Tehnički pregled upravitelja konfiguracije 2010.2.
Tenant attach: Portal za rješavanje problema navodi korisničke uređaje na temelju upotrebe
Portal za rješavanje problema u centru administracije Microsoft Endpoint Managera omogućuje vam traženje korisnika i pregled povezanih uređaja. Počevši od ovog izdanja, uređaji priključeni stanarima kojima se automatski dodjeljuje afinitet korisničkog uređaja na temelju upotrebe sada će se vratiti prilikom traženja korisnika.
Preduvjeti
- An environment that’s tenant attached with uploaded devices
- Install the latest version of the Configuration Manager client.
- Target clients with User and Device Affinity client settings to automatically create the affinities.
Tenant attach: Create and deploy firewall policies
You can now configure and deploy settings for Windows Defender Firewall with Advanced Security to tenant-attached Windows 10 devices.
Preduvjeti
- An environment that’s tenant attached with uploaded devices
- Windows 10 or later clients
Poboljšanja aplikacija u centru administracije Microsoft Endpoint Manager
Napravili smo poboljšanja u aplikacijama za uređaje pripojene stanarima. Administratori sada mogu izvršiti sljedeće radnje za aplikacije u centru administracije Microsoft Endpoint Manager:
- Deinstaliraj aplikacija
- Popravak instalacija aplikacije
- Ponovno procijeniti status instalacije aplikacije
- Ponovno instalirajte an application that has replaced Retry installation
Prerequisites for applications:
- All the prerequisites for applications for tenant-attached devices
- Install the latest version of the Configuration Manager client
- Targeted clients need to be online
- To uninstall an application:
- The application must have at least one deployment type with the uninstall command defined
- Required deployments of the application can’t be targeted to the client
- The application must currently be installed on the device
- To repair an application:
- The application must have at least one deployment type with the repair command defined
- The application must currently be installed on the device
Permissions needed:
- Read permission on Kolekcija
- Apply the permission to both targeted device collections and targeted user collections
- Read on the Application
- Approve on the Application
Known issues with apps in Microsoft Endpoint Manager admin center
In this technical preview, if you see an error notification when you install, uninstall, reevaluate, or repair an app, use the following workaround. Open SQL Server Management Studio, select the primary site database, and run the following SQL script: SQL
DECLARE @view nvarchar(max) = OBJECT_DEFINITION(OBJECT_ID('[dbo].[vSMS_CombinedDeviceResources]'));
IF (@view IS NULL) print 'Object not found, select primary site database and re-run script'
ELSE BEGIN
SET @view = REPLACE(REPLACE(@view, 'ck.ApprovalStatus as IsApproved', '(CASE WHEN ck.ApprovalStatus = 2 OR ck.ApprovalStatus = 3 THEN 1 ELSE ck.ApprovalStatus END) as IsApproved'), 'CREATE VIEW', 'ALTER VIEW')
EXEC sp_executesql @view
END
Poboljšanja upravljanja BitLockerom
Based on your UserVoice feedback, you can now manage BitLocker policies and escrow recovery keys over a cloud management gateway (CMG). Ova promjena također pruža podršku za upravljanje BitLockerom putem internetskog upravljanja klijentima (IBCM) i kada konfigurirate web mjesto za poboljšani HTTP. Nema promjena u postupku postavljanja upravljanja BitLockerom. For more information, see Deploy BitLocker management.
If you have either the Helpdesk or Self-Service portals set up, use these portals to validate that clients escrow their keys directly to a management point. For more information, see Set up BitLocker portals. Continue to use BitLockerManagementHandler.log to help troubleshoot client communication.
Known issue with BitLocker management
When the client can’t communicate with an on-premises management point, there’s an issue with the client’s BitLocker configuration for key recovery. As a temporary workaround for this preview release:
- Set the following registry key on the client:
HKLM\SOFTWARE\Microsoft\CCM\BLM, "UseKeyRecoveryService"=dword:00000001
- Restart the SMS Agent Host (ccmexec) servis.
This value resets each time the client evaluates the BitLocker management policy, which is seven days by default.
Improvements to deploy an OS over CMG using boot media
Technical preview branch version 2009 included support for using boot media to reimage internet-based devices that connect through a cloud management gateway (CMG).
This release streamlines the administrative workflow in the Configuration Manager console. Na Media Management page of the Create Task Sequence Media Wizard, the Internet-based media option no longer exists. Odaberite Site-based media opcija. Then still select the CMG for the management point on the Boot Image page.
