Update 2103 for Microsoft Endpoint Configuration Manager current branch is now available. Microsoft Endpoint Manager is an integrated solution for managing all your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center.
You can now upgrade a client's Windows OS by using a feature update deployed with a task sequence. This integration combines the simplicity of Windows servicing with the flexibility of task sequences. Servicing uses content that you synchronize through the software update point. This process simplifies the need to manually get, import, and maintain the Windows image content used with a standard task sequence to upgrade Windows.
The size of the servicing ESD file is generally smaller than the OS upgrade package and WIM image file. You can also use Windows features such as Dynamic Update and Delivery Optimization. This type of task sequence extends support to Windows 10 on ARM64 devices.
For more information, see the following articles:
This release also includes:
Display all applications for a device in Microsoft Endpoint Manager admin center - The Applications view for a tenant attached device in Microsoft Endpoint Manager admin center now displays more applications from Configuration Manager. Displayed applications include applications that are:
The option, An administrator must approve a request for this application on the device, is no longer required to be set on the device available deployment for applications to be listed in the admin center. This improvement allows you to review when application installations are expected to occur on a device.
Tenant attach: Antivirus policy exclusions merge - When a tenant attached device is targeted with two or more antivirus policies, the settings for antivirus exclusions will merge before being applied to the client. This change results in the client receiving the exclusions defined in each policy, allowing for more granular control of antivirus exclusions.
Allow exclusion of organizational units (OU) from Active Directory User Discovery - You can now exclude OUs from Active Directory User Discovery.
New prerequisite checks
When you install or update to version 2103, there are several new warning prerequisite checks.
When you update to this release, this check warns about the presence of the Log Analytics connector for Azure Monitor. (This feature is called the OMS Connector in the Azure Services wizard.) This connector is deprecated, and will be removed from the product in a future release. At that time, this check will be an error that blocks upgrade.
Improvements to the collection relationships viewer - Starting in version 2010, you can view dependency relationships between collections in a graphical format. The relationships for a collection were presented as two hierarchical trees, one for dependents and the other for dependencies. In this release, you can view both parent and child relationships together in a single graph. This change allows you to quickly see an overview of all the relationships of a collection at once and then drill down into specific related collections. It also includes other filtering and navigation improvements.
Improvements to query preview - You now have more options when using the collection query preview. The following improvements have been made to previewing collection queries:
Improvements to collection evaluation view - The following improvements were made to the collection evaluation view:
Change foreground color for Software Center branding - Software Center already provides various controls for you to customize the branding to support your organization's brand. For some customers, their brand color doesn't work well with the default white font color for a selected item. To better support these customers and improve accessibility, you can now configure a custom color for the foreground font.
Improved user experience and security with Software Center custom tabs - Since current branch version 1906, you can add up to five custom tabs to Software Center. These custom tabs let you give your users easy access to common web apps and other sites. Previously, to display websites Software Center used the Windows built-in Internet Explorer browser control.
Starting in this release, Software Center can now use the Microsoft Edge WebView2 browser control. The WebView2 browser control provides improved security and user experience. For example, more websites should work with these custom tabs without displaying script errors or security warnings.
Disable application deployments - You can now disable application deployments. Other objects already have similar behaviors:
For device-based deployments, when you disable the deployment or object, use the client notification action to Download Computer Policy. This action immediately tells the client to update its policy from the site. If the deployment hasn't already started, the client receives the updated policy that the object is now disabled.
Windows 10 Servicing dashboard changes - We've simplified the Windows 10 Servicing dashboard to make it more relevant. The new Quality Update Versions chart displays the top five revisions of Windows 10 across your devices. The Latest Feature Update chart shows the number of devices that installed the latest feature update. The Windows 10 Usage chart, showing the distribution of Windows 10 major releases, was renamed to Feature Update Versions. Servicing plan and Windows 10 ring information were removed from the dashboard.
