SCCM 2006

SCCM 2006.

Inhalt

Microsoft Endpoint Manager tenant attach Install applications from the admin center Import previously created Azure AD application during tenant attach onboarding Endpoint analytics Endpoint analytics data collection enabled by default Site infrastructure VPN -Grenztyp Management insights to optimize for remote workers Improved support for Windows Virtual Desktop Intranet clients can use a CMG software update point Cloud-attached management Use Microsoft Azure China 21Vianet for co-management Benachrichtigung für Azure AD App Secret Key Ablauf Desktop Analytics Real-time management Improvements to CMPivot Client management Installieren und aktualisieren Sie den Client in einer gemessenen Verbindung Improvements to managing device restarts Application management Improvements to available apps via CMG Microsoft 365 Apps für Enterprise OS deployment Task-Sequenz-Medien-Unterstützung für Cloud-basierte Inhalte Improvements to task sequences via CMG Verbesserungen an Bitlocker -Tasksequenzschritten Management insight rules for OS deployment Improvements to OS deployment Protection CMG support for endpoint protection policies BitLocker management support for hierarchies Configuration Manager-Konsole Community Hub und Github Direct links to Community hub items Notifications from Microsoft Power BI sample reports Deprecated operating systems

Microsoft Endpoint Manager tenant attach

Install applications from the admin center

You can initiate an application install in real time for a tenant attached device from the Microsoft Endpoint Manager admin center. Starting with Configuration Manager version 2006, the list of applications available for the device also includes applications deployed to the device’s currently logged on user.

Import previously created Azure AD application during tenant attach onboarding

During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach.

Endpoint analytics

Endpoint analytics data collection enabled by default

Der Enable Endpoint analytics data collection client setting is now enabled by default. This setting allows your managed endpoints to send data, such as startup performance insights, to your Configuration Manager site server. This change affects local data collection only. Endpoint analytics data isn’t uploaded to the Microsoft Endpoint Manager admin center until you enable data upload in Configuration Manager. The new default value applies to the default client settings and any custom client settings created after upgrading to version 2006.

If you’re upgrading from version 2002 to version 2006, existing custom client settings values are retained. The default value for Enable Endpoint analytics data collection in Configuration Manager version 2002 Ist NEIN.
If you’re upgrading to version 2006 from Configuration Manager version 1910 or prior, any pre-existing custom client settings that contain the Computer Agent group of settings inherits the new default of Ja für Enable Endpoint analytics data collection.

Site infrastructure

VPN -Grenztyp

Um die Verwaltung von Remote -Clients zu vereinfachen, Sie können jetzt einen neuen Grenztyp für VPNs erstellen. Vorher, Sie mussten Grenzen für VPN -Clients basierend auf der IP -Adresse oder dem Subnetz erstellen. Diese Konfiguration kann aufgrund der Subnetzkonfiguration oder des VPN -Designs eine Herausforderung oder nicht möglich sein.

Wenn nun ein Kunde eine Standortanfrage sendet, Es enthält zusätzliche Informationen zu der Netzwerkkonfiguration. Based on this information, Der Server stellt fest, ob sich der Client auf einem VPN befindet.

Management insights to optimize for remote workers

This release adds a new group of management insights, Optimize for remote workers. These insights help you create better experiences for remote workers and reduce load on your infrastructure. The insights in this release primarily focus on VPN:

Define VPN boundary groups
Configure VPN connected clients to prefer cloud based content sources
Disable peer to peer content sharing for VPN connected clients

Improved support for Windows Virtual Desktop

Der Fenster 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.

For more information on Configuration Manager’s support for Windows Virtual Desktop, see Supported OS versions for clients and devices.

Intranet clients can use a CMG software update point

Intranet clients can now access a CMG software update point when it’s assigned to a boundary group.

Cloud-attached management

Use Microsoft Azure China 21Vianet for co-management

You can now select the Azure China Cloud as your Azure environment when enabling co-management.

Benachrichtigung für Azure AD App Secret Key Ablauf

If you configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:

One or more Azure AD app secret keys will expire soon
One or more Azure AD app secret keys have expired

Weitere Informationen, sehen Renew secret key.

