Configuration Manager technical preview version 2209
Improvements to the console When performing a search on any node in the console, the hint text in the search bar will now indicate the scope of the search. By default, all subfolders are searched when you perform a search in any node that contains subfolders. You can narrow down the search by selecting the “Current Node” option from the search toolbar. If you want to expand the search to include all nodes, then select the “All Objects” button in the ribbon. For more information, see Console changes and tips. Improvements to the dark theme Pop-ups in the Health attestation dashboard will now adhere to the dark theme. Enable this pre-release feature to experience the dark theme. For more information, see Dark theme for the console. Other updates The software center logo dimension details are now added as a hint in the software center customization wizard. The image file can't be larger than 2 MB size. The maximum dimension of the image should be 400 Pixels wide and 100 pixels tall. For more information, see Software Center settings. For more details and to view the full list of new features in this update, check out our Features in Configuration Manager technical preview version 2209 documentation. Update 2209 for Technical Preview Branch is available in the Microsoft Endpoint Configuration Manager Technical Preview console. For new installations, the 2206 baseline version of Microsoft Endpoint Configuration Manager Technical Preview Branch is available on the link: MECM2206TP-Baseline or from Eval center Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. We would love to hear your thoughts about the latest Technical Preview! Send us feedback directly from the console. Thanks, The Configuration Manager team Configuration Manager Resources: Documentation for Configuration Manager Technical Previews Try the Configuration Manager Technical Preview Branch Documentation for Configuration Manager Configuration Manager Forums Configuration Manager SupportManaging remote machines with cloud management gateway in Microsoft Endpoint Configuration Manager
The increase in the global workforce working from home is unsurprisingly putting an added focus from organizations on remote functionality and management. Naturally we have seen an increase in the number of queries, questions and tweets around the tools and features Microsoft Endpoint Manager can offer in the way of remote management of the workforce. One of the most common topics I have had to field enquiries is around the use of cloud management gateway (CMG), usually in conjunction with keeping traffic off the VPN.Managing Patch Tuesday with Configuration Manager in a remote work world
This article is designed to help you successfully deliver patches to your managed PCs that are no longer on-premises and connecting via VPN using home broadband networks. We will take you through a decision tree of options available to your organization when it comes to managing your upcoming patch deployments as we approach the April 2020 security update.Unified update platform (UUP) FAQ's
After a month of UUP update release, sharing best practices based on our field and feedback through multiple channels. 1. Will UUP patch work for CB 2111 and below? Our pre-req is Configuration Manager Version 2203 and above as per our release documents. For Configuration Manager Version 2111 (Lesser than this are unsupported now) to patch UUP updates for windows 11 22H2 seamlessly, enable delta download setting using client settings in ConfigMgr. When this option is set, delta download is used for all Windows update installation files, not just express installation files. 2. Please be sure to select the appropriate update classifications in your ADRs. If you have ADRs configured to auto-approve Security Updates, be sure to specify the “Security Updates” classification in your ADR settings. If you would like to take advantage of all the great features of UUP and utilize UUP feature updates to upgrade endpoint clients to Windows 11 22H2, be sure to include the “Upgrades” classification in your ADRs. This will ensure that as endpoint clients go through the OS upgrade they will receive the latest security updates as part of the upgrade and will only need to reboot once. If you do not want to utilize UUP feature updates to upgrade endpoint clients right now, you will want to exclude the “Upgrades” classification from your ADRs. Note: The feature updates will be released every month but there will be sharing of content for the old files and the new content should be only a few hundred MBs between the month releases. See Question 9 for more details on deduplication. 3. ConfigMgr + Adaptiva integrated solutions Adaptiva has released a patch for its customers to support the UUP. The public documentation can be found here: https://adaptiva.com/blog/using-unified-update-platform-with-adaptiva-onesite. Note that Adaptiva has asked customers not to enable delta download from the client settings and this is our recommendation from ConfigMgr 2203+ onwards only (which is our recommended version as well but as mentioned before for UUP to work with ConfigMgr 2111 there is a requirement to enable delta download from client settings.) 