Update 2006 for Microsoft Endpoint Configuration Manager current branch is now available. Microsoft Endpoint Manager is an integrated solution for managing all your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center.
On our minds and we are sure yours too, are the challenges posed with working from home. Previously we have blogged some guidance for these scenarios.
In March, we made the decision to close the Microsoft Redmond campus and ask all of our engineers to work from home for three weeks to help curb the spread of COVID19. At the time, three weeks sounded like a long time – little did we know that 6 months later we would still not set foot on campus. It was certainly an adjustment for everyone – but fortunately the tools and investments that Microsoft made in the name of employee flexibility and empowerment (Cloud identity using Azure Active Directory, Cloud provisioning using AutoPilot, Cloud Management from Microsoft Endpoint Configuration Manager and Intune ) also enabled employees to more easily work from home.
But of course as we were forced to rely on our tools to work remotely 100% of the time, we found opportunities to improve: allowing clients to upgrade on metered networks, making it easier to download content from the cloud instead of a VPN, and simplifying remote provisioning among other things. So, we committed to focusing our ConfigMgr 2006 release on making these improvements and making them available to you.
Look below for the Work from Anywhere tag to find these features and others.
This release is brought to you by team members in Florida, Washington, British Columbia, Massachusetts, Pennsylvania, Maine, North Carolina, Michigan, Utah, California, Georgia, Shanghai and Suzhou China, and ‘Undisclosed’ – and we hope it will help make it easier to continue to manage your devices wherever they may be.
This release includes:
Import previously created Azure AD application during tenant attach onboarding - During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach.
Endpoint Analytics Preview - the Endpoint Analytics preview is available. Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and proactively make changes without disrupting end users or generating a help desk ticket.
Endpoint analytics data collection enabled by default – In 2006, the Enable Endpoint analytics data collection client setting is now enabled by default for tenants attaching for the first time. This setting allows your managed endpoints to send data, such as startup performance insights, to your Configuration Manager site server. This change affects local data collection only. Endpoint analytics data isn't uploaded to the Microsoft Endpoint Manager admin center until you enable data upload in Configuration Manager. The new default value applies to the default client settings and any custom client settings created after upgrading to version 2006.
VPN boundary type - To simplify managing remote clients, you can now create a new boundary type for VPNs. Previously, you had to create boundaries for VPN clients based on the IP address or subnet. Now when a client sends a location request, it includes additional information about its network configuration. Based on this information, the server determines whether the client is on a VPN.
Management insights to optimize for remote workers - This release adds a new group of management insights, Optimize for remote workers. These insights help you create better experiences for remote workers and reduce load on your infrastructure. The insights in this release primarily focus on VPN:
Improved support for Windows Virtual Desktop - The Windows 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
Intranet clients can use a CMG software update point - Intranet clients can now access a CMG software update point when it's assigned to a boundary group. You can allow intranet devices to scan against a CMG software update point in the following scenarios:
Notification for Azure AD app secret key expiration - If you configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:
Use Microsoft Azure China 21Vianet for co-management - You can now select the Azure China Cloud as your Azure environment when enabling co-management.
The following improvements have been made in CMPivot -
Install and upgrade the client on a metered connection -Previously, if the device was connected to a metered network, new clients wouldn't install. Existing clients only upgraded if you allowed all client communication. Starting in this release, client install and upgrade both work when you set the client setting Client communication on metered internet connections to Allow or Limit. With this setting, you can allow the client to stay current, but still manage the client communication on a metered network.
Improvements to managing device restarts - Configuration Manager provides many options to manage device restart notifications. You can now configure the client setting Configuration Manager can force a device to restart to prevent devices from automatically restarting when a deployment requires it. By default, Configuration Manager can still force devices to restart
Improvements to available apps via CMG - This release fixes an issue with Software Center and Azure Active Directory (Azure AD) authentication. For a client detected as on the intranet but communicating via the cloud management gateway (CMG), previously Software Center would use Windows authentication. When it tried to get the list of user-available apps, it would fail. It now uses Azure Active Directory (Azure AD) identity for devices joined to Azure AD. These devices can be cloud-joined or hybrid-joined.
Microsoft 365 Apps for enterprise - Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise on April 21, 2020. Starting in version 2006, the following changes have been made:
Task sequence media support for cloud-based content - Task sequence media can now download cloud-based content. Instead of further taxing the WAN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources.
Improvements to task sequences via CMG - This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):
Improvements to BitLocker task sequence steps
Management insight rules for OS deployment - When the size of the task sequence policy exceeds 32 MB, the client fails to process the large policy. The client then fails to run the task sequence deployment. To help you manage the policy size of task sequences, this release includes the following management insights:
Improvements to OS deployment - This release includes the following additional improvements to OS deployment:
CMG support for endpoint protection policies - While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domain controllers. Starting in this release, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.
BitLocker management support for hierarchies - You can now install the BitLocker self-service portal and the administration and monitoring website at the central administration site.
Community hub and GitHub - (First introduced in June 2020)
The IT admin community has developed a wealth of knowledge over the years. Rather than reinventing items like scripts and reports from scratch, we've built a Configuration Manager Community hub where you can share with each other. The Community hub fosters creativity by building on others' work and having other people build on yours. GitHub already has industry-wide processes and tools built for sharing. Now, the Community hub will leverage those tools directly in the Configuration Manager console as foundational pieces for driving this new community. For the initial release, the content made available in the Community hub will be uploaded only by Microsoft.
Notifications from Microsoft
You can now choose to receive notifications from Microsoft in the Configuration Manager console. These notifications help you stay informed about new or updated features, changes to Configuration Manager and attached services, and issues that require action to remediate.
For more details and to view the full list of new features in this update, check out our What’s new in version 2006 of Microsoft Endpoint Configuration Manager documentation.
Updated 8/31/2020
Note: The update is now globally available to all customers. The script to enable the first wave is no longer necessary.
For assistance with the upgrade process, please post your questions in the Site and Client Deployment forum. Send us your Configuration Manager feedback through Send-a-Smile in the Configuration Manager console.
Continue to use our UserVoice page to share and vote on ideas about new features in Configuration Manager.
Thank you,
The Configuration Manager team
Additional resources:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.