SCCM 1910 current branch.
NOTE: In Windows 10, when you open the Start menu, just start typing the name to find the icon. For example, config
for the Configuration Manager console, and software
for Software Center.
CMPivot now works better together with Microsoft Defender Advanced Threat Protection (ATP) software, by linking the CMPivot output with relevant ATP details. The performance of CMPivot has been improved by offloading querying to the client to reduce network traffic and load on the servers. You now have the ability to run queries just locally on “This PC”, for WMI related data. Running on “This PC” saves the need to use the Configuration Manager infrastructure at all and returns data faster, so you can pivot and hone your query to be precisely what you want, before you consume network bandwidth resources. This aids in writing the correct query.
We have added joins and more operators (+,-,*,/,%) and exposed file hashes (MD5 and SHA256) to find files masquerading as others. To make sharing queries easier, we have added a query shortcuts feature, that lets you copy & paste the query to a clipboard and send it via email to collaborators. When the collaborator clicks the link to the query, it will auto-launch CMPivot standalone and provide the same query for them to run.
Real-time management
Optimizations to the CMPivot engine
We’ve added some significant optimizations to the CMPivot engine that allows us to push more of the processing to the ConfigMgr client. The optimizations drastically reduce the network and server CPU load needed to run CMPivot queries. With these optimizations, we can now sift through gigabytes of client data in real time.
Additional CMPivot Entities and Enhancements
We’ve added a number of new CMPivot entities and entity enhancements to aid in troubleshooting and hunting. We’ve included the following entities to query:
- Windows event logs (WinEvent)
- File content (FileContent)
- Dlls loaded by processes (ProcessModule)
- Azure Active Directory information (AADStatus)
- Endpoint protection status (EPStatus)
Microsoft Connected Cache support for Intune Win32 apps
When you enable Microsoft Connected Cache on your Configuration Manager distribution points, they can now serve Microsoft Intune Win32 apps to co-managed clients.
NOTE: Configuration Manager current branch version 1906 included Delivery Optimization In-Network Cache (DOINC), an application installed on Windows Server that’s still in development. Starting in current branch version 1910, this feature is now called Microsoft Connected Cache.
When you install Connected Cache on a Configuration Manager distribution point, it offloads Delivery Optimization service traffic to local sources. Connected Cache does this behavior by efficientl caching content at the byte range level.
Desktop Analytics
- Support for Desktop Analytics – This release provides support for Desktop Analytics which is now generally available. Desktop Analytics provides the insight and automation you need to efficiently get current and stay current with Windows. By integrating with Configuration Manager, Desktop Analytics adds cloud value to your on-premises infrastructure.
Site infrastructure
- Reclaim SEDO lock – Starting in current branch version 1906, you could clear your lock on a task sequence. Now you can clear your lock on any object in the Configuration Manager console.
- Extend and Migrate on-premises Configuration Manager environment to Microsoft Azure – This new tool helps you to programmatically create Azure virtual machines (VMs) for Configuration Manager. It can install with default settings site roles like a passive site server, management points, and distribution points. Once you validate the new roles, use them as additional site systems for high availability. You can also remove the on-premises site system role and only keep the Azure VM role
Client Management
- Include custom configuration baselines as part of compliance policy assessment – You can now add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you have an option to Evaluate this baseline as part of compliance policy assessment. When adding or editing a compliance policy rule, you have a condition called Include configured baselines in compliance policy assessment.
- Enable user policy for Windows 10 Enterprise multi-session – Configuration Manager current branch version 1906 introduced support for Windows Virtual Desktop. In this release if you require user policy on these multi-session devices, and accept any potential performance impact, you can now configure a client setting to enable user policy.
Application Management
- Deploy Microsoft Edge, version 77 and later – The all-new Microsoft Edge is ready for business. You can now deploy Microsoft Edge, version 77 and later to your users. Admins can pick the Beta or Dev channel, along with a version of the Microsoft Edge client to deploy.
- Improvements to application groups – This release includes the following improvements:
- Users can Uninstall the app group in Software Center.
- You can deploy an app group to a user collection.
Operating System Deployment
- Task sequence performance improvements – power plans – You can now run a task sequence with the high performance power plan. This option improves the overall speed of the task sequence.
- Task sequence download on demand over the internet – Starting in this release, the task sequence engine can download packages on-demand from a content-enabled CMG or a cloud distribution point. This change provides additional flexibility with your Windows 10 in-place upgrade deployments to internet-based device.
