OS deployment
40 TopicsConfiguration Manager technical preview version 2411
Operating System support added for Windows 11 24H2 and Windows Server 2025 With this version of Configuration Manager, support is added for Windows 11 24H2 and Windows Server 2025. Windows 11 24H2 & Windows Server 2025 are added to Product lifecycle dashboard and supported platform. Windows 11 24H2 & Windows Server 2025 Client support is added. Boot image creation in SCCM on Windows Server 2025 now supports latest Windows ADK Windows upgrade readiness dashboard now supports Windows 11 24H2 for upgrading clients. Note: Windows Server and Windows 11 24H2 do not support Firewall Rules. This will result in a non-compliant status in the Configuration Manager applet. Enhanced Security for CMG CMG Setup now uses Managed Identities and third-party Server Appto interact with CMG's Azure Storage Account, instead of storage account keys. Hence storage account key access is disabled for new CMG setup. For sessions upgrading from earlier versions to 2405 TP, the 'CMG enhanced security' button is shown as enabled. When the enhanced security option is selected, the VMSS OS Auto Upgrade feature is also activated. An extra panel appears, prompting the admin to provide maintenance window details. Azure uses this information to schedule upgrades whenever new OS images become available. CMG Entra Application secret renewal The 'Renew Secret Key' feature now opens a dialog with four options for the validity period. This update also prevents applications older than 800 days (approximately two years) from renewing their secret keys. The same options are available when creating a new app. Note: The admin must sign in using tenant global administrator credentials and then click on the renew button. SQL 2012 and 2014 support are deprecated Starting with this version, Configuration Manager no longer supports SQL Server 2012 and 2014. Upgrade to the latest SQL Server version or at least SQL Server 2016. If you don’t upgrade, CM upgrades are blocked, and you see an error during the pre-req check. Software metering support in Arm64 devices The Configuration Manager now supports Software metering for Arm64 devices. Software metering is used to monitor Windows PC desktop apps with a filename ending in .exe. For more information, Software metering in Configuration Manager Update 2411 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2411 baseline version of Microsoft Configuration Manager Technical Preview Branch is available on the link: CM2405TP-Baselineor fromEval center Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. We would love to hear your thoughts about the latest Technical Preview! Send usfeedbackdirectly from the console. Thanks, The Configuration Manager team Configuration Manager Resources: Documentation for Configuration Manager Technical Previews Try the Configuration Manager Technical Preview Branch Documentation for Configuration Manager Configuration Manager Forums Configuration Manager Support3.2KViews1like7CommentsConfiguration Manager technical preview version 2405
Configuration Manager now supports SQL Extended Protection for Authentication Configuration Manager now supports SQL Extended Protection for Authentication. It's a security feature that enhances protection against MITM attacks, making SQL Server more secure when connections are made using Extended Protection. These enhancements collectively reduce the risk of unauthorized access and protect sensitive data managed by the SQL Server Database Engine. For more information, seeConnect to the Database Engine Using Extended Protection BitLocker support in Arm devices Configuration Manager now supports BitLocker Task Sequence steps for Arm devices. In BitLocker Management, policies that include OS Drive encryption with a TPM protector and Fixed Drive encryption with the Auto-Unlock option are supported on Arm devices. Introducing Centralized Search - Desired Workspace Selection The centralized search box now enables the option to select the desired workspace for searching. Users can easily refine their search results by selecting the desired workspace from the dropdown menu. Fixes Performance Enhancement of policy processing and collection evaluation The performance of policy processing and collection evaluation has been enhanced. Previously, blocking chains from sp_ProcessPolicyChanges, called by PolicyPv, would run for hours, disrupting multiple workloads including collection management and policy processing. Known issues Unable to import or connect to Powershell Configuration Manager module via console While importing or connecting to Configuration manager Powershell module via CM console users get the following error message : PS C:\Build\AdminConsole\bin> Import-Module .\ConfigurationManager.psd1 Import-Module : The module manifest 'C:\Build\AdminConsole\bin\ConfigurationManager.psd1' could not be processed because it is not a valid Windows PowerShell restricted language file. Remove the elements that are not permitted by the restricted language Configuration Manager console won't automatically update If you update a technical preview site from version 2401 to a later version, the Configuration Manager console fails to update. This problem is because of a known issue in the extension installer. Mitigation:To work around this issue, after you update the site from version 2401 to a later version, manually uninstall the previous console and runConsoleSetup.exe. For more information, seeInstall the Configuration Manager console Update 2405 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2405 baseline version of Microsoft Configuration Manager Technical Preview Branch isavailable on the link:CM2405TP-Baselineor fromEval center Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. We would love to hear your thoughts about the latest Technical Preview! Send usfeedbackdirectly from the console. Thanks, The Configuration Manager team Configuration Manager Resources: Documentation for Configuration Manager Technical Previews Try the Configuration Manager Technical Preview Branch Documentation for Configuration Manager Configuration Manager Forums Configuration Manager Support7.5KViews2likes8CommentsUpdate 2403 for Microsoft Configuration Manager current branch is now available.