4. ConfigMgr console on Windows Server 2012 R2 cannot download the UUP Quality update fails to verify cert signature PatchDownloader.log Verifying file trust C:\Users\admin\AppData\Local\Temp\2\CAB291B.tmp.wim Software Updates Patch Downloader Authentication of file C:\Users\admin\AppData\Local\Temp\2\CAB291B.tmp.wim failed, error 0x800b0004 Software Updates Patch Downloader Attempting to delete 0 byte tmp files from previous downloads Software Updates Patch Downloader ERROR: DownloadUpdateContent() failed with hr=0x80073633 Software Updates Patch Downloader Workaround: Patch the Windows Server 2012 R2 with 2023 4B (April CU) which then fixes this issue. 5. ConfigMgr Patchdownloader component may fail to verify (*.psf files) if the UUP patches were synched before ConfigMgr 2111 version. The issue will persist even if ConfigMgr version is upgraded to ConfigMgr 2111+ if the updates were synched before ConfigMgr was on a lesser version than version 2111. Sample error in PatchDownloader.log Verifying file trust C:\WINDOWS\TEMP\CAB6062.tmp.psf Software Updates Patch Downloader Authentication of file C:\WINDOWS\TEMP\CAB6062.tmp.psf failed, error 0x800b0004 Software Updates Patch Downloader Attempting to delete 0 byte tmp files from previous downloads Software Updates Patch Downloader ERROR: DownloadUpdateContent() failed with hr=0x80073633 Software Updates Patch Downloader The below SQL query will help you identify the issue. -- Sample check for 2023-04 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5025239). -- Replace the unique update id below if you are searching for a different UUP update IF EXISTS( select all SMS_CIContentFiles.CI_UniqueID,SMS_CIContentFiles.Content_ID,SMS_CIContentFiles.FileName,SMS_CIContentFiles.FileSize, SMS_CIContentFiles.IsSigned,SMS_CIContentFiles.SecuredTypeID,SMS_CIContentFiles.SourceURL from vSMS_CIContentFiles AS SMS_CIContentFiles WHERE SMS_CIContentFiles.CI_UniqueID='3157dbaf-04f5-49fc-baef-300bbd6d121a' AND FileName like '%.psf' and isSigned= 1 ) PRINT 'UUP Updates likely synched before upgrading to 2111. This will need correction, Please call Microsoft support to correct this.' ELSE PRINT 'You are not likely affected by the UUP PSF update signing issue' If you get the output of the above query as 'UUP Updates likely synched before upgrading to 2111. This will need correction, please call Microsoft support to correct this.' then likely you are affected and open a support case with Microsoft to correct the issue. 6. UUP updates installed as a part of OSD TS in "Install Software Updates" step (Fixed 2309 or later) There is a known issue that is currently investigated. The issue is the Delta Download component of CCMEXEC not starting on time and the updates timeout on the first scan, later scans are not impacted. Workaround: Add a restart step in between two install software updates steps. This will allow UUP updates to be successfully downloaded and installed in the second attempt. Resolution: Upgrade to CB 2309 and upgrade the client. This issue is addressed. 7. Does offline servicing work with UUP updates? No. Offline servicing images with UUP QU updates from the ConfigMgr console is not supported. 8. Are Delivery Optimization (DO) and Delta Download (DD) components different ? What is ConfigMgr dependency on DO? Delivery Optimization is a Windows technology to deliver content in a smart way reducing internet bandwidth owned by the Windows team and Delta Download is a component which is an http listener for requests owned by the ConfigMgr team. Delivery Optimization is a peer-to-peer distribution technology available in Windows 11 and Windows 10 that allows devices to share content, such as updates, that the devices have downloaded from Microsoft over the internet. DO is a part of the Windows OS. Delta Download is a http listener and is a component of ConfigMgr. ConfigMgr requires the DO client as it invokes the Delta download listener to download the content (as we configure the alternate content location URL in WUA policy to point to Delta Download Listener URL). The Invocation flow is WUA (Windows Update Agent) -> DO (Delivery Optimization) -> DD (Delta Download). Hence even if we don't enable DO, ConfigMgr would automatically enable DO by setting these two policies. This is visible in the UpdateDOGPO.log SetDOGPOSettings: Set Windows DO group policy to DOGroupId = DeliveryMode = group Customers should not create any GPO settings to disable these policies OR edit the registry to disable the DOSVC service or from services console. 