- Improvements to the task sequence editor
- You can now search in the task sequence editor. This action lets you more quickly locate steps in the task sequence.
- If you want to reuse the conditions from one task sequence step to another, you can now copy and paste conditions in the task sequence editor.
- Improvements to OSD
- Boot image keyboard layout
- Import a single index of an OS upgrade package
- Output the results of a Run Command Line step to a variable during a task sequence
- Improvements to task sequence debugger
- Improved language support in task sequence
Improved language support in task sequence
This release adds control over language configuration during OS deployment. If you’re already applying these language settings, this change can help you simplify your OS deployment task sequence. Instead of using multiple steps per language or separate scripts, use one instance per language of the built-in Apply Windows Settings step with a condition for that language.
Use the Apply Windows Settings task sequence step to configure the following new settings:
- Input locale (default keyboard layout)
- System locale
- UI language
- UI language fallback
- User locale
New variable for Windows 10 in-place upgrade
To address timing issues with the Window 10 in-place upgrade task sequence on high performance devices when Windows setup is complete, you can now set a new task sequence variable SetupCompletePause. When you assign a value in seconds to this variable, the Windows setup process delays that amount of time before it starts the task sequence. This timeout provides the Configuration Manager client additional time to initialize.
Protection
- Bitlocker Management (MBAM) – Configuration Manager now provides the following management capabilities for BitLocker Drive Encryption:
- Deploy the BitLocker client to managed Windows devices
- Manage device encryption polices
- Compliance reports
- Administration and monitoring website for key recovery
- A user self-service portal
Software updates
- Additional options for third-party update catalogs – You now have more granular controls over synchronization of third-party updates catalogs. Starting in Configuration Manager version 1910, you can configure the synchronization schedule for each catalog independently. When using catalogs that include categorized updates, you can configure synchronization to include only specific categories of updates to avoid synchronizing the entire catalog.
- Use Delivery Optimization for all Windows updates – Previously, Delivery Optimization could be leveraged only for express updates. With Configuration Manager version 1910, it’s now possible to use Delivery Optimization for the distribution of all Windows Update content for clients running Windows 10 version 1709 or later.
- Additional software update filter for ADRs – You can now use Deployed as an update filter for your automatic deployment rules. This filter helps identify new updates that may need to be deployed to your pilot or test collections.
Office Management
- Office 365 ProPlus Pilot and Health Dashboard – The Office 365 ProPlus Pilot and Health Dashboard helps you plan, pilot, and perform your Office 365 ProPlus deployment. The dashboard provides health insights for devices with Office 365 ProPlus to help identify possible issues that may affect your deployment plans.
Configuration Manager Console
- View active consoles and message administrators through Console Connections – You now have the ability to message other Configuration Manager administrators through Microsoft Teams. Also, the Last Console Heartbeat column has replaced the Last Connected Time
- Client diagnostics actions – You can now enable and disable verbose and debugging logging for the CCM component from the console.
Windows PowerShell MECM 1910
New cmdlets
New-CMDuplicateHardwareIdGuid
Use this cmdlet to add duplicate hardware identifiers by GUID. PowerShell
New-CMDuplicateHardwareIdGuid -Id 24D0F753-B2E2-4D9C-B07C-099C4FC1EF3C
