SCCM 2010 当前分行.
在此版本中, we continue to build on the tenant attach and work from anywhere themes from earlier releases, making cloud attach and management from the cloud easier and applicable for all. Cloud attach is using any combination of the “Big 3”: cloud management gateway (CMG), tenant attach, and co-management.
Administrators now have more control over the use of the cloud, enhancements to tenant attach, and additional functionality when managing clients over the cloud management gateway. Additionally, we have introduced CMG support for Azure Cloud Solution Provider (CSP) subscriptions.
Microsoft Endpoint Manager tenant attach
故障排除门户根据使用情况列出用户的设备 – Microsoft Endpoint Manager 管理中心中的故障排除门户允许您搜索用户并查看其关联设备. 从此版本开始, 现在,在搜索用户时,将返回根据使用情况自动分配用户设备关联的租户连接设备.
Microsoft Endpoint Manager 管理中心中的应用程序增强
我们对租户连接设备的应用程序进行了改进. 管理员现在可以在 Microsoft Endpoint Manager 管理中心对应用程序执行以下操作:
- 卸载 一个应用程序
- 维修 安装应用程序
- 重新评估 应用程序安装状态
- 重新安装 an application has replacedthe Retry installation
Cloud-attached management
Cloud management gateway with virtual machine scale set – Cloud management gateway (CMG) deployments now use virtual machine scale sets in Azure. This change introduces support for Azure Cloud Solution Provider (CSP) subscriptions.
为已加入的租户禁用 Azure AD 身份验证 – 您现在可以禁用 Azure Active Directory (Azure AD) authentication for tenants not associated with users and devices.
在 Azure Active Directory 中创建应用程序注册时的其他选项 – 您现在可以指定绝不 创建 Azure Active Directory 应用程序注册时密钥过期.
验证服务连接点的互联网访问 – 如果您使用桌面分析或租户附加, 服务连接点现在检查重要的互联网端点. 这些检查有助于确保云连接服务可用. It also helps you troubleshoot issues by quickly determining if network connectivity is a problem.
Cloud management gateway
Improvements to available apps via CMG – An internet-based, domain-joined device that isn’t joined to Azure Active Directory (Azure AD) and communicates via a cloud management gateway (CMG) can now get apps deployed as available. The Active Directory domain user of the device needs a matching Azure AD identity. When the user starts Software Center, Windows prompts them to enter their Azure AD credentials. They can then see any available apps.
Deploy an OS over CMG using boot media – Starting in the current branch version 2006, the cloud management gateway (CMG) supports running a task sequence with a boot image when you start it from Software Center. With this release, you can now use boot media to reimage internet-based devices that connect through a CMG. This scenario helps you better support remote workers. If Windows won’t start so that the user can access Software Center, you can now send them a USB drive to reinstall Windows.
BitLocker 管理的改进 – You can now manage BitLocker policies and escrow recovery keys over a cloud management gateway (CMG). 此更改还通过基于 Internet 的客户端管理提供对 BitLocker 管理的支持 (IBCM) 当您将站点配置为增强 HTTP 时. BitLocker 管理的设置过程没有变化. This improvement supports domain-joined and hybrid domain-joined devices.
This release also includes:
Site infrastructure
Monitor scenario health – You can now use Configuration Manager to monitor the health of end-to-end scenarios. It simulates activities to expose performance metrics and failure points. These synthetic activities are similar to methods that Microsoft uses to monitor some components in its cloud services. Use this additional data to better understand timeframes for activities. If failures occur, it can help focus your investigation.
Report setup and upgrade failures to Microsoft – If the setup or update process fails to complete successfully, you can now report the error directly to Microsoft. If a failure occurs, 这Report update error to the Microsoft button is enabled. When you use the button, an interactive wizard opens allowing you to provide more information to us.
Delete Aged Collected Diagnostic Files task – You now have a new maintenance task available for cleaning up collected diagnostic files.Delete Aged Collected Diagnostic Files uses a default value of 14 days when looking for diagnostic files to clean up and doesn’t affect regular collected files. The new maintenance task is enabled by default.
行政服务的改进 – 配置管理器 REST API, 行政服务, 需要安全的 HTTPS 连接. 从此版本开始, 您不再需要在 SMS 提供程序上启用 IIS 来管理服务. 当您为站点启用增强 HTTP 时, it creates a self-signed certificate for the SMS Provider and automatically binds it without requiring IIS.
桌面分析
Support for new Windows 10 数据级别
Microsoft 通过对 Windows 收集的数据进行分类来提高透明度 10 收集:
- 基本的 诊断数据被重新分类为必需的 诊断数据
- 满的 被重新分类为选修的
如果您之前配置过设备有限的 或者有限的 (增强型), 在即将发布的 Windows 版本中 10, 他们会使用必需的 等级. 此更改可能会影响桌面分析的功能.
Support for Windows 10 Enterprise LTSC – The Windows 10 long-term servicing channel (LTSC) was designed for devices where the key requirement is that functionality and features don’t change over time. This servicing model prevents Windows 10 Enterprise LTSC devices from receiving the usual feature updates. It provides only quality updates to make sure that device security stays up to date. Some customers want to shift from LTSC to the semi-annual servicing channel, to have access to new features, 服务, and other major changes. 从此版本开始, you can now enroll LTSC devices to Desktop Analytics to evaluate your deployment plans.
Client management
Wake machine at deployment deadline using peer clients on the same remote subnet – In version 1810, the introduction of peer wake-up allowed an administrator to wake a device or collection of devices, on-demand using the client notification channel. This latest improvement allows the Configuration Manager site to wake devices at the deadline of a deployment, using that same client notification channel. Instead of the site server issuing the magic packet directly, the site uses the client notification channel to find an online machine in the last known subnet of the target device(s) and instructs the online client to issue the WoL packet for the target device.
Improved Windows Server restart experience for non-administrator accounts – For a low-rights user on a device that runs Windows Server, 默认情况下, they aren’t assigned the user rights to restart Windows. When you target the deployment to this device, this user can’t manually restart. 例如, they can’t restart Windows to install software updates. 从此版本开始, you can now control this behavior as needed. 在里面Computer Restart group of client settings, enable the following setting: When a deployment requires a restart, allow low-rights users to restart a device running Windows Server.
Operating system deployment
Deploy a task sequence deployment type to a user collection – You can now deploy an application with a task sequence deployment type to a user-based collection. A user-targeted deployment still runs in the context of the local System account.
Manage task sequence size – Large task sequences cause problems with client processing. To further help manage the size of task sequences, this release continues to iterate on improvements.
- Starting in this release Configuration Manager restricts actions for a task sequence that’s greater than 2 MB in size. 例如, the task sequence editor will display an error if you try to save changes to a large task sequence.
- When you view the list of task sequences in the Configuration Manager console, add theSize (知识库) column. Use this column to identify large task sequences that can cause problems.
Analyze SetupDiag errors for feature updates – With the release of Windows 10, 版本 2004, the SetupDiag diagnostic tool is included with Windows Setup. If there’s an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure. Configuration Manager now gathers and summarizes SetupDiag results from feature update deployments with Windows 10 servicing.
Improvements to task sequence performance setting – Starting in Configuration Manager version 1910, to improve the overall speed of the task sequence, you could activate the Windows power plan forHigh Performance. 从此版本开始, you can now use this option on devices with modern standby and other devices that don’t have that default power plan.
Expanded Windows Defender Application Control management – Windows Defender Application Control enforces an explicit list of software allowed to run on devices. 在此版本中, we’ve expanded Windows Defender Application Control policies to support devices running Windows Server 2016 或稍后.
Collections
Collection query preview – You can now preview the query results when you’re creating or editing a query for collection membership. Preview the query results from the query statement properties dialog. When you selectEdit Query Statement, select the green triangle on the query properties for the collection to show theQuery Results Preview 窗户. 选择停止 if you want to stop a long-running query.
