在此版本中, we continue to build on the tenant attach and work from anywhere themes from earlier releases, making cloud attach and management from the cloud easier and applicable for all. Cloud attach is using any combination of the “Big 3”: cloud management gateway (CMG), tenant attach, and co-management.
Administrators now have more control over the use of the cloud, enhancements to tenant attach, and additional functionality when managing clients over the cloud management gateway. 此外, we have introduced CMG support for Azure Cloud Solution Provider (CSP) subscriptions.
Microsoft Endpoint Manager tenant attach
Troubleshooting portal lists a user’s devices based on usage – The troubleshooting portal in Microsoft Endpoint Manager admin center allows you to search for a user and view their associated devices. 从此版本开始, tenant-attached devices that are assigned user device affinity automatically based on usage will now be returned when searching for a user.
Enhancements to applications in Microsoft Endpoint Manager admin center
We’ve made improvements to applications for tenant-attached devices. Administrators can now do the following actions for applications in the Microsoft Endpoint Manager admin center:
- 卸载 an application
- Repair installation of an application
- Re-evaluate the application installation status
- Reinstall an application has replaced the Retry installation
Cloud-attached management
Cloud management gateway with 虚拟机 scale set – Cloud management gateway (CMG) deployments now use 虚拟机 scale sets in Azure. This change introduces support for Azure Cloud Solution Provider (CSP) subscriptions.
Disable Azure AD authentication for onboarded tenants – You can now disable Azure 活动目录 (Azure AD) authentication for tenants not associated with users and devices.
Additional options when creating app registrations in Azure 活动目录 – You can now specify Never for the expiration of a secret key when creating Azure 活动目录 app registrations.
Validate internet access for the service connection point – If you use Desktop Analytics or tenant attach, the service connection point now checks important internet endpoints. These checks help make sure that the cloud-connected services are available. It also helps you troubleshoot issues by quickly determining if network connectivity is a problem.
Cloud management gateway
Improvements to available apps via CMG – An internet-based, domain-joined device that isn’t joined to Azure 活动目录 (Azure AD) and communicates via a cloud management gateway (CMG) can now get apps deployed as available. 这 活动目录 领域 user of the device needs a matching Azure AD identity. When the user starts 软件中心, 视窗 prompts them to enter their Azure AD credentials. They can then see any available apps.
Deploy an OS over CMG using boot media – Starting in the 当前分支 版本 2006, the cloud management gateway (CMG) supports running a task sequence with a boot image when you start it from 软件中心. With this release, you can now use boot media to reimage internet-based devices that connect through a CMG. This scenario helps you better support remote workers. If 视窗 won’t start so that the user can access 软件中心, you can now send them a USB drive to reinstall 视窗.
Improvements to BitLocker management – You can now manage BitLocker policies and escrow recovery keys over a cloud management gateway (CMG). This change also provides support for BitLocker management via internet-based client management (IBCM) and when you configure the site for enhanced HTTP. There’s no change to the setup process for BitLocker management. This improvement supports domain-joined and hybrid domain-joined devices.
This release also includes:
Site infrastructure
Monitor scenario health – You can now use 配置管理器 to monitor the health of end-to-end scenarios. It simulates activities to expose performance metrics and failure points. These synthetic activities are similar to methods that Microsoft uses to monitor some components in its cloud services. Use this additional data to better understand timeframes for activities. If failures occur, it can help focus your investigation.
Report setup and upgrade failures to Microsoft – 如果安装或更新过程未能成功完成, 您现在可以报告 错误 直接联系微软. 如果发生故障, 这 报告更新 错误 to the Microsoft 按钮已启用. 当您使用按钮时, 将打开一个交互式向导,允许您向我们提供更多信息.
Delete Aged Collected Diagnostic Files task – You now have a new maintenance task available for cleaning up collected diagnostic files. Delete Aged Collected Diagnostic Files uses a default value of 14 days when looking for diagnostic files to clean up and doesn’t affect regular collected files. The new maintenance task is enabled by default.
