SCCM 2006.
Microsoft Endpoint Manager tenant attach
Install applications from the admin center
You can initiate an application install in real time for a tenant attached device from the Microsoft Endpoint Manager admin center. Starting with Configuration Manager version 2006, the list of applications available for the device also includes applications deployed to the device’s currently logged on user.
Import previously created Azure AD application during tenant attach onboarding
During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach.
Endpoint analytics
Endpoint analytics data collection enabled by default
The Enable Endpoint analytics data collection client setting is now enabled by default. This setting allows your managed endpoints to send data, such as startup performance insights, to your Configuration Manager site server. This change affects local data collection only. Endpoint analytics data isn’t uploaded to the Microsoft Endpoint Manager admin center until you enable data upload in Configuration Manager. The new default value applies to the default client settings and any custom client settings created after upgrading to version 2006.
- If you’re upgrading from version 2002 to version 2006, existing custom client settings values are retained. The default value for Enable Endpoint analytics data collection in Configuration Manager version 2002 is No.
- If you’re upgrading to version 2006 from Configuration Manager version 1910 or prior, any pre-existing custom client settings that contain the Computer Agent group of settings inherits the new default of Yes for Enable Endpoint analytics data collection.
Site infrastructure
VPN boundary type
To simplify managing remote clients, you can now create a new boundary type for VPNs. Previously, you had to create boundaries for VPN clients based on the IP address or subnet. This configuration could be challenging or not possible because of the subnet configuration or the VPN design.
Now when a client sends a location request, it includes additional information about its network configuration. Based on this information, the server determines whether the client is on a VPN.
Management insights to optimize for remote workers
This release adds a new group of management insights, Optimize for remote workers. These insights help you create better experiences for remote workers and reduce load on your infrastructure. The insights in this release primarily focus on VPN:
- Define VPN boundary groups
- Configure VPN connected clients to prefer cloud based content sources
- Disable peer to peer content sharing for VPN connected clients
Improved support for Windows Virtual Desktop
The Windows 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
For more information on Configuration Manager’s support for Windows Virtual Desktop, see Supported OS versions for clients and devices.
Intranet clients can use a CMG software update point
Intranet clients can now access a CMG software update point when it’s assigned to a boundary group.
Cloud-attached management
Use Microsoft Azure China 21Vianet for co-management
You can now select the Azure China Cloud as your Azure environment when enabling co-management.
Notification for Azure AD app secret key expiration
If you configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:
- One or more Azure AD app secret keys will expire soon
- One or more Azure AD app secret keys have expired
For more information, see Renew secret key.
Desktop Analytics
Change to diagnostic data labels
To better align with the Desktop Analytics requirements for Windows diagnostic data, these settings have new labels:
| Version 2006 and later | Version 2002 and earlier |
|---|---|
| Required | Basic |
| Optional (limited) | Enhanced (Limited) |
| N/A | Enhanced |
| Optional | Full |
If you previously configured any devices at the Enhanced level, when you upgrade to version 2006, they’ll revert to Optional (limited). They will then send less data to Microsoft. This change shouldn’t impact what you see in Desktop Analytics.
Real-time management
Improvements to CMPivot
The following improvements have been made in CMPivot:
- CMPivot from the console and CMPivot standalone have been converged
- Run CMPivot from an individual device or multiple devices without having to select or create a collection
- From CMPivot query results, you can select an individual device or multiple devices then launch a separate CMPivot instance scoped to your selection.
Client management
Install and upgrade the client on a metered connection
Previously, if the device was connected to a metered network, new clients wouldn’t install. Existing clients only upgraded if you allowed all client communication. For devices that are frequently roaming on a metered network, they would be unmanaged or on an older client version. Starting in this release, you can install and upgrade the client when you set the client setting Client communication on metered internet connections to Allow or Limit. With this setting, you can allow the client to stay current, but still manage the client communication on a metered network.
To define the behavior for a new client installation, there’s a new ccmsetup parameter /AllowMetered. When you allow client communication on a metered network for ccmsetup, it downloads the content, registers with the site, and downloads the initial policy. Any further client communication follows the configuration of the client setting from that policy.
For more information, see the following articles:
- About client settings
- About client installation parameters and properties
Improvements to managing device restarts
Configuration Manager provides many options to manage device restarts and restart notifications. You can now configure a client setting to prevent devices from automatically restarting when a deployment requires it. This setting gives you more control in unique situations. By default, the client setting Configuration Manager can force a device to restart is enabled, so Configuration Manager can still force devices to restart. This setting only applies to application, software update, and package deployments that require a restart.
Application management
Improvements to available apps via CMG
This release fixes an issue with Software Center and Azure Active Directory (Azure AD) authentication. For a client detected as on the intranet but communicating via the cloud management gateway (CMG), previously Software Center would use Windows authentication. When it tried to get the list of user-available apps, it would fail. It now uses Azure Active Directory (Azure AD) identity for devices joined to Azure AD. These devices can be cloud-joined or hybrid-joined.
