Gestore della configurazione Anteprima tecnica 2002.2.
Improvements to support for ARM64 devices
This release improves upon the support for devices with the ARM64 processor. IL All Finestre 10 (ARM64) platform is now available in the list of supported OS versions on the following objects:
- Configuration item supported platforms
- Application deployment type requirements
- Package program requirements
- Task sequence advanced properties
Support for 64-bit macOS Catalina
Gestore della configurazione now supports the 64-bit macOS Catalina version 10.15.
Search all subfolders for configuration items and configuration baselines
Similar to improvements in previous releases, you can now use the All Subfolders search option from the Configuration Items and Configuration Baselines nodes.
Management insight rules for proper HTTPS configuration
This release includes additional management insight rules to help you configure your site for secure HTTPS communication:
- Sites that don’t have proper HTTPS configuration: This rule lists sites in your hierarchy that’s not properly configured for HTTPS. This configuration prevents the site from synchronizing collection membership results to Azure Directory attiva (Azure AD) groups. It may cause Azure AD sync to not upload all devices. Management of these clients may not function properly.
- Devices not uploaded to Azure AD: This rule lists devices that aren’t uploaded to Azure AD because the site isn’t properly configured for HTTPS.
For either rule, configure Enhanced HTTP, or enable at least one management point for HTTPS.
Improvements to BitLocker management
In Gestore della configurazione current branch versione 1910, to integrate the BitLocker recovery service you had to HTTPS-enable a management point. The HTTPS connection is necessary to encrypt the recovery keys across the network from the Gestore della configurazione client to the management point. Configuring the management point and all clients for HTTPS can be challenging for many customers.
Starting in this version, the HTTPS requirement is for the IIS website that hosts the recovery service, not the entire management point role. This change relaxes the certificato requisiti, and still encrypts the recovery keys in transit.
Now the Client connections property of the management point can be Http O HTTPS. If the management point is configured for Http, to support the BitLocker recovery service:
- Acquire a server authentication certificato. Bind the certificato al IIS website on the management point that hosts the BitLocker recovery service.
- Configure clients to trust the server authentication certificato. There are two methods to accomplish this trust:
- Use a certificato from a public and globally trusted certificato provider. Per esempio, but not limited to, DigiCert, Thawte, or VeriSign. Finestre clients include trusted root certificato authorities (CAs) from these providers. By using a server authentication certificato that’s issued by one of these providers, your clients should automatically trust it.
- Use a certificato issued by a CA from your organization’s public key infrastructure (PKI). Most PKI implementations add the trusted root CAs to Finestre clients. Per esempio, utilizzando Directory attiva Certificato Services with group policy. If you issue the server authentication certificato from a CA that your clients don’t automatically trust, add the CA trusted root certificato to clients.
On the client, usare il BitLockerManagementHandler.log to troubleshoot this connection. For connectivity to the recovery service, IL tronco d'albero shows the URL that the client is using. Locate an entry that starts with Checking for Recovery Service at.
Improvements to extend and migrate on-premises site to Microsoft Azure
Extend and migrate on-premises site to Microsoft Azure now supports provisioning multiple site system roles on a single Azure macchina virtuale. You can add site system roles after the initial Azure macchina virtuale deployment has completed. To add a new role to an existing macchina virtuale, do the following steps:
- Sul Deployments in Azure scheda, click on a macchina virtuale deployment that has a Completed status.
- Fare clic sul Create new button to add an additional role to the macchina virtuale.
Microsoft Endpoint Configuration Manager cloud features
When new cloud-based features are available in the Microsoft Endpoint Manager Centro amministratore, or other attached cloud services for your on-premises Gestore della configurazione installazione, you can now opt in to these new features in the Console di Configuration Manager.