Improvements to the administration service – 这 配置管理器 REST 应用程序编程接口, the administration service, requires a secure HTTPS connection. 从此版本开始, you no longer need to enable 信息系统 on the SMS Provider for the administration service. When you enable the site for enhanced HTTP, it creates a 自签名证书 for the SMS Provider and automatically binds it without requiring 信息系统.
Desktop Analytics
Support for new 视窗 10 data levels
Microsoft is increasing transparency by categorizing the data that 视窗 10 collects:
- Basic diagnostic data is recategorized as Required diagnostic data
- Full is recategorized as 选修的
If you previously configured devices for Limited 或者 Limited (Enhanced), in an upcoming release of 视窗 10, they’ll use the Required level. This change may impact the functionality of Desktop Analytics.
支持 视窗 10 Enterprise LTSC – 这 视窗 10 long-term servicing channel (LTSC) was designed for devices where the key requirement is that functionality and features don’t change over time. This servicing model prevents 视窗 10 Enterprise LTSC devices from receiving the usual feature updates. It provides only quality updates to make sure that device security stays up to date. Some customers want to shift from LTSC to the semi-annual servicing channel, to have access to new features, services, and other major changes. 从此版本开始, you can now enroll LTSC devices to Desktop Analytics to evaluate your deployment plans.
Client management
Wake machine at deployment deadline using peer clients on the same remote subnet – In version 1810, the introduction of peer wake-up allowed an administrator to wake a device or collection of devices, on-demand using the client notification channel. This latest improvement allows the 配置管理器 site to wake devices at the deadline of a deployment, using that same client notification channel. Instead of the site server issuing the magic packet directly, the site uses the client notification channel to find an online machine in the last known subnet of the target device(s) and instructs the online client to issue the WoL packet for the target device.
Improved Windows服务器 restart experience for non-administrator accounts – For a low-rights user on a device that runs Windows服务器, 默认情况下, they aren’t assigned the user rights to restart 视窗. When you target the deployment to this device, this user can’t manually restart. 例如, they can’t restart 视窗 to install 软件更新. 从此版本开始, you can now control this behavior as needed. 在 Computer Restart group of client settings, enable the following setting: When a deployment requires a restart, allow low-rights users to restart a device running Windows服务器.
Operating system deployment
Deploy a task sequence deployment type to a user collection – You can now deploy an application with a task sequence deployment type to a user-based collection. A user-targeted deployment still runs in the context of the local System account.
Manage task sequence size – Large task sequences cause problems with client processing. To further help manage the size of task sequences, this release continues to iterate on improvements.
- 从此版本开始 配置管理器 restricts actions for a task sequence that’s greater than 2 MB in size. 例如, the task sequence editor will display an 错误 if you try to save changes to a large task sequence.
- When you view the list of task sequences in the 配置管理器控制台, add the Size (KB) column. Use this column to identify large task sequences that can cause problems.
Analyze SetupDiag errors for feature updates – With the release of 视窗 10, 版本 2004, the SetupDiag diagnostic tool is included with 视窗 设置. If there’s an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure. 配置管理器 now gathers and summarizes SetupDiag results from feature update deployments with 视窗 10 servicing.
Improvements to task sequence performance setting – Starting in 配置管理器 版本 1910, to improve the overall speed of the task sequence, you could activate the 视窗 power plan for High Performance. 从此版本开始, you can now use this option on devices with modern standby and other devices that don’t have that default power plan.
Expanded 视窗 Defender Application Control management – 视窗 Defender Application Control enforces an explicit list of software allowed to run on devices. 在此版本中, we’ve expanded 视窗 Defender Application Control policies to support devices running Windows服务器 2016 or later.
Collections
Collection query preview – You can now preview the query results when you’re creating or editing a query for collection membership. Preview the query results from the query statement properties dialog. When you select Edit Query Statement, select the green triangle on the query properties for the collection to show the Query Results Preview window. 选择 停止 if you want to stop a long-running query.
Collection evaluation view – We’ve integrated the functionality of Collection Evaluation Viewer into the 配置管理器控制台. This change provides administrators with a central location to view and troubleshoot the collection evaluation process.
