Gestionnaire de configuration Aperçu technique 2006.
Use the Company Portal app on co-managed devices
The Company Portal is now the cross-platform app portal experience for Microsoft Endpoint Manager. You can now use a preview version of the Company Portal on co-managed devices. By configuring co-managed devices to also use the Company Portal, you can provide a consistent user experience on all devices.
This preview version of the Company Portal supports the following actions:
- Launch the Company Portal app on co-managed devices and sign in with Azure Annuaire actif (Azure AD) single sign-on (SSO).
- View available and installed Gestionnaire de configuration apps in the Company Portal alongside Intune apps.
- Install available Gestionnaire de configuration apps from the Company Portal and receive installation status information.
The behavior of the Company Portal depends upon your co-management workload configuration:
| Workload | Setting | Behavior |
|---|---|---|
| Client apps | Gestionnaire de configuration | You can see only Gestionnaire de configuration client apps |
| Client apps | Pilot Intune ou Intune | You can see both Gestionnaire de configuration and Intune client apps |
| Office Click-to-run apps | Gestionnaire de configuration | You can see only Gestionnaire de configuration Office click-to-run apps |
| Office Click-to-run apps | Pilot Intune ou Intune | You can see only Intune Office click-to-run apps |
Prerequisites for Company Portal preview
- Contact the Company Portal preview team to get started:
cppreview@microsoft.com - Fenêtres 10, version 1803 ou plus tard:
- Enrolled to co-management
- Access to internet endpoints for Intune
- The user accounts that sign in to these devices require the following configurations:
- Un Azure AD identity
- Assigned an Intune license
Improvements to available apps via CMG
An internet-based, domain-joined device that isn’t joined to Azure Annuaire actif (Azure AD) and communicates via a cloud management gateway (CMG) can now get apps deployed as available. Le Annuaire actif domaine user of the device needs a matching Azure AD identity. When the user starts Centre logiciel, Fenêtres prompts them to enter their Azure AD credentials. They can then see any available apps.
Configure the following prerequisites to enable this functionality:
- Fenêtres 10 device
- Joined to your on-premises Annuaire actif domaine
- Communicate via CMG
- The site has discovered the user by both Annuaire actif et Azure AD user discovery
Intranet clients can use a CMG software update point
Intranet clients can now access a CMG software update point when it’s assigned to the groupe limite. Admins can allow intranet devices to scan against a CMG software update point in the following scenarios:
- When an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.
- If the only software update point for the groupe limite is the CMG software update point, then all intranet and internet devices will scan against it.
Improvements to task sequences via CMG
This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):
- Support for OS deployment: With a task sequence that uses a boot image to deploy an OS, you can deploy it to a device that communicates via CMG. The user needs to start the task sequence from Centre logiciel.
- This release fixes the two known issues from Gestionnaire de configuration branche actuelle version 2002. You can now run a task sequence on a device that communicates via CMG in the following circumstances:
- A workgroup device that you register with a bulk registration token
- You configure the site for Enhanced HTTP and the management point is HTTP
Known issue with OS deployment via CMG
If there’s an Install Application step in an OS deployment task sequence to a client via CMG, it fails to télécharger the app policy. To work around this issue, disable this step in the task sequence. Deploy the app separately from the task sequence.
Management insights to optimize for remote workers
This release adds a new group of management insights, Optimize for remote workers. These insights help you create better experiences for remote workers and reduce load on your infrastructure. The insights in this release primarily focus on VPN:
- Define VPN boundary groups: Create a VPN boundary and associate it to a groupe limite. Associate VPN-specific site systems to the group, and configure the settings for your environment. This insight checks for at least one groupe limite with at least one VPN boundary in it. From the properties of this insight, sélectionner Review Actions to go to the Groupes limites nœud.
- Configure VPN connected clients to prefer cloud based content sources: To reduce traffic on the VPN, enable the groupe limite option to Prefer cloud based sources over on-premises sources. This option allows clients to télécharger content from the internet instead of distribution points across the VPN.
- Disable peer to peer content sharing for VPN connected clients: To prevent unnecessary peer-to-peer traffic that likely doesn’t benefit the remote clients, disable the groupe limite option to Allow peer downloads in this groupe limite.
