Gestionnaire de configuration 2002 branche actuelle.
Microsoft Endpoint Manager tenant attach
Device sync and device actions
Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Gestionnaire de configuration and Intune into a single console called Microsoft Endpoint Manager admin center. Starting in this release you can upload your Gestionnaire de configuration devices to the cloud service and take actions from the Appareils blade in the admin center.
Desktop Analytics
- Connection Health dashboard shows client connection issues – Use the Desktop Analytics Connection Health dashboard in Gestionnaire de configuration to monitor the clients’ connectivity health. It now helps you to more easily identify client proxy configuration issues in two areas:
- Endpoint connectivity checks
- Connectivity status
Site infrastructure
Remove a central administration site
If your hierarchy consists of a central administration site (CAS) and a single child primary site, you can now remove the CAS. This action simplifies your Gestionnaire de configuration infrastructure to a single, standalone primary site.
New management insight rules
This release includes the following management insight rules:
- Nine rules in the Gestionnaire de configuration Assessment group courtesy of Microsoft Premier Field Engineering. These rules are a sample of the many more checks that Microsoft Premier provides in the Services Hub.
- Annuaire actif Security Group Discovery is configured to run too frequently
- Annuaire actif System Discovery is configured to run too frequently
- Annuaire actif User Discovery is configured to run too frequently
- Collections limited to All Systems or All Users
- Heartbeat Discovery is disabled
- Long running collection queries enabled for incremental updates
- Reduce the number of applications and packages on distribution points
- Secondary site installation issues
- Update all sites to the same version
- Two additional rules in the Cloud Services group to help you configure your site for adding secure HTTPS communication:
- Sites that don’t have proper HTTPS configuration
- Devices not uploaded to Azure AD
Améliorations du service administratif
Le service administratif est un REPOS API pour le fournisseur SMS. Précédemment, vous avez dû implémenter l'une des dépendances suivantes:
- Activer le HTTP amélioré pour l'ensemble du site
- Lier manuellement un système basé sur PKI certificat à IIS sur le serveur qui héberge le rôle Fournisseur SMS
À partir de cette version, le service d’administration utilise automatiquement les informations du site certificat auto-signé. Ce changement permet de réduire les frictions pour une utilisation plus facile du service d'administration. Le site génère toujours ceci certificat. Le paramètre du site HTTP amélioré pour Utiliser les certificats générés par Configuration Manager pour les systèmes de site HTTP contrôle uniquement si les systèmes du site l'utilisent ou non. Désormais, le service d'administration ignore ce paramètre du site, car il utilise toujours le site certificat même si aucun autre système de site n'utilise le HTTP amélioré. You can still use a PKI-based server authentication certificat.
Proxy support for Azure Active Directory discovery and group sync
The site system’s proxy settings, including authentication, are now used by:
- Azuré Annuaire actif (Azure AD) user discovery
- Azure AD user group discovery
- Synchronizing collection membership results to Azure Annuaire actif groupes
Cloud-attached management
Critical status message shows server connection errors to required endpoints
Si le Gestionnaire de configuration site server fails to connect to required endpoints for a cloud service, it raises a critical status message ID 11488. When the site server can’t connect to the service, the SMS_SERVICE_CONNECTOR component status changes to critical. View detailed status in the Component Status node of the Gestionnaire de configuration console.
Token-based authentication for cloud management gateway
The cloud management gateway (CMG) supports many types of clients, but even with Enhanced HTTP, these clients require a client authentication certificat. Ce certificat requirement can be challenging to provision on internet-based clients that don’t often connect to the internal network, aren’t able to join Azure Annuaire actif (Azure AD), and don’t have a method to install a PKI-issued certificat.
Gestionnaire de configuration extends its device support with the following methods:
- Register on the internal network for a unique token
- Create a bulk registration token for internet-based devices
Microsoft Endpoint Configuration Manager cloud features
When new cloud-based features are available in the Microsoft Endpoint Manager admin center, or other attached cloud services for your on-premises Gestionnaire de configuration installation, you can now opt in to these new features in the Gestionnaire de configuration console.
