SCCM 1910 当前分支

SCCM 1910 当前分支.

笔记: 在 视窗 10, when you open the Start menu, just start typing the name to find the icon. 例如, config 为 配置管理器控制台, 和 software 为了 软件中心.

CMPivot now works better together with Microsoft Defender Advanced Threat Protection (ATP) software, by linking the CMPivot output with relevant ATP details. The performance of CMPivot has been improved by offloading querying to the client to reduce network traffic and load on the servers. You now have the ability to run queries just locally on “This PC”, for WMI related data. Running on “This PC” saves the need to use the 配置管理器 infrastructure at all and returns data faster, so you can pivot and hone your query to be precisely what you want, before you consume network bandwidth resources. This aids in writing the correct query.

We have added joins and more operators (+,-,*,/,%) and exposed file hashes (MD5 and SHA256) to find files masquerading as others. To make sharing queries easier, we have added a query shortcuts feature, that lets you copy & paste the query to a clipboard and send it via email to collaborators. When the collaborator clicks the link to the query, it will auto-launch CMPivot standalone and provide the same query for them to run.

Real-time management

Optimizations to the CMPivot engine

We’ve added some significant optimizations to the CMPivot engine that allows us to push more of the processing to the 配置管理器 客户. The optimizations drastically reduce the network and server CPU load needed to run CMPivot queries. With these optimizations, we can now sift through gigabytes of client data in real time.

Additional CMPivot Entities and Enhancements

We’ve added a number of new CMPivot entities and entity enhancements to aid in troubleshooting and hunting. We’ve included the following entities to query:

• 视窗 event logs (WinEvent)
• File content (FileContent)
• Dlls loaded by processes (ProcessModule)
• 天蓝色 活动目录 信息 (AADStatus)
• Endpoint protection status (EPStatus)

Microsoft Connected Cache support for Intune Win32 apps

When you enable Microsoft Connected Cache on your 配置管理器 distribution points, they can now serve Microsoft Intune Win32 apps to co-managed clients.

笔记: 配置管理器 当前分支 版本 1906 included Delivery Optimization In-Network Cache (DOINC), an application installed on Windows服务器 that’s still in development. Starting in 当前分支 版本 1910, this feature is now called Microsoft Connected Cache.

When you install Connected Cache on a 配置管理器 分发点, it offloads Delivery Optimization service traffic to local sources. Connected Cache does this behavior by efficientl caching content at the byte range level.

Desktop Analytics

• Support for Desktop Analytics – This release provides support for Desktop Analytics which is now generally available. Desktop Analytics provides the insight and automation you need to efficiently get current and stay current with 视窗. By integrating with 配置管理器, Desktop Analytics adds cloud value to your on-premises infrastructure.

Site infrastructure

• Reclaim SEDO lock – Starting in 当前分支 版本 1906, you could clear your lock on a task sequence. Now you can clear your lock on any object in the 配置管理器控制台.
• Extend and Migrate on-premises 配置管理器 environment to Microsoft Azure – This new tool helps you to programmatically create Azure virtual machines (虚拟机) 为了 配置管理器. It can install with default settings site roles like a passive site server, management points, and distribution points. Once you validate the new roles, use them as additional site systems for high availability. You can also remove the on-premises site system role and only keep the Azure 虚拟机 role

Client Management

• Include custom configuration baselines as part of compliance policy assessment – You can now add evaluation of custom configuration baselines as a compliance policy assessment rule. When you create or edit a configuration baseline, you have an option to Evaluate this baseline as part of compliance policy assessment. When adding or editing a compliance policy rule, you have a condition called Include configured baselines in compliance policy assessment.
• Enable user policy for 视窗 10 Enterprise multi-session – 配置管理器 当前分支 版本 1906 introduced support for 视窗 Virtual Desktop. In this release if you require user policy on these multi-session devices, and accept any potential performance impact, you can now configure a client setting to enable user policy.

Application Management

• Deploy Microsoft Edge, 版本 77 稍后 – The all-new Microsoft Edge is ready for business. You can now deploy Microsoft Edge, 版本 77 and later to your users. Admins can pick the Beta or Dev channel, along with a version of the Microsoft Edge client to deploy.
• Improvements to application groups – This release includes the following improvements:
  • Users can 卸载 the app group in 软件中心.
  • You can deploy an app group to a user collection.

