Archive: Posts Tagged ‘SCCM’

Microsoft EndPoint Configuration Manager (Preview Query Results with Configuration Manager Technical Preview 2008)

Commentaires fermés août 23rd, 2020

Hi to all,

Great news, a new option is available, the Preview Query Results present in Configuration Manager Technical Preview 2008!

Learn more about Collection query preview.

This preview release also includes:

Analyze SetupDiag errors for feature updates - With the release of Windows 10, version 2004, the SetupDiag diagnostic tool is included with Windows Setup. If there’s an issue with the upgrade, SetupDiag automatically runs to determine the cause of the failure. Configuration Manager now gathers and summarizes SetupDiag results from feature update deployments with Windows 10 servicing. The Windows 10 Servicing dashboard in the Software Library workspace of the Configuration Manager console now includes a tile for Collection Errors.

Collection evaluation view – We’ve integrated the functionality of Collection Evaluation Viewer into the Configuration Manager console. This change provides administrators a central location to view and troubleshoot the collection evaluation process. The console now displays the following information:

  • Historic and live information for full and incremental collection evaluations
  • The evaluation queue status
  • The time for collection evaluations to complete
  • Which collections are currently being evaluated
  • The estimated time that a collection evaluation will start and complete

Delete Aged Collected Diagnostic Files task – You now have a new maintenance task available for cleaning up collected diagnostic files. Delete Aged Collected Diagnostic Files uses a default value of 14 days when looking for diagnostic files to clean up and doesn’t affect regular collected files. The new maintenance task is enabled by default.

See task sequence size in the console – This release continues to iterate on changes in technical preview version 2004 and version 2007 to help you manage the size of task sequences. When you view the list of task sequences in the Configuration Manager console, add the Size (KB) column. Use this column to identify large task sequences that can cause problems.

Monitor scenario health – Configuration Manager is complicated to troubleshoot. It’s especially complex to understand system latency and the backlog between components. Cloud service-attached features increase that complexity. You can now use Configuration Manager to monitor the health of end-to-end scenarios. It simulates activities to expose performance metrics and failure points. These synthetic activities are similar to methods that Microsoft uses to monitor some components in its cloud services. Use this additional data to better understand timeframes for activities. If failures occur, it can help focus your investigation.

Import objects to current folder - Based on your feedback, now when you import an object in the Configuration Manager console, it imports to the current folder. Previously, Configuration Manager always put imported objects in the root node. This new behavior applies to applications, packages, driver packages, and task sequences.

Update 2008 for Technical Preview Branch is available in the Microsoft Endpoint Configuration Manager Technical Preview console. For new installations, the 2007 baseline version of Microsoft Endpoint Configuration Manager Technical Preview Branch is available on the Microsoft Evaluation Center. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.


Update 2006 for Microsoft Endpoint Configuration Manager current branch is now available !

Commentaires fermés août 23rd, 2020

Hi all,

Great news, the Update 2006 for Microsoft Endpoint Configuration Manager current branch is now available!

Whats News?

Microsoft Endpoint Manager tenant attach

Import previously created Azure AD application during tenant attach onboarding – During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach.

Endpoint Analytics

Endpoint Analytics Preview - the Endpoint Analytics preview is available. Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and proactively make changes without disrupting end users or generating a help desk ticket.

Endpoint analytics data collection enabled by default – In 2006, the Enable Endpoint analytics data collection client setting is now enabled by default for tenants attaching for the first time. This setting allows your managed endpoints to send data, such as startup performance insights, to your Configuration Manager site server. This change affects local data collection only. Endpoint analytics data isn’t uploaded to the Microsoft Endpoint Manager admin center until you enable data upload in Configuration Manager. The new default value applies to the default client settings and any custom client settings created after upgrading to version 2006.

Site infrastructure

WFA.png VPN boundary type – To simplify managing remote clients, you can now create a new boundary type for VPNs. Previously, you had to create boundaries for VPN clients based on the IP address or subnet. Now when a client sends a location request, it includes additional information about its network configuration. Based on this information, the server determines whether the client is on a VPN.

WFA.png Management insights to optimize for remote workers – This release adds a new group of management insights, Optimize for remote workers. These insights help you create better experiences for remote workers and reduce load on your infrastructure. The insights in this release primarily focus on VPN:

  • Define VPN boundary groups
  • Configure VPN connected clients to prefer cloud-based content sources
  • Disable peer to peer content sharing for VPN connected clients

WFA.png Improved support for Windows Virtual Desktop – The Windows 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.

WFA.png Intranet clients can use a CMG software update point – Intranet clients can now access a CMG software update point when it’s assigned to a boundary group. You can allow intranet devices to scan against a CMG software update point in the following scenarios:

  • When an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.
  • If the only software update point for the boundary group is the CMG software update point, then all intranet and internet devices will scan against it.