Update 2403 for Configuration Manager current branch is available as an in-console update. Apply this update on sites that run version 2211 or later. When installing a new site, it will also be available as abaseline versionsoon after general availability. This article summarizes the changes and new features in Configuration Manager, version 2403. Site infrastructure Microsoft Azure Active Directory rebranded to Microsoft Entra ID Starting Configuration Manager version 2403, Microsoft Azure Active Directory is renamed to Microsoft Entra ID within Configuration Manager. Automated diagnostic Dashboard for Software Update Issues A new dashboard is added to the console under monitoring workspace, which shows the diagnosis of the software update issues in your environment this feature can easily identify any issues related to software updates. You can fix software update issues based on troubleshooting documentations. Special credit to Shankar Subramanian and Smita Jadhav for their details and troubleshooting notes. For more information, seeSoftware update health dashboard. Introducing centralized search box: Effortlessly find what you need in the console! Users can now use the global search box in CM console, which streamlines the search experience and centralizes access to information. This feature enhances the overall usability, productivity and effectiveness of CM. Users no longer need to navigate through multiple nodes or sections/ folders to find information they require, saving valuable time and effort. For more information, seeImprovements to console search. Added Folder support for Scripts node in Software Library You can now organize scripts by using folders. This change allows for better categorization and management of scripts. Full Administrator and Operations Administrator roles can manage the folders. For more information, seeFolder support for scripts. HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager HTTP-only communication is deprecated, and support is removed from this version of Configuration Manager. Enable HTTPS or Enhanced HTTP for client communication. For more information, seeEnable site system roles for HTTPS or Enhanced HTTP.andDeprecated features Windows Server 2012/2012 R2 operating system site system roles are not supported from this version of Configuration Manager Starting 2403, Windows Server 2012/2012 R2 operating system site system roles aren't supported in any CB releases. Clients with extended support (ESU) will continue to support. For more information, seeSupported-operating-systems-for-site-system-servers. Resource access profiles and deployments will block Configuration manager upgrade Any configured Resource access profiles and deployments block Configuration manager upgrade. Consider deleting them and moving the co-management workload for Resource Access (if co-managed) to Intune. For more information, seeFAQandResource access policies are no longer supported. Software updates New parameter SoftwareUpdateO365Language is added to Save-CMSoftwareUpdate cmdlet A new parameterSoftwareUpdateO365Languageis now added to PowerShell Save-CMSoftwareUpdate cmdlet. Customers now don't have to check a specific language in the SUP Properties (causing a metadata download for that language for all updates). PowerShell Commandlet: Save-CMSoftwareUpdate – SoftwareUpdateO365Language <language name> (<region name>)" Note Languages need to be in O365 format to be consistent with Admin Console UI. E.g. "Hungarian (Hungary)". OS deployment Support for ARM 64 Operating System Deployment Configuration Manager operating system deployment support is now added on Windows 11 ARM 64 devices. Currently Importing and customizing Arm 64 boot images, Wipe and load TS, Media creation TS, WDS PXE for Arm 64 and CMPivot is supported. Enhancement in Deploying Software Packages with Dynamic Variables Administrators while deploying the "Install Software Package" via Dynamic variable with "Continue on error" unchecked to clients, will not be notified with task sequence failures even if package versions on the distribution point are updated. For more information, seeOptions for Install Application. Cloud-attached management Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic) The option to upgrade Configuration Manager 2403 is blocked if you're running cloud management gateway V1 (CMG) as a cloud service (classic). All CMG deployments should use a virtual machine scale set. For more information, seeCheck for a cloud management gateway (CMG) as a cloud service (classic). Deprecated features Learn about support changes before they're implemented inremoved and deprecated items. System Center Update Publisher (SCUP) and integration with ConfigMgr planned end of support Jan 2024. For more information, seeRemoved and deprecated features for Configuration Manager. Other updates Improvements to BitLocker This release includes the following improvements to BitLocker: Starting in this release, this feature ensures proper verification of key escrow and prevents message drops. We now validate whether the key is successfully escrowed to the database, and only on successful escrow we add the key protector. This feature now prevents a potential data loss scenario where BitLocker is protecting the volumes with keys that are never backed up to the database, in any failures to escrow happens. For more information on BitLocker management, seeDeploy BitLocker management.andPlan for BitLocker management.. From this version of Configuration Manager, the Windows 11 readiness dashboard shows charts for Windows 23H2. Defender Exploit Guards policy for controlled folder now accepts regex in the file path for apps.For example, [C:\Folder\Subfolder\app?.exe] [C:\Folder1\Sub*Name] Next steps At this time, version 2403 is released for slow ring (all in console update), Baseline will be updated in portal soon. Thank you, The Configuration Manager team Additional resources: What’s New in Configuration Manager Documentation for Configuration Manager Microsoft Configuration Manager announcement Microsoft Configuration Manager vision statement Evaluate Configuration Manager in a lab Upgrade to Configuration Manager Configuration Manager Forums Configuration Manager Support Report an issue Provide suggestions28KViews7likes30CommentsConfiguration Manager technical preview version 2311
Folder support for Scripts node in Software Library You can now organize scripts by using folders. This change allows for better categorization and management of scripts. Full Administrator and Operations Administrator roles can manage the folders. New parameter SoftwareUpdateO365Language is added to Save-CMSoftwareUpdate cmdlet A new parameterSoftwareUpdateO365Languageis now added to Powershell Save-CMSoftwareUpdate cmdlet. Customers now don't, have to check a specific language in the SUP Properties (causing a metadata download for that language for all updates). PowerShell Commandlet: Save-CMSoftwareUpdate – SoftwareUpdateO365Language <language name> (<region name>)" Note: Languages need to be in O365 format to be consistent with Admin Console UI e.g. "Hungarian (Hungary)" Support for Arm64 Operating System Deployment Configuration Manager operating system deployment support is now added on Windows 11 Arm64 devices. Currently Importing and customizing Arm64 boot images, Wipe and load Task Sequence, Media creation Task sequence and WDS PXE for Arm64 is supported. Resource access profiles and deployments will block Configuration manager upgrade Any configured Resource access profiles and associated deployments will block the Configuration manager upgrade. Please consider deleting them and moving the co-management workload for Resource Access (if co-managed) to Intune. WildCard Support added in Defender Exploit Guard policy for Controlled Folders Defender Exploit Guards policy for Controlled Folder now accepts Regex in the file path for apps. E.g. [C:\Folder\Subfolder\app?.exe] [C:\Folder1\Sub*Name] Other Updates Troubleshooting Dashboard for Software Update Issues (Teaser) A new dashboard is added to the console under monitoring workspace which will diagnose software update issue in your environment. You can fix these issues based on troubleshooting documentations. Future release will have more common errors, automated troubleshooting and remediation added. Update 2311 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2311 baseline version of Microsoft Configuration Manager Technical Preview Branch isavailable on the link:CM2311TP-Baselineor fromEval center Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. We would love to hear your thoughts about the latest Technical Preview! Send usfeedbackdirectly from the console. Thanks, The Configuration Manager team Configuration Manager Resources: Documentation for Configuration Manager Technical Previews Try the Configuration Manager Technical Preview Branch Documentation for Configuration Manager Configuration Manager Forums Configuration Manager Support8.5KViews3likes3CommentsConfiguration Manager technical preview version 2307