操作系统部署

• Task sequence performance improvements – power plans – You can now run a task sequence with the high performance power plan. This option improves the overall speed of the task sequence.
• Task sequence 下载 on demand over the internet – Starting in this release, the task sequence engine can 下载 packages on-demand from a content-enabled CMG or a cloud 分发点. This change provides additional flexibility with your 视窗 10 in-place upgrade deployments to internet-based device.
• Improvements to the task sequence editor
  • You can now search in the task sequence editor. This action lets you more quickly locate steps in the task sequence.
  • If you want to reuse the conditions from one task sequence step to another, 你现在可以 copy and paste conditions in the task sequence editor.
• Improvements to OSD
  • Boot image keyboard layout
  • Import a single index of an OS upgrade package
  • Output the results of a Run 命令行 step to a variable during a task sequence
  • Improvements to task sequence debugger
  • Improved language support in task sequence

Improved language support in task sequence

This release adds control over language configuration during OS deployment. If you’re already applying these language settings, this change can help you simplify your OS deployment task sequence. Instead of using multiple steps per language or separate scripts, use one instance per language of the built-in 申请 视窗 Settings step with a condition for that language.

使用 申请 视窗 Settings task sequence step to configure the following new settings:

• Input locale (default keyboard layout)
• System locale
• UI language
• UI language fallback
• User locale

New variable for Windows 10 就地升级

To address timing issues with the Window 10 in-place upgrade task sequence on high performance devices when 视窗 setup is complete, you can now set a new task sequence variable SetupCompletePause. When you assign a value in seconds to this variable, 这 视窗 setup process delays that amount of time before it starts the task sequence. This timeout provides the 配置管理器 client additional time to initialize.

Protection

• Bitlocker Management (MBAM) – 配置管理器 now provides the following management capabilities for BitLocker Drive Encryption:
  • Deploy the BitLocker client to managed 视窗 devices
  • Manage device encryption polices
  • Compliance reports
  • Administration and monitoring website for key recovery
  • A user self-service portal

Software updates

• Additional options for third-party update catalogs – You now have more granular controls over synchronization of third-party updates catalogs. Starting in 配置管理器 版本 1910, you can configure the synchronization schedule for each catalog independently. When using catalogs that include categorized updates, you can configure synchronization to include only specific categories of updates to avoid synchronizing the entire catalog.
• Use Delivery Optimization for all 视窗 更新 – Previously, Delivery Optimization could be leveraged only for express updates. 和 配置管理器 版本 1910, it’s now possible to use Delivery Optimization for the distribution of all 视窗 Update content for clients running 视窗 10 版本 1709 or later.
• Additional software update filter for ADRs – You can now use Deployed as an update filter for your automatic deployment rules. This filter helps identify new updates that may need to be deployed to your pilot or test collections.

Office Management

• 办公室 365 ProPlus Pilot and Health Dashboard – The 办公室 365 ProPlus Pilot and Health Dashboard helps you plan, pilot, and perform your 办公室 365 ProPlus deployment. The dashboard provides health insights for devices with 办公室 365 ProPlus to help identify possible issues that may affect your deployment plans.

配置管理器控制台

• View active consoles and message administrators through Console Connections – You now have the ability to message other 配置管理器 administrators through Microsoft 团队. 还, 这 Last Console Heartbeat column has replaced the Last Connected Time
• Client diagnostics actions – You can now enable and disable verbose and debugging logging for the CCM component from the console.

Windows PowerShell MECM 1910

New cmdlets

New-CMDuplicateHardwareIdGuid

Use this cmdlet to add duplicate 硬件 identifiers by GUID. 电源外壳

New-CMDuplicateHardwareIdGuid -Id 24D0F753-B2E2-4D9C-B07C-099C4FC1EF3C

New-CMDuplicateHardwareIdMacAddress

Use this cmdlet to add duplicate 硬件 identifiers by MAC address. 电源外壳

New-CMDuplicateHardwareIdMacAddress -MacAddress 01:02:03:04:05:E0

New-CMThirdPartyUpdateCatalog

Use this cmdlet to create a new third-party updates catalog. 电源外壳

New-CMThirdPartyUpdateCatalog -DownloadUrl $downloadUrl -PublisherName $publisher -Name $name -Description $description -SupportUrl $supportUrl -SupportContact $supportContact

Get-CMThirdPartyUpdateCatalog

Use this cmdlet to get a third-party updates catalog. 电源外壳

Get-CMThirdPartyUpdateCatalog
Get-CMThirdPartyUpdateCatalog -Id $id
Get-CMThirdPartyUpdateCatalog -Name $name
Get-CMThirdPartyUpdateCatalog -SiteCode $siteCode
Get-CMThirdPartyUpdateCatalog -IsSyncEnabled $true
Get-CMThirdPartyUpdateCatalog -IsCustomCatalog $true

