Update 2309 for Microsoft Configuration Manager current branch is now available.

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Configuration Manager Blog articles.

 

Site infrastructure

 

Introducing SQL ODBC driver support for Configuration Manager

 

Starting with Configuration Manager 2309 release, Configuration Manager requires the installation of the ODBC driver for SQL server 18.1.0 or later as a prerequisite. This prerequisite is required when you create a new site or update an existing one and on all remote roles.

 

 Important

Microsoft ODBC Driver for SQL Server 18.1.0 or later needs to be installed on Site Servers and site system roles before upgrading to 2309 version. Do not uninstall SQL native client 11 until we call out in further communications. Configuration Manager doesn't manage the updates for the ODBC driver, ensure that this component is up to date.

 

For more information, see SQL ODBC driver for the site server

 

Option to schedule Scripts execution time

 

Starting in Configuration Manager current branch version 2309, you can now schedule scripts' runtime in UTC. The run Script Wizard now offers a scheduling option that enables administrators to schedule the execution of scripts. It provides a convenient way to automate the running of scripts on managed devices according to specified schedules.

 

 

17668435-schedule-script.png

 

For more information, see Schedule scripts' runtime

 

External service notification Run details from Azure Logic application. 

 

Starting in Configuration Manager current branch version 2309, when Azure Logic App generates notifications related to specific events, CM can now capture and display these notifications. This integration enables the monitoring of Azure Logic App notifications directly within the MCM console, providing a centralized location for tracking critical events, taking appropriate actions and maintains a high level of operational efficiency.

 

 

17668438-external-service.png

 

For more information, see External service notification.

 

New Site Maintenance task “Delete Aged Task Execution Status Messages” is now available on primary servers to clean up data older than 30 days or configured number of days

 

Starting in Configuration Manager current branch version 2309, you can now enable this feature by utilizing the Site Maintenance Window or using PowerShell Commandlet. By default, it has been set to run on Saturday and delete the data older than 30 days. It does so by cleaning up [dbo].TaskExecutionStatus Table 

 

Example : PowerShell Commandlet: Set-CMSiteMaintenanceTask -Sitecode "XXX" -MaintenanceTaskName "Delete Aged Task Execution Status Messages" -DaysOfWeek Friday

 

For more information, see Delete Aged Task Execution Status Messages.

 

Software updates

 

Update Orchestrator Service (USO) for Windows 11 22H2 or later with windows native reboot experience 

 

In Configuration Manager current branch version 2309, when installing software updates from Configuration Manager, administrators can now choose to use the native Windows Update restart experience. To use this feature, client devices must be running Windows build 22H2 or later. From the Computer Restart client device settings, ensure that Windows is selected as the restart experience. Branding information is included in the Windows restart notification for updates that require restart. 

 

For more information, see Device restart notifications

 

Maintenance window creation using PS cmdlet 

 

We've extended the Offset parameter for Maintenance windows. The cmdlet New-CMMaintenanceWindow is used to create a maintenance window for a collection. Earlier the Offset parameter could be set only between 0 and 4. Now it has been extended between 0 to 7.

 

Example : PowerShell Commandlet: New-CMSchedule -Start (Get-Date) -DayOfWeek Monday -WeekOrder Second -RecurCount 1 -OffSetDay 6

 

OS deployment

 

OSD preferred MP option for PXE boot scenario 

 

Starting in Configuration Manager current branch version 2309, Preferred Management Point (MP) option will now allow PXE clients to communicate to an initial lookup MP and receive the list of MP(s) to be used for further communication. When the option is enabled, it allows an MP to redirect the PXE client to another MP, based on the client location in the site boundaries.

 

 

2839966-osd-mp-pxe.png

 

 

For more information, see Install-and-configure-distribution-points

 

Enable Bitlocker through ProvisionTS 

 

In Configuration Manager current branch version 2309, Escrowing recovery key to Config Manager Database is now supported using ProvisionTS. ProvisionTS is the task sequence that is executed at the time of provisioning. As a result, device can escrow the key to Config Manager Database instantly.

 

For more information, see Preprovision-BitLocker-in-Windows-PE

 

Windows 11 Edition Upgrade using CM Policy settings 

 

Starting in Configuration Manager current branch version 2309, administrator can now create a policy using edition upgrade in Configuration Manager to update the Windows 11 edition.

 

 

17668419-edition-upgrade-windows11.png

 

For more information, see Upgrade Windows devices to a new edition

 

Windows 11 Upgrade Readiness Dashboard 

 

Starting in Configuration Manager current branch version 2309, administrators can use this dashboard to devise their windows 11 upgrade strategy and discover the devices in the organization, which are ready for Windows 11 Upgrade. This Dashboard also provides a count by installed Feature update version and a view of all Windows devices inside the organization. Administrators can create a collection of Windows 11 ready for upgrading devices and roll out feature updates to them.

