On April 8, Microsoft Endpoint Configuration Manager version 2203 was released; in this version, Microsoft has tried to make the use of Configuration Manager console more “user friendly”; the goal of this article is to provide an overall overview of the main news introduced in the 2203 release in order to have the necessary references to better manage your infrastructure.
At the time of writing this article, the update appears to be available through the Early update ring channel; in order to add your infrastructure within this channel, you need to run the Powershell script available at the following link.
Cloud Software Update Point as the primary scan source
Starting with this version, clients belonging to a boundary where the Prefer cloud based source over on-premises source option is active will prefer scanning to the Cloud Management Gateway (CMG) Software Update Point rather than scanning to the local SUP.
View status on content distribution
One of the most important changes introduced in this latest build of Configuration Manager is the ability to view the status of content distribution in graphic format.
In fact, in this latest release, in the Monitoring> Distribution Status> Content Status section it will be possible to view for each individual item: the status of the Distribution Point, the type of Distribution Point and the various status messages associated with it.
Improvement with Power BI Report Server
Some improvements have been introduced with respect to the integration between Configuration Manager and Power BI Report Server, including:
- Ability to use versions of Microsoft Power BI Desktop released after January 2021.
- Fixed handling of Power BI reports generated by Power BI Desktop version May 2021 or later.
Improvements in the management insights section
Within the Management Insights section, the following new features have been introduced:
- Deprecated and unsupported features: this group contains rules to help manage and remove deprecated or unsupported features.
- Added a new rule within the Proactive Maintenance group to identify Windows Server 2012 or Windows Server 2012 R2 systems.
Performing actions from the Deployment View section
Starting with version 2203, you can perform Client Notification actions, such as Run Script or download machine policies directly from the Deployment Status section.
Automatic removal of collections with references (inclusion/exclusion from other collections)
In versions prior to version 2203, deleting a collection requires the manual removal of any references to other collections; now it is possible to automatically remove the various dependencies during the process of removing the affected collection.
Windows LEDBAT functionality on Software Update Point (SUP)
To limit client bandwidth usage during the update scanning process, you can activate the Windows Low Extra Delay Background Transport (LEDBAT) feature on Windows Server 2016 or later systems with the Software Update Point role installed; the Adjust the download speed to use the unused network bandwidth (Windows LEDBAT) option will therefore allow you to control any network congestion during scans to WSUS.
Pre-download content for available updates
In versions prior to version 2203, pre-download of content is only possible for deployments in required mode. The Pre-download content for this deployment functionality is now also available for distributions set in Available mode; this allows you to drastically reduce waiting times on the availability of the Software Center update.
Improvements in update management
Within the Software Update section, it is now possible to group the Software Update Groups and packages in folders, this allow better management and categorization of updates.
Also starting from this version, it is possible to set the maximum run time for all updates, including those from third parties.
Finally, as regards the Automatic Deployment Rule, the methodology for determining the availability and installation deadline of updates has been revised: now the Software available time and Installation deadline options are calculated based on the date / time in which the ADR is scheduled and started.
BitLocker password escrow during Task Sequence execution
In order to minimize the time of non-encryption of volumes and have protected volumes at the end of the OS Deployment Task Sequences, through the Enable BitLocker step, it is possible to escrow the recovery key on the Configuration Manager database; in previous versions, you must wait for the Configuration Manager client to receive the policies upon completion of the Task Sequence.
Customization of icons for package and Task Sequence
As already possible for applications, starting from version 2203, it is possible to set custom icons in package and Task Sequence so that they are visible on the Software Center upon publication.
Improvements on implicit removal of applications
In releases 2107 and 2111, the uninstallation functionality of applications was released when the device or user was removed from the reference collection; Starting with this release, if you deploy the application on a user collection based on a security group and implicit uninstall is enabled, the changes to the security group are taken into account. When the change in group membership is detected through the discovery process, Configuration Manager uninstalls the app for the user removed from the security group.
As already mentioned at the beginning of this article, in this release, Microsoft has tried to make the use of the Configuration Manager console more “user friendly”; in fact, one of the main innovations introduced on this theme is the possibility to set the console in dark mode.
Improvements in the console and in the user experience
Below is a list of improvements introduced on the console side:
- Ability to copy / paste on additional objects within the detail sections.
- Update search results and search criteria are cached; from the moment you switch to a node and then return to the previous node, all software updates, search criteria, and results are preserved.
- Dashboards such as Windows Servicing and Microsoft Edge Management use the new Microsoft Edge WebView2 runtime; to allow its use, it is necessary to proceed with the installation of this component.
- Ability to link feedback sent to Microsoft through the Configuration Manager console to an Azure Active Directory account or a Microsoft account.
- Ability to remove contributions made on Community hub.
- Availability of a list of filters that can be used as search criteria on Community hub.
Microsoft Endpoint Configuration Manager version 2203 improves the user experience when using the console by introducing a series of interesting features and settings; as already confirmed on several occasions, Microsoft is focusing its efforts on making this product as integrated as possible with the cloud platform while maintaining simplicity in its management.