Windows 11 Edition Upgrade using Configuration Manager policy settings. Administrator can now create a policy using edition upgrade in Configuration Manager to update the Windows 11 edition. Windows 11 Upgrade Readiness Dashboard Administrators can use this dashboard to devise their Windows 11 upgrade strategy and discover the devices in the organization, which are ready for Windows 11 Upgrade. This Dashboard also provides a count by installed Feature update version and a view of all Windows devices inside the organization. Administrators can create a collection of Windows 11 ready for upgrading devices and roll out feature updates to them. Following four charts are offered in this dashboard: Windows Device Information- Shows count of Windows 7, 8, 10 and 11 devices in your organization. Feature Update Version – Shows count of each feature update Version in your organization. Upgrade Experience Indicators – Shows information for each device, which can be in any of these states: Cannot Upgrade (Red Color) devices that cannot be upgraded to windows 11. App Upgrade/Uninstall required (Yellow Color) devices that need an application update or uninstall before upgrading to Windows 11. App/Driver upgrade required (Orange Color) devices that need application upgrade to windows 11. Ready for Upgrade (Green Color) devices that are capable of Windows 11 upgrade. Windows 11 Minimum Hardware Requirement – Showcases the minimum hardware and software requirements needed to support Windows 11. Option to schedule scripts' runtime The Run Script wizard now offers a scheduling option which enables administrators to schedule the future execution time of the scripts. It provides a convenient way to automate the running of scripts on managed devices according to specified schedules. External service notification Run details from Azure Logic application. This integration enables the monitoring and management of Azure Logic App notifications directly within the Configuration Manager console, providing a centralized location for tracking critical events, taking appropriate actions and maintains a high level of operational efficiency. Note To use this feature a valid Azure AD web app is required. Please deploy the Azure services for Administration service management under \Administration\Overview\Cloud Services\Azure Services. If the service is already deployed, admin can use the existing web application to view Run details from Azure logic app. View Status wizard Known issue :- An unexpected error can occur while configuring the Azure service web app for Administration service management which can be ignored as it does not affect the service creation. Maintenance window creation using PS cmdlet. Maintenance windows are recurring periods of time when the Configuration Manager client can run tasks. PowerShell Commandlet: New-CMMaintenanceWindow is used to create a maintenance window for a collection. Earlier the Offset parameter could be set only between 0 and 4. Now it has been extended between 0 to 7. Update Orchestrator Service (USO) for Windows 11 22H2 or later with windows native reboot experience When installing software updates from Configuration Manager, administrators can now choose to use the native Windows Update restart experience. To use this feature, client devices must be running Windows build 22H2 or later. From the Computer Restart client device settings, ensure that Windows is selected as the restart experience. Branding information will be included in the Windows restart notification for updates that require restart. Steps to enable Client settings. Reboot Notification Update 2307 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2307 baseline version of Microsoft Configuration Manager Technical Preview Branch isavailable on the link:CM2307TP-Baselineor fromEval center Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. We would love to hear your thoughts about the latest Technical Preview! Send usfeedbackdirectly from the console. Thanks, The Configuration Manager team Configuration Manager Resources: Documentation for Configuration Manager Technical Previews Try the Configuration Manager Technical Preview Branch Documentation for Configuration Manager Configuration Manager Forums Configuration Manager Support9.7KViews2likes2CommentsUpdate 2303 for Microsoft Configuration Manager current branch is now available.
