Aperçu technique du gestionnaire de configuration 2006.
Utiliser l'application Portail d'entreprise sur les appareils cogérés
The Company Portal is now the cross-platform app portal experience for Microsoft Endpoint Manager. You can now use a preview version of the Company Portal on co-managed devices. By configuring co-managed devices to also use the Company Portal, you can provide a consistent user experience on all devices.
This preview version of the Company Portal supports the following actions:
- Launch the Company Portal app on co-managed devices and sign in with Azure Active Directory (AD Azure) single sign-on (authentification unique).
- View available and installed Configuration Manager apps in the Company Portal alongside Intune apps.
- Install available Configuration Manager apps from the Company Portal and receive installation status information.
The behavior of the Company Portal depends upon your co-management workload configuration:
Workload | Paramètre | Behavior |
---|---|---|
Client apps | Panneau de configuration | You can see only Configuration Manager client apps |
Client apps | Pilot Intune ou Accordé | You can see both Configuration Manager and Intune client apps |
Office Click-to-run apps | Panneau de configuration | You can see only Configuration Manager Office click-to-run apps |
Office Click-to-run apps | Pilot Intune ou Accordé | You can see only Intune Office click-to-run apps |
Prerequisites for Company Portal preview
- Contact the Company Portal preview team to get started:
cppreview@microsoft.com
- les fenêtres 10, version 1803 ou plus tard:
- Enrolled to co-management
- Access to internet endpoints for Intune
- The user accounts that sign in to these devices require the following configurations:
- An Azure AD identity
- Assigned an Intune license
Améliorations des applications disponibles via CMG
Un site Internet, appareil joint à un domaine qui n'est pas joint à Azure Active Directory (AD Azure) et communique via une passerelle de gestion cloud (GCM) peut maintenant obtenir des applications déployées dès qu'elles sont disponibles. L'utilisateur du domaine Active Directory de l'appareil a besoin d'une identité Azure AD correspondante. Lorsque l'utilisateur démarre le Centre logiciel, Windows les invite à entrer leurs informations d'identification Azure AD. Ils peuvent alors voir toutes les applications disponibles.
Configure the following prerequisites to enable this functionality:
- les fenêtres 10 device
- Joined to your on-premises Active Directory domain
- Communicate via CMG
- The site has discovered the user by both Active Directory and Azure AD user discovery
Les clients intranet peuvent utiliser un point de mise à jour logicielle CMG
Intranet clients can now access a CMG software update point when it’s assigned to the boundary group. Admins can allow intranet devices to scan against a CMG software update point in the following scenarios:
- When an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.
- If the only software update point for the boundary group is the CMG software update point, then all intranet and internet devices will scan against it.
Améliorations des séquences de tâches via CMG
Cette version inclut les améliorations suivantes pour déployer des séquences de tâches sur des appareils qui communiquent via une passerelle de gestion cloud (GCM):
- Prise en charge du déploiement du système d'exploitation: Avec une séquence de tâches qui utilise une image de démarrage pour déployer un système d'exploitation, vous pouvez le déployer sur un appareil qui communique via CMG. L'utilisateur doit démarrer la séquence de tâches à partir du Centre logiciel.
- Cette version corrige les deux problèmes connus de la version actuelle de la branche Configuration Manager 2002. Vous pouvez désormais exécuter une séquence de tâches sur un appareil qui communique via CMG dans les circonstances suivantes:
- Un appareil de groupe de travail que vous enregistrez avec un jeton d'enregistrement groupé
- Vous configurez le site pour HTTP amélioré et le point de gestion est HTTP
Known issue with OS deployment via CMG
If there’s an Install Application step in an OS deployment task sequence to a client via CMG, it fails to download the app policy. To work around this issue, disable this step in the task sequence. Deploy the app separately from the task sequence.
Informations de gestion à optimiser pour les travailleurs à distance
Cette version ajoute un nouveau groupe d'informations sur la gestion, Optimiser pour les travailleurs à distance. Ces informations vous aident à créer de meilleures expériences pour les travailleurs à distance et à réduire la charge sur votre infrastructure.. Les informations de cette version se concentrent principalement sur le VPN:
- Définir des groupes de limites VPN: Create a VPN boundary and associate it to a boundary group. Associate VPN-specific site systems to the group, and configure the settings for your environment. This insight checks for at least one boundary group with at least one VPN boundary in it. From the properties of this insight, sélectionner Review Actions to go to the Groupes de limites nœud.
- Configurez les clients connectés au VPN pour préférer les sources de contenu basées sur le cloud: To reduce traffic on the VPN, enable the boundary group option to Prefer cloud based sources over on-premises sources. This option allows clients to download content from the internet instead of distribution points across the VPN.
- Désactivez le partage de contenu peer to peer pour les clients connectés au VPN: To prevent unnecessary peer-to-peer traffic that likely doesn’t benefit the remote clients, disable the boundary group option to Allow peer downloads in this boundary group.
