What’s new in version 2006 of Microsoft Endpoint Configuration Manager

This blog will periodically release a series of articles dedicated to the new features introduced in the new builds of Microsoft Endpoint Configuration Manager.

The goal is to provide a comprehensive overview of the main news, in order to stay up to date on these topics and have the necessary references to conduct further studies.

Due to the current situation due to COVID-19, in this latest release, Microsoft wanted to focus its efforts on the flexibility and improvement of remote working such as allowing clients to upgrade version over networks to consumption, making it easy to download content from the cloud instead of the VPN connection.

Figure 1 – Work from Anywhere

Microsoft Endpoint Manager tenant attach

App Installation from the Admin Center portal

It is possible to start, from the Microsoft Endpoint Manager Admin Center portal, the installation of an application in real time on a device connected in the tenant attach mode (for more information about Tenant Attach, a dedicated article is available here).

Starting with 2006 version of Configuration Manager, the list of available applications also includes applications distributed to the user currently connected to the device.

Figure 2 – App Installation with Admin Center

Import of an Azure AD application previously created during onboarding

During a new onboarding, an administrator can specify an application created previously during the onboarding of the tenant attach.

Endpoint Analytics

Endpoint Analytics data collection active by default

Endpoint Analytics allows you to identify policies or hardware problems that could slow down the devices and make the appropriate changes proactively without interrupting the work of the end user.

The Enable Endpoint Analytics data collection option defined on the Client Settings side on the Configuration Manager is active by default. However, the data will not be sent to the Admin Center portal until the option to upload the collected data is activated:

Figure 3 – Upload Endpoint Analytics data

If you upgrade from version 2002 to version 2006, the values of the Custom Client Settings will be maintained. The default value on CM 2002 for the Enable Endpoint Analytics data collection setting is No.

If you upgrade from version 1910 or earlier, the setting will be set to the new default value (Yes).

Infrastructure

VPN Boundary type

To simplify the management of remote clients, it is now possible to create a new type of boundary for VPNs. In previous releases, it was necessary to create boundaries based on an IP range or on a subnet. Now, when a client sends a location request, it includes more information about its network configuration. Based on this information, the Configuration Manager server determines whether the client is using a VPN connection.

Improvement to Windows Virtual Desktop support

Windows 10 Enterprise multi-session is available in the supported operating systems list in the requirements rules and applicability lists.

CMG Software Update Point for non-internet devices

From this build, Intranet clients are able to access a Cloud Management Gateway with the role of Software Update Point when it is assigned to a boundary group.

Cloud-Attach

Notifications for Secret Key expiration

If the infrastructure is configured to perform cloud-attach, Configuration Manager console will allow you to view notifications in the event that:

  • One or more secret keys for an Azure AD application are expiring;;
  • One or more secret keys for an Azure AD application have expired;

Real-time management

Improvement to CMPivot feature

CMPivot is an utility in the Configuration Manager console that allows you to access information on connected devices in real time; this utility immediately queries all currently connected devices and returns the results. In the event that the device is not connected, the inventory data will be provided.

Below are the main improvements introduced in this release:

  • It is possible to run CMPivot on one or more devices without necessarily having to select or create a collection;
  • Based on the results returned by a CMPivot query, it is possible to select one or more devices in order to launch an additional instance of CMPivot based on the selection made;
  • Standalone CMPivot and CMPivot launched from the administration console have been unified;

Client management

Installation and upgrade on metered connection

In previous versions, if a device was connected to a paid network, the installation/update of the CM client was not possible; for those systems often roaming it generated a condition of unmanaged systems or with obsolete client versions. From this build, it is possible to install / upgrade the Configuration Manager client even if the communication between the client and the Primary Site on paid connections has been limited.

Improvements to managing device restart

Starting with version 2006, it is possible to instruct the CM client to inhibit automatic restart of the device when requested by the deployment.

This setting applies to applications, software updates and package deployments that require a reboot.

To take full advantage of the new Configuration Manager features, after updating the site, it is necessary to update the CM client to the latest version.

Application management

Improvements to available apps via CMG

In this release, if a client joined to Azure AD and connected to the local network uses a Cloud Management Gateway (CMG), the Azure AD credentials will be used to check the availability of the apps (at the user level).

In previous versions, Software Center used Windows authentication which generated errors and fail during the process of retrieving the list of applications available at the user level.

Microsoft 365 Apps for enterprise

As of April 2020, Office 365 ProPlus has been renamed to Microsoft 365 Apps for enterprise. In this regard, on the console side, all the sections have been modified to adapt to the new naming and the presence of Automatic Deployment Rule using obsolete names will be notified (through a special banner).

For more information, on the new naming convention introduced by Microsoft you can refer to the following link.

OS Deployment

Cloud-based content support on Task Sequence media

One of the most important features introduced in this release is certainly the ability to download content directly from the cloud through Task Sequence media (PXE, USB sticks, etc. ..); this new functionality can be useful for the standardization of the machine park in branch offices.

By sending a special USB key or using an on-site PXE server, it is possible to provision an image directly from the cloud without saturating the connection with the main office.

Improvements to BitLocker task sequence steps

Through the Enable BitLocker and Pre-provision BitLocker steps, it is possible to define the encryption method to be used; also, a new setting has been added to the Enable BitLocker step (Skip this step for computers that do not have a TPM or when TPM is not enabled) to manage cases in which the device does not support TPM or the latter does not appear correctly initialized.

Improvements to OS deployment

In the 2006 version, the following improvements were introduced within the OS Deployment functionality:

  • It is possible to use a variable as a target for the Format and Partition Disk step; this allows to manage the formatting of disks dynamically in complex scenarios.
  • Check Readiness step includes checking to determine if the system is using UEFI; through this check, the _TS_CRUEFI variable will be automatically valued with the returned value.
  • If the detailed display of the progress bar is activated, the steps included in a disabled group will not be counted; in previous releases, even disabled steps were included in the count.
  • During the Windows 10 upgrade process via Task Sequence, the two command prompt windows related to the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts will no longer be displayed.

Protection

CMG support for endpoint protection policies

Starting with this release, clients that communicate via Cloud Management Gateway are able to apply Endpoint Protection policies without the need for communication with the Active Directory infrastructure.

BitLocker Management

It is possible to install the administrative and self-service portals related to BitLocker on a CAS (central administration site) system.

Console

Community hub and GitHub

Through Community Hub, it is possible to share and find content (such as scripts) to speed up the work of IT administrators. For this first release, the content available within the Community Hub will only be uploaded by Microsoft.

Notifications from Microsoft

It is possible to receive notifications from Microsoft directly within the Configuration Manager console. These notifications allow you to stay informed about new features or any updates, changes to Configuration Manager; in addition, problems will also be reported that require action by the IT administrator to be resolved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: