Configuration Manager 2005 Technical Preview.
You can now initiate an application install in real time for a tenant attached device from the Microsoft Endpoint Management admin center. Helpdesk users can initiate real-time queries and run PowerShell scripts from the cloud against an individual Configuration Manager managed device and return the results to the admin center. Additionally, you can now see a timeline of events that shows past activity on the device that can help you troubleshoot problems for each device.
Tenant attach: Device timeline in the admin center
When Configuration Manager synchronizes a device to Microsoft Endpoint Manager through tenant attach, you can now see a timeline of events. This timeline shows past activity on the device that can help you troubleshoot problems.
Tenant attach: Install an application from the admin center
You can now initiate an application install in real time for a tenant attached device from the Microsoft Endpoint Management admin center.
Tenant attach: CMPivot from the admin center
Bring the power of CMPivot to the Microsoft Endpoint Manager admin center. Allow additional personas, like Helpdesk, to be able to initiate real-time queries from the cloud against an individual ConfigMgr managed device and return the results back to the admin center. This gives all the traditional benefits of CMPivot, which allows IT Admins and other designated personas the ability to quickly assess the state of devices in their environment and take action.
Tenant attach: Run Scripts from the admin center
Bring the power of the Configuration Manager on-premises Run Scripts feature to the Microsoft Endpoint Manager admin center. Allow additional personas, like Helpdesk, to run PowerShell scripts from the cloud against an individual Configuration Manager managed device. This gives all the traditional benefits of PowerShell scripts that have already been defined and approved by the Configuration Manager admin to this new environment.
VPN boundary type
To simplify managing remote clients, you can now create a new boundary type for VPNs.
Previously, you had to create boundaries for VPN clients based on the IP address or subnet. This configuration could be challenging or not possible because of the subnet configuration or the VPN design.
Now when a client sends a location request, it includes additional information about its network configuration. Based upon this information, the server determines whether the client is on a VPN. All clients that connect through a VPN automatically belong to the boundary group associated with this new boundary type.
Azure AD authentication in Software Center
This release fixes an issue with Software Center and Azure Active Directory (Azure AD) authentication. For a client detected as on the intranet but communicating via the cloud management gateway (CMG), previously Software Center would use Windows authentication. When it tried to get the list of user available apps, it would fail. It now uses Azure Active Directory (Azure AD) identity for devices joined to Azure AD. These devices can be cloud-joined or hybrid-joined.
Install and upgrade the client on a metered connection
Previously, if the device was connected to a metered network, new clients wouldn’t install. Existing clients only upgraded if you allowed all client communication. For devices that are frequently roaming on a metered network, they would be unmanaged or on an older client version. Starting in this release, client install and upgrade both work when you set the client setting Client communication on metered internet connections to Allow.
To define the behavior for a new client installation, there’s a new ccmsetup parameter /AllowMetered. When you allow client communication on a metered network for ccmsetup, it downloads the content, registers with the site, and downloads the initial policy. Any further client communication follows the configuration of the client setting from that policy.
Task sequence media support for cloud-based content
Even though there are more remote devices to manage these days, you may still have business processes to recover devices using task sequence media. For example, you send a USB key to a remote user to reimage their device. Or a remote office that has a local PXE server, but devices mainly connect to your main network over the internet. Instead of further taxing the VPN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources. For example, a cloud management gateway (CMG) that you enable to share content.
Improvements to cloud management gateway cmdlets
With more customers managing remote devices now, this release includes several new and improved Windows PowerShell cmdlets for the cloud management gateway (CMG). You can use these cmdlets to automate the creation, configuration, and management of the CMG service and Azure Active Directory (Azure AD) requirements.
For example, an Azure administrator first creates the two required apps in Azure Active Directory (Azure AD). Then you write a script that uses the following cmdlets to deploy a CMG:
- Import-CMAADServerApplication: Create the Azure AD server app definition in Configuration Manager.
- Import-CMAADClientApplication: Create the Azure AD client app definition in Configuration Manager.
