Gestionnaire de configuration 2002 branche actuelle.
Microsoft Endpoint Manager tenant attach
Device sync and device actions
Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center. Starting in this release you can upload your Configuration Manager devices to the cloud service and take actions from the Appareils blade in the admin center.
Desktop Analytics
- Connection Health dashboard shows client connection issues – Use the Desktop Analytics Connection Health dashboard in Configuration Manager to monitor the clients’ connectivity health. It now helps you to more easily identify client proxy configuration issues in two areas:
- Endpoint connectivity checks
- Connectivity status
Site infrastructure
Remove a central administration site
If your hierarchy consists of a central administration site (CAS) and a single child primary site, you can now remove the CAS. This action simplifies your Configuration Manager infrastructure to a single, standalone primary site.
New management insight rules
This release includes the following management insight rules:
- Nine rules in the Configuration Manager Assessment group courtesy of Microsoft Premier Field Engineering. These rules are a sample of the many more checks that Microsoft Premier provides in the Services Hub.
- Active Directory Security Group Discovery is configured to run too frequently
- Active Directory System Discovery is configured to run too frequently
- Active Directory User Discovery is configured to run too frequently
- Collections limited to All Systems or All Users
- Heartbeat Discovery is disabled
- Long running collection queries enabled for incremental updates
- Reduce the number of applications and packages on distribution points
- Secondary site installation issues
- Update all sites to the same version
- Two additional rules in the Services cloud group to help you configure your site for adding secure HTTPS communication:
- Sites that don’t have proper HTTPS configuration
- Devices not uploaded to Azure AD
Améliorations du service administratif
The administration service is a REST API for the SMS Provider. Précédemment, vous avez dû implémenter l'une des dépendances suivantes:
- Activer le HTTP amélioré pour l'ensemble du site
- Manually bind a PKI-based certificate to IIS on the server that hosts the SMS Provider role
À partir de cette version, the administration service automatically uses the site’s self-signed certificate. Ce changement permet de réduire les frictions pour une utilisation plus facile du service d'administration. The site always generates this certificate. Le paramètre du site HTTP amélioré pour Utiliser les certificats générés par Configuration Manager pour les systèmes de site HTTP contrôle uniquement si les systèmes du site l'utilisent ou non. Désormais, le service d'administration ignore ce paramètre du site, as it always uses the site’s certificate even if no other site system is using Enhanced HTTP. You can still use a PKI-based server authentication certificate.
Proxy support for Azure Active Directory discovery and group sync
The site system’s proxy settings, including authentication, are now used by:
- Azure Active Directory (Azure AD) user discovery
- Azure AD user group discovery
- Synchronizing collection membership results to Azure Active Directory groups
Cloud-attached management
Critical status message shows server connection errors to required endpoints
If the Configuration Manager site server fails to connect to required endpoints for a cloud service, it raises a critical status message ID 11488. When the site server can’t connect to the service, the SMS_SERVICE_CONNECTOR component status changes to critical. View detailed status in the Component Status node of the Configuration Manager console.
Token-based authentication for cloud management gateway
The cloud management gateway (CMG) supports many types of clients, but even with Enhanced HTTP, these clients require a client authentication certificate. This certificate requirement can be challenging to provision on internet-based clients that don’t often connect to the internal network, aren’t able to join Azure Active Directory (Azure AD), and don’t have a method to install a PKI-issued certificate.
Configuration Manager extends its device support with the following methods:
- Register on the internal network for a unique token
- Create a bulk registration token for internet-based devices
Microsoft Endpoint Configuration Manager cloud features
When new cloud-based features are available in the Microsoft Endpoint Manager admin center, or other attached cloud services for your on-premises Configuration Manager installation, you can now opt in to these new features in the Configuration Manager console.
Desktop Analytics
Connection Health dashboard shows client connection issues
Use the Desktop Analytics Connection Health dashboard in Configuration Manager to monitor the clients’ connectivity health. It now helps you to more easily identify client proxy configuration issues in two areas:
- Endpoint connectivity checks: If clients can’t reach a required endpoint, you see a configuration alert in the dashboard. Drill down to see the endpoints to which clients can’t connect because of proxy configuration issues.
- Connectivity status: If your clients use a proxy server to access the Desktop Analytics cloud service, Configuration Manager now displays proxy authentication issues from clients. Drill down to see clients that are unable to enroll because of proxy authentication.
Real-time management
Improvements to CMPivot
We’ve made it easier to navigate CMPivot entities. You can now search CMPivot entities. New icons have also been added to easily differentiate the entities and the entity object types.
Content management
Exclude certain subnets for peer content download
Boundary groups include the following option for peer downloads: During peer downloads, only use peers within the same subnet. If you enable this option, the content location list from the management point only includes peer sources that are in the same subnet and boundary group as the client. Depending on the configuration of your network, you can now exclude certain subnets for matching.
Proxy support for Microsoft Connected Cache
If your environment uses an unauthenticated proxy server for internet access, now when you enable a Configuration Manager distribution point for Microsoft Connected Cache, it can communicate through the proxy.
Client management
Client log collection
You can now trigger a client device to upload its client logs to the site server by sending a client notification action from the Configuration Manager console.
Réveiller un appareil depuis le site d'administration centrale
From the central administration site (CAS), in the Devices or Device Collections node, you can now use the client notification action to Wake Up devices.
Improvements to support for ARM64 devices
Le Toutes les fenêtres 10 (ARM64) platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
Track remediation history when supported
You can now Track remediation history when supported on your configuration item compliance rules. When this option is enabled, any remediation that occurs on the client for the configuration item generates a state message.