Microsoft Configuration Manager product branding Starting with Configuration Manager version 2303 Microsoft Endpoint Configuration Manager is now Microsoft Configuration Manager. Microsoft Configuration Manager is an integrated solution for managing all your devices. Microsoft brings together Configuration Manager and Intune, without a complex migration, and with simplified licensing. Continue to use your existing Configuration Manager investments, while taking advantage of the power of the Microsoft cloud at your own pace. Cloud-attached management Improvements to Cloud Sync (Collections to Azure Active Directory Group Synchronization) feature Starting with Configuration Manager version 2303 collection member sync status (Success, In Progress, Failed - with reason for failure) is available in the Collection Cloud Sync dashboard for the chosen collection on the bottom pane. Earlier with Configuration Manager version 2211, the scalability of this feature has been improved with better throttling and error handling. Additionally, dedicated dashboards for user collections and device collections are added in Monitoring workspace to show Cloud Sync status. The dashboard displays the Cloud Sync status per collection with the mapped Azure AD group, total member count, synced member count, status (success, failed, in progress) and last sync details. For more information, seeSynchronize collections to Azure Active Directory Group. Endpoint Security reports in Intune admin center for Tenant Attached devices Starting with Configuration Manager version 2303, you can now opt for Endpoint Security reports in Intune admin center for tenant attached devices. Once you opt in, Unhealthy endpoints and Active malware operational reports under Endpoint security node in Intune admin center will start showing data from tenant attached devices. Also, Antivirus agent status and Detected malware organizational reports under Microsoft Defender Antivirus in Reports section will show data from tenant attached devices. For more information, seeTenant attach - Create and deploy Antivirus policies from the admin center. Site infrastructure Authorization failure message in admin service now shown in Status message viewer We have introduced audit messages about authorization failure in admin service. You can now view request details and status messages. These messages are shown in “All Status Message” at “Status Message Queries” in “Monitoring” ribbon. Previously these failures were logged in log files. With the new audit messages, we intend to avoid the inconvenience of log files rollback. Details about the user, resource access attempts and the number of attempts for all the authorized requests made by user in a day will now be available. We are also auditing read operations for HTTPS requests and for cloud-initiated operations. This helps admins to scope permission and roles of users while also determining if there are any malicious users. All unauthorized requests are aggregated for 24 hours before being sent to the status message viewer. For more information, seeAdministration Service documentation. SQL Server 2022 version support added for Configuration Manager Starting with 2303, support is added for SQL server 2022 RTM version. You can use this version of SQL Server for the following sites: A central administration site A primary site A secondary site The following table identifies the recommended compatibility levels for Configuration Manager site databases: SQL Server version Supported compatibility levels Recommended level SQL Server 2022 150, 140, 130, 120, 110 150 For more information, seesupport-for-sql-server-versions. Software updates Unified update platform (UUP) GA release The Unified Update Platform (UUP) servicing is finally here for all Windows 11, version 22H2 updates delivered via Windows Server Update Services (WSUS) and Configuration Manager! Starting March 28, on-premises Windows 11, version 22H2 devices will receive quality updates via the Unified Update Platform (UUP). For more information, seeWhat’s UUP? New update style!. The Unified Update Platform (UUP) is a single publishing, hosting, scan, and download model for OS quality and feature updates. It offers improved delivery technologies in response to IT admin requests for more seamless updates, more control over installation time, more battery life, and lighter download size. Note: A one-time 10-GB download to distribution points with your first UUP update. UUP is becoming the default and only way to download quality updates. This means that you should plan for an extra 10GB download to distribution points (not endpoint clients) with the March 28th update. That's a one-time 10GB download for updates for Windows 11, version 22H2 per architecture (AMD64 and ARM64). Let's look at the key benefits, version requirements. Quality updates for Windows 11 22H2 and above Quality updates with the UUP continue to be cumulative and include all released Windows quality and security fixes. All of these new capabilities are brought to you by UUP on premises! If interested in learning more about these improvements, read Faster, Smaller. Windows 11, version 22H2 update fundamentals. UUP on premises unlocks some amazing benefits going forward: Up to 30% smaller client downloads for monthly quality updates Cumulative update integration with feature updates (i.e., get current in one reboot) Seamless retention of installed language packs and optional features on demand (FODs) during feature updates Reduced client downloads for feature updates (i.e., inbox app downloads are conditional) Automatic OS healing during the update process1 that requires no action from the enterprise admins End-user acquisition of language packs and FODs Note:To receive quality updates on Windows 11, we recommend that the latest security updates be installed on your devices. Minimally, devices should be updated through Windows 11 22H2. To take advantage of UUP on premises, you must be using a supported platform: Recommended version: 2203 Configuration Manager Current Branch and above Enable Software Update on client’s settings to Yes. For Client Operating Systems that can support delta download (Win 10 Version 10.0.16299 or up), delta download endpoint will always get turned on regardless of the Client Agent Settings, and the port number will be honored even if Delta downloads not enabled. If Delta Download disabled, only UUP update will do delta download, all other updates, regardless of if express or not, will all do full file download. If Delta Download enabled, all updates will go with delta download code path regardless of if express or not, unless the only DP available is cloud DP. Any supported versions of Windows Server Update Services (WSUS) Note If you're a WSUS Standalone admin, please apply the upcoming February and March updates promptly to ensure your readiness! And if you haven't yet, learn about Adding file types for Unified Update Platform on premises . Known issue: On newly installed CM client, Delta Download delays to start on. Patchdownloader.log shows incorrect download percentage. WSUS Servers running on server 2022, 2019 or 2016 likely to break after Feb 2023 LCU if custom mime types are added at a subsite level in IIS. Update to the default value of supersedence age in months for software updates With Unified Update Platform (UUP) general availability release, the feature update and non-feature update supersedence should be greater than 3. For new software update role installations, we're updating this to 6, existing customers can review and update to 6. Update to the default value of supersedence age in months for software updates. Known issue: Update to the default value of supersedence age in months for software updates will not impact existing configurations. Removing SUP role in Admin Console does not reset the supersedence age property in WMI. As a result, while reconfiguring the role, the previously configured value is shown in the configuration window. Enable Windows features introduced via Windows servicing that are off by default The Commercial control for continuous innovation in Windows is now integrated with Configuration Manager 2303 release.Commercial control for continuous innovation (Windows 11) For more information, seeclient settings in Configuration Manager Configuration Manager console Dark theme extended to delete secondary site wizard The Configuration Manager console now extends the dark theme for the delete secondary site wizard. This wizard will also have a new look for the normal theme. This is part of the ongoing effort to make dark theme and overall admin console experience better. To use the theme, select the arrow from the top left of the ribbon, then choose the Switch console theme. Select Switch console theme again to return to the light theme. For more information, seeDark theme for the console. Deprecated features Removed Community hub service and integration with ConfigMgr Removed Community Hub configuration from Hierarchy settings and Community Hub service integration. Learn about support changes before they're implemented inremoved and deprecated items. Other updates Maintenance window schedules Offset for recurring monthly maintenance window schedules. Based upon your feedback, you can now offset monthly maintenance window schedules to better align deployments with the release of monthly security updates. For example, using a maximum offset of seven days after the second Tuesday of the month, sets the maintenance window for next Monday. Removing Microsoft Store for Business and Education new config capability As part of Microsoft Store for Business deprecation, we are making these changes to the customer experience with using this feature: Removing a user's ability to create new Microsoft Store for Business in Configuration Manager. Display a warning message box when user triggers a sync from Microsoft Store for Business. Display a warning in the Create Application Wizard when user attempts to create a new app from Store license information. For more information, seeremoved and deprecated items. For more details and to view the full list of new features in this update, check out ourWhat’s new in version 2303 of Microsoft Configuration Managerdocumentation. For assistance with the upgrade process, please post your questions in the Site and Client Deployment forum.Send us your Configuration Manager feedback throughFeedbackin the Configuration Manager console.Continue toshare and vote on ideasabout new features in Configuration Manager. Thank you, The Configuration Manager team Additional resources: What’s New in Configuration Manager Documentation for Configuration Manager Microsoft Configuration Manager announcement Microsoft Configuration Manager vision statement Evaluate Configuration Manager in a lab Upgrade to Configuration Manager Configuration Manager Forums Configuration Manager Support Report an issue Provide suggestions29KViews10likes3CommentsConfiguration Manager technical preview version 2305