- Use Get-CMAADApplication to get the app objects, and then pass to New-CMCloudManagementAzureService to create the Azure service connection in Configuration Manager.
- New-CMCloudManagementGateway: Create the CMG service in Azure.
- Add-CMCloudManagementGatewayConnectionPoint: Create the CMG connection point site system.
Community hub and GitHub
The IT Admin community has developed a wealth of knowledge over the years. Rather than reinventing items like Scripts and Reports from scratch, we’ve built a Configuration Manager Community hub where IT Admins can share with each other. By leveraging the work of others, you can save hours of work. The Community hub fosters creativity by building on others’ work and having other people build on yours. GitHub already has industry-wide processes and tools built for sharing. Now, the Community hub will leverage those tools directly in the Configuration Manager Console as foundational pieces for driving this new community. For the initial release, the content made available in the Community hub will be uploaded only by Microsoft. Currently, you can’t upload your own content to GitHub for use by Community hub.
Community hub supports the following objects:
- PowerShell Scripts
- Reports
- Task sequences
- Applications
- Configuration items
Microsoft 365 Apps for enterprise
Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise on April 21, 2020. Starting in this technical preview the following changes have been made:
- The Configuration Manager console has been updated to use the new name.
- This change also includes update channel names for Microsoft 365 Apps.
- A banner notification was added to the console to notify you if one or more automatic deployment rules reference obsolete channel names in the Title criteria for Microsoft 365 Apps updates.
If you use Title as criteria for Microsoft 365 Apps updates in your automatic deployment rules, use the next section to help modify them.
Update channel information for Microsoft 365 Apps
When Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise, the update channels were also renamed. If you use an automatic deployment rule to deploy updates, you’ll need to make changes to your rules if they rely on the Title property. That’s because the name of update packages in the Microsoft Update Catalog is changing.
Currently, the title of an update package for Office 365 ProPlus begins with “Office 365 Client Update” as seen in the following example:
Office 365 Client Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.20648)
For update packages released on and after June 9, the title will begin with “Microsoft 365 Apps Update” as seen in the following example:
Microsoft 365 Apps Update – Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.50000)
New Channel name | Previous Channel name |
---|---|
Semi-Annual Enterprise Channel | Semi-Annual Channel |
Semi-Annual Enterprise Channel (Preview) | Semi-Annual Channel (Targeted) |
Monthly Enterprise Channel | NA |
Current Channel | Monthly Channel |
Current Channel (Preview) | Monthly Channel (Targeted) |
Beta Channel | Insider |
Report setup and upgrade failures to Microsoft
If the setup or update process fails to complete successfully, you can now report the error directly to Microsoft. If a failure occurs, the Report update error to Microsoft button is enabled. When you use the button, an interactive wizard opens allowing you to provide more information to us. In technical previews, this button is always enabled even when the setup completes successfully.
When running setup from the media rather than the console, you’ll also be given the Report update error to Microsoft option if setup fails.
Notification for Azure AD app secret key expiration
Based on your UserVoice feedback, if you Configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:
- One or more Azure AD app secret keys will expire soon
- One or more Azure AD app secret keys have expired
Improvements to BitLocker task sequence steps
Based on your UserVoice feedback, you can now specify the Disk encryption mode on the Enable BitLocker and Pre-provision BitLocker task sequence steps. The Enable BitLocker step also now includes the setting to Skip this step for computers that do not have a TPM or when TPM is not enabled.
Improvements to the content library cleanup tool
If you remove content from a distribution point while the site system is offline, an orphaned record can exist in WMI. Over time, this behavior can eventually lead to a warning status on the distribution point. The content library cleanup tool in delete mode could remove orphaned files from the content library. It can now also remove orphaned content records from the WMI provider on a distribution point.
Remove command prompt during Windows 10 in-place upgrade
During a task sequence to upgrade a device to Windows 10, during one of the final Windows configuration phases a command prompt window opens. The window is on top of the Windows out-of-box experience (OOBE), and users can interact with it to disrupt the upgrade process. Starting in this release, the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts from Configuration Manager include a change to hide the command prompt window.