Update 2309 for Microsoft Configuration Manager current branch is now available.
Published Oct 09 2023 05:18 PM 22.9K Views


Site infrastructure


Introducing SQL ODBC driver support for Configuration Manager


Starting with Configuration Manager 2309 release, Configuration Manager requires the installation of the ODBC driver for SQL server 18.1.0 or later as a prerequisite, SQL ODBC Download. This prerequisite is required when you create a new site or update an existing one and on all remote roles. 



Microsoft ODBC Driver for SQL Server 18.1.0 or later needs to be installed on Site Servers and site system roles before upgrading to 2309 version. Do not uninstall SQL native client 11 until we call out in further communications. Configuration Manager doesn't manage the updates for the ODBC driver, ensure that this component is up to date.


For more information, see SQL ODBC driver for the site server


Option to schedule Scripts execution time


Starting in Configuration Manager current branch version 2309, you can now schedule scripts' runtime in UTC. The run Script Wizard now offers a scheduling option that enables administrators to schedule the execution of scripts. It provides a convenient way to automate the running of scripts on managed devices according to specified schedules.





For more information, see Schedule scripts' runtime


External service notification Run details from Azure Logic application. 


Starting in Configuration Manager current branch version 2309, when Azure Logic App generates notifications related to specific events, CM can now capture and display these notifications. This integration enables the monitoring of Azure Logic App notifications directly within the MCM console, providing a centralized location for tracking critical events, taking appropriate actions and maintains a high level of operational efficiency.





For more information, see External service notification.


New Site Maintenance task “Delete Aged Task Execution Status Messages” is now available on primary servers to clean up data older than 30 days or configured number of days


Starting in Configuration Manager current branch version 2309, you can now enable this feature by utilizing the Site Maintenance Window or using PowerShell Commandlet. By default, it has been set to run on Saturday and delete the data older than 30 days. It does so by cleaning up [dbo].TaskExecutionStatus Table 


Example : PowerShell Commandlet: Set-CMSiteMaintenanceTask -Sitecode "XXX" -MaintenanceTaskName "Delete Aged Task Execution Status Messages" -DaysOfWeek Friday


For more information, see Delete Aged Task Execution Status Messages.


Software updates


Update Orchestrator Service (USO) for Windows 11 22H2 or later with windows native reboot experience 


In Configuration Manager current branch version 2309, when installing software updates from Configuration Manager, administrators can now choose to use the native Windows Update restart experience. To use this feature, client devices must be running Windows build 22H2 or later. From the Computer Restart client device settings, ensure that Windows is selected as the restart experience. Branding information is included in the Windows restart notification for updates that require restart. 


For more information, see Device restart notifications


Maintenance window creation using PS cmdlet 


We've extended the Offset parameter for Maintenance windows. The cmdlet New-CMMaintenanceWindow is used to create a maintenance window for a collection. Earlier the Offset parameter could be set only between 0 and 4. Now it has been extended between 0 to 7.


Example : PowerShell Commandlet: New-CMSchedule -Start (Get-Date) -DayOfWeek Monday -WeekOrder Second -RecurCount 1 -OffSetDay 6


OS deployment


OSD preferred MP option for PXE boot scenario 


Starting in Configuration Manager current branch version 2309, Preferred Management Point (MP) option will now allow PXE clients to communicate to an initial lookup MP and receive the list of MP(s) to be used for further communication. When the option is enabled, it allows an MP to redirect the PXE client to another MP, based on the client location in the site boundaries.






For more information, see Install-and-configure-distribution-points


Enable Bitlocker through ProvisionTS 


In Configuration Manager current branch version 2309, Escrowing recovery key to Config Manager Database is now supported using ProvisionTS. ProvisionTS is the task sequence that is executed at the time of provisioning. As a result, device can escrow the key to Config Manager Database instantly.


For more information, see Preprovision-BitLocker-in-Windows-PE


Windows 11 Edition Upgrade using CM Policy settings 


Starting in Configuration Manager current branch version 2309, administrator can now create a policy using edition upgrade in Configuration Manager to update the Windows 11 edition.





