SCCM 2006

SCCM 2006.

Contenido

Microsoft Endpoint Manager tenant attach Install applications from the admin center Import previously created Azure AD application during tenant attach onboarding Endpoint analytics Endpoint analytics data collection enabled by default Site infrastructure Tipo de límite VPN Management insights to optimize for remote workers Improved support for Windows Virtual Desktop Intranet clients can use a CMG software update point Cloud-attached management Use Microsoft Azure China 21Vianet for co-management Notificación de caducidad de la clave secreta de la aplicación Azure AD Desktop Analytics Real-time management Improvements to CMPivot Client management Instalar y actualizar el cliente en una conexión medida Improvements to managing device restarts Application management Improvements to available apps via CMG microsoft 365 Aplicaciones para empresas OS deployment Soporte de medios de secuencia de tareas para contenido basado en la nube Improvements to task sequences via CMG Mejoras en los pasos de la secuencia de tareas de BitLocker Management insight rules for OS deployment Improvements to OS deployment Protection CMG support for endpoint protection policies BitLocker management support for hierarchies Configuration Manager console Centro comunitario y GitHub Direct links to Community hub items Notifications from Microsoft Power BI sample reports Deprecated operating systems

Microsoft Endpoint Manager tenant attach

Install applications from the admin center

You can initiate an application install in real time for a tenant attached device from the Microsoft Endpoint Manager admin center. Starting with Configuration Manager version 2006, the list of applications available for the device also includes applications deployed to the device’s currently logged on user.

Import previously created Azure AD application during tenant attach onboarding

During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach.

Endpoint analytics

Endpoint analytics data collection enabled by default

El Enable Endpoint analytics data collection client setting is now enabled by default. This setting allows your managed endpoints to send data, such as startup performance insights, to your Configuration Manager site server. This change affects local data collection only. Endpoint analytics data isn’t uploaded to the Microsoft Endpoint Manager admin center until you enable data upload in Configuration Manager. The new default value applies to the default client settings and any custom client settings created after upgrading to version 2006.

If you’re upgrading from version 2002 to version 2006, existing custom client settings values are retained. The default value for Enable Endpoint analytics data collection in Configuration Manager version 2002 es No.
If you’re upgrading to version 2006 from Configuration Manager version 1910 or prior, any pre-existing custom client settings that contain the Agente informático group of settings inherits the new default of Sí para Enable Endpoint analytics data collection.

Site infrastructure

Tipo de límite VPN

Para simplificar la gestión de clientes remotos, ahora puedes crear un nuevo tipo de límite para VPN. Previamente, tenías que crear límites para los clientes VPN según la dirección IP o la subred. Esta configuración podría ser desafiante o no posible debido a la configuración de subred o al diseño de VPN..

Ahora, cuando un cliente envía una solicitud de ubicación, Incluye información adicional sobre su configuración de red.. Based on this information, el servidor determina si el cliente está en una VPN.

Management insights to optimize for remote workers

This release adds a new group of management insights, Optimize for remote workers. These insights help you create better experiences for remote workers and reduce load on your infrastructure. The insights in this release primarily focus on VPN:

Define VPN boundary groups
Configure VPN connected clients to prefer cloud based content sources
Disable peer to peer content sharing for VPN connected clients

Improved support for Windows Virtual Desktop

El Windows 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.

For more information on Configuration Manager’s support for Windows Virtual Desktop, see Supported OS versions for clients and devices.

Intranet clients can use a CMG software update point

Intranet clients can now access a CMG software update point when it’s assigned to a boundary group.

Cloud-attached management

Use Microsoft Azure China 21Vianet for co-management

You can now select the Azure China Cloud as your Azure environment when enabling co-management.

Notificación de caducidad de la clave secreta de la aplicación Azure AD

If you configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:

One or more Azure AD app secret keys will expire soon
One or more Azure AD app secret keys have expired

For more information, see Renew secret key.