Improvements to VPN boundary type
You can now create more than one VPN boundary, and can detect the connection by the VPN name or description. When you open the Create Boundary page, et sélectionnez le VPN taper, choose one of the following options:
- Auto detect VPN: This option is the same behavior as before. The boundary value in the console list will be
AUT:1. It should detect any VPN solution that uses the point-to-point tunneling protocol (PPTP). If it doesn’t detect your VPN, use one of the other options. - Connection name: Specify the name of the VPN connection on the device. It’s the name of the network adapter in Fenêtres for the VPN connection. Gestionnaire de configuration matches the first 251 characters of the string, but doesn’t support wildcard characters or partial strings. The boundary value in the console list will be
NAM:<name>, où<name>is the connection name that you specify. Par exemple, you run theipconfigcommand on the device, and one of the sections starts with:PPP adapter ContosoVPN:. Use the stringContosoVPNas the Connection name. It displays in the list asNAM:ContosoVPN. - Connection description: Specify the description of the VPN connection. Gestionnaire de configuration matches the first 251 characters of the string, but doesn’t support wildcard characters or partial strings. The boundary value in the console list will be
DES:<description>, où<description>is the connection description that you specify. Par exemple, you run theipconfig /allcommand on the device, and one of the connections includes the following line:Description . . . . . . . . . . . : ContosoMainVPN. Use the stringContosoMainVPNas the Connection description. It displays in the list asDES:ContosoMainVPN.
In every case, the device needs to be connected to the VPN for Gestionnaire de configuration to associate the client in that boundary.
Tenant Attach: Improvements to Configuration Manager actions in Microsoft Endpoint Manager admin center
This release introduces some improvements to the administration of Gestionnaire de configuration devices in Microsoft Endpoint Manager admin center. Improvements include:
- Configuration errors now include links to documentation to help you troubleshoot.
- User available applications now appear in the Applications node for a Gestionnaire de configuration device.
- The application list includes applications deployed to a user currently logged on to the device.
- Multi-user session scenarios aren’t supported.
- Azure AD joined devices aren’t currently supported, only AD joined devices.
CMG support for endpoint protection policies
While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domaine controllers. À partir de cette version, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Annuaire actif.
Import previously created Azure AD application during tenant attach onboarding
During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach. De la Tenant onboarding page in the Co-management Configuration Wizard, sélectionner Optionally import a separate web app to synchronize Gestionnaire de configuration client data to Microsoft Endpoint Manager admin center. This option will prompt you to specify the following information for your Azure AD application:
- Azure AD tenant name
- Azure AD tenant ID
- Nom de la demande
- Client ID
- Secret key
- Secret key expiry
- App ID URI
Improvements to client upgrade on a metered connection
Starting in Gestionnaire de configuration aperçu technique version 2005, you could install and upgrade the client when you allowed client communication on a metered connection. You can now also configure the client setting Client communication on metered internet connections à Limit. This option reduces the client communication on a metered network, but now still allows the client to stay current.
Pour plus d'informations, see the following articles:
- Technical preview 2005: Install and upgrade the client on a metered connection
- About client settings: Client communication on metered internet connections
Improvements to managing device restarts
Gestionnaire de configuration provides many options to manage device restart notifications. Based on your UserVoice feedback, you can now configure client settings to prevent devices from automatically restarting when a deployment requires it. Par défaut, Gestionnaire de configuration can still force devices to restart.
Important:This new client setting applies to all application, software update, and package deployments to the device. Until a user manually restarts the device:
- Mises à jour logicielles and app revisions may not be fully installed
- Additional software installs may not happen
Improved support for Windows Virtual Desktop
Le Fenêtres 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
NOTE: If you previously selected the top-level Fenêtres 10 platform, this action automatically selected all child platforms. This new platform isn’t automatically selected. If you want to add Fenêtres 10 Enterprise multi-session, manually select it in the list.
Direct links to Configuration Manager Community hub items
You can now easily navigate to and reference items in the Console du gestionnaire de configuration Community hub node with a direct link. The intention for this feature is for easier collaboration and being able to share links to Community hub items with your colleagues. Currently, you’ll see these links shared by the Gestionnaire de configuration team and in the documentation.
Par exemple, use this link to share the Configure Edge Auto Update script (https://communityhub.microsoft.com/item/7200). If you have the aperçu technique branch version 2006 console installed, follow that link, puis sélectionnez Launch the Community hub. The console opens directly to the script in the Community hub.
NOTE:These deep links are currently only for items in the Community hub node of the console.
General known issues
Azure AD authentication doesn’t work
Configuration Manager’s use of the Azure Annuaire actif (Azure AD) security token service doesn’t work. Le CCM_STS.log on the management point contains an entry similar to the following erreur: ProcessRequest - Exception: System.IO.FileLoadException: Could not load file or assembly 'System.IdentityModel.Tokens.JWT. It also includes the HRESULT 0x80131040.
Another symptom is issues with a cloud management gateway (CMG). If you run the CMG connection analyzer, it fails testing the CMG channel for management point with the following erreur: Failed to get ConfigMgr token with Azure AD token. Status code is '500' and status description is 'CMGConnector_InternalServerError'.
This issue is because of a version discrepancy with a supporting library.
To work around the issue, copy System.IdentityModel.Tokens.JWT.dll from the \bin\X64 folder of the installation directory on the site server to the SMS_CCM\CCM_STS\bin folder on the management point.