Task sequence error shows more check readiness details - The task sequence progress can now display more information about readiness checks. If a task sequence fails because the client doesn't meet the requirements configured in the Check readiness task sequence step, the user can now see more details about the failed prerequisites.
Encryption algorithm to capture and restore user state - The task sequence steps to Capture User State and Restore User State always encrypt the USMT state store. Previously, Configuration Manager configured USMT to use the 3DES algorithm. Starting in this release, both steps now use the highest supported encryption algorithm, AES 256.
Improvements to BitLocker management - In current branch version 2010, you can manage BitLocker policies and escrow recovery keys over a cloud management gateway (CMG). This support included a couple of limitations.
Starting in this release, BitLocker management policies over a CMG support the following capabilities:
This release also provides support for the following features:
Approved scripts for orchestration groups - You can now select from scripts that have already been approved when configuring pre and post-scripts for an orchestration group. When in the Create Orchestration Group Wizard, you'll see a new page called Script Picker. Select your pre and post scripts from your list of scripts that are already approved. You can still add scripts manually on the pre and post-script pages. Additionally, you can also edit scripts that you pre-populated from the Script Picker.
Change default maximum run time for software updates - Configuration Manager sets the following maximum run time for these categories of software updates:
All other software updates outside these categories, such as third-party updates, were given a maximum run time of 10 minutes. Starting in this release, the default maximum run time for these updates is 60 minutes rather than 10 minutes. The new maximum run time will only apply to new updates that are synchronized from Microsoft Update. It doesn't change the run time on existing updates.
TLS certificate pinning for devices scanning HTTPS-configured WSUS servers - Further increase the security of HTTPS scans against WSUS by enforcing certificate pinning. To enable this behavior:
Download Power BI report templates from Community hub - Community hub now supports contributing and downloading Power BI report template files. This integration allows administrators to easily share and reuse Power BI reports. Contributing and downloading Power BI report template is also available for current branch versions of Configuration Manager.
Access the top queries shared in the Community hub from CMPivot - You can now access the top CMPivot queries shared in the Community hub from on-premises CMPivot. By leveraging pre-created CMPivot queries shared by the broader community, CMPivot users gain access to a wider variety of queries. On-premises CMPivot accesses the Community hub and returns a list of the top downloaded CMPivot queries. Users can review the top queries, customize them, and then run on-demand. This improvement gives a wider selection of queries for immediate usage without having to construct them and also allows information sharing on how to build queries for future reference.
Centralized management of console extensions
Configuration Manager now supports a new style of console extensions that have the following benefits:
The old style of console extensions may start being phased out in favor of the new style, which is more secure and centrally managed.
Add a report as a favorite - Configuration Manager ships with several hundred reports by default, and you may have added more to that list. Instead of continually searching for reports you commonly use, you can now make a report a favorite. This action allows you to quickly access it from the new Favorites node.
Improvements to the product lifecycle dashboard - This release includes improvements to the product lifecycle dashboard to make it more actionable for you.
Improvements to Support Center - Support Center is now split into the following tools:
Support Center Viewer, Support Center OneTrace and Support Center Log File Viewer are still a part of Support Center.
OneTrace support for jump lists - Support Center OneTrace now supports jump lists for recently opened files. Jump lists let you quickly go to previously opened files, so you can work faster.
There are now three methods to open recent files in OneTrace:
For more information on changes to the Windows PowerShell cmdlets for Configuration Manager, see version 2103 release notes.
For more details and to view the full list of new features in this update, check out our What’s new in version 2103 of Microsoft Endpoint Configuration Manager documentation.
Note: The update is now globally available to all customers. The script to enable the first wave is no longer necessary.
For assistance with the upgrade process, please post your questions in the Site and Client Deployment forum. Send us your Configuration Manager feedback through Send-a-Smile in the Configuration Manager console. Continue to share and vote on ideas about new features in Configuration Manager.
The Configuration Manager team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.