Configuration Manager Blog articles

Microsoft Azure Active Directory rebranded to Microsoft Entra ID

Starting Configuration Manager version 2403, Microsoft Azure Active Directory is renamed to Microsoft Entra ID within Configuration Manager.

Automated diagnostic Dashboard for Software Update Issues

A new dashboard is added to the console under monitoring workspace, which shows the diagnosis of the software update issues in your environment this feature can easily identify any issues related to software updates. You can fix software update issues based on troubleshooting documentations.

Special credit to Shankar Subramanian and Smita Jadhav for their details and troubleshooting notes.

For more information, see Software update health dashboard.

Introducing centralized search box: Effortlessly find what you need in the console!

Users can now use the global search box in CM console, which streamlines the search experience and centralizes access to information. This feature enhances the overall usability, productivity and effectiveness of CM. Users no longer need to navigate through multiple nodes or sections/ folders to find information they require, saving valuable time and effort.

For more information, see Improvements to console search.

Added Folder support for Scripts node in Software Library

You can now organize scripts by using folders. This change allows for better categorization and management of scripts. Full Administrator and Operations Administrator roles can manage the folders.

For more information, see Folder support for scripts.

HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager

HTTP-only communication is deprecated, and support is removed from this version of Configuration Manager. Enable HTTPS or Enhanced HTTP for client communication.

For more information, see Enable site system roles for HTTPS or Enhanced HTTP. and Deprecated features

Windows Server 2012/2012 R2 operating system site system roles are not supported from this version of Configuration Manager

Starting 2403, Windows Server 2012/2012 R2 operating system site system roles aren't supported in any CB releases. Clients with extended support (ESU) will continue to support.

For more information, see Supported-operating-systems-for-site-system-servers.

Resource access profiles and deployments will block Configuration manager upgrade

Any configured Resource access profiles and deployments block Configuration manager upgrade. Consider deleting them and moving the co-management workload for Resource Access (if co-managed) to Intune.

For more information, see FAQ and Resource access policies are no longer supported.

Software updates

New parameter SoftwareUpdateO365Language is added to Save-CMSoftwareUpdate cmdlet

A new parameter SoftwareUpdateO365Language is now added to PowerShell Save-CMSoftwareUpdate cmdlet. Customers now don't have to check a specific language in the SUP Properties (causing a metadata download for that language for all updates).

PowerShell Commandlet: Save-CMSoftwareUpdate – SoftwareUpdateO365Language <language name> (<region name>)"

Note

Languages need to be in O365 format to be consistent with Admin Console UI. E.g. "Hungarian (Hungary)".

OS deployment

Support for ARM 64 Operating System Deployment

Configuration Manager operating system deployment support is now added on Windows 11 ARM 64 devices. Currently Importing and customizing Arm 64 boot images, Wipe and load TS, Media creation TS, WDS PXE for Arm 64 and CMPivot is supported.

Enhancement in Deploying Software Packages with Dynamic Variables

Administrators while deploying the "Install Software Package" via Dynamic variable with "Continue on error" unchecked to clients, will not be notified with task sequence failures even if package versions on the distribution point are updated.

For more information, see Options for Install Application.

Cloud-attached management

Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic)

The option to upgrade Configuration Manager 2403 is blocked if you're running cloud management gateway V1 (CMG) as a cloud service (classic). All CMG deployments should use a virtual machine scale set.

For more information, see Check for a cloud management gateway (CMG) as a cloud service (classic).

Deprecated features

Learn about support changes before they're implemented in removed and deprecated items.

System Center Update Publisher (SCUP) and integration with ConfigMgr planned end of support Jan 2024.

For more information, see Removed and deprecated features for Configuration Manager.

Other updates

Improvements to BitLocker

This release includes the following improvements to BitLocker:

Starting in this release, this feature ensures proper verification of key escrow and prevents message drops. We now validate whether the key is successfully escrowed to the database, and only on successful escrow we add the key protector.
This feature now prevents a potential data loss scenario where BitLocker is protecting the volumes with keys that are never backed up to the database, in any failures to escrow happens.

For more information on BitLocker management, see Deploy BitLocker management. and Plan for BitLocker management..

From this version of Configuration Manager, the Windows 11 readiness dashboard shows charts for Windows 23H2.
Defender Exploit Guards policy for controlled folder now accepts regex in the file path for apps. For example, [C:\Folder\Subfolder\app?.exe] [C:\Folder1\Sub*Name]

Next steps

At this time, version 2403 is released for slow ring (all in console update), Baseline will be updated in portal soon.

Version	Support Start	Support End
2403	April 22, 2024	October 22, 2025
2409	December 4, 2024	June 6, 2026
2503	March 31, 2025	September 30, 2026
2509	December 2025	June 2027

Front End Port	Back End Port	Service
50000	3389	RDP
10124	8443	Custom / CMG-Channel-Traffic

Name	Port	Protocol	Source	Destination	Action
webHttpsRule	443	TCP	INTERNET	10.0.0.0/24	Allow
webHttps8443Rule	8443	TCP	INTERNET	10.0.0.0/24	Allow

Configuration Manager Blog articles

Announcing the Annual Release Cadence for Microsoft Configuration Manager

Why Move to an Annual Release Cadence?

What Does This Mean for You?

Focus on Security and Stability

Support Lifecycle

Frequently Asked Questions

Looking Ahead

Update 2409 for Microsoft Configuration Manager current branch is now available.

Configuration Manager now supports SQL Extended Protection for Authentication

Introducing Centralized Search - Desired Workspace Selection

Configuration Manager does not support SQL Server 2012 and 2014

Operating System support added for Windows 11 24H2 and Windows Server 2025

Software metering support in Arm64 devices

BitLocker support in Arm64 devices

CMG Entra Application secret key renewal

CMG Enhanced security option

Known Issues

Other Updates

Performance Enhancement of policy processing and collection evaluation

Deprecated features

Next steps

Configuration Manager technical preview version 2411

Operating System support added for Windows 11 24H2 and Windows Server 2025

Enhanced Security for CMG

CMG Entra Application secret renewal

SQL 2012 and 2014 support are deprecated

Software metering support in Arm64 devices

Configuration Manager technical preview version 2405

Configuration Manager now supports SQL Extended Protection for Authentication

BitLocker support in Arm devices

Introducing Centralized Search - Desired Workspace Selection

Fixes

Performance Enhancement of policy processing and collection evaluation

Known issues

Unable to import or connect to Powershell Configuration Manager module via console

Configuration Manager console won't automatically update

Update 2403 for Microsoft Configuration Manager current branch is now available.

Microsoft Azure Active Directory rebranded to Microsoft Entra ID

Introducing centralized search box: Effortlessly find what you need in the console!

Added Folder support for Scripts node in Software Library

HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager

Windows Server 2012/2012 R2 operating system site system roles are not supported from this version of Configuration Manager

Resource access profiles and deployments will block Configuration manager upgrade

Software updates

New parameter SoftwareUpdateO365Language is added to Save-CMSoftwareUpdate cmdlet

OS deployment

Support for ARM 64 Operating System Deployment

Enhancement in Deploying Software Packages with Dynamic Variables

Cloud-attached management

Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic)

Deprecated features

Other updates

Improvements to BitLocker

Next steps

A Deep Dive look into CMG Cloud Components (Part 2)

A Deep Dive look into CMG App-Registrations (Part 1)

Configuration Manager technical preview version 2401

Automated diagnostic Dashboard for Software Update Issues

Enhancement in Deploying Software Packages with Dynamic Variables

Enabling Auto-Image Patching for CMG Virtual Machine Scale Set

Window 11 Readiness dashboard to support Windows 23H2

HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager

Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic)

Windows Server 2012/2012 R2 operating system site system roles aren't supported from this version of Configuration Manager

Configuration Manager technical preview version 2311

Folder support for Scripts node in Software Library

Resource access profiles and deployments will block Configuration manager upgrade

WildCard Support added in Defender Exploit Guard policy for Controlled Folders

Update 2309 for Microsoft Configuration Manager current branch is now available.

Introducing SQL ODBC driver support for Configuration Manager

External service notification Run details from Azure Logic application.

New Site Maintenance task “Delete Aged Task Execution Status Messages” is now available on primary servers to clean up data older than 30 days or configured number of days

Software updates

Update Orchestrator Service (USO) for Windows 11 22H2 or later with windows native reboot experience

Maintenance window creation using PS cmdlet

OSD preferred MP option for PXE boot scenario

Windows 11 Edition Upgrade using CM Policy settings

Windows 11 Upgrade Readiness Dashboard

Cloud-attached management

CMG Entra Application secret key renewal 

External service notification Run details from Azure Logic application. 

Update Orchestrator Service (USO) for Windows 11 22H2 or later with windows native reboot experience 

Maintenance window creation using PS cmdlet 

OSD preferred MP option for PXE boot scenario 

Windows 11 Edition Upgrade using CM Policy settings 

Windows 11 Upgrade Readiness Dashboard 

New Cloud Management Gateway (CMG) creation via PowerShell 