We have introduced audit messages about authorization failure in admin service. You can now view request details and status messages. These messages will be shown in “All Status Message” at “Status Message Queries” in “Monitoring” ribbon. Previously these failures were logged in log files.
With the new audit messages, we intend to avoid inconvenience of log files rollback. Details about the user, resource access attempts and the number of attempts for all the authorized requests made by user in a day will now be available. We are also auditing read operations for HTTPS requests and for cloud-initiated operations. This will help admins to scope permission and roles of users while also determining if there are any malicious users.
For more information, see Administration Service documentation.
If your site is configured with NAA account, you'll see this new prerequisite warning added. To improve the security of distribution points configured with NAA account, review the existing accounts and their relevant permissions. If it has more than minimal required permission, then remove and add a minimal permission account. Don't configure any administrator level permission accounts on the NAA. If the site server is configured with HTTPS / EHTTP, we recommend removing NAA account, which is unused.
For more information, see the description of this permissions-for-the-network-access-account.
Starting with Configuration Manager version 2211, the scalability of this feature has been improved with better throttling and error handling. Additionally, dedicated dashboards for user collections and device collections are added in Monitoring workspace to show Cloud Sync status. The dashboard displays the Cloud Sync status per collection with the mapped Azure AD group, total member count, synced member count, status (success, failed, in progress) and last sync details.
For more details and to view the full list of new features in this update, check out our Features in Configuration Manager technical preview version 2211 documentation.
Update 2210 for Technical Preview Branch is available in the Microsoft Endpoint Configuration Manager Technical Preview console. For new installations, the 2210 baseline version of Microsoft Endpoint Configuration Manager Technical Preview Branch is available on the link: MECM2210TP-Baseline or from Eval center
Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
We would love to hear your thoughts about the latest Technical Preview! Send us feedback directly from the console.
Thanks,
The Configuration Manager team
Configuration Manager Resources:
Documentation for Configuration Manager Technical Previews
Try the Configuration Manager Technical Preview Branch
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.