Desktop Analytics

Change to diagnostic data labels

To better align with the Desktop Analytics requirements for Windows diagnostic data, these settings have new labels:

Version 2006 und später	Version 2002 and earlier
Erforderlich	Basic
Optional (limited)	Enhanced (Limited)
N / A	Enhanced
Optional	Voll

If you previously configured any devices at the Enhanced level, when you upgrade to version 2006, they’ll revert to Optional (limited). They will then send less data to Microsoft. This change shouldn’t impact what you see in Desktop Analytics.

Real-time management

Improvements to CMPivot

The following improvements have been made in CMPivot:

CMPivot from the console and CMPivot standalone have been converged
Run CMPivot from an individual device or multiple devices without having to select or create a collection
From CMPivot query results, you can select an individual device or multiple devices then launch a separate CMPivot instance scoped to your selection.

Client management

Installieren und aktualisieren Sie den Client in einer gemessenen Verbindung

Vorher, Wenn das Gerät mit einem gemessenen Netzwerk verbunden war, Neue Kunden würden nicht installieren. Bestehende Kunden wurden nur aktualisiert, wenn Sie alle Kundenkommunikation zugelassen haben. Für Geräte, die häufig in einem gemessenen Netzwerk streifen, Sie wären nicht verwaltet oder auf einer älteren Kundenversion. Beginnend in dieser Veröffentlichung, you can install and upgrade the client when you set the client setting Kundenkommunikation auf gemessenen Internetverbindungen Zu Erlauben oder Limit. With this setting, you can allow the client to stay current, but still manage the client communication on a metered network.

Definieren des Verhaltens für eine neue Client -Installation, Es gibt einen neuen CCMSetup -Parameter /Zulassen. Wenn Sie die Client -Kommunikation in einem gemessenen Netzwerk für ccmSetup zulassen, Es lädt den Inhalt herunter, Register mit der Website, und lädt die anfängliche Richtlinie herunter. Jede weitere Client -Kommunikation folgt der Konfiguration der Client -Einstellung aus dieser Richtlinie.

Weitere Informationen, see the following articles:

About client settings
About client installation parameters and properties

Improvements to managing device restarts

Configuration Manager provides many options to manage device restarts and restart notifications. You can now configure a client setting to prevent devices from automatically restarting when a deployment requires it. This setting gives you more control in unique situations. Standardmäßig, the client setting Configuration Manager can force a device to restart ist aktiviert, so Configuration Manager can still force devices to restart. This setting only applies to application, software update, and package deployments that require a restart.

Application management

Improvements to available apps via CMG

This release fixes an issue with Software Center and Azure Active Directory (Azure ad) Authentifizierung. Für einen Kunden, der wie im Intranet erkannt wurde, aber über das Cloud -Management -Gateway kommuniziert (CMG), previously Software Center would use Windows authentication. When it tried to get the list of user-available apps, es würde scheitern. It now uses Azure Active Directory (Azure ad) identity for devices joined to Azure AD. Diese Geräte können mit Wolken oder Hybrid gejagt werden.

Microsoft 365 Apps für Enterprise

Büro 365 Proplus wurde in Microsoft umbenannt 365 Apps für Enterprise am April 21, 2020. Starting in version 2006, Die folgenden Änderungen wurden vorgenommen:

The Configuration Manager console has been updated to use the new name.
- Diese Änderung enthält auch Aktualisierungskanalnamen für Microsoft 365 Apps.
Der Konsole wurde eine Bannerbenachrichtigung hinzugefügt, um Sie zu benachrichtigen, wenn eine oder mehrere automatische Bereitstellungsregeln veraltete Kanalnamen in der Titel Kriterien für Microsoft 365 Apps Updates.

OS deployment

Task-Sequenz-Medien-Unterstützung für Cloud-basierte Inhalte

Task sequence media can now download cloud-based content. Zum Beispiel, you send a USB key to a user at a remote office to reimage their device. Or an office that has a local PXE server, but you want devices to prioritize cloud services as much as possible. Instead of further taxing the WAN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources. Zum Beispiel, Ein Cloud -Management -Gateway (CMG) dass Sie es ermöglichen, Inhalte auszutauschen.

The device still needs an intranet connection to the management point.