Desktop Analytics

Change to diagnostic data labels

To better align with the Desktop Analytics requirements for Windows diagnostic data, these settings have new labels:

Versión 2006 y más tarde	Versión 2002 and earlier
Requerido	Basic
Opcional (limited)	Enhanced (Limited)
N / A	Enhanced
Opcional	Full

If you previously configured any devices at the Enhanced level, when you upgrade to version 2006, they’ll revert to Opcional (limited). They will then send less data to Microsoft. This change shouldn’t impact what you see in Desktop Analytics.

Real-time management

Improvements to CMPivot

The following improvements have been made in CMPivot:

CMPivot from the console and CMPivot standalone have been converged
Run CMPivot from an individual device or multiple devices without having to select or create a collection
From CMPivot query results, you can select an individual device or multiple devices then launch a separate CMPivot instance scoped to your selection.

Client management

Instalar y actualizar el cliente en una conexión medida

Previamente, si el dispositivo estaba conectado a una red medida, los nuevos clientes no instalarían. Los clientes existentes solo se actualizaron si permitió toda la comunicación con el cliente.. Para dispositivos que están en roaming con frecuencia en una red medida, no estarían administrados o estarían en una versión de cliente anterior. A partir de esta versión, you can install and upgrade the client when you set the client setting Comunicación con el cliente en conexiones a Internet medidas a Allow o Limit. With this setting, you can allow the client to stay current, but still manage the client communication on a metered network.

Para definir el comportamiento de una nueva instalación de cliente, hay un nuevo parámetro ccmsetup /PermitidoMedido. Cuando permite la comunicación del cliente en una red medida para ccmsetup, descarga el contenido, se registra en el sitio, y descarga la política inicial. Cualquier comunicación adicional con el cliente sigue la configuración de la configuración del cliente de esa política..

For more information, see the following articles:

About client settings
About client installation parameters and properties

Improvements to managing device restarts

Configuration Manager provides many options to manage device restarts and restart notifications. You can now configure a client setting to prevent devices from automatically restarting when a deployment requires it. This setting gives you more control in unique situations. Por defecto, the client setting Configuration Manager can force a device to restart está habilitado, so Configuration Manager can still force devices to restart. This setting only applies to application, software update, and package deployments that require a restart.

Application management

Improvements to available apps via CMG

This release fixes an issue with Software Center and Azure Active Directory (AD azul) autenticación. Para un cliente detectado como en la intranet pero que se comunica a través de la puerta de enlace de administración de la nube (CMG), previously Software Center would use Windows authentication. When it tried to get the list of user-available apps, fallaría. It now uses Azure Active Directory (AD azul) identity for devices joined to Azure AD. Estos dispositivos pueden unirse a la nube o de forma híbrida.

microsoft 365 Aplicaciones para empresas

Oficina 365 ProPlus pasó a llamarse Microsoft 365 Aplicaciones para empresas en abril 21, 2020. Starting in version 2006, se han realizado los siguientes cambios:

The Configuration Manager console has been updated to use the new name.
- Este cambio también incluye nombres de canales de actualización para Microsoft. 365 Aplicaciones.
Se agregó una notificación de banner a la consola para notificarle si una o más reglas de implementación automática hacen referencia a nombres de canales obsoletos en el Título criterios para Microsoft 365 Actualizaciones de aplicaciones.

OS deployment

Soporte de medios de secuencia de tareas para contenido basado en la nube

Task sequence media can now download cloud-based content. Por ejemplo, you send a USB key to a user at a remote office to reimage their device. Or an office that has a local PXE server, but you want devices to prioritize cloud services as much as possible. Instead of further taxing the WAN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources. Por ejemplo, una puerta de enlace de gestión de la nube (CMG) que habilitas para compartir contenido.

The device still needs an intranet connection to the management point.

