth of knowledge over the years. Rather than reinventing items like scripts and reports from scratch, we've built a Configuration Manager Community hub where you can share with each other. The Community hub fosters creativity by building on others' work and having other people build on yours. GitHub already has industry-wide processes and tools built for sharing. Now, the Community hub will leverage those tools directly in the Configuration Manager console as foundational pieces for driving this new community. For the initial release, the content made available in the Community hub will be uploaded only by Microsoft.
Notifications from Microsoft
You can now choose to receive notifications from Microsoft in the Configuration Manager console. These notifications help you stay informed about new or updated features, changes to Configuration Manager and attached services, and issues that require action to remediate.
- For more information on changes to the Windows PowerShell cmdlets for Configuration Manager, see PowerShell version 2006 release notes.
- For more information on changes to the administration service REST API, see Administration service release notes.
- For more information on the monthly changes to the Desktop Analytics cloud service, see What's new in Desktop Analytics.
For more details and to view the full list of new features in this update, check out our What’s new in version 2006 of Microsoft Endpoint Configuration Manager documentation.
Note: As the update is rolled out globally in the coming weeks, it will be automatically downloaded, and you’ll be notified when it’s ready to install from the “Updates and Servicing” node in your Configuration Manager console. If you can’t wait to try these new features, see these instructions on how to use the PowerShell script to ensure that you are in the first wave of customers getting the update. By running this script, you’ll see the update available in your console right away.
For assistance with the upgrade process, please post your questions in the Site and Client Deployment forum. Send us your Configuration Manager feedback through Send-a-Smile in the Configuration Manager console.
Continue to use our UserVoice page to share and vote on ideas about new features in Configuration Manager.
The Configuration Manager team
- What’s New in Configuration Manager
- Documentation for Configuration Manager
- Microsoft Endpoint Manager announcement
- Microsoft Endpoint Manager vision statement
- Evaluate Configuration Manager in a lab
- Upgrade to Configuration Manager
- Configuration Manager Forums
- Configuration Manager Support
- Report an issue
- Provide suggestions