Improvements to task sequences via CMG

This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):

Support for OS deployment: With a task sequence that uses a boot image to deploy an OS, you can deploy it to a device that communicates via CMG. The user needs to start the task sequence from Software Center. Weitere Informationen, see Plan for CMG – Specifications.
This release fixes the two known issues from Configuration Manager current branch version 2002. You can now run a task sequence on a device that communicates via CMG in the following circumstances:
- A workgroup device that you register with a bulk registration token
- You configure the site for Enhanced HTTP and the management point is HTTP

Verbesserungen an Bitlocker -Tasksequenzschritten

You can now specify the disk encryption mode on the Aktivieren Sie Bitlocker Und Pre-provision BitLocker task sequence steps. Standardmäßig, the steps continue to use the default encryption method for the OS version.

Der Aktivieren Sie Bitlocker step also now includes a setting to Überspringen Sie diesen Schritt für Computer, die kein TPM haben oder wenn TPM nicht aktiviert ist. When you enable this setting, the step logs an error on a device without a TPM or a TPM that doesn’t initialize, and the task sequence continues. This setting makes it easier to manage the task sequence behavior on devices that can’t fully support BitLocker.

Management insight rules for OS deployment

When the size of the task sequence policy exceeds 32 Mb, the client fails to process the large policy. The client then fails to run the task sequence deployment. To help you manage the policy size of task sequences, this release includes the following management insights:

Large task sequences may contribute to exceeding maximum policy size
Total policy size for task sequences exceeds policy limit

These rules are in a new group for Operating System Deployment. The existing rule for Unused boot images is now in this group too.

Improvements to OS deployment

This release includes the following additional improvements to OS deployment:

Use a task sequence variable to specify the target of the Format and Partition Disk step. This new variable option supports more complex task sequences with dynamic behaviors. Zum Beispiel, a custom script can detect the disk and set the variable based on the hardware type. Then you can use multiple instances of this step to configure different hardware types and partitions.
The Check Readiness step now includes a check to determine if the device uses UEFI. It also includes a new read-only task sequence variable, _TS_CRUEFI.
If you enable the task sequence progress window to show more detailed progress information, it now doesn’t count enabled steps in a disabled group. This change helps make the progress estimate more precise.
Vorher, during a task sequence to upgrade a device to Windows 10, a command prompt window opened during one of the final Windows configuration phases. The window was on top of the Windows out-of-box experience (Outay), and users could interact with it to disrupt the upgrade process. Now the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts from Configuration Manager include a change to hide this command prompt window.
Some customers build custom task sequence interfaces using the IProgressUI::ShowMessage method, but it doesn’t return a value for the user’s response. This release adds the IProgressUI::ShowMessageEx method. This new method is similar to the existing method, but also includes a new integer result variable, pResult.

Protection

CMG support for endpoint protection policies

While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domain controllers. Beginnend in dieser Veröffentlichung, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.

BitLocker management support for hierarchies

You can now install the BitLocker self-service portal and the administration and monitoring website at the central administration site.

Configuration Manager-Konsole

Community Hub und Github

(First introduced in June 2020)

The IT admin community has developed a wealth of knowledge over the years. Rather than reinventing items like scripts and reports from scratch, we’ve built a Configuration Manager Community Hub where you can share with each other. Durch die Nutzung der Arbeit anderer, Sie können Stunden Arbeit sparen. Der Community Hub fördert die Kreativität, indem er auf der Arbeit anderer aufbaut und andere Menschen auf Ihnen aufbauen lassen. Github verfügt bereits über branchenweite Prozesse und Tools, die zum Teilen entwickelt wurden. Jetzt, the Community hub will leverage those tools directly in the Configuration Manager console as foundational pieces for driving this new community. Für die erste Veröffentlichung, Die im Community Hub verfügbaren Inhalte werden nur von Microsoft hochgeladen.

Direct links to Community hub items

You can easily navigate to and reference items in the Configuration Manager console Community hub node with a direct link.

Notifications from Microsoft

You can now choose to receive notifications from Microsoft in the Configuration Manager console. These notifications help you stay informed about new or updated features, changes to Configuration Manager and attached services, and issues that require action to remediate.

Power BI sample reports