Set-CMThirdPartyUpdateCatalog

Use this cmdlet to modify a third-party updates catalog. 电源外壳

Set-CMThirdPartyUpdateCatalog -Name $name -NewName $newName
Set-CMThirdPartyUpdateCatalog -ThirdPartyUpdateCatalog $catalog -Description $newdescription
$catalog | Set-CMThirdPartyUpdateCatalog -SupportContact $newSupportContact -SupportUrl $newSupportUrl

Remove-CMDuplicateHardwareIdGuid

Use this cmdlet to remove duplicate 硬件 identifiers by GUID. 电源外壳

Remove-CMDuplicateHardwareIdGuid -Id 24D0F753-B2E2-4D9C-B07C-099C4FC1EF3C
Remove-CMDuplicateHardwareIdGuid -InputObject $myGuid #(<IResultObject#SMS_CommonSmbiosGuids>)

Remove-CMDuplicateHardwareIdMacAddress

Use this cmdlet to remove duplicate 硬件 identifiers by MAC address. 电源外壳

Remove-CMDuplicateHardwareIdMacAddress -MacAddress 01:02:03:04:05:E0
Remove-CMDuplicateHardwareIdMacAddress -InputObject $myMacAddress #()

Remove-CMThirdPartyUpdateCatalog

Use this cmdlet to remove a third-party updates catalog. 电源外壳

Remove-CMThirdPartyUpdateCatalog -Id $catalog.ID -Force
Remove-CMThirdPartyUpdateCatalog -Name $catalog.Name -Force
Remove-CMThirdPartyUpdateCatalog -ThirdPartyUpdateCatalog $catalog -Force
$catalog | Remove-CMThirdPartyUpdateCatalog -Force

Removed cmdlets

None

Deprecated cmdlets

The following cmdlets are deprecated with the end of hybrid service:

• Add-CMIntuneSubscription
• Add-CMMdmEnrollmentManager (Add-CMIntuneDeviceEnrollmentManager)
• Export-CMWindowsEnrollmentProfile
• Get-CMConditionalAccessPolicy (Get-CMOnPremConditionalAccessPolicy)
• Get-CMCorpOwnedDevice
• Get-CMDeviceActionState (Get-CMDeviceAction)
• Get-CMIntuneSubscription
• Get-CMIosEnrollmentProfile
• Get-CMMdmEnrollmentManager (Get-CMIntuneDeviceEnrollmentManager)
• Get-CMWindowsEnrollmentProfile
• Get-CMWindowsEnrollmentProfilePackage
• Invoke-CMDeviceAction
• New-CMApnsCertificateRequest
• New-CMConditionalAccessPolicy (New-CMOnPremConditionalAccessPolicy)
• New-CMDepTokenRequest
• New-CMIosEnrollmentProfile
• New-CMWindowsEnrollmentProfile
• Remove-CMConditionalAccessPolicy (Remove-CMOnPremConditionalAccessPolicy)
• Remove-CMCorpOwnedDevice
• Remove-CMIntuneSubscription
• Remove-CMIosEnrollmentProfile
• Remove-CMMdmEnrollmentManager (Remove-CMIntuneDeviceEnrollmentManager)
• Remove-CMWindowsEnrollmentProfile
• Remove-CMWindowsEnrollmentProfilePackage
• Set-CMConditionalAccessPolicy (Set-CMOnPremConditionalAccessPolicy)
• Set-CMIntuneSubscription
• Set-CMIntuneSubscriptionAndroidProperty (Set-CMIntuneSubscriptionAndroidProperties)
• Set-CMIntuneSubscriptionAppleDepProperty
• Set-CMIntuneSubscriptionAppleProperty (aliases:)
  • Set-CMIntuneSubscriptionMacOSProperties
  • Set-CMIntuneSubscriptionIosProperties
  • Set-CMIntuneSubscriptionMacOSProperty
  • Set-CMIntuneSubscriptionIosProperty
  • Set-CMIntuneSubscriptionAppleMdmProperty
• Set-CMIntuneSubscriptionPassportForWorkProperty
• Set-CMIntuneSubscriptionWindowsPhoneProperty (Set-CMIntuneSubscriptionWindowsPhoneProperties)
• Set-CMIntuneSubscriptionWindowsProperty (Set-CMIntuneSubscriptionWindowsProperties)
• Set-CMIosEnrollmentProfile
• Set-CMIosEnrollmentProfileAssignment
• Set-CMWindowsEnrollmentProfile