View collection relationships – You can now view dependency relationships between collections in a graphical format. It shows limiting, 包括, and excluding relationships.
配置管理器控制台
Product feedback – 这 配置管理器控制台 has a new wizard for sending feedback. The redesigned wizard improves the workflow with better guidance about how to submit good feedback. There’s also a new status message query, Feedback sent to Microsoft. Use this query to easily find feedback status messages.
Improvements to in-console notifications
You now have an updated look and feel for in-console notifications. Notifications are more readable, and the action link is easier to find. 此外, the age of the notification is displayed to help you find the latest information. If you dismiss or snooze a notification, that action is now persistent for your user across
Improvements to the 配置管理器控制台
- You can now copy discovery data from devices and users in the console. Copy the details to the clipboard, or export them all to a file. These new actions make it easier for you to quickly get this data from the console. 例如, copy the MAC address of a device before you reimage it.
- Various areas in the 配置管理器控制台 now use the fixed-width font Consolas. This font provides consistent spacing and makes it easier to read.
- You now have an easier way to view status messages for objects. Select an object in the 配置管理器控制台, and then select Show Status Messages from the ribbon.
- Now when you import an object in the 配置管理器控制台, it imports to the current folder. 之前, 配置管理器 always put imported objects in the root node. This new behavior applies to applications, packages, driver packages, and task sequences.
- To assist you when creating scripts and queries in the 配置管理器控制台, you’ll now see syntax highlighting and code folding, where available.
Content management
Improvements to client data sources dashboard – The client data sources dashboard now offers an expanded selection of filters to view information about where clients get content. These new filters include:
- Single 边界群
- 全部 boundary groups
- Internet clients
- Clients not associated with a 边界群
The dashboard also includes a new tile for Content downloads using a fallback source. This information helps you understand how often clients 下载 content from an alternate source.
Improvements to the content library cleanup tool – 如果您从 分发点 当站点系统离线时, WMI 中可以存在孤立记录. 随着时间的推移, this behavior can eventually lead to a warning status at the 分发点. To mitigate the issue in the past, you had to manually remove the orphaned entries from WMI. The content library cleanup tool in delete mode can now remove orphaned content records from WMI.
Software updates
Enable user proxy for software update scans – Beginning with the September 2020 cumulative update, HTTP-based WSUS servers will be secure by default. A client scanning for updates against an HTTP-based WSUS will no longer be allowed to leverage a user proxy by default. If you still require a user proxy despite the security trade-offs, a new 软件更新 client setting is available to allow these connections. For more information about the changes for scanning WSUS, see September 2020 changes to improve security for 视窗 devices scanning WSUS. To ensure that the best security protocols are in place, we highly recommend that you use the 传输层安全/SSL protocol to help secure your software update infrastructure.
Notifications for devices no longer receiving updates – To help you manage security risk in your environment, you’ll be notified in-console about devices with operating systems that are past the end of support date and that are no longer eligible to receive security updates. 此外, a new Management Insights rule was added to detect 视窗 7, Windows服务器 2008, 和 Windows服务器 2008 R2 without Extended Security Updates (ESU).
Immediate 分发点 fallback for clients downloading software update delta content – There’s a new client setting for 软件更新. If delta content is unavailable from distribution points in the current 边界群, you can allow immediate fallback to a neighbor or the site default 边界群 distribution points. This setting is useful when using delta content for 软件更新 since the timeout setting per 下载 job is five minutes.
电源外壳
For more information on changes to the 视窗 电源外壳 cmdlets for 配置管理器, see version 2010 发行说明.
支持 电源外壳 版本 7 – 这 配置管理器 电源外壳 cmdlet library now offers support for 电源外壳 7.
Improvements to cloud management gateway cmdlets – 现在越来越多的客户管理远程设备, 此版本包括几个新的和改进的 视窗 电源外壳 云管理网关的 cmdlet (CMG). 您可以使用这些 cmdlet 来自动创建, 配置, CMG 服务和 Azure 的管理和管理 活动目录 (Azure AD) 要求.