Cloud-attached management

Notification for Azure AD app secret key expiration – If you configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:

  • One or more Azure AD app secret keys will expire soon
  • One or more Azure AD app secret keys have expired

Use Microsoft Azure China 21Vianet for co-management - You can now select the Azure China Cloud as your Azure environment when enabling co-management.

Real-time management

The following improvements have been made in CMPivot -

  • CMPivot from the console and CMPivot standalone have been converged
  • Run CMPivot from an individual device or multiple devices without having to select or create a collection
  • From CMPivot query results, you can select an individual device or multiple devices then launch a separate CMPivot instance scoped to your selection.

Client management

WFA.png Install and upgrade the client on a metered connection -Previously, if the device was connected to a metered network, new clients wouldn’t install. Existing clients only upgraded if you allowed all client communication. Starting in this release, client install and upgrade both work when you set the client setting Client communication on metered internet connections to Allow or Limit. With this setting, you can allow the client to stay current, but still manage the client communication on a metered network.

Improvements to managing device restarts – Configuration Manager provides many options to manage device restart notifications. You can now configure the client setting Configuration Manager can force a device to restart to prevent devices from automatically restarting when a deployment requires it. By default, Configuration Manager can still force devices to restart

Application management

WFA.png Improvements to available apps via CMG – This release fixes an issue with Software Center and Azure Active Directory (Azure AD) authentication. For a client detected as on the intranet but communicating via the cloud management gateway (CMG), previously Software Center would use Windows authentication. When it tried to get the list of user-available apps, it would fail. It now uses Azure Active Directory (Azure AD) identity for devices joined to Azure AD. These devices can be cloud-joined or hybrid-joined.

Microsoft 365 Apps for enterprise – Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise on April 21, 2020. Starting in version 2006, the following changes have been made:

  • The Configuration Manager console has been updated to use the new name. This change also includes update channel names for Microsoft 365 Apps.
  • A banner notification was added to the console to notify you if one or more automatic deployment rules reference obsolete channel names in the Title criteria for Microsoft 365 Apps updates.

Operating system deployment

WFA.png Task sequence media support for cloud-based content – Task sequence media can now download cloud-based content. Instead of further taxing the WAN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources.

WFA.png Improvements to task sequences via CMG - This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):

  • Support for OS deployment: With a task sequence that uses a boot image to deploy an OS, you can deploy it to a device that communicates via CMG. The user needs to start the task sequence from Software Center.
  • This release fixes the two known issues from Configuration Manager current branch version 2002. You can now run a task sequence on a device that communicates via CMG in the following circumstances:

Improvements to BitLocker task sequence steps

  • You can now specify the disk encryption mode on the Enable BitLocker and Pre-provision BitLocker task sequence steps. By default, the steps continue to use the default encryption method for the OS version.
  • The Enable BitLocker step also now includes a setting to Skip this step for computers that do not have a TPM or when TPM is not enabled. When you enable this setting, the step logs an error on a device without a TPM or a TPM that doesn’t initialize, and the task sequence continues.

Management insight rules for OS deploymentWhen the size of the task sequence policy exceeds 32 MB, the client fails to process the large policy. The client then fails to run the task sequence deployment. To help you manage the policy size of task sequences, this release includes the following management insights:

  • Large task sequences may contribute to exceeding maximum policy size
  • Total policy size for task sequences exceeds policy limit

Improvements to OS deployment - This release includes the following additional improvements to OS deployment:

  • Use a task sequence variable to specify the target of the Format and Partition Disk step. This new variable option supports more complex task sequences with dynamic behaviors.
  • The Check Readiness step now includes a check to determine if the device uses UEFI. It also includes a new read-only task sequence variable, _TS_CRUEFI.
  • If you enable the task sequence progress window to show more detailed progress information, it now doesn’t count enabled steps in a disabled group. This change helps make the progress estimate more precise.
  • Previously, during a task sequence to upgrade a device to Windows 10, a command prompt window opened during one of the final Windows configuration phases. The window was on top of the Windows out-of-box experience (OOBE), and users could interact with it to disrupt the upgrade process. Now the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts from Configuration Manager include a change to hide this command prompt window.
  • Some customers build custom task sequence interfaces using the IProgressUI::ShowMessage method, but it doesn’t return a value for the user’s response. This release adds the IProgressUI::ShowMessageEx method. This new method is similar to the existing method, but also includes a new integer result variable, pResult.


WFA.png CMG support for endpoint protection policies – While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domain controllers. Starting in this release, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.

BitLocker management support for hