Probleme de mise à jour des definition defender
Je rencontre un problème depuis peu. En fait, pour la Mise à jour de definition Defender une ADR a été configuré pour que la mise à jour se fasse tour les 8h. certains postes du parc n'arrivent pas à les mises à jours Windows et definition Defender. Je constate qu'il y a un problème d'application de la policy EPM et l'ADR. Lorsque j'applique le contournement suivant: - renommer le fichier registry.pol en registry.pol.old et forcer sa création par un gpudate /force le tout fonctionne jusqu'à une certaine période et cela reprend. J'aimerais savoir si quelqu'un de la communauté a deja rencontré ce problème, si oui quelle est la correction et c'est quoi la raison ou la cause de se problème. Les recherches parlent de fichiers corrompu soit par une coupure d'électricité ou de l'agent, mais malgré les recherches je n'ai pas une solution définitive et une raison claire. Je souhaiterais avoir votre contributionUpdate 2403 for Microsoft Configuration Manager current branch is now available.
Update 2403 for Configuration Manager current branch is available as an in-console update. Apply this update on sites that run version 2211 or later. When installing a new site, it will also be available as abaseline versionsoon after general availability. This article summarizes the changes and new features in Configuration Manager, version 2403. Site infrastructure Microsoft Azure Active Directory rebranded to Microsoft Entra ID Starting Configuration Manager version 2403, Microsoft Azure Active Directory is renamed to Microsoft Entra ID within Configuration Manager. Automated diagnostic Dashboard for Software Update Issues A new dashboard is added to the console under monitoring workspace, which shows the diagnosis of the software update issues in your environment this feature can easily identify any issues related to software updates. You can fix software update issues based on troubleshooting documentations. Special credit to Shankar Subramanian and Smita Jadhav for their details and troubleshooting notes. For more information, seeSoftware update health dashboard. Introducing centralized search box: Effortlessly find what you need in the console! Users can now use the global search box in CM console, which streamlines the search experience and centralizes access to information. This feature enhances the overall usability, productivity and effectiveness of CM. Users no longer need to navigate through multiple nodes or sections/ folders to find information they require, saving valuable time and effort. For more information, seeImprovements to console search. Added Folder support for Scripts node in Software Library You can now organize scripts by using folders. This change allows for better categorization and management of scripts. Full Administrator and Operations Administrator roles can manage the folders. For more information, seeFolder support for scripts. HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager HTTP-only communication is deprecated, and support is removed from this version of Configuration Manager. Enable HTTPS or Enhanced HTTP for client communication. For more information, seeEnable site system roles for HTTPS or Enhanced HTTP.andDeprecated features Windows Server 2012/2012 R2 operating system site system roles are not supported from this version of Configuration Manager Starting 2403, Windows Server 2012/2012 R2 operating system site system roles aren't supported in any CB releases. Clients with extended support (ESU) will continue to support. For more information, seeSupported-operating-systems-for-site-system-servers. Resource access profiles and deployments will block Configuration manager upgrade Any configured Resource access profiles and deployments block Configuration manager upgrade. Consider deleting them and moving the co-management workload for Resource Access (if co-managed) to Intune. For more information, seeFAQandResource access policies are no longer supported. Software updates New parameter SoftwareUpdateO365Language is added to Save-CMSoftwareUpdate cmdlet A new parameterSoftwareUpdateO365Languageis now added to PowerShell Save-CMSoftwareUpdate cmdlet. Customers now don't have to check a specific language in the SUP Properties (causing a metadata download for that language for all updates). PowerShell Commandlet: Save-CMSoftwareUpdate – SoftwareUpdateO365Language <language name> (<region name>)" Note Languages need to be in O365 format to be consistent with Admin Console UI. E.g. "Hungarian (Hungary)". OS deployment Support for ARM 64 Operating System Deployment Configuration Manager operating system deployment support is now added on Windows 11 ARM 64 devices. Currently Importing and customizing Arm 64 boot images, Wipe and load TS, Media creation TS, WDS PXE for Arm 64 and CMPivot is supported. Enhancement in Deploying Software Packages with Dynamic Variables Administrators while deploying the "Install Software Package" via Dynamic variable with "Continue on error" unchecked to clients, will not be notified with task sequence failures even if package versions on the distribution point are updated. For more information, seeOptions for Install Application. Cloud-attached management Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic) The option to upgrade Configuration Manager 2403 is blocked if you're running cloud management gateway V1 (CMG) as a cloud service (classic). All CMG deployments should use a virtual machine scale set. For more information, seeCheck for a cloud management gateway (CMG) as a cloud service (classic). Deprecated features Learn about support changes before they're implemented inremoved and deprecated items. System Center Update Publisher (SCUP) and integration with ConfigMgr planned end of support Jan 2024. For more information, seeRemoved and deprecated features for Configuration Manager. Other updates Improvements to BitLocker This release includes the following improvements to BitLocker: Starting in this release, this feature ensures proper verification of key escrow and prevents message drops. We now validate whether the key is