Top 5 new features in Configuration Manager 2103
With each release of a new Configuration Manager Current Branch we get new and awesome features. Amazing work by the Configuration Manager team at Microsoft to be able to switch focus to what is important like when Covid-19 hit. Delivering new features three times a year that will make all our lives a little bit easier.
For the Configuration Manager 2103 here are my top 5 features! For information on all the new cool features check out the official docs here: https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/whats-new-in-version-2103
Disable application deployments
Big red button” is something that we have talked about and had on the wish list for a long while and now it is here for applications as well I should add. It has been possible in Phased deployment for example before to disable/enable the deployment.
For those of you who remember that System Management Server, SMS was called “Slow Moving Software” many years back because the client pulls for information and it could take time for things to happen on the client. Now many improvements have been made to make it faster with Client Notifications, but one thing is for sure Configuration Manager is never as fast as the One time you do a mistake 😉 With this new option for Applications, we can disable the deployment of an upgrade that gone wrong and then trigger a client notification for the collection with the affected clients to force them to download the new policy with the information that it is disabled.
then we can hopefully at least minimize the damage done.
Improvements to BitLocker management
The move of MBAM standalone to BitLocker Management in Configuration Manager is great! Simplifies and reduces complexity by removing the need for a MBAM standalone server.
With the new features added in the 2103 release:
- We can manage BitLocker for removable devices over CMG
- Support of Enhanced HTTP
That makes this feature hit the top 5!
Another feature is added is that it supports TPM Password as well, which is in the MBAM standalone product today. But TPM password hash behavior changed in Windows 10 1607 so the clients will not be able to capture it if we do not use something like this during OSD, which we call “TPM Pass the Hash”. https://ccmexec.com/2016/11/mbam-tpm-password-hash-and-windows-10-1607/
Centralized management of console extensions
Managing and updating Console Extensions is a big challenge today in an enterprise. With this release we can now manage console extensions and update them as well. A great step in the right direction! Under the Updates and Servicing node we now have the option to manage Console Extensions.
Per default there is only one, but we can use that to test the feature out. Recast awesome Right Click tools are in the Community hub but is only available in Tech Preview as of now.
The options we have available are many, we can revoke approval for example for a console extension.
If we combine that with the Hierarchy setting shown below, to only allow console extensions that are approved in the hierarchy, we now have control.
If you enable that setting and restart the admin console all your extensions are immediately hidden! That means that we can have total control of Console Extensions in the future!
Add a report as a favorite
One of the great things with Configuration Manager is reporting and all the information that is at our fingertips! The other problem is to find the report we want out of all the reports in there.
Favorites to the rescue, this is beautiful! We can now select a report as favorite, and it will show up here in this view.
Selecting a report as a favorite can be done in the admin console or from Reporting Services as well. Note: To be able to use this feature we must be using SQL server 2017 or later.
Deploy a feature update with a task sequence
Also making the top 5 is using a feature update in our In-place upgrade Task Sequence. I see it as another tool in toolbox, we get more tools to get the work done. Generally the servicing ESD file is smaller than our in place upgrade Image. We can still use our existing logic in our Task sequence for doing in-place upgrades.
Note that all options including Dynamic updates are disabled as soon as a Feature update is selected instead of an Upgrade Package. Some of these settings we can control with Setupconfig.ini, blogpost coming!
With all the other great improvements both to servicing of Windows 10 going from 2004/20Hh2 -> 21H1 with an enablement package and the improvements in the Admin console for servicing we have many great options in the future to come!
What features do we miss?
Remote control over CMG/IBCM which is in the Technical Preview would be nice! But it did not make it. ☹ Hopefully, next time!