For more information, see Upgrade Windows devices to a new edition


Windows 11 Upgrade Readiness Dashboard 


Starting in Configuration Manager current branch version 2309, administrators can use this dashboard to devise their windows 11 upgrade strategy and discover the devices in the organization, which are ready for Windows 11 Upgrade. This Dashboard also provides a count by installed Feature update version and a view of all Windows devices inside the organization. Administrators can create a collection of Windows 11 ready for upgrading devices and roll out feature updates to them.





For more information, see Manage Windows 11 readiness dashboard ,

For Co-managed devices, see Use Windows compatibility reports for Windows 10 and Windows 11 updates in Intune


Cloud-attached management


New Cloud Management Gateway (CMG) creation via Console 


Starting in Configuration Manager current branch version 2309, We have enhanced security of web (server) app for the creation of CMG. For new CMG creation, users can select tenant and the app name using the Azure AD tenant name. After selecting tenant and app name the sign-in button appears, follow rest of the process as per the setup CMG.






Pre existing CMG customers must update their web server app by navigating to Azure Active Directory Tenants node --> select the tenant --> select the server app --> click on "update application settings".


For more information, see Configure Azure Active Directory for CMG


New Cloud Management Gateway (CMG) creation via PowerShell 


You can now create CMG Server app via PowerShell cmdlet, you need to specify TenantID in the argument:

PowerShell Commandlet: Set-UpdateServerApplication – 'TenantID'

If you try to create the CMG before updating RedirectUrl, you get an error "Your server Application needs to be updated".

PowerShell command: Set-UpdateServerApplication to update your App, and then try again to create CMG.



For new customers, before creating CMG, create Azure AD web server app and execute the new PowerShell commandlet script.


Deprecated features


  • Configured resource access policies will block Configuration Manager 2403 upgrade, remove existing policies and move the slider to Intune. Please action before January 2024, read the FAQ.


For more information, see Removed and deprecated features for Configuration Manager.


For more details and to view the full list of new features in this update, check out our What’s new in version 2309 of Microsoft Configuration Manager documentation. 


Other updates


Patching guidance for MCM customers migrating to Azure 


Migrating to Azure? Managing your on-prem infrastructure through Microsoft Configuration Manager (MCM) ? Have you figured out how you would patch your infrastructure on Azure? This article provides steps that you can follow to patch your migrated virtual machines on Azure.  


Note: MCM manages both devices and servers. This blog provides guidance for servers migrating to Azure. For devices, please refer to Microsoft Intune. 


Azure Migration tool has been helping you to programmatically create Azure virtual machines (VMs) for Configuration Manager and install the different site roles with default settings. Validation of the new roles, followed by removal of the on-premises site system role enables MCM in Azure, provides you all the on-premises capabilities and experiences in Azure.  


Additionally, you can leverage native Azure Update Manager to manage and govern update compliance for Windows and Linux machines across your deployments in Azure, on-premises, and on the other cloud platforms from a single dashboard, with no operational cost for managing the patching infrastructure. Azure Update Manager shares similarities with the update management component of MCM, designed as a standalone Azure service to provide SaaS experience on Azure to manage hybrid environments. 

Both MCM in Azure and Azure Update Manager can fulfil your patching requirements and the ultimate choice depends on your specific needs and preferences.  


MCM in Azure would allow you to continue using existing investments in Microsoft Configuration Manager and familiar processes for maintaining the patch update management cycle for Windows virtual machines. 


On the other hand, through Azure Update Manager, you can achieve consistent management of VMs and operating system updates across your cloud and hybrid environment. Moreover, you would not need to maintain Azure virtual machines for hosting the different Configuration Manager roles and would not need a MCM license, hence reducing the total cost for maintaining the patch update management cycle for all machines in your environment. 


For more details, please refer the actual CM on Azure FAQ 


For assistance with the upgrade process, please post your questions in the Site and Client Deployment forumSend us your Configuration Manager feedback through Feedback in the Configuration Manager console.  Continue to share and vote on ideas about new features in Configuration Manager.


Thank you, 

The Configuration Manager team 


Additional resources: 

Version history
Last update:
‎Nov 15 2023 01:18 AM
Updated by: