This month we have a second technical preview. Update 2010.2 for the Technical Preview Branch of Microsoft Endpoint Configuration Manager has been released.
We've made improvements to applications for tenant attached devices. Administrators can now do the following actions for applications in the Microsoft Endpoint Manager admin center:
This preview release also includes:
Tenant attach: Troubleshooting portal lists a user’s devices based on usage - The troubleshooting portal in Microsoft Endpoint Manager admin center allows you to search for a user and view their associated devices. Starting in this release, tenant attached devices that are assigned user device affinity automatically based on usage will now be returned when searching for a user.
Tenant attach: Create and deploy firewall policies - You can now configure and deploy settings for Windows Defender Firewall with Advanced Security to tenant attached Windows 10 devices.
Enhancements to applications in Microsoft Endpoint Manager admin center - We've made improvements to applications for tenant attached devices. Administrators can now do the following actions for applications in the Microsoft Endpoint Manager admin center:
Improvements to BitLocker management - Based on your UserVoice feedback, you can now manage BitLocker policies and escrow recovery keys over a cloud management gateway (CMG). This change also provides support for BitLocker management via internet-based client management (IBCM) and when you configure the site for enhanced HTTP. There's no change to the setup process for BitLocker management.
Improvements to deploy an OS over CMG using boot media - This release streamlines the administrative workflow in the Configuration Manager console. On the Media Management page of the Create Task Sequence Media Wizard, the Internet-based media option no longer exists. Select the Site-based media option. Then still select the CMG for the management point on the Boot Image page.
Desktop Analytics support for new Windows 10 data levels - Microsoft is increasing transparency by categorizing the data that Windows 10 collects:
If you previously configured devices for Limited or Limited (Enhanced), in an upcoming release of Windows 10, they'll use the Required level. This change may impact the functionality of Desktop Analytics. Configuration Manager will properly configure the devices. If you're using another mechanism to configure these policies on devices, you may need to make changes for the upcoming new behavior.
Immediate distribution point fallback for clients downloading software update delta content - There's a new client setting for software updates. If delta content is unavailable from distribution points in the current boundary group, you can allow immediate fallback to a neighbor or the site default boundary group distribution points. This setting is useful when using delta content for software updates since the timeout setting per download job is 5 minutes.
Disable Azure AD authentication for onboarded tenants - You can now disable Azure Active Directory (Azure AD) authentication for tenants not associated with users and devices. When you onboard Configuration Manager to Azure AD, it allows the site and clients to use modern authentication. Currently, Azure AD device authentication is enabled for all onboarded tenants, whether or not it has devices. For example, you have a separate tenant with a subscription that you use for compute resources to support a cloud management gateway. If there aren't users or devices associated with the tenant, you can now optionally disable Azure AD authentication.
Additional options when creating app registrations in Azure Active Directory - You can now specify Never for the expiration of a secret key when creating Azure Active Directory app registrations.
Validate internet access for the service connection point - If you use Desktop Analytics or tenant attach, the service connection point now checks important internet endpoints. These checks help make sure that the cloud-connected services are available. It also helps you troubleshoot issues by quickly determining if network connectivity is a problem.
Improvements to the administration service - The Configuration Manager REST API, the administration service, requires a secure HTTPS connection. With the previous methods to enable HTTPS, enabling IIS on the SMS Provider was a prerequisite. Starting in this release, you no longer need to enable IIS on the SMS Provider for the administration service. When you enable the site for enhanced HTTP, it creates a self-signed certificate for the SMS Provider, and automatically binds it without requiring IIS.
Update 2010.2 for Technical Preview Branch is available in the Microsoft Endpoint Configuration Manager Technical Preview console. For new installations, the 2010 baseline version of Microsoft Endpoint Configuration Manager Technical Preview Branch is available on the Microsoft Evaluation Center. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
The Configuration Manager team
Configuration Manager Resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.