OSD preferred MP option for PXE boot scenario Preferred Management Point (MP) option will now allow PXE clients to communicate to an initial lookup MP and receive the list of MP(s) to be used for further communication. When the option is enabled, it allows an MP to redirect the PXE client to another MP, based on the client location in the site boundaries. New Site Maintenance task “Delete Aged Task Execution Status Messages” is now available on primary servers to clean up data older than 30 days or configured number of days You can enable this feature by utilizing the Site Maintenance Window or using PowerShell Commandlet. By default, it has been set to run on Saturday and delete the data older than 30 days. It does so by cleaning up [dbo].TaskExecutionStatus Table Example : Set-CMSiteMaintenanceTask -Sitecode "XXX" -MaintenanceTaskName "Delete Aged Task Execution Status Messages" -DaysOfWeek Friday CMG creation using third PartyApp via Console We have deprecated the use of first party app for the creation of CMG. Now, CMG uses a third party server app to get bearer tokens. For CMG creation, users can select tenant and the app name using the Azure AD tenant name. After selecting tenant and app name the sign-in button appears. Existing Customers, must update their server app as current version, doesn't have the Redirect to- "http://localhost" To update the server app, you can navigate to Azure Active Directory Tenants node --> select the tenant --> select the server app --> click on "update application settings". CMG creation using third Party ServerApp via PowerShell To create CMG using third party Server app via PowerShell cmdlet, you need to specify TenantID in the argument: PowerShell Commandlet: Set-UpdateServerApplication – TenantID If you're utilizing the existing Azure AD server app, when existing (nonupdated) Azure AD server app is used, ensure that the server app has RedirectUrl="http://localhost” added in Azure portal and in TableAAD_Application_EX in Database. If you try to create the CMG before updating RedirectUrl, you get an error "Your server Application needs to be updated". Run this PowerShell command: Set-UpdateServerApplication to update your App, and then try again to create CMG. Note For new customers, before creating CMG, create Azure AD server app that contains the RedirectUrl="http://localhost” in your App. Once redirect URL and database settings are complete, you can execute the new PowerShell commandlet script. Attack Surface Reduction (ASR) capability now marks Server SKU as compliant only after enforcement Prior to the Attack Surface Reduction capability in Windows Server, rules were marked compliant by default. As this rule setting becomes available to Server SKU, it's enforced through Config Manager. Now the Server SKU will be marked as compliant for an Attack Surface Reduction rule, only after enforcement of the rule. Enhancing security for External service notifications URL This feature avoids the risk of directing the subscription logic to an untrusted URL, resulting in information leakage. The upgrade prevents information from being sent to an HTTPS URL with an untrusted certificate. This method ensures that the data is protected by a trusted SSL certificate. For a secure connection, we recommend using SSL certificates from trusted Certification Authorities. This security feature only allows connections to URLs that have trusted certificates for enhanced security. Enable BitLocker through ProvisionTS ProvisionTS is the task sequence that is executed at the time of provisioning the device. Escrowing recovery key to Config Manager Database is now supported using ProvisionTS. As a result, a device can escrow the key to Config Manager Database instantly. Client certificate state in console (self-signed) to match state in control panel (PKI) For clients that have a PKI certificate, the Configuration Manager console displays the Client certificate property as self-signed. The client control panel Client certificate property shows PKI. After this release, Configuration Manager console and client control panel Client certificate will be in sync and shows same state. Update 2305 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2305 baseline version of Microsoft Configuration Manager Technical Preview Branch isavailable on the link:CM2305TP-Baselineor fromEval center Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. We would love to hear your thoughts about the latest Technical Preview! Send usfeedbackdirectly from the console. Thanks, The Configuration Manager team Configuration Manager Resources: Documentation for Configuration Manager Technical Previews Try the Configuration Manager Technical Preview Branch Documentation for Configuration Manager Configuration Manager Forums Configuration Manager Support10KViews2likes4CommentsUpdate 2203 for Microsoft Endpoint Configuration Manager current branch is now available
Update 2203 for Microsoft Endpoint Configuration Manager current branch is now available. One of the exciting new features is the content distribution status visualizer. With it you can now monitor content distribution path and status in a graphical format.30KViews7likes11Comments