Update 1910 for Microsoft Endpoint Configuration Manager current branch is now available. As Brad Anderson announced at Ignite, Configuration Manager is now part of Microsoft Endpoint Manager. Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune, without a complex migration, and with simplified licensing. Continue to use your existing Configuration Manager investments, while taking advantage of the power of the Microsoft cloud at your own pace.
In the Configuration Manager 1910 release, we’d like to re-highlight the CMPivot feature. First introduced in Configuration Manager 1806, we have since received a lot of positive feedback on the benefits of querying data in real-time and we’ve seen several innovative ways customers have come up with to use CMPivot. Admins have reported that others in their organization want to use CMPivot, but they don’t traditionally have access to the Configuration Manager console. They too want to unlock the treasure trove of data within the environment to help with their jobs. To enable this, we’ve created a CMPivot.msi that can be deployed, so that CMPivot can be used outside the Configuration Manager console by additional people, such as Security Administrators, Helpdesk technicians, and managers. For example, the Security Administrator can now use CMPivot as an additional tool to help hunt for vulnerabilities, helpdesk technicians can now use CMPivot to quickly gather information from specific systems to aid in trouble shooting and real-time reports can be generated by managers.
CMPivot now works better together with Microsoft Defender Advanced Threat Protection (ATP) software, by linking the CMPivot output with relevant ATP details. The performance of CMPivot has been improved by offloading querying to the client to reduce network traffic and load on the servers. You now have the ability to run queries just locally on “This PC”, for WMI related data. Running on “This PC” saves the need to use the Configuration Manager infrastructure at all and returns data faster, so you can pivot and hone your query to be precisely what you want, before you consume network bandwidth resources. This aids in writing the correct query.
We have added joins and more operators (+,-,*,/,%) and exposed file hashes (MD5 and SHA256) to find files masquerading as others. To make sharing queries easier, we have added a query shortcuts feature, that lets you copy & paste the query to a clipboard and send it via email to collaborators. When the collaborator clicks the link to the query, it will auto-launch CMPivot standalone and provide the same query for them to run.
This release also includes:
Desktop Analytics
- Support for Desktop Analytics - This release provides support for Desktop Analytics which is now generally available. Desktop Analytics provides the insight and automation you need to efficiently get current and stay current with Windows. By integrating with Configuration Manager, Desktop Analytics adds cloud value to your on-premises infrastructure. Read more in the DA blog.
Site infrastructure
- Reclaim SEDO lock - Starting in current branch version 1906, you could clear your lock on a task sequence. Now you can clear your lock on any object in the Configuration Manager console.
- Extend and Migrate on-premises Configuration Manager environment to Microsoft Azure - This new tool helps you to programmatically create Azure virtual machines (VMs) for Configuration Manager. It can install with default settings site roles like a passive site server, management points, and distribution points. Once you validate the new roles, use them as additional site systems for high availability. You can also remove the on-premises site system role and only keep the Azure VM role
Client Management
- Include custom configuration baselines as part of compliance policy assessment - You can now add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you have an option to Evaluate this baseline as part of compliance policy assessment. When adding or editing a compliance policy rule, you have a condition called Include configured baselines in compliance policy assessment.
- Enable user policy for Windows 10 Enterprise multi-session – Configuration Manager current branch version 1906 introduced support for Windows Virtual Desktop. In this release if you require user policy on these multi-session devices, and accept any potential performance impact, you can now configure a client setting to enable user policy.
Application Management
- Deploy Microsoft Edge, version 77 and later - The all-new Microsoft Edge is ready for business. You can now deploy Microsoft Edge, version 77 and later to your users. Admins can pick the Beta or Dev channel, along with a version of the Microsoft Edge client to deploy.
- Improvements to application groups – This release includes the following improvements:
- Users can Uninstall the app group in Software Center.
- You can deploy an app group to a user collection.
Operating System Deployment
- Task sequence performance improvements - power plans - You can now run a task sequence with the high performance power plan. This option improves the overall speed of the task sequence.
- Task sequence download on demand over the internet – Starting in this release, the task sequence engine can download packages on-demand from a content-enabled CMG or a cloud distribution point. This change provides additional flexibility with your Windows 10 in-place upgrade deployments to internet-based device.
- Improvements to the task sequence editor
- You can now search in the task sequence editor. This action lets you more quickly locate steps in the task sequence.
- If you want to reuse the conditions from one task sequence step to another, you can now copy and paste conditions in the task sequence editor.
- Improvements to OSD
- Boot image keyboard layout
- Import a single index of an OS upgrade package
- Output the results of a Run Command Line step to a variable during a task sequence
- Improvements to task sequence debugger
- Improved language support in task sequence
Protection
- Bitlocker Management (MBAM) - Configuration Manager now provides the following management capabilities for BitLocker Drive Encryption:
- Deploy the BitLocker client to managed Windows devices
- Manage device encryption polices
- Compliance reports
- Administration and monitoring website for key recovery
- A user self-service portal
Software updates
- Additional options for third-party update catalogs - You now have more granular controls over synchronization of third-party updates catalogs. Starting in Configuration Manager version 1910, you can configure the synchronization schedule for each catalog independently. When using catalogs that include categorized updates, you can configure synchronization to include only specific categories of updates to avoid synchronizing the entire catalog.
- Use Delivery Optimization for all Windows updates - Previously, Delivery Optimization could be leveraged only for express updates. With Configuration Manager version 1910, it’s now possible to use Delivery Optimization for the distribution of all Windows Update content for clients running Windows 10 version 1709 or later.
- Additional software update filter for ADRs - You can now use Deployed as an update filter for your automatic deployment rules. This filter helps identify new updates that may need to be deployed to your pilot or test collections.
Office Management
- Office 365 ProPlus Pilot and Health Dashboard - The Office 365 ProPlus Pilot and Health Dashboard helps you plan, pilot, and perform your Office 365 ProPlus deployment. The dashboard provides health insights for devices with Office 365 ProPlus to help identify possible issues that may affect your deployment plans.
Configuration Manager Console
- View active consoles and message administrators through Console Connections – You now have the ability to message other Configuration Manager administrators through Microsoft Teams. Also, the Last Console Heartbeat column has replaced the Last Connected Time
- Client diagnostics actions - You can now enable and disable verbose and debugging logging for the CCM component from the console.
For more details and to view the full list of new features in this update, check out our What’s new in version 1910 of Microsoft Endpoint Configuration Manager documentation.
Updated 12/20/2019 Note: The update is now globally available to all customers. The script to enable the first wave is no longer necessary.
For assistance with the upgrade process, please post your questions in the Site and Client Deployment forum. Send us your Configuration Manager feedback through Send-a-Smile in the Configuration Manager console or by using the Feedback Hub app built into Windows 10.
Continue to use our UserVoice page to share and vote on ideas about new features in Configuration Manager.
Thank you,
The Configuration Manager team
Additional resources:
- What’s New in Configuration Manager
- Documentation for Configuration Manager
- Microsoft Endpoint Manager announcement
- Microsoft Endpoint Manager vision statement
- Evaluate Configuration Manager in a lab
- Upgrade to Configuration Manager
- Configuration Manager Forums
- Configuration Manager Support
- Report an issue
- Provide suggestions