구성 관리자 기술 미리보기 2006.
Use the Company Portal app on co-managed devices
The Company Portal is now the cross-platform app portal experience for Microsoft Endpoint Manager. You can now use a preview version of the Company Portal on co-managed devices. By configuring co-managed devices to also use the Company Portal, you can provide a consistent user experience on all devices.
This preview version of the Company Portal supports the following actions:
- Launch the Company Portal app on co-managed devices and sign in with Azure Active Directory (Azure AD) single sign-on (SSO).
- View available and installed Configuration Manager apps in the Company Portal alongside Intune apps.
- Install available Configuration Manager apps from the Company Portal and receive installation status information.
The behavior of the Company Portal depends upon your co-management workload configuration:
Workload | Setting | Behavior |
---|---|---|
Client apps | 구성 관리자 | You can see only Configuration Manager client apps |
Client apps | Pilot Intune 또는 Intune | You can see both Configuration Manager and Intune client apps |
Office Click-to-run apps | 구성 관리자 | You can see only Configuration Manager Office click-to-run apps |
Office Click-to-run apps | Pilot Intune 또는 Intune | You can see only Intune Office click-to-run apps |
Prerequisites for Company Portal preview
- Contact the Company Portal preview team to get started:
cppreview@microsoft.com
- 윈도우 10, 버전 1803 또는 나중에:
- Enrolled to co-management
- Access to internet endpoints for Intune
- The user accounts that sign in to these devices require the following configurations:
- An Azure AD identity
- Assigned an Intune license
CMG를 통해 사용 가능한 앱 개선
인터넷 기반의, Azure Active Directory에 가입되지 않은 도메인 가입 장치 (Azure AD) 클라우드 관리 게이트웨이를 통해 통신합니다. (CMG) 이제 사용 가능한 앱을 배포할 수 있습니다.. 장치의 Active Directory 도메인 사용자에게는 일치하는 Azure AD ID가 필요합니다.. 사용자가 소프트웨어 센터를 시작할 때, Windows에서 Azure AD 자격 증명을 입력하라는 메시지를 표시합니다.. 그런 다음 사용 가능한 앱을 볼 수 있습니다..
Configure the following prerequisites to enable this functionality:
- 윈도우 10 device
- Joined to your on-premises Active Directory domain
- Communicate via CMG
- The site has discovered the user by both Active Directory and Azure AD user discovery
인트라넷 클라이언트는 CMG 소프트웨어 업데이트 지점을 사용할 수 있습니다.
Intranet clients can now access a CMG software update point when it’s assigned to the boundary group. Admins can allow intranet devices to scan against a CMG software update point in the following scenarios:
- When an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.
- If the only software update point for the boundary group is the CMG software update point, then all intranet and internet devices will scan against it.
CMG를 통한 작업 순서 개선
이 릴리스에는 클라우드 관리 게이트웨이를 통해 통신하는 장치에 작업 순서를 배포하기 위한 다음과 같은 개선 사항이 포함되어 있습니다. (CMG):
- OS 배포 지원: 부팅 이미지를 사용하여 OS를 배포하는 작업 순서 사용, CMG를 통해 통신하는 디바이스에 배포할 수 있습니다.. 사용자는 소프트웨어 센터에서 작업 순서를 시작해야 합니다..
- 이 릴리스는 Configuration Manager 현재 분기 버전에서 알려진 두 가지 문제를 수정합니다. 2002. 이제 다음과 같은 상황에서 CMG를 통해 통신하는 디바이스에서 작업 순서를 실행할 수 있습니다.:
- 대량 등록 토큰으로 등록하는 작업 그룹 장치
- 향상된 HTTP에 대한 사이트를 구성하고 관리 지점이 HTTP입니다.
Known issue with OS deployment via CMG
If there’s an Install Application step in an OS deployment task sequence to a client via CMG, it fails to download the app policy. To work around this issue, disable this step in the task sequence. Deploy the app separately from the task sequence.
원격 근무자를 최적화하기 위한 관리 통찰력
이번 릴리스에는 새로운 관리 통찰력 그룹이 추가되었습니다., 원격 근무자를 위한 최적화. 이러한 통찰력은 원격 작업자를 위한 더 나은 환경을 만들고 인프라의 부하를 줄이는 데 도움이 됩니다.. 이번 릴리스의 통찰력은 주로 VPN에 중점을 둡니다.:
- VPN 경계 그룹 정의: Create a VPN boundary and associate it to a boundary group. Associate VPN-specific site systems to the group, and configure the settings for your environment. This insight checks for at least one boundary group with at least one VPN boundary in it. From the properties of this insight, 선택하다 Review Actions to go to the 경계 그룹 node.
- 클라우드 기반 콘텐츠 소스를 선호하도록 VPN 연결 클라이언트 구성: To reduce traffic on the VPN, enable the boundary group option to Prefer cloud based sources over on-premises sources. This option allows clients to download content from the internet instead of distribution points across the VPN.
- VPN 연결 클라이언트에 대한 P2P 콘텐츠 공유 비활성화: To prevent unnecessary peer-to-peer traffic that likely doesn’t benefit the remote clients, disable the boundary group option to Allow peer downloads in this boundary group.