 

 

17668425-windows11-dashboard.png

 

For more information, see Manage Windows 11 readiness dashboard ,

For Co-managed devices, see Use Windows compatibility reports for Windows 10 and Windows 11 updates in Intune

 

Cloud-attached management

 

New Cloud Management Gateway (CMG) creation via Console 

 

Starting in Configuration Manager current branch version 2309, We have enhanced security of web (server) app for the creation of CMG. For new CMG creation, users can select tenant and the app name using the Azure AD tenant name. After selecting tenant and app name the sign-in button appears, follow rest of the process as per the setup CMG.

 

 

cmg-console-creation.png

 

 Note

Pre existing CMG customers must update their web server app by navigating to Azure Active Directory Tenants node --> select the tenant --> select the server app --> click on "update application settings".

 

For more information, see Configure Azure Active Directory for CMG

 

New Cloud Management Gateway (CMG) creation via PowerShell 

 

You can now create CMG Server app via PowerShell cmdlet, you need to specify TenantID in the argument:

PowerShell Commandlet: Set-UpdateServerApplication – 'TenantID'

If you try to create the CMG before updating RedirectUrl, you get an error "Your server Application needs to be updated".

PowerShell command: Set-UpdateServerApplication to update your App, and then try again to create CMG.

 

 Note

For new customers, before creating CMG, create Azure AD web server app and execute the new PowerShell commandlet script.

 

 Attack Surface Reduction (ASR) capability now marks Server SKU as compliant only after enforcement.  

 

Prior to the Attack Surface Reduction capability in Windows Server, rules were marked compliant by default. As this rule setting becomes available to Server SKU, it's enforced through Config Manager. Now the Server SKU will be marked as compliant for an Attack Surface Reduction rule, only after enforcement of the rule.

 

Known issue with Bulk registration token

 

The BulkRegistrationTokenTool is not able to generate new token post upgrade to 2309 version. Customers will get following error while running the BulkRegistrationTokenTool.exe.

  • Unhandled Exception: System.IO.FileLoadException: Could not load file or assembly 'System.IdentityModel.Tokens.Jwt, Version=4.0.40306.1554, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)

 

For more information, see Bulk registration token

 

Deprecated features

 

  • Configured resource access policies will block Configuration Manager 2403 upgrade, remove existing policies and move the slider to Intune. Please action before January 2024, read the FAQ.

 

For more information, see Removed and deprecated features for Configuration Manager.

 

For more details and to view the full list of new features in this update, check out our What’s new in version 2309 of Microsoft Configuration Manager documentation. 

 

Other updates

 

Patching guidance for MCM customers migrating to Azure 

 

Migrating to Azure? Managing your on-prem infrastructure through Microsoft Configuration Manager (MCM) ? Have you figured out how you would patch your infrastructure on Azure? This article provides steps that you can follow to patch your migrated virtual machines on Azure.  

 

Note: MCM manages both devices and servers. This blog provides guidance for servers migrating to Azure. For devices, please refer to Microsoft Intune. 

 

Azure Migration tool has been helping you to programmatically create Azure virtual machines (VMs) for Configuration Manager and install the different site roles with default settings. Validation of the new roles, followed by removal of the on-premises site system role enables MCM in Azure, provides you all the on-premises capabilities and experiences in Azure.  

 

Additionally, you can leverage native Azure Update Manager to manage and govern update compliance for Windows and Linux machines across your deployments in Azure, on-premises, and on the other cloud platforms from a single dashboard, with no operational cost for managing the patching infrastructure. Azure Update Manager shares similarities with the update management component of MCM, designed as a standalone Azure service to provide SaaS experience on Azure to manage hybrid environments. 

Both MCM in Azure and Azure Update Manager can fulfil your patching requirements and the ultimate choice depends on your specific needs and preferences.  

 

MCM in Azure would allow you to continue using existing investments in Microsoft Configuration Manager and familiar processes for maintaining the patch update management cycle for Windows virtual machines. 

 

On the other hand, through Azure Update Manager, you can achieve consistent management of VMs and operating system updates across your cloud and hybrid environment. Moreover, you would not need to maintain Azure virtual machines for hosting the different Configuration Manager roles and would not need a MCM license, hence reducing the total cost for maintaining the patch update management cycle for all machines in your environment. 

 

For more details, please refer the actual CM on Azure FAQ 

 

For assistance with the upgrade process, please post your questions in the Site and Client Deployment forumSend us your Configuration Manager feedback through Feedback in the Configuration Manager console.  Continue to share and vote on ideas about new features in Configuration Manager.

 

Thank you, 

The Configuration Manager team 

 

Additional resources: 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.