New-CMDuplicateHardwareIdMacAddress
Use this cmdlet to add duplicate hardware identifiers by MAC address. PowerShell
New-CMDuplicateHardwareIdMacAddress -MacAddress 01:02:03:04:05:E0
New-CMThirdPartyUpdateCatalog
Use this cmdlet to create a new third-party updates catalog. PowerShell
New-CMThirdPartyUpdateCatalog -DownloadUrl $downloadUrl -PublisherName $publisher -Name $name -Description $description -SupportUrl $supportUrl -SupportContact $supportContact
Get-CMThirdPartyUpdateCatalog
Use this cmdlet to get a third-party updates catalog. PowerShell
Get-CMThirdPartyUpdateCatalog
Get-CMThirdPartyUpdateCatalog -Id $id
Get-CMThirdPartyUpdateCatalog -Name $name
Get-CMThirdPartyUpdateCatalog -SiteCode $siteCode
Get-CMThirdPartyUpdateCatalog -IsSyncEnabled $true
Get-CMThirdPartyUpdateCatalog -IsCustomCatalog $true
Set-CMThirdPartyUpdateCatalog
Use this cmdlet to modify a third-party updates catalog. PowerShell
Set-CMThirdPartyUpdateCatalog -Name $name -NewName $newName
Set-CMThirdPartyUpdateCatalog -ThirdPartyUpdateCatalog $catalog -Description $newdescription
$catalog | Set-CMThirdPartyUpdateCatalog -SupportContact $newSupportContact -SupportUrl $newSupportUrl
Remove-CMDuplicateHardwareIdGuid
Use this cmdlet to remove duplicate hardware identifiers by GUID. PowerShell
Remove-CMDuplicateHardwareIdGuid -Id 24D0F753-B2E2-4D9C-B07C-099C4FC1EF3C
Remove-CMDuplicateHardwareIdGuid -InputObject $myGuid #(<IResultObject#SMS_CommonSmbiosGuids>)
Remove-CMDuplicateHardwareIdMacAddress
Use this cmdlet to remove duplicate hardware identifiers by MAC address. PowerShell
Remove-CMDuplicateHardwareIdMacAddress -MacAddress 01:02:03:04:05:E0
Remove-CMDuplicateHardwareIdMacAddress -InputObject $myMacAddress #()
Remove-CMThirdPartyUpdateCatalog
Use this cmdlet to remove a third-party updates catalog. PowerShell
Remove-CMThirdPartyUpdateCatalog -Id $catalog.ID -Force
Remove-CMThirdPartyUpdateCatalog -Name $catalog.Name -Force
Remove-CMThirdPartyUpdateCatalog -ThirdPartyUpdateCatalog $catalog -Force
$catalog | Remove-CMThirdPartyUpdateCatalog -Force
Removed cmdlets
None
Deprecated cmdlets
The following cmdlets are deprecated with the end of hybrid service:
- Add-CMIntuneSubscription
- Add-CMMdmEnrollmentManager (Add-CMIntuneDeviceEnrollmentManager)
- Export-CMWindowsEnrollmentProfile
- Get-CMConditionalAccessPolicy (Get-CMOnPremConditionalAccessPolicy)
- Get-CMCorpOwnedDevice
- Get-CMDeviceActionState (Get-CMDeviceAction)
- Get-CMIntuneSubscription
- Get-CMIosEnrollmentProfile
- Get-CMMdmEnrollmentManager (Get-CMIntuneDeviceEnrollmentManager)
- Get-CMWindowsEnrollmentProfile
- Get-CMWindowsEnrollmentProfilePackage
- Invoke-CMDeviceAction
- New-CMApnsCertificateRequest
- New-CMConditionalAccessPolicy (New-CMOnPremConditionalAccessPolicy)
- New-CMDepTokenRequest
- New-CMIosEnrollmentProfile
- New-CMWindowsEnrollmentProfile
- Remove-CMConditionalAccessPolicy (Remove-CMOnPremConditionalAccessPolicy)
- Remove-CMCorpOwnedDevice
- Remove-CMIntuneSubscription
- Remove-CMIosEnrollmentProfile
- Remove-CMMdmEnrollmentManager (Remove-CMIntuneDeviceEnrollmentManager)
- Remove-CMWindowsEnrollmentProfile
- Remove-CMWindowsEnrollmentProfilePackage
- Set-CMConditionalAccessPolicy (Set-CMOnPremConditionalAccessPolicy)
- Set-CMIntuneSubscription
- Set-CMIntuneSubscriptionAndroidProperty (Set-CMIntuneSubscriptionAndroidProperties)
- Set-CMIntuneSubscriptionAppleDepProperty
- Set-CMIntuneSubscriptionAppleProperty (aliases:)
- Set-CMIntuneSubscriptionMacOSProperties
- Set-CMIntuneSubscriptionIosProperties
- Set-CMIntuneSubscriptionMacOSProperty
- Set-CMIntuneSubscriptionIosProperty
- Set-CMIntuneSubscriptionAppleMdmProperty
- Set-CMIntuneSubscriptionPassportForWorkProperty
- Set-CMIntuneSubscriptionWindowsPhoneProperty (Set-CMIntuneSubscriptionWindowsPhoneProperties)
- Set-CMIntuneSubscriptionWindowsProperty (Set-CMIntuneSubscriptionWindowsProperties)
- Set-CMIosEnrollmentProfile
- Set-CMIosEnrollmentProfileAssignment
- Set-CMWindowsEnrollmentProfile