Improvements to VPN boundary type
You can now create more than one VPN boundary, and can detect the connection by the VPN name or description. When you open the Create Boundary page, et sélectionnez le VPN taper, choose one of the following options:
- Auto detect VPN: This option is the same behavior as before. The boundary value in the console list will be
AUT:1
. It should detect any VPN solution that uses the point-to-point tunneling protocol (PPTP). If it doesn’t detect your VPN, use one of the other options. - Connection name: Specify the name of the VPN connection on the device. It’s the name of the network adapter in Windows for the VPN connection. Configuration Manager matches the first 251 characters of the string, but doesn’t support wildcard characters or partial strings. The boundary value in the console list will be
NAM:<name>
, où<name>
is the connection name that you specify. Par exemple, you run theipconfig
command on the device, and one of the sections starts with:PPP adapter ContosoVPN:
. Use the stringContosoVPN
as the Connection name. It displays in the list asNAM:ContosoVPN
. - Connection description: Specify the description of the VPN connection. Configuration Manager matches the first 251 characters of the string, but doesn’t support wildcard characters or partial strings. The boundary value in the console list will be
DES:<description>
, où<description>
is the connection description that you specify. Par exemple, you run theipconfig /all
command on the device, and one of the connections includes the following line:Description . . . . . . . . . . . : ContosoMainVPN
. Use the stringContosoMainVPN
as the Connection description. It displays in the list asDES:ContosoMainVPN
.
In every case, the device needs to be connected to the VPN for Configuration Manager to associate the client in that boundary.
Locataire Attaché: Improvements to Configuration Manager actions in Microsoft Endpoint Manager admin center
This release introduces some improvements to the administration of Configuration Manager devices in Microsoft Endpoint Manager admin center. Improvements include:
- Configuration errors now include links to documentation to help you troubleshoot.
- User available applications now appear in the Applications node for a ConfigMgr device.
- The application list includes applications deployed to a user currently logged on to the device.
- Multi-user session scenarios aren’t supported.
- Azure AD joined devices aren’t currently supported, only AD joined devices.
Prise en charge de la passerelle CMG pour les politiques de protection des points de terminaison
Alors que la passerelle de gestion cloud (GCM) a pris en charge les politiques de protection des points finaux, les appareils devaient accéder aux contrôleurs de domaine sur site. À partir de cette version, les clients qui communiquent via une passerelle CMG peuvent immédiatement appliquer des politiques de protection des points de terminaison sans connexion active à Active Directory.
Importer une application Azure AD précédemment créée lors de l'intégration de l'attachement du locataire
Lors d'un nouvel onboarding, un administrateur peut spécifier une application précédemment créée lors de l'intégration à la pièce jointe du locataire. Du Tenant onboarding page in the Co-management Configuration Wizard, sélectionner Optionally import a separate web app to synchronize Configuration Manager client data to Microsoft Endpoint Manager admin center. This option will prompt you to specify the following information for your Azure AD app:
- Azure AD tenant name
- Azure AD tenant ID
- Nom de l'application
- Client ID
- Secret key
- Secret key expiry
- App ID URI
Improvements to client upgrade on a metered connection
Starting in Configuration Manager technical preview version 2005, you could install and upgrade the client when you allowed client communication on a metered connection. You can now also configure the client setting Communication client sur les connexions Internet mesurées pour Limite. This option reduces the client communication on a metered network, but now still allows the client to stay current.
Pour plus d'informations, voir les articles suivants:
- Technical preview 2005: Installer et mettre à niveau le client sur une connexion limitée
- À propos des paramètres client: Communication client sur les connexions Internet mesurées
Améliorations de la gestion des redémarrages des appareils
Configuration Manager provides many options to manage device restart notifications. Basé sur vos commentaires UserVoice, you can now configure client settings to prevent devices from automatically restarting when a deployment requires it. Par défaut, Configuration Manager can still force devices to restart.
Important:This new client setting applies to all application, mise à jour logicielle, and package deployments to the device. Until a user manually restarts the device:
- Software updates and app revisions may not be fully installed
- Additional software installs may not happen
Prise en charge améliorée de Windows Virtual Desktop
Le les fenêtres 10 Entreprise multisession la plateforme est disponible dans la liste des versions de système d'exploitation prises en charge sur les objets avec des règles d'exigence ou des listes d'applicabilité.
NOTE: If you previously selected the top-level les fenêtres 10 platform, this action automatically selected all child platforms. This new platform isn’t automatically selected. If you want to add les fenêtres 10 Entreprise multisession, manually select it in the list.
Direct links to Configuration Manager Community hub items
You can now easily navigate to and reference items in the Configuration Manager console Community hub node with a direct link. The intention for this feature is for easier collaboration and being able to share links to Community hub items with your colleagues. Actuellement, you’ll see these links shared by the Configuration Manager team and in the documentation.
Par exemple, use this link to share the Configure Edge Auto Update script (https://communityhub.microsoft.com/item/7200
). If you have the technical preview branch version 2006 console installed, follow that link, puis sélectionnez Launch the Community hub. The console opens directly to the script in the Community hub.
NOTE:These deep links are currently only for items in the Community hub node of the console.
General known issues
Azure AD authentication doesn’t work
Configuration Manager’s use of the Azure Active Directory (AD Azure) security token service doesn’t work. Le CCM_STS.log on the management point contains an entry similar to the following error: ProcessRequest - Exception: System.IO.FileLoadException: Could not load file or assembly 'System.IdentityModel.Tokens.JWT.
It also includes the HRESULT 0x80131040.
Another symptom is issues with a cloud management gateway (GCM). If you run the CMG connection analyzer, it fails testing the CMG channel for management point with the following error: Failed to get ConfigMgr token with Azure AD token. Status code is '500' and status description is 'CMGConnector_InternalServerError'.
This issue is because of a version discrepancy with a supporting library.
To work around the issue, copie System.IdentityModel.Tokens.JWT.dll from the \bin\X64 folder of the installation directory on the site server to the SMS_CCM\CCM_STS\bin folder on the management point.