Collection evaluation view – We’ve integrated the functionality of Collection Evaluation Viewer into the Configuration Manager console. This change provides administrators with a central location to view and troubleshoot the collection evaluation process.
View collection relationships – You can now view dependency relationships between collections in a graphical format. It shows limiting, including, and excluding relationships.
配置管理器控制台
Product feedback – The Configuration Manager console has a new wizard for sending feedback. The redesigned wizard improves the workflow with better guidance about how to submit good feedback. There’s also a new status message query, Feedback sent to Microsoft. Use this query to easily find feedback status messages.
Improvements to in-console notifications
You now have an updated look and feel for in-console notifications. Notifications are more readable, and the action link is easier to find. 此外, the age of the notification is displayed to help you find the latest information. If you dismiss or snooze a notification, that action is now persistent for your user across
Improvements to the Configuration Manager console
- You can now copy discovery data from devices and users in the console. Copy the details to the clipboard, or export them all to a file. These new actions make it easier for you to quickly get this data from the console. 例如, copy the MAC address of a device before you reimage it.
- Various areas in the Configuration Manager console now use the fixed-width font Consolas. This font provides consistent spacing and makes it easier to read.
- You now have an easier way to view status messages for objects. Select an object in the Configuration Manager console, 然后选择 Show Status Messages from the ribbon.
- Now when you import an object in the Configuration Manager console, it imports to the current folder. 之前, Configuration Manager always put imported objects in the root node. This new behavior applies to applications, packages, driver packages, 和任务序列.
- To assist you when creating scripts and queries in the Configuration Manager console, you’ll now see syntax highlighting and code folding, 如果有的话.
Content management
Improvements to client data sources dashboard – The client data sources dashboard now offers an expanded selection of filters to view information about where clients get content. These new filters include:
- Single boundary group
- All boundary groups
- Internet clients
- Clients not associated with a boundary group
The dashboard also includes a new tile forContent downloads using a fallback source. This information helps you understand how often clients download content from an alternate source.
Improvements to the content library cleanup tool – If you remove content from a distribution point while the site system is offline, an orphaned record can exist in WMI. 随着时间的推移, this behavior can eventually lead to a warning status at the distribution point. To mitigate the issue in the past, you had to manually remove the orphaned entries from WMI. The content library cleanup tool in delete mode can now remove orphaned content records from WMI.
软件更新
Enable user proxy for software update scans – Beginning with the September 2020 cumulative update, HTTP-based WSUS servers will be secure by default. A client scanning for updates against an HTTP-based WSUS will no longer be allowed to leverage a user proxy by default. If you still require a user proxy despite the security trade-offs, a new software updates client setting is available to allow these connections. For more information about the changes for scanning WSUS, see September 2020 changes to improve security for Windows devices scanning WSUS. To ensure that the best security protocols are in place, we highly recommend that you use the TLS/SSL protocol to help secure your software update infrastructure.
Notifications for devices no longer receiving updates – To help you manage security risk in your environment, you’ll be notified in-console about devices with operating systems that are past the end of support date and that are no longer eligible to receive security updates. 此外, a newManagement Insights rule was added to detect Windows 7, Windows服务器 2008, 和Windows服务器 2008 R2 without Extended Security Updates (ESU).
客户端下载软件更新增量内容的立即分发点回退 – 有一个用于软件更新的新客户端设置. 如果增量内容无法从当前边界组中的分发点获取, 您可以允许立即回退到邻居或站点默认边界组分发点. This setting is useful when using delta content for software updates since the timeout setting per download job is five minutes.
电源外壳
For more information on changes to the Windows PowerShell cmdlets for Configuration Manager, see version 2010 发行说明.
Support for PowerShell version 7 – The Configuration Manager PowerShell cmdlet library now offers support for PowerShell 7.
Improvements to cloud management gateway cmdlets – With more customers managing remote devices now, this release includes several new and improved Windows PowerShell cmdlets for the cloud management gateway (CMG). You can use these cmdlets to automate the creation, 配置, and management of the CMG service and Azure Active Directory (Azure AD) requirements.