Application management
Microsoft Edge management dashboard
The Microsoft Edge management dashboard provides you insights on the usage of Microsoft Edge and other browsers. Dans ce tableau de bord, tu peux:
- Découvrez sur combien de vos appareils Microsoft Edge est installé
- Découvrez combien de clients ont installé différentes versions de Microsoft Edge
- Avoir une vue des navigateurs installés sur tous les appareils
- Have a view of preferred browser by device
From the Software Library workspace, click Microsoft Edge Management to see the dashboard. Change the collection for the graph data by clicking Browse and choosing another collection. By default your five largest collections are in the drop-down list. When you select a collection that isn’t in the list, la collection nouvellement sélectionnée occupe la dernière place de votre liste déroulante.
Improvements to Microsoft Edge management
You can now create a Microsoft Edge application that’s set up to receive automatic updates rather than having automatic updates disabled. This change allows you to choose to manage updates for Microsoft Edge with Configuration Manager or allow Microsoft Edge to automatically update.
Task sequence as an app model deployment type
You can now install complex applications using task sequences via the application model. Add a deployment type to an app that’s a task sequence, either to install or uninstall the app.
Déploiement du système d'exploitation
Bootstrap a task sequence immediately after client registration
When you install and register a new Configuration Manager client, and also deploy a task sequence to it, it’s difficult to determine how soon after registration it will run the task sequence. This release introduces a new client setup property that you can use to start a task sequence on a client after it successfully registers with the site.
Améliorations apportées à l’étape de séquence de tâches Vérifier l’état de préparation
You can now verify more device properties in the Check Readiness task sequence step. Utilisez cette étape dans une séquence de tâches pour vérifier que l'ordinateur cible répond à vos conditions préalables.
- Architecture du système d'exploitation actuel
- Version minimale du système d'exploitation
- Version maximale du système d'exploitation
- Version client minimale
- Langue du système d'exploitation actuel
- Alimentation secteur branchée
- Network adapter is connected and not wireless
Améliorations de la progression de la séquence de tâches
The task sequence progress window now includes the following improvements:
- You can enable it to show the current step number, nombre total d'étapes, et pourcentage d'achèvement
- Augmentation de la largeur de la fenêtre pour vous donner plus d'espace et mieux afficher le nom de l'organisation sur une seule ligne.
Improvements to OS deployment
This release includes the following improvements to OS deployment:
- The task sequence environment includes a new read-only variable, _TSSecureBoot. Use this variable to determine the state of secure boot on a UEFI-enabled device.
- Set task sequence variables to configure the user context for the Run Command Line et Run PowerShell Script steps.
- Sur le Run PowerShell Script étape, you can now set the Parameters property to a variable.
- The Configuration Manager PXE responder now sends status messages to the site server. This change makes it easier to troubleshoot OS deployments that use this service.
Protection
Expand Microsoft Defender Advanced Threat Protection (ATP) onboarding
Configuration Manager has expanded its support for onboarding devices to Microsoft Defender ATP.
Improvements to BitLocker management
- The BitLocker management policy now includes additional settings, including policies for fixed and removable drives.
- Starting in this version, the HTTPS requirement is for the IIS website that hosts the recovery service, not the entire management point role. This change relaxes the certificate requirements, and still encrypts the recovery keys in transit.
Mises à jour logicielles
Orchestration groups
Les groupes d'orchestration sont l'évolution de la fonctionnalité « Groupes de serveurs ». Create an orchestration group to better control the deployment of software updates to devices. An orchestration group gives you the flexibility to update devices based on a percentage, a specific number, or an explicit order. You can also run a PowerShell script before and after the devices run the update deployment.
Evaluate software updates after a servicing stack update
Configuration Manager now detects if a servicing stack update (SSU) is part of an installation for multiple updates. When an SSU is detected, it’s installed first. After install of the SSU, a software update evaluation cycle runs to install the remaining updates. This change allows a dependent cumulative update to be installed after the servicing stack update
Bureau 365 updates for disconnected software update points
You can use a new tool to import Office 365 updates from an internet-connected WSUS server into a disconnected Configuration Manager environment.
Reporting
Intégrer avec le serveur de rapports Power BI
You can now integrate Power BI Report Server with Configuration Manager reporting. Cette intégration vous offre une visualisation moderne et de meilleures performances. It adds console support for Power BI reports similar to what already exists with SQL Server Reporting Services.
Configuration Manager Console
Show boundary groups for devices
To help you better troubleshoot device behaviors with boundary groups, you can now view the boundary groups for specific devices. Dans le Appareils node or when you show the members of a Collection d'appareils, add the new Boundary Group(s) column to the list view.
When you Send a smile or Send a frown, a status message is created when the feedback is submitted. This improvement provides a record of:
- When the feedback was submitted
- Who submitted the feedback
- The feedback ID
- If the feedback submission was successful or not
A status message with an ID of 53900 is a successful submission and 53901 is a failed submission.
Search all subfolders for configuration items and configuration baselines
Similar to improvements in previous releases, you can now use the All Subfolders search option from the Configuration Items et Configuration Baselines nodes.
Outils
Groupes de journaux OneTrace
OneTrace now supports customizable log groups, similaire à la fonctionnalité du Centre de support. Log groups allow you to open all log files for a single scenario. OneTrace currently includes groups for the following scenarios:
- Application management
- Paramètres de conformité (également appelé gestion de la configuration souhaitée)
- Mises à jour logicielles
Improvements to extend and migrate on-premises site to Microsoft Azure
The extend and migrate on-premises site to Microsoft Azure tool now supports provisioning multiple site system roles on a single Azure virtual machine. You can add site system roles after the initial Azure virtual machine deployment has completed.
