Your browser (Internet Explorer 6) is out of date. It has known security flaws and may not display all features of this and other websites. Learn how to update your browser.

ConfigMgr: Now Available 1602

This update includes the following improvements:

  • Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
  • Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
  • Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
  • Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
  • New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan.

This update also includes new features for customers using System Center Configuration Manager integrated with Microsoft Intune. Some of the features that you can expect to see are:

  • Conditional Access for PCs Managed by Configuration Manager: You can now use conditional access capabilities to help secure access to Office 365 and other services on PCs managed with Configuration Manager agent. Conditions that can be used to control access include: Workplace Join, BitLocker, Antimalware, and Software Updates.
  • Windows 10 Conditional Access Enhancements: For Windows 10 devices that are managed through the Intune MDM channel, you can now set and deploy an updated Compliance Policy that includes additional compliance checks and integration with Health Attestation Service.
  • Microsoft Edge Configuration Settings: You can now set and deploy Microsoft Edge settings on Windows 10 devices.
  • Windows 10 Team Support: You can now set and deploy Windows 10 Team configuration settings.
  • Apple Volume Purchase Program (VPP) Support: You can now manage and deploy applications purchased through the Apple Volume Purchase Program for Business portal.
  • iOS App Configuration: You can now create and deploy iOS app configuration policies to dynamically change settings such as server name or port for iOS applications that support these configurations.
  • iOS Activation Lock Management: New capabilities include enabling iOS Activation Lock management, querying for the status, retrieving bypass codes, and performing an Activation Lock bypass on corporate-owned iOS devices.
  • Kiosk Mode for Samsung KNOX Devices: Kiosk mode allows you to lock a managed mobile device to only allow certain apps and features.
  • User Acceptance of Terms and Conditions: You can now see which users have or have not accepted the deployed terms and conditions.

And there is more! To view the full list of new features in this update and to learn more about the new functionality, see What’s new in version 1602 of Configuration Manager on TechNet.


Hotfix: ConfigMgr 1511 and Mac Management

The bug I previously blogged about has been addressed in a hotfix. It’s also confirmed to be fixed in the upcoming 1602 release when that goes live. This only affects you if you are using native Mac management and also using Intune in a hybrid environment.

Read about and download the hotfix here.


Gotcha: ConfigMgr 1511 and Mac Management

Little bit of a bug with System Center Configuration Manager current branch (1511) when you are using Microsoft Intune in a hybrid configuration and also are using native Mac management (HTTPS/PKI). 

If you are managing Mac’s through MDM (supported with 1511 and Intune hybrid) then this would not apply to you.

If you have a Terms & Conditions policy created, then your Mac devices will not finish enrolling properly. Unfortunately, the T&C doesn’t even need to be deployed, the policy just needs to exist.  You will be able to install the Mac client and complete the enrollment process, however the Mac devices will never show up in the ConfigMgr console.  It appears to an issue in processing the mobile policies (as Mac devices are treated as mobile devices). 

By deleting the Terms and Conditions, your Mac devices will finish enrolling and will show up in the console shortly there-after. 


2016 MVP Award

2016 Is off to a great start, received my Microsoft MVP award for the 6th time. Absolute pleasure/honor to among such a great group of talented people.

Congratulations! We are pleased to present you with the 2016 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Enterprise Mobility technical communities during the past year.


ConfigMgr: 1511 Clients for Additional OS’s

It’s a little difficult to find the download link for the additional clients for ConfigMgr. There are new versions that you will need for 1511 versus ConfigMgr R2.

Download the new versions here.


Tech Talks: Microsoft Intune Conditional Access

The next video in my Tech Talks series is now live. This time we are covering Conditional Access with Microsoft Intune.



Hotfix: SQL Server Management Studio and Server Manager crashing

Had an interesting issue with a client on a fresh install today.  SQL Server Management Studio would crash as soon as you tried to open a new query window or open a saved query.  Also if you tried to view the local server in Server Manager it was crash as well. 

After some searching, I came across the following KB which fixed both my issues. This occurred on 2 separate servers that were fresh installs.

The issue apparently has to do with the winspool.drv


Tech Talks: Azure Rights Management

Today I’m happy to present a video in a new series I’m doing where we’ll be taking topics and presenting them in a video format. The goal is to provide an overview or breakdown of the topic in a 5 minute or less video.

Today’s video is Azure Rights Management, I’m going to quickly show you what the experience looks like on the PC and on the iPad and how easy the solution is to use.




Microsoft Intune: Multiple Terms and Conditions

Fellow MVP Peter van der Woude has a really well put together post documenting the new feature in Intune that allows multiple custom Terms and Conditions.

Read his post here.


Microsoft Intune: Day Zero Support for iOS 9 with Intune

Excellent post detailing the new iOS 9 features that will be available in Intune shortly.

Highly recommended reading.

Earlier today Apple released the final version of iOS 9 to developers worldwide (with public release set for Sept 16, and a new iOS 9.1 beta drop available). Over the past few months, we have been busy working to ensure that Intune is fully compatible with this latest version of Apple’s mobile operating system, and we are happy to announce that Microsoft Intune has Day 0 support for managing iOS 9 devices. All the existing Intune features currently available for managing iOS devices will continue to work seamlessly as users upgrade their devices to iOS 9. As a member of the Intune Product Engineering team that works closely with Apple on support for its platforms, I want to share insights into some of the new iOS 9 features for IT and the Enterprise and how they are supported in Microsoft Intune. As we continuously update the Intune service, you will begin to see these new features and many more.