Desktop Analytics support for new Windows 10 razine podataka
Microsoft povećava transparentnost kategoriziranjem podataka koje Windows 10 prikuplja:
- Osnovni, temeljni dijagnostički podaci rekategorizirani su kao Potreban dijagnostički podaci
- puna je rekategoriziran kao Neobavezno
Starting in Configuration Manager current branch version 2006, the Diagnostic Data tab of the Desktop Analytics service in the Configuration Manager console already uses these new labels.
Ako ste prethodno konfigurirali uređaje za ograničeno ili ograničeno (Poboljšano), u nadolazećem izdanju sustava Windows 10, oni će koristiti Potreban razini. Ova promjena može utjecati na funkcionalnost usluge Desktop Analytics.
Trenutačna rezervna točka distribucije za klijente koji preuzimaju delta sadržaj ažuriranja softvera
Postoji nova postavka klijenta za ažuriranje softvera. Ako delta sadržaj nije dostupan iz distribucijskih točaka u trenutnoj grupi granica, možete dopustiti trenutno vraćanje na susjednu ili zadanu distribucijsku točku granične grupe web mjesta. This setting is useful when using delta content for software updates since the timeout setting per download job is 5 minuta.
Onemogući Azure AD autentifikaciju za uključene stanare
Sada možete onemogućiti Azure Active Directory (Azure AD) authentication for tenants not associated with users and devices. When you onboard Configuration Manager to Azure AD, it allows the site and clients to use modern authentication. Currently, Azure AD device authentication is enabled for all onboarded tenants, whether or not it has devices. Na primjer, you have a separate tenant with a subscription that you use for compute resources to support a cloud management gateway. If there aren’t users or devices associated with the tenant, disable Azure AD authentication.
Dodatne opcije prilikom stvaranja registracija aplikacija u Azure Active Directory
Sada možete odrediti Nikada za istek tajnog ključa prilikom kreiranja registracija aplikacije Azure Active Directory. For more information about creating app registrations, see Configure Azure Services.
Choosing Nikada as an option for secret key expiry carries security risk since a secret that’s compromised and never expires can become a point of entry into your environment.
Potvrdite pristup internetu za točku povezivanja usluge
Ako koristite Desktop Analytics ili tenant attach, točka povezivanja usluge sada provjerava važne internetske krajnje točke. Ove provjere pomažu provjeriti jesu li usluge povezane s oblakom dostupne. Također vam pomaže u rješavanju problema brzim utvrđivanjem je li mrežna povezanost problem.
For more details, review the EndpointConnectivityCheckWorker.log file on the service connection point.
A failure isn’t always determined by the HTTP status code, but if there’s network connectivity to an endpoint. The following scenarios can cause a check to fail:
- Network connection timeout
- SSL/TLS failure
- Unexpected status code: Таблиця 1 Status code Description Possible reason 407 Proxy authentication required May indicate a proxy issue 408 Request timeout May indicate a proxy issue 426 Upgrade required May indicate a TLS misconfiguration 451 Unavailable for legal reasons May indicate a proxy issue 502 Bad gateway May indicate a proxy issue 511 Network authentication required May indicate a proxy issue 598 Network read timeout error Not RFC compliant, but used by some proxy servers to indicate a network timeout 599 Network connection timeout error Not RFC compliant, but used by some proxy servers to indicate a network timeout
There are also the following status messages for the SMS_SERVICE_CONNECTOR component:
Message ID | Severity | Notes |
---|---|---|
11410 | Informational | All checks are successful |
11411 | Warning | One or more non-critical failures occurred |
11412 | Error | One or more critical failures occurred |
For more information on required internet endpoints, see Internet access requirements.
Poboljšanja administrativne usluge
API REST upravitelja konfiguracije, služba administracije, zahtijeva sigurnu HTTPS vezu. With the previous methods to enable HTTPS, enabling IIS on the SMS Provider was a prerequisite.
Počevši od ovog izdanja, više ne morate omogućiti IIS na SMS Provideru za uslugu administracije. Kada omogućite stranicu za poboljšani HTTP, it creates a self-signed certificate for the SMS Provider, and automatically binds it without requiring IIS.
If you previously had IIS installed on the SMS Provider, you can remove it. Then restart the SMS_REST_PROVIDER component.