successfully escrowed to the database, and only on successful escrow we add the key protector. This feature now prevents a potential data loss scenario where BitLocker is protecting the volumes with keys that are never backed up to the database, in any failures to escrow happens. For more information on BitLocker management, seeDeploy BitLocker management.andPlan for BitLocker management.. From this version of Configuration Manager, the Windows 11 readiness dashboard shows charts for Windows 23H2. Defender Exploit Guards policy for controlled folder now accepts regex in the file path for apps.For example, [C:\Folder\Subfolder\app?.exe] [C:\Folder1\Sub*Name] Next steps At this time, version 2403 is released for slow ring (all in console update), Baseline will be updated in portal soon. Thank you, The Configuration Manager team Additional resources: What’s New in Configuration Manager Documentation for Configuration Manager Microsoft Configuration Manager announcement Microsoft Configuration Manager vision statement Evaluate Configuration Manager in a lab Upgrade to Configuration Manager Configuration Manager Forums Configuration Manager Support Report an issue Provide suggestionsMicrosoft Entra ID Bitlocker Key Packages location
Hello, According to info provided in Intune, key packages can be now saved in Entra ID (so it means that KPs can be saved in cloud-ony environment Entra ID right?) I would like to know how to download those key packages or where can I find them? Best regards,
Multiple Orgs one monitored with Comp Portal
Going to try best to explain this. I have my own domain and 365 business account using entune and all we’ll say account A. A client (account B) requires me to have Comp Portal and download webex from it. I opened OneNote and a message appeared that the organization is now managing that. If within one note I’m under account A which is my own domain, can account B which requires Comp Portal to access WebEx see my stuff in apps under account A?Cloud Attach Your Future - Part II - "The Big 3"
When the global pandemic started, we were all thrust into the new (and very lightly explored) area of managing devices remotely 100% of the time. Of course, everyone rushed to their VPN solution only to uncover new obstacles and even more significant challenges which they had never anticipated. As I talk to customers and I listen to how their management of the Windows estate has changed, I am always surprised by the lack of the "Big 3": Cloud management gateway (CMG) Tenant attach Co-management These are the essential features that you need NOW as you continue to modernize and streamline your management solution.Microsoft Configuration Manager 2309 - Press release
This article provides information about Microsoft Configuration Manager 2309 release. To learn about the Configuration Manager, see Microsoft Configuration Manager FAQ. Microsoft Configuration Manager 2309 release is planned for October 2023. With this release we are bringing in new features and additional enhancements to the existing feature set. Configuration Manager 2305 Technical Preview had new enhancements, likewise, 2307 Technical Preview will bring additional capabilities to customers. Here is the list of features that are being introduced during Configuration Manager 2307 TP and 2309 Current Branch focusing on key customer value/asks and delivering high quality product updates. Some of the key additions are 1) Operating system deployment support for Windows 23H2; 2) Customers can perform Windows 11 edition upgrade like they did for Windows 10 edition upgrade from Professional to Enterprise Operating System; 3) a Windows 11 readiness dashboard for administrators or management to decide on how many devices are ready to upgrade to latest Windows 11 operating system, 4) Script runtime can be scheduled with simple steps, and customers can schedule the scripts to run on a particular time from the Primary Site time zone 5) Unified Service Orchestrator (USO) integration with Configuration Manager provides native windows update reboot experience( pre-release feature), and 6) Improvements in external notifications (Console Connectors). Furthermore we added critical customer asks such as, 1) Operating Systems Deployment (OSD) Preferred MP options which enables IT admins to choose a preferred Management point for PXE boot scenario; 2) Task Execution Status messages can now be deleted from primary servers which are older than 30 days, or any configured number of days; 3) CMG creation using third party app via console or PowerShell instead of the first party app; 4) Attack Surface Reduction (ASR) capability now marks server SKU as compliant only after enforcement is completed successfully; 5) Enable BitLocker through provisionTS task sequence option available on CM console to save the recovery key on CM database; 6) Client certificate state in console (self-signed) will now match state in control panel (PKI) applet; 7) Discrepancy in App Summarization report in console is corrected; 😎 Synchronization of collection memberships to Azure AD groups now optimized to show the entire set of members; 9) Patch downloader log size increased for troubleshooting purposes. We value your feedback on the upcoming functionalities to be released as it will contribute greatly to the enhancement of the product. Thanks, The Configuration Manager team Additional resources: What’s New in Configuration Manager Documentation for Configuration Manager Microsoft Configuration Manager announcement Microsoft Configuration Manager vision statement Evaluate Configuration Manager in a lab Upgrade to Configuration Manager Configuration Manager Forums Configuration Manager Support Report an issue Provide suggestionsMECM- Web Threat Protection
We are currently deploying web threat protection since i do not have access to intune and intune is currently being rolled out slowly and enrolled with devices, now we have to resort to mecm and potentially create a configuration baseline with web threat protection settings for Microsoft edge, can you recommend a implementation for this or provide the best approach? Thanks.