Microsoft 365 Apps for enterprise
Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise on April 21, 2020. Starting in version 2006, the following changes have been made:
- The Configuration Manager console has been updated to use the new name.
- This change also includes update channel names for Microsoft 365 Apps.
- A banner notification was added to the console to notify you if one or more automatic deployment rules reference obsolete channel names in the Title criteria for Microsoft 365 Apps updates.
OS deployment
Task sequence media support for cloud-based content
Task sequence media can now download cloud-based content. For example, you send a USB key to a user at a remote office to reimage their device. Or an office that has a local PXE server, but you want devices to prioritize cloud services as much as possible. Instead of further taxing the WAN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources. For example, a cloud management gateway (CMG) that you enable to share content.
The device still needs an intranet connection to the management point.
Improvements to task sequences via CMG
This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):
- Support for OS deployment: With a task sequence that uses a boot image to deploy an OS, you can deploy it to a device that communicates via CMG. The user needs to start the task sequence from Software Center. For more information, see Plan for CMG – Specifications.
- This release fixes the two known issues from Configuration Manager current branch version 2002. You can now run a task sequence on a device that communicates via CMG in the following circumstances:
- A workgroup device that you register with a bulk registration token
- You configure the site for Enhanced HTTP and the management point is HTTP
Improvements to BitLocker task sequence steps
You can now specify the disk encryption mode on the Enable BitLocker and Pre-provision BitLocker task sequence steps. By default, the steps continue to use the default encryption method for the OS version.
The Enable BitLocker step also now includes a setting to Skip this step for computers that do not have a TPM or when TPM is not enabled. When you enable this setting, the step logs an error on a device without a TPM or a TPM that doesn’t initialize, and the task sequence continues. This setting makes it easier to manage the task sequence behavior on devices that can’t fully support BitLocker.
Management insight rules for OS deployment
When the size of the task sequence policy exceeds 32 MB, the client fails to process the large policy. The client then fails to run the task sequence deployment. To help you manage the policy size of task sequences, this release includes the following management insights:
- Large task sequences may contribute to exceeding maximum policy size
- Total policy size for task sequences exceeds policy limit
These rules are in a new group for Operating System Deployment. The existing rule for Unused boot images is now in this group too.
Improvements to OS deployment
This release includes the following additional improvements to OS deployment:
- Use a task sequence variable to specify the target of the Format and Partition Disk step. This new variable option supports more complex task sequences with dynamic behaviors. For example, a custom script can detect the disk and set the variable based on the hardware type. Then you can use multiple instances of this step to configure different hardware types and partitions.
- The Check Readiness step now includes a check to determine if the device uses UEFI. It also includes a new read-only task sequence variable, _TS_CRUEFI.
- If you enable the task sequence progress window to show more detailed progress information, it now doesn’t count enabled steps in a disabled group. This change helps make the progress estimate more precise.
- Previously, during a task sequence to upgrade a device to Windows 10, a command prompt window opened during one of the final Windows configuration phases. The window was on top of the Windows out-of-box experience (OOBE), and users could interact with it to disrupt the upgrade process. Now the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts from Configuration Manager include a change to hide this command prompt window.
- Some customers build custom task sequence interfaces using the IProgressUI::ShowMessage method, but it doesn’t return a value for the user’s response. This release adds the IProgressUI::ShowMessageEx method. This new method is similar to the existing method, but also includes a new integer result variable, pResult.
Protection
CMG support for endpoint protection policies
While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domain controllers. Starting in this release, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.
BitLocker management support for hierarchies
You can now install the BitLocker self-service portal and the administration and monitoring website at the central administration site.
Configuration Manager console
Community hub and GitHub
(First introduced in June 2020)
The IT admin community has developed a wealth of knowledge over the years. Rather than reinventing items like scripts and reports from scratch, we’ve built a Configuration Manager Community hub where you can share with each other. By leveraging the work of others, you can save hours of work. The Community hub fosters creativity by building on others’ work and having other people build on yours. GitHub already has industry-wide processes and tools built for sharing. Now, the Community hub will leverage those tools directly in the Configuration Manager console as foundational pieces for driving this new community. For the initial release, the content made available in the Community hub will be uploaded only by Microsoft.
Direct links to Community hub items
You can easily navigate to and reference items in the Configuration Manager console Community hub node with a direct link.
Notifications from Microsoft
You can now choose to receive notifications from Microsoft in the Configuration Manager console. These notifications help you stay informed about new or updated features, changes to Configuration Manager and attached services, and issues that require action to remediate.
Power BI sample reports
(First introduced in June 2020)
When you integrate Power BI Report Server with Configuration Manager reporting, there are now sample Power BI reports available. Download and install the following sample reports:
- Software Update Compliance Status
- Software Update Deployment Status
Deprecated operating systems
Learn about support changes before they’re implemented in removed and deprecated items.
As first announced in version 1906, version 2006 drops support for the following client OS versions:
- Windows CE 7.0
- Windows 10 Mobile
- Windows 10 Mobile Enterprise