Improvements to task sequences via CMG

This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):

Support for OS deployment: With a task sequence that uses a boot image to deploy an OS, you can deploy it to a device that communicates via CMG. The user needs to start the task sequence from Software Center. For more information, see Plan for CMG – Specifications.
This release fixes the two known issues from Configuration Manager current branch version 2002. You can now run a task sequence on a device that communicates via CMG in the following circumstances:
- A workgroup device that you register with a bulk registration token
- You configure the site for Enhanced HTTP and the management point is HTTP

Mejoras en los pasos de la secuencia de tareas de BitLocker

You can now specify the disk encryption mode on the Habilitar BitLocker y Pre-provision BitLocker task sequence steps. Por defecto, the steps continue to use the default encryption method for the OS version.

El Habilitar BitLocker step also now includes a setting to Omita este paso para computadoras que no tienen TPM o cuando TPM no está habilitado. When you enable this setting, the step logs an error on a device without a TPM or a TPM that doesn’t initialize, and the task sequence continues. This setting makes it easier to manage the task sequence behavior on devices that can’t fully support BitLocker.

Management insight rules for OS deployment

When the size of the task sequence policy exceeds 32 MEGABYTE, the client fails to process the large policy. The client then fails to run the task sequence deployment. To help you manage the policy size of task sequences, this release includes the following management insights:

Large task sequences may contribute to exceeding maximum policy size
Total policy size for task sequences exceeds policy limit

These rules are in a new group for Operating System Deployment. The existing rule for Unused boot images is now in this group too.

Improvements to OS deployment

This release includes the following additional improvements to OS deployment:

Use a task sequence variable to specify the target of the Format and Partition Disk step. This new variable option supports more complex task sequences with dynamic behaviors. Por ejemplo, a custom script can detect the disk and set the variable based on the hardware type. Then you can use multiple instances of this step to configure different hardware types and partitions.
The Check Readiness step now includes a check to determine if the device uses UEFI. It also includes a new read-only task sequence variable, _TS_CRUEFI.
If you enable the task sequence progress window to show more detailed progress information, it now doesn’t count enabled steps in a disabled group. This change helps make the progress estimate more precise.
Previamente, during a task sequence to upgrade a device to Windows 10, a command prompt window opened during one of the final Windows configuration phases. The window was on top of the Windows out-of-box experience (OBE), and users could interact with it to disrupt the upgrade process. Now the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts from Configuration Manager include a change to hide this command prompt window.
Some customers build custom task sequence interfaces using the IProgressUI::ShowMessage method, but it doesn’t return a value for the user’s response. This release adds the IProgressUI::ShowMessageEx method. This new method is similar to the existing method, but also includes a new integer result variable, pResult.

Protection

CMG support for endpoint protection policies

While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domain controllers. A partir de esta versión, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.

BitLocker management support for hierarchies

You can now install the BitLocker self-service portal and the administration and monitoring website at the central administration site.

Configuration Manager console

Centro comunitario y GitHub

(First introduced in June 2020)

The IT admin community has developed a wealth of knowledge over the years. Rather than reinventing items like scripts and reports from scratch, we’ve built a Configuration Manager Centro comunitario where you can share with each other. Aprovechando el trabajo de otros, puedes ahorrar horas de trabajo. El centro comunitario fomenta la creatividad al aprovechar el trabajo de otros y hacer que otras personas construyan el suyo.. GitHub ya cuenta con procesos y herramientas para toda la industria creados para compartir. Ahora, the Community hub will leverage those tools directly in the Configuration Manager console as foundational pieces for driving this new community. Para el lanzamiento inicial, El contenido disponible en el centro de la comunidad será cargado únicamente por Microsoft..

Direct links to Community hub items

You can easily navigate to and reference items in the Configuration Manager console Community hub node with a direct link.

Notifications from Microsoft

You can now choose to receive notifications from Microsoft in the Configuration Manager console. These notifications help you stay informed about new or updated features, changes to Configuration Manager and attached services, and issues that require action to remediate.

Power BI sample reports