Configuration Manager Technical Preview Branch Update 1706.
- Include trust for specific file paths in Device Guard policies – Optionally, include trust for a specific local file or folder path on clients running a Device Guard policy. Any binaries at the locations specified in the policy can run on targeted clients when enforcement is enabled in the policy.
- Register Windows 10 devices with Azure Active Directory – A new client setting (in Cloud Services group) is enabled by default to automatically register new Windows 10 domain joined devices with Azure AD.
Application Lifecycle and Content
- Specify a different install content location and uninstall content location for a deployment type – You can now specify a different install content location and uninstall content location for a deployment type. Additionally, you can also leave the uninstall content location empty.
- Improvements for Software Update Points in Boundary Groups – Boundary groups now support configuring the time for fallback for software update points.
Operating System Deployment
- PXE network boot support for IPv6 – In an IPv6-only network, boot a device via PXE to start a task sequence OS deployment.
- Hide task sequence progress – Easily toggle when the task sequence progress is or is not displayed to the end user, on a granular step-by-step basis.
- Device Health Attestation assessment for compliance policies for conditional access – Use Device Health Attestation status as a compliance policy rule for conditional access to company resources.
- Manage Microsoft Surface driver updates – You can now use Configuration Manager to manage Microsoft Surface driver updates.
- Windows Update for Business policy setting configuration – Use configuration items to configure deferral settings for Windows Update for Business.
- Site Server Role High Availability – You can now add a primary site server in ‘passive mode’ to your standalone site to increase availability.
- Create and run scripts – Create and run scripts from Configuration Manager.
- Upgrade Readiness added to Azure Services Wizard – You can now use Azure Services Wizard to connect ConfigMgr to Upgrade Readiness in Windows Analytics to synchronize data to assess device compatibility with Windows 10.
- Accessibility improvements in the Configuration Manager console – This preview introduces several improvements to the accessibility features in the Configuration Manager console.
This release also includes the following improvement for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:
- Android and iOS Enrollment Restrictions – Admins can now specify that users cannot enroll personal Android or iOS devices in their hybrid environment, limiting enrollment to predeclared company-owned devices or DEP-enrolled devices only.
- New options for compliance policies – You can now configure new options for compliance policies that were previously only available in Intune standalone.
- New compliance policy actions – You can now configure actions for compliance policies. These actions include setting a grace period for devices that are noncompliant before they lose access to company resources, and creating emails to be sent to users with noncompliant devices.
- New settings for Windows configuration items – You can now configure new Windows configuration item settings that were previously only available in Intune standalone.
- Cisco (IPsec) support for iOS VPN Profiles – Admins can now use Cisco (IPsec) as a connection type for VPN profiles for iOS.
- App Protection settings to block printing and contact sync – Additional settings have been added to block printing and contact sync on Intune-enlightened applications.
- PFX certificate creation and distribution and S/MIME support – Admins can create and deploy PFX certificates to users utilizing an Entrust certification authority. These certificates can then be used for S/MIME encryption, decryption, and authentication by devices that the user has enrolled.