Avid #SCCM and #ConfigMgr hash tag followers will have noticed that Microsoft just released Configuration Manager Technical Preview 1801.
If you haven’t already installed this it will be available within your existing tech preview console in updates and servicing or you can download a clean version to install from new here – https://www.microsoft.com/en-gb/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview
As usual Microsoft have published an accompanying post on this technical preview updates listing all the features and how to use them – https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1801
The features listed are as follows:
Create Phased Deployments
This is seen by many as the stand out feature of this technical preview and there promises to be further development in this area. Note that at this moment this is only applicable to deploying task sequences and as this is tech preview only, the actual deployments are not created. It’s there as a teaser and to get you familiar with how it will work. The basic concept of this is that you can phase a deployment of software (OSD or App) across a couple of collections. This allows you to set a threshold at which you are happy with deployments to the first collection and then it will automatically release to the second collection you specify. At the moment this caters for just 2 collections but watch this space for future development.
Thinking about use cases for this, the obvious one is testing in pre-production and automatically hitting the masses afterwards. I know many IT admins use their fellow colleagues as Guinea pigs for their test deployments (whether they know or not) so this would help in that scenario. I’m sure there are several other use cases specific to each persons organisation, I’m interested to see how this feature develops further.
The team have also added in a new dashboard for co-management which is one of the hot SCCM topics at the moment. If you’re not familiar with this then it essentially allows your devices to be managed both by SCCM and Intune at the same time. You can find more information on this here.
As take-up of co-management grows (which I’m certain it will), this will be a really nice addition to the monitoring workspace.
Improvements to ADR Evaluation Schedule
Considering the time I have spent working with patches over the last few years this has to be my personal favourite feature and something I actually talked to David James about whilst he was at WMUG last year. Needless to say it was already on the to do list.
The idea is simple, in the real world almost no-one deploys patches on a zero day schedule. Most organisations I’ve worked with have a multi-phase deployment which is absolutely the way to do it. This feature allows you to run the Automatic Deployment Rule at a specific number of days after patch Tuesday or any other day for that. There are various scripts out there to recreate this behaviour but it’s so good to now get this natively in the console. Now to push this further wouldn’t it be nice to get this same functionality into a maintenance window? That is actually now a noted feature so I expect to see that coming in the not too distant future (https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/9399159-maintenance-window-relative-to-patch-tuesday)
Reassign distribution point
Now I’ve done my fair share of SCCM migrations and upgrades in my time and this feature would have been mighty useful. I know when moving between hierarchies or from CAS to primary site or secondary to primary site this will be very useful. Being able to simply re-assign a distribution avoiding the re-distribution of many GB and even TB of data is a must for many large infrastructures. I did some work on a 240k client site who were moving from a number of CAS hierarchies to primary sites, their on site PFE had this same solution available but outside of the console. Assuming this solution was fed on from PFEs then this is a great example of feedback making it’s way into the product. A great addition in my mind.
I only have the one DP in my lab at the moment but once you hit reassign distribution point you are presented with a list of other existing site servers, be aware however that this server can ONLY host the distribution point role. This also does not work for cloud distribution points.
Improvements to hardware inventory
On occasion it is necessary to extend hardware inventory to include classes not inventoried by default. Examples of this might be to get more granular data about a component such as physical memory or indeed to add a custom class such as class room or location.
I don’t know the full history of how this addition came about but should you so desire you can now inventory new classes with string lengths greater than 255 characters. To do this you can follow the numbered steps in my screenshot below.
Improvements to client settings for Software Center
Some more improvements have made it into Software Center following the recent changes with icons sizes and customisations. Now we have a “Customize” button in the software center client setting and in there we can see a preview of the logo and colour scheme that was added previously. The new feature here however is that we can hide unapproved applications. This means that if you use the built in approval process then any devices with this setting applied would only display software that DOES NOT require approval. Any applications requiring approval would simply be hidden.
New settings for Windows Defender Application Guard
There are two new setting available within your Application Guard policies which correspond with two new capabilities released with Windows 10 1709 for host interaction.
- Websites can be given access to the host’s virtual graphics processor.
- Files downloaded inside the container can be persisted on the host.
To learn more about what Application Guard does and how it works go here.
Improvements to Run Scripts
Finally, the fairly recent addition of running scripts has had an improvement already. We can now import signed scripts to run on devices.
In order for this to work you must import the signed script as opposed to copy and paste the content, you also can’t edit them the console (at least in the tech preview) and you must amend outside of SCCM then re-import the script.
Note another limitation in this TP – “Scripts imported with a non-Unicode encoding may display in the console incorrectly. The script will still execute as originally written.”
That’s it, Configuration Manager Technical Preview 1801 in a nutshell. Hopefully the full release of 1802 will be just around the corner too and bring us many more great features which I look forward to learning and sharing with you.