Blog Post

Configuration Manager Blog
3 MIN READ

Configuration Manager technical preview version 2305

Bala_Delli's avatar
Bala_Delli
Icon for Microsoft rankMicrosoft
May 26, 2023

 

OSD preferred MP option for PXE boot scenario

 

Preferred Management Point (MP) option will now allow PXE clients to communicate to an initial lookup MP and receive the list of MP(s) to be used for further communication. When the option is enabled, it allows an MP to redirect the PXE client to another MP, based on the client location in the site boundaries.

 

 

 

New Site Maintenance task “Delete Aged Task Execution Status Messages” is now available on primary servers to clean up data older than 30 days or configured number of days

 

You can enable this feature by utilizing the Site Maintenance Window or using PowerShell Commandlet. By default, it has been set to run on Saturday and delete the data older than 30 days. It does so by cleaning up [dbo].TaskExecutionStatus Table

Example : Set-CMSiteMaintenanceTask -Sitecode "XXX" -MaintenanceTaskName "Delete Aged Task Execution Status Messages" -DaysOfWeek Friday

 

 

 

CMG creation using third PartyApp via Console

 

We have deprecated the use of first party app for the creation of CMG. Now, CMG uses a third party server app to get bearer tokens. For CMG creation, users can select tenant and the app name using the Azure AD tenant name. After selecting tenant and app name the sign-in button appears. Existing Customers, must update their server app as current version, doesn't have the Redirect to- "http://localhost"

To update the server app, you can navigate to Azure Active Directory Tenants node --> select the tenant --> select the server app --> click on "update application settings".

 

CMG creation using third Party ServerApp via PowerShell

 

To create CMG using third party Server app via PowerShell cmdlet, you need to specify TenantID in the argument:

 

PowerShell Commandlet: Set-UpdateServerApplication – TenantID

If you're utilizing the existing Azure AD server app, when existing (nonupdated) Azure AD server app is used, ensure that the server app has RedirectUrl="http://localhost” added in Azure portal and in TableAAD_Application_EX in Database.

 

If you try to create the CMG before updating RedirectUrl, you get an error "Your server Application needs to be updated".

 

Run this PowerShell command: Set-UpdateServerApplication to update your App, and then try again to create CMG.

 

 Note

For new customers, before creating CMG, create Azure AD server app that contains the RedirectUrl="http://localhost” in your App. Once redirect URL and database settings are complete, you can execute the new PowerShell commandlet script.

 

Attack Surface Reduction (ASR) capability now marks Server SKU as compliant only after enforcement

 

Prior to the Attack Surface Reduction capability in Windows Server, rules were marked compliant by default. As this rule setting becomes available to Server SKU, it's enforced through Config Manager. Now the Server SKU will be marked as compliant for an Attack Surface Reduction rule, only after enforcement of the rule.

 

Enhancing security for External service notifications URL

 

This feature avoids the risk of directing the subscription logic to an untrusted URL, resulting in information leakage. The upgrade prevents information from being sent to an HTTPS URL with an untrusted certificate. This method ensures that the data is protected by a trusted SSL certificate. For a secure connection, we recommend using SSL certificates from trusted Certification Authorities. This security feature only allows connections to URLs that have trusted certificates for enhanced security.

 

Enable BitLocker through ProvisionTS

 

ProvisionTS is the task sequence that is executed at the time of provisioning the device. Escrowing recovery key to Config Manager Database is now supported using ProvisionTS. As a result, a device can escrow the key to Config Manager Database instantly.

 

Client certificate state in console (self-signed) to match state in control panel (PKI)

 

For clients that have a PKI certificate, the Configuration Manager console displays the Client certificate property as self-signed. The client control panel Client certificate property shows PKI. After this release, Configuration Manager console and client control panel Client certificate will be in sync and shows same state.

 

 

Update 2305 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2305 baseline version of Microsoft Configuration Manager Technical Preview Branch is available on the link:  CM2305TP-Baseline or from Eval center 

 

Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.

 

We would love to hear your thoughts about the latest Technical Preview! Send us feedback directly from the console.

 

Thanks,

The Configuration Manager team

 

Configuration Manager Resources:

Documentation for Configuration Manager Technical Previews

Try the Configuration Manager Technical Preview Branch

Documentation for Configuration Manager

Configuration Manager Forums

Configuration Manager Support

Updated May 26, 2023
Version 1.0
  • Dave_47's avatar
    Dave_47
    Copper Contributor

    Im confused: Isn't WDS in particular PXE now EOL and is no longer a role from WinSvr 2022 onwards? So PXE components will be remove from "WDS" and remain for CM MP reasons?

  • Kjegeus's avatar
    Kjegeus
    Copper Contributor

    Dave_47 I'm pretty sure it refers to the new built in PXE service that has been included for some years now.

  • Yes, this was added in existing PXE features. Few customers with dispersed environment were not able to get the right specific MP based on their boundary configuration. If this preferred MP is choosed then PXE will point for the first policy download and then switch to the nearest MP once the client is installed.

  • fabioleitao's avatar
    fabioleitao
    Copper Contributor

    OSD preferred MP option for PXE boot scenario

     

    If I understand, this feature about select MP priority to PXE will be great, since here in my company we have many Distribution points with a lot of boundaries generating some conflicts when selecting the MP.

     

    But a tip for those who have this kind of issue is to change the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP

    Key: ManagementPoints

     

    Sample:

    Value: http://<DP-Server01>.company.com* http://<DP-Server-02>.company.com* http://<DP-Server03>.company.com* 

     

    This will allow the PXE to point directly to the DP/MP you want, without doing the unnecessary validation of other MPs that makes the screen Task sequence take a long time to load.