Desktop Analytics
Connection Health dashboard shows client connection issues
Use the Desktop Analytics Connection Health dashboard in Gestionnaire de configuration to monitor the clients’ connectivity health. It now helps you to more easily identify client proxy configuration issues in two areas:
- Endpoint connectivity checks: If clients can’t reach a required endpoint, you see a configuration alert in the dashboard. Drill down to see the endpoints to which clients can’t connect because of proxy configuration issues.
- Connectivity status: If your clients use a proxy server to access the Desktop Analytics cloud service, Gestionnaire de configuration now displays proxy authentication issues from clients. Drill down to see clients that are unable to enroll because of proxy authentication.
Real-time management
Improvements to CMPivot
We’ve made it easier to navigate CMPivot entities. You can now search CMPivot entities. New icons have also been added to easily differentiate the entities and the entity object types.
Content management
Exclude certain subnets for peer content download
Boundary groups include the following option for peer downloads: During peer downloads, only use peers within the same subnet. If you enable this option, the content location list from the management point only includes peer sources that are in the same subnet and boundary group as the client. Depending on the configuration of your network, you can now exclude certain subnets for matching.
Proxy support for Microsoft Connected Cache
If your environment uses an unauthenticated proxy server for internet access, now when you enable a Gestionnaire de configuration point de distribution for Microsoft Connected Cache, it can communicate through the proxy.
Client management
Client log collection
You can now trigger a client device to upload its client logs to the site server by sending a client notification action from the Gestionnaire de configuration console.
Réveiller un appareil depuis le site d'administration centrale
From the central administration site (CAS), in the Devices or Device Collections node, you can now use the client notification action to Wake Up devices.
Improvements to support for ARM64 devices
Le Tous Fenêtres 10 (ARM64) platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
Track remediation history when supported
You can now Track remediation history when supported on your configuration item compliance rules. When this option is enabled, any remediation that occurs on the client for the configuration item generates a state message.
Gestion des applications
Microsoft Edge management dashboard
The Microsoft Edge management dashboard provides you insights on the usage of Microsoft Edge and other browsers. Dans ce tableau de bord, tu peux:
- Découvrez sur combien de vos appareils Microsoft Edge est installé
- Découvrez combien de clients ont installé différentes versions de Microsoft Edge
- Avoir une vue des navigateurs installés sur tous les appareils
- Have a view of preferred browser by device
From the Software Library workspace, click Microsoft Edge Management to see the dashboard. Change the collection for the graph data by clicking Browse and choosing another collection. By default your five largest collections are in the drop-down list. When you select a collection that isn’t in the list, la collection nouvellement sélectionnée occupe la dernière place de votre liste déroulante.
Improvements to Microsoft Edge management
You can now create a Microsoft Edge application that’s set up to receive automatic updates rather than having automatic updates disabled. This change allows you to choose to manage updates for Microsoft Edge with Gestionnaire de configuration or allow Microsoft Edge to automatically update.
Task sequence as an app model deployment type
You can now install complex applications using task sequences via the application model. Add a deployment type to an app that’s a task sequence, either to install or uninstall the app.
Déploiement du système d'exploitation
Bootstrap a task sequence immediately after client registration
When you install and register a new Gestionnaire de configuration client, and also deploy a task sequence to it, it’s difficult to determine how soon after registration it will run the task sequence. This release introduces a new client setup property that you can use to start a task sequence on a client after it successfully registers with the site.
Améliorations apportées à l’étape de séquence de tâches Vérifier l’état de préparation
You can now verify more device properties in the Check Readiness task sequence step. Utilisez cette étape dans une séquence de tâches pour vérifier que l'ordinateur cible répond à vos conditions préalables.
