This update includes the following improvements:
- Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
- Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
- Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
- Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
- New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan.
This update also includes new features for customers using System Center Configuration Manager integrated with Microsoft Intune. Some of the features that you can expect to see are:
- Conditional Access for PCs Managed by Configuration Manager: You can now use conditional access capabilities to help secure access to Office 365 and other services on PCs managed with Configuration Manager agent. Conditions that can be used to control access include: Workplace Join, BitLocker, Antimalware, and Software Updates.
- Windows 10 Conditional Access Enhancements: For Windows 10 devices that are managed through the Intune MDM channel, you can now set and deploy an updated Compliance Policy that includes additional compliance checks and integration with Health Attestation Service.
- Microsoft Edge Configuration Settings: You can now set and deploy Microsoft Edge settings on Windows 10 devices.
- Windows 10 Team Support: You can now set and deploy Windows 10 Team configuration settings.
- Apple Volume Purchase Program (VPP) Support: You can now manage and deploy applications purchased through the Apple Volume Purchase Program for Business portal.
- iOS App Configuration: You can now create and deploy iOS app configuration policies to dynamically change settings such as server name or port for iOS applications that support these configurations.
- iOS Activation Lock Management: New capabilities include enabling iOS Activation Lock management, querying for the status, retrieving bypass codes, and performing an Activation Lock bypass on corporate-owned iOS devices.
- Kiosk Mode for Samsung KNOX Devices: Kiosk mode allows you to lock a managed mobile device to only allow certain apps and features.
- User Acceptance of Terms and Conditions: You can now see which users have or have not accepted the deployed terms and conditions.
And there is more! To view the full list of new features in this update and to learn more about the new functionality, see What’s new in version 1602 of Configuration Manager on TechNet.
Little bit of a bug with System Center Configuration Manager current branch (1511) when you are using Microsoft Intune in a hybrid configuration and also are using native Mac management (HTTPS/PKI).
If you are managing Mac’s through MDM (supported with 1511 and Intune hybrid) then this would not apply to you.
If you have a Terms & Conditions policy created, then your Mac devices will not finish enrolling properly. Unfortunately, the T&C doesn’t even need to be deployed, the policy just needs to exist. You will be able to install the Mac client and complete the enrollment process, however the Mac devices will never show up in the ConfigMgr console. It appears to an issue in processing the mobile policies (as Mac devices are treated as mobile devices).
By deleting the Terms and Conditions, your Mac devices will finish enrolling and will show up in the console shortly there-after.
It’s a little difficult to find the download link for the additional clients for ConfigMgr. There are new versions that you will need for 1511 versus ConfigMgr R2.
Pretty nasty bug out there right now with 32-bit Windows 7 and Software Updates. If you are struggling with getting your clients to download/install updates. Check your WindowsUpdate.log, if you see the following error:
WARNING: ISusInternal::GetUpdateMetadata2 failed, hr=8007000E
Then I’d strongly encourage you to apply the following KB/Hotfix (KB3050265).
Here is also a great article explaining what is going on from the ConfigMgr Team Blog. Read that article here.
After applying this update in my client environment, patches immediately started working again.
SP1/SP2 for ConfigMgr 2012 has been released.
Following the announcements made at the Microsoft Ignite conference last week, we are happy to let you know that System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2 are now generally available and can be downloaded on the Microsoft Evaluation Center. These service packs deliver full compatibility with existingfeatures for Windows 10 deployment, upgrade, and management.
Also included in these service packs are new hybrid features for customers using System Center Configuration Manager integrated with Microsoft Intune to manage devices. Some of the hybrid features that you can expect to see are conditional access policy, mobile application management, and support for Apple Device Enrollment Program (DEP). You can view the full list of hybrid features included in these service packs here.
Below are a few additional links that you may find helpful as you begin to explore these new releases.
CU5 has been released for ConfigMgr 2012. There are quite a few fixes in this latest update.
Today we are making available the System Center Configuration Manager and System Center Endpoint Protection Technical Preview. In this preview, you will get an early glimpse of the functionality that we are planning to release in Q4 of this calendar year, bringing with it full support for client deployment, upgrade, and management of Windows 10.