Improvements to VPN boundary type
You can now create more than one VPN boundary, and can detect the connection by the VPN name or description. When you open the Create Boundary 페이지, 를 선택하고 VPN 유형, choose one of the following options:
- Auto detect VPN: This option is the same behavior as before. The boundary value in the console list will be
AUT:1
. It should detect any VPN solution that uses the point-to-point tunneling protocol (PPTP). If it doesn’t detect your VPN, use one of the other options. - Connection name: Specify the name of the VPN connection on the device. It’s the name of the network adapter in Windows for the VPN connection. Configuration Manager matches the first 251 characters of the string, but doesn’t support wildcard characters or partial strings. The boundary value in the console list will be
NAM:<name>
, 어디<name>
is the connection name that you specify. 예를 들어, you run theipconfig
command on the device, and one of the sections starts with:PPP adapter ContosoVPN:
. Use the stringContosoVPN
as the Connection name. It displays in the list asNAM:ContosoVPN
. - Connection description: Specify the description of the VPN connection. Configuration Manager matches the first 251 characters of the string, but doesn’t support wildcard characters or partial strings. The boundary value in the console list will be
DES:<description>
, 어디<description>
is the connection description that you specify. 예를 들어, you run theipconfig /all
command on the device, and one of the connections includes the following line:Description . . . . . . . . . . . : ContosoMainVPN
. Use the stringContosoMainVPN
as the Connection description. It displays in the list asDES:ContosoMainVPN
.
In every case, the device needs to be connected to the VPN for Configuration Manager to associate the client in that boundary.
Tenant Attach: Improvements to Configuration Manager actions in Microsoft Endpoint Manager admin center
This release introduces some improvements to the administration of Configuration Manager devices in Microsoft Endpoint Manager admin center. Improvements include:
- Configuration errors now include links to documentation to help you troubleshoot.
- User available applications now appear in the 응용 node for a ConfigMgr device.
- The application list includes applications deployed to a user currently logged on to the device.
- Multi-user session scenarios aren’t supported.
- Azure AD joined devices aren’t currently supported, only AD joined devices.
엔드포인트 보호 정책에 대한 CMG 지원
클라우드 관리 게이트웨이인 반면 (CMG) 엔드포인트 보호 정책을 지원했습니다., 온프레미스 도메인 컨트롤러에 대한 액세스가 필요한 장치. 이번 릴리스부터, CMG를 통해 통신하는 클라이언트는 Active Directory에 대한 활성 연결 없이 즉시 엔드포인트 보호 정책을 적용할 수 있습니다..
테넌트 연결 온보딩 중에 이전에 생성된 Azure AD 애플리케이션 가져오기
신규 온보딩 중, 관리자는 테넌트 연결에 온보딩하는 동안 이전에 생성된 애플리케이션을 지정할 수 있습니다.. 로부터 Tenant onboarding page in the Co-management Configuration Wizard, 선택하다 Optionally import a separate web app to synchronize Configuration Manager client data to Microsoft Endpoint Manager admin center. This option will prompt you to specify the following information for your Azure AD app:
- Azure AD tenant name
- Azure AD tenant ID
- 애플리케이션 이름
- Client ID
- Secret key
- Secret key expiry
- App ID URI
Improvements to client upgrade on a metered connection
Starting in Configuration Manager technical preview version 2005, you could install and upgrade the client when you allowed client communication on a metered connection. You can now also configure the client setting 데이터 통신 연결을 통한 클라이언트 통신 에게 한계. This option reduces the client communication on a metered network, but now still allows the client to stay current.
자세한 내용은, 다음 기사를 참조하십시오:
- Technical preview 2005: 데이터 통신 연결에서 클라이언트 설치 및 업그레이드
- 클라이언트 설정 정보: 데이터 통신 연결을 통한 클라이언트 통신
장치 재시작 관리 개선
Configuration Manager provides many options to manage device restart notifications. UserVoice 피드백을 기반으로 합니다., you can now configure client settings to prevent devices from automatically restarting when a deployment requires it. 기본적으로, Configuration Manager can still force devices to restart.
중요한:This new client setting applies to all application, 소프트웨어 업데이트, and package deployments to the device. Until a user manually restarts the device:
- Software updates and app revisions may not be fully installed
- Additional software installs may not happen
Windows Virtual Desktop에 대한 지원이 향상되었습니다.
그만큼 윈도우 10 엔터프라이즈 다중 세션 플랫폼은 요구 사항 규칙 또는 적용 가능성 목록이 있는 개체의 지원되는 OS 버전 목록에서 사용할 수 있습니다..
메모: If you previously selected the top-level 윈도우 10 platform, this action automatically selected all child platforms. This new platform isn’t automatically selected. If you want to add 윈도우 10 엔터프라이즈 다중 세션, manually select it in the list.
Direct links to Configuration Manager Community hub items
You can now easily navigate to and reference items in the Configuration Manager console Community hub node with a direct link. The intention for this feature is for easier collaboration and being able to share links to Community hub items with your colleagues. Currently, you’ll see these links shared by the Configuration Manager team and in the documentation.
예를 들어, use this link to share the Configure Edge Auto Update script (https://communityhub.microsoft.com/item/7200
). If you have the technical preview branch version 2006 console installed, follow that link, 그런 다음 선택 Launch the Community hub. The console opens directly to the script in the Community hub.
메모:These deep links are currently only for items in the Community hub node of the console.
General known issues
Azure AD authentication doesn’t work
Configuration Manager’s use of the Azure Active Directory (Azure AD) security token service doesn’t work. 그만큼 CCM_STS.log on the management point contains an entry similar to the following error: ProcessRequest - Exception: System.IO.FileLoadException: Could not load file or assembly 'System.IdentityModel.Tokens.JWT.
It also includes the HRESULT 0x80131040.
Another symptom is issues with a cloud management gateway (CMG). If you run the CMG connection analyzer, it fails testing the CMG channel for management point with the following error: Failed to get ConfigMgr token with Azure AD token. Status code is '500' and status description is 'CMGConnector_InternalServerError'.
This issue is because of a version discrepancy with a supporting library.
To work around the issue, copy System.IdentityModel.Tokens.JWT.dll from the \bin\X64 folder of the installation directory on the site server to the SMS_CCM\CCM_STS\bin folder on the management point.