- Architecture du système d'exploitation actuel
- Version minimale du système d'exploitation
- Version maximale du système d'exploitation
- Version client minimale
- Langue du système d'exploitation actuel
- Alimentation secteur branchée
- Network adapter is connected and not wireless
Améliorations de la progression de la séquence de tâches
The task sequence progress window now includes the following improvements:
- You can enable it to show the current step number, nombre total d'étapes, et pourcentage d'achèvement
- Augmentation de la largeur de la fenêtre pour vous donner plus d'espace et mieux afficher le nom de l'organisation sur une seule ligne.
Improvements to OS deployment
This release includes the following improvements to OS deployment:
- The task sequence environment includes a new read-only variable, _TSSecureBoot. Use this variable to determine the state of secure boot on a UEFI-enabled device.
- Set task sequence variables to configure the user context for the Courir Command Line et Courir PowerShell Script steps.
- Sur le Courir PowerShell Script étape, you can now set the Parameters property to a variable.
- Le Gestionnaire de configuration PXE responder now sends status messages to the site server. This change makes it easier to troubleshoot OS deployments that use this service.
Protection
Expand Microsoft Defender Advanced Threat Protection (ATP) onboarding
Gestionnaire de configuration has expanded its support for onboarding devices to Microsoft Defender ATP.
Improvements to BitLocker management
- The BitLocker management policy now includes additional settings, including policies for fixed and removable drives.
- Starting in this version, the HTTPS requirement is for the IIS website that hosts the recovery service, not the entire management point role. This change relaxes the certificat exigences, and still encrypts the recovery keys in transit.
Mises à jour logicielles
Orchestration groups
Les groupes d'orchestration sont l'évolution de la fonctionnalité « Groupes de serveurs ». Create an orchestration group to better control the deployment of software updates to devices. An orchestration group gives you the flexibility to update devices based on a percentage, a specific number, or an explicit order. You can also run a PowerShell script before and after the devices run the update deployment.
Evaluate software updates after a servicing stack update
Gestionnaire de configuration now detects if a servicing stack update (SSU) is part of an installation for multiple updates. When an SSU is detected, it’s installed first. After install of the SSU, a software update evaluation cycle runs to install the remaining updates. This change allows a dependent cumulative update to be installed after the servicing stack update
Bureau 365 updates for disconnected software update points
You can use a new tool to import Bureau 365 updates from an internet-connected WSUS server into a disconnected Gestionnaire de configuration environment.
Reporting
Intégrer avec le serveur de rapports Power BI
Vous pouvez désormais intégrer Power BI Serveur de rapports avec Gestionnaire de configuration rapport. Cette intégration vous offre une visualisation moderne et de meilleures performances. Il ajoute le support de la console pour Power BI des rapports similaires à ceux qui existent déjà avec SQL Services de rapports sur serveur.
Console du gestionnaire de configuration
Show boundary groups for devices
To help you better troubleshoot device behaviors with boundary groups, you can now view the boundary groups for specific devices. Dans le Appareils node or when you show the members of a Device Collection, add the new Boundary Group(s) column to the list view.
When you Send a smile or Send a frown, a status message is created when the feedback is submitted. This improvement provides a record of:
- When the feedback was submitted
- Who submitted the feedback
- The feedback ID
- If the feedback submission was successful or not
A status message with an ID of 53900 is a successful submission and 53901 is a failed submission.
Search all subfolders for configuration items and configuration baselines
Similar to improvements in previous releases, you can now use the All Subfolders search option from the Configuration Items et Configuration Baselines nodes.
Outils
Groupes de journaux OneTrace
OneTrace now supports customizable enregistrer groupes, similaire à la fonctionnalité du Centre de support. Enregistrer les groupes vous permettent d'ouvrir tous enregistrer fichiers pour un seul scénario. OneTrace currently includes groups for the following scenarios:
- Gestion des applications
- Paramètres de conformité (également appelé gestion de la configuration souhaitée)
- Mises à jour logicielles
Improvements to extend and migrate on-premises site to Microsoft Azure
The extend and migrate on-premises site to Microsoft Azure tool now supports provisioning multiple site system roles on a single Azure machine virtuelle. You can add site system roles after the initial Azure machine virtuelle deployment has completed.