OSD preferred MP option for PXE boot scenario
Preferred Management Point (MP) option will now allow PXE clients to communicate to an initial lookup MP and receive the list of MP(s) to be used for further communication. When the option is enabled, it allows an MP to redirect the PXE client to another MP, based on the client location in the site boundaries.
New Site Maintenance task “Delete Aged Task Execution Status Messages” is now available on primary servers to clean up data older than 30 days or configured number of days
You can enable this feature by utilizing the Site Maintenance Window or using PowerShell Commandlet. By default, it has been set to run on Saturday and delete the data older than 30 days. It does so by cleaning up [dbo].TaskExecutionStatus Table
Example : Set-CMSiteMaintenanceTask -Sitecode "XXX" -MaintenanceTaskName "Delete Aged Task Execution Status Messages" -DaysOfWeek Friday
CMG creation using third PartyApp via Console
We have deprecated the use of first party app for the creation of CMG. Now, CMG uses a third party server app to get bearer tokens. For CMG creation, users can select tenant and the app name using the Azure AD tenant name. After selecting tenant and app name the sign-in button appears. Existing Customers, must update their server app as current version, doesn't have the Redirect to- "http://localhost"
To update the server app, you can navigate to Azure Active Directory Tenants node --> select the tenant --> select the server app --> click on "update application settings".
CMG creation using third Party ServerApp via PowerShell
To create CMG using third party Server app via PowerShell cmdlet, you need to specify TenantID in the argument:
PowerShell Commandlet: Set-UpdateServerApplication – TenantID
If you're utilizing the existing Azure AD server app, when existing (nonupdated) Azure AD server app is used, ensure that the server app has RedirectUrl="http://localhost” added in Azure portal and in TableAAD_Application_EX in Database.
If you try to create the CMG before updating RedirectUrl, you get an error "Your server Application needs to be updated".
Run this PowerShell command: Set-UpdateServerApplication
to update your App, and then try again to create CMG.
Note
For new customers, before creating CMG, create Azure AD server app that contains the RedirectUrl="http://localhost” in your App. Once redirect URL and database settings are complete, you can execute the new PowerShell commandlet script.
Attack Surface Reduction (ASR) capability now marks Server SKU as compliant only after enforcement
Prior to the Attack Surface Reduction capability in Windows Server, rules were marked compliant by default. As this rule setting becomes available to Server SKU, it's enforced through Config Manager. Now the Server SKU will be marked as compliant for an Attack Surface Reduction rule, only after enforcement of the rule.
Enhancing security for External service notifications URL
This feature avoids the risk of directing the subscription logic to an untrusted URL, resulting in information leakage. The upgrade prevents information from being sent to an HTTPS URL with an untrusted certificate. This method ensures that the data is protected by a trusted SSL certificate. For a secure connection, we recommend using SSL certificates from trusted Certification Authorities. This security feature only allows connections to URLs that have trusted certificates for enhanced security.
Enable BitLocker through ProvisionTS
ProvisionTS is the task sequence that is executed at the time of provisioning the device. Escrowing recovery key to Config Manager Database is now supported using ProvisionTS. As a result, a device can escrow the key to Config Manager Database instantly.
Client certificate state in console (self-signed) to match state in control panel (PKI)
For clients that have a PKI certificate, the Configuration Manager console displays the Client certificate property as self-signed. The client control panel Client certificate property shows PKI. After this release, Configuration Manager console and client control panel Client certificate will be in sync and shows same state.
Update 2305 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2305 baseline version of Microsoft Configuration Manager Technical Preview Branch is available on the link: CM2305TP-Baseline or from Eval center
Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
We would love to hear your thoughts about the latest Technical Preview! Send us feedback directly from the console.
Thanks,
The Configuration Manager team
Configuration Manager Resources:
Documentation for Configuration Manager Technical Previews
Try the Configuration Manager Technical Preview Branch