New features in today’s Technical Preview include:
- Support for Windows 10 upgrade with OS deployment task sequence – In addition to providing support for existing wipe-and-load (refresh) scenarios, the ConfigMgr Technical Preview includes enhanced upgrade support with in-place upgrade to Windows 10.
- Support for installing Configuration Manager on Azure Virtual Machines – Similar to how you can install ConfigMgr on Hyper-V today, you can now run ConfigMgr in Azure VMs. This provides flexibility to move some or all of your datacenter server workloads to the cloud with Azure.
- Ability to manage Windows 10 mobile devices via MDM with on-premises Configuration Manager infrastructure – With this new option, you can manage Windows 10 mobile devices using ConfigMgr integrated with Microsoft Intune (hybrid) without the need to store your data in the cloud. This is especially helpful for managing devices that are unable to connect to the Internet such as Windows IoT/Embedded devices. So go ahead and try it out – you can enroll devices, set policies, and wipe/retire devices today with more functionality to be added in the future to manage all of your Windows 10 devices with MDM.
Next week, we will also be releasing service packs for Configuration Manager 2012 and 2012 R2 customers. These will deliver full compatibility with existing features for Windows 10 deployment and management as well as several other features, including:
- App-V publishing performance – Improved performance that reduces the time required for apps to display after the first logon for non-persistent VDI environments.
- Scalability improvements – Increased hierarchy scale to 600K and primary/standalone site scale to 150K.
- Content distribution improvements – Improved data transfer reliability for slow and latent networks, and also improved scale and performance for pull distribution points (DP).
- Native support for SQL Server 2014 – Added native support for SQL Server 2014 to enable site installation and recovery using SQL Server 2014.
- Hybrid features – Added a large number of hybrid features for customers using ConfigMgr integrated with Microsoft Intune (hybrid). Some of the features that you can expect to see in this release include conditional access policy, mobile application management, and support for Apple Device Enrollment Program (DEP).
Finally, we also plan to deliver:
- System Center Configuration Manager 2007 (SP2, R2, and R3) support for the management of Windows 10 is coming via a compatibility pack in Q4 2015 (Note: OS and client deployment will not be supported).
- An update for the Microsoft Deployment Toolkit (MDT) in Q3 2015 that will deliver support for Windows 10.
This is a really big year for Configuration Manager. We’re excited about making these releases available to you and look forward to providing you best-in-class management for Windows 10 with System Center Configuration Manager.
Great post over on The Deployment Guys blog.
The following post was contributed by Benjamin Rampe a Senior PFE working for Microsoft.
While studying up on Windows 10, I came across a technique that has been shown to reduce the time it takes to apply an OS WIM to disk by 20 – 50%*. That’s a fairly significant savings in time and the implementation of this technique is relatively easy and does not require you to change how you deploy Windows. Believe it or not, the savings come from adjusting the OS power management settings during a deployment. While there are multiple ways to implement these power management settings, below I’ve outlined what I consider the most non-intrusive to existing deployment methods.
Here is a fantastic post by Cliff Jones (Microsoft Consulting Services) with a great solution to address the ever cumbersome multiple issue while executing a Task Sequence.
Today’s blog post goes behind the scenes to talk about how to prevent installing all published Windows Update’s which require multiple reboots to successfully install, during a ZTI deployment Task Sequence. These updates can cause issues as a result of the following behavior; the Task Sequence engine is aware the update requests the initial reboot. Upon boot-up, the Task Sequence engine never initializes and therefore can’t be aware that the same update is requiring a second reboot, and thus finally won’t make the necessary changes to restart the TS engine again. When the second reboot occurs, during the deployment, the TS will be in an erroneous state, and will cause an error similar to:
"Task Sequence environment not found"
Ideally, these updates should be injected using DISM during the Offline phase of installation, or added during the Build and Capture as the LTI process is not affected by these updates. Either way, a detection and blocking mechanism is needed for your ZTI deployment process.