9. Update Supersedence changing to 6 months default for new installs. How does update supersedence affect UUP scenarios? Refer the blog for the announcement details for this change. The default for expiring updates which are superseded will only change for the new installations and the existing ones will not be altered from whatever the current setting is. 10. Does ConfigMgr have deduplication of files at source and distribution points? Deduplication at the source in ConfigMgr : When PatchDownloader component downloads a file it checks if the file exists in the same share and creates a hard link for the already existing file instead of re-downloading it. Scenario 1 If the files/folders for previous UUP update source package are on the same volume but different share name, customers don't go into creating hard link path at all. Scenario 2(a) If the Package path has a common share \\machine\share but different folders inside it (which is the normal case) like \\machine\share\jan and \\machine\share\feb we go to the hard link and create the hard link for the file with the Patchdownloader.log entry Content already downloaded. Created link for ContentID Scenario 2(b) Same scenario as 2(a) but the PatchDownloader here finds the same file present in a different share first apart from being present on the same share. Here the PatchDownloader doesn't go deep and check if the file is also present on the same share and fails to create the hard link. But here it doesn't download from internet again but copies the file from the other share to this share. Log entries fail to create hard link with error 17 (which is it thinks these are different drives). Could not create hard link: \\MachineNetbios\UpdatesPackage\2302_Win11_21H2_UUP\b1e9d019-7dec-4eee-b7e4-9e8eae99d89b.1\19222DDC6156FBE5570C3A6DDF69759662F93AEE_FeatureOnDemand.wim -> \\ MachineNetbios\22-11-UUPWin11\bcb528ff-85c2-4372-8b91-20bd0c7fa1e4\19222DDC6156FBE5570C3A6DDF69759662F93AEE_FeatureOnDemand.wim. LastErr=17 Summary It is recommended to have a single share for all the UUP monthly packages \\machine\UUP and then creating folders inside it for each months. for eg.. \\machine\share\jan and \\machine\share\feb . In this case ConfigMgr will create hard links instead of downloading the actual files again. Note If you actually check the properties of the folder it will still show the size of the actual file and not hard link. Use DU.exe from sysinternals suite to find the actual size of a folder. E:\UpdatesPackage\2302_Win11_21H2_UUP>E:\DU\du.exe . DU v1.62 - Directory disk usage reporter Copyright (C) 2005-2018 Mark Russinovich Sysinternals - www.sysinternals.com Files: 14 Directories: 2 Size: 9,675,198,236 bytes Size on disk: 9,675,227,136 bytes Note To find all the hard link references to a file use the fsutil command. fsutil harlink list <full_file_path> 11. Why does ConfigMgr UUP On-Prem download a 3-5GB wim when I want to install a very small FOD/LP package? This is an issue with the size attribute on the file as we don't download the full file for FOD/LP but only the needed byte ranges. Since we download the needed byte ranges only, the size that gets displayed for the file is the cumulative size of the file till that range. Meaning if the small FOD package is around 3035627519 of the byte range in the file, we will display the size of the file as around 2.82 GB. While in actuality we only downloaded the file ranges between 3034578944-3035627519 for the 1 MB FOD package. To confirm the actual size of the file on disk you can check the properties of the file and verify the "Size on disk". 12. Deduplication at the distribution points in ConfigMgr : Distribution Points in ConfigMgr are already designed to have a SIS (Single instance storage) in the form of Content Library. So we store any file only once no matter how many packages it is present in. More on ConfigMgr Content Library design here . For more details ref the actual windows blog and Configuration blog. Thank you, The Configuration Manager teamUpdate 1902 for Configuration Manager current branch is now available
In the 1902 update to Configuration Manager current branch, we continue to deliver value around our core themes of Cloud Value, Customer Voice, Get Current, and Simplification. Get Current with Office is one of our key capabilities in the 1902 update and optional integration with the Readiness Toolkit for Office provides insights to help prepare for Office 365 ProPlus deployments. These insights can now complement your organization’s end-to-end ability to deploy Office 365 ProPlus, from readiness, to deployment, to monitoring.Update 1910 for Microsoft Endpoint Configuration Manager current branch is now available
Update 1910 for Microsoft Endpoint Configuration Manager current branch is now available. As Brad Anderson announced at Ignite, Configuration Manager is now part of Microsoft Endpoint Manager. Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune, without a complex migration, and with simplified licensing.Third-Party Updates and Windows Update for Business
While using Windows Updates for Business (WUfB) is not for everyone, its simplicity and familiar end-user experience make it quite attractive to many organizations. One thing that WUfB does not provide today, though, is updates for third-party products. For that, you need to continue to use an on-premises solution like Microsoft Endpoint Manager Configuration Manager to complement WUfB.Update 2107 for Microsoft Endpoint Configuration Manager current branch is now available
Update 2107 for Microsoft Endpoint Configuration Manager current branch is now available. Starting in this release, you can enable an application deployment to support implicit uninstall. If a device is in a collection, the application installs. Then when you remove the device from the collection, the application uninstalls.
