What’s new in version 2303 of Microsoft Configuration Manager

Posted byDavide SalsiPosted inEnterprise Mobility, Microsoft Configuration Manager

In these days, Microsoft Configuration Manager version 2303 has been made available; in this version, Microsoft has introduced some innovations related to the management and updating of the Windows 11 operating system; the goal of this article is to provide an overall overview of the main innovations introduced in release 2303 in order to have the necessary references to better manage your infrastructure.

At the time of writing this article, the update appears to be available through the Early update ring channel; in order to add your own infrastructure within this channel, you need to run the Powershell script available at the following link.
You will be able to apply this update on Configuration Manager infrastructure with version 2111 or later.

Starting with this release, the Microsoft Endpoint Configuration Manager solution will be renamed to Microsoft Configuration Manager; in fact, following the rebranding dedicated to endpoint management solutions announced during the latest edition of Microsoft Ignite, Microsoft Intune appears to be the name dedicated to the suite of products for endpoint management (of which Configuration Manager is an integral part) which to replace the previous Microsoft Endpoint Manager.

Cloud-Attach

Improvements in Cloud Sync functionality

As already done for version 2211, also version 2303 introduces improvements related to the Cloud Sync functionality; the dedicated dashboard, present in the Monitoring section, allows you to verify the correct sync status of the resources present in the reference collection: Success – In progress – Failed (with respective causes relating to failure).
The dashboard also allows you to view the status of the Cloud Sync component per collection, the respective Azure AD groups, the total count of synchronized members and the details of the last sync.

Tenant Attach device on Endpoint Security report

Starting in version 2303, you can view devices attached in Tenant Attach mode in Endpoint Security reports in the Microsoft Intune admin center console; for example, these devices will be visible in the reports:

  • Unhealthy endpoints (Endpoint Security – Antivirus)
  • Active malware operational (Endpoint Security – Antivirus)
  • Antivirus agent status (Reports – Microsoft Defender Antivirus)
  • Detected malware (Reports – Microsoft Defender Antivirus)
Figure 1 – Antivirus agent status report with Tenant Attach devices

Infrastructure

Messages about authorization errors in the Admin Service

The Administration Service is a REST API (Representational State Transfer) based on the Open Data (OData) v4 protocol used by Configuration Manager to manage console extensions, Tenant Attach functionality, etc…
In the 2303 release, auditing messages related to authorization errors (previously recorded in the CM logs) have been introduced; these messages are visible in the “All Status Message” view present in the Monitoring section and contain information such as: attempts to access resources, number of attempts for authorized requests made by the user in a day, read operations for HTTPS requests and for cloud-initiated operations.

SQL Server 2022 support

With the release of Configuration Manager version 2303, you can use SQL Server 2022 for the following roles: Central Administration site (CAS), Primary site, and Secondary site.
The supported compatibility levels are: 150, 140, 130, 120, 110.

Software Updates

Unified Update Platform (UUP)

The Unified Update Platform (UUP), released in General Availability (GA), is a method of providing updates to all Windows devices from a single update platform; it also allows you to make operating system updates easier while reducing the size of the package to download and the time to apply. Starting March 28 and with the release of subsequent Cumulative Updates, Windows 11, version 22H2 devices will be able to receive Quality Updates via the Unified Update Platform (UUP).

Revised supersedence time for Software Updates

With the release of the Unified Update Platform (UUP) service in GA, the default value for supersedence of updates is being updated; this value should be greater than 3. For new installations of the Software Update Point role, this value will be increased to 6. Existing Configuration Manager infrastructures will need to be manually adjusted to this value.

New settings for the management of new features introduced through servicing

Within the Software Updates section, available in the Client Settings, a new settings called “Enable Windows features introduced via Windows servicing that are off by default” has been introduced which allows you to control the activation of new features introduced during system servicing windows.

Figure 2 – Enable Windows features introduced via Windows servicing that are off by default

If this setting is set to Enabled, all the features introduced in the last Cumulative Update installed will be activated while, if set to Not Configured or Disabled, these will remain disabled until the Feature Update that includes these features is installed.

Console

Improvements in the Configuration Manager console

In the 2303 release, further improvements were introduced to the console; the most important update is the extension of the dark mode functionality also in the secondary site removal wizard.

Conclusions

Version 2303 of Configuration Manager saw the introduction of new features strictly focused on better management of the update component on Windows 11 systems given the release in General Availability of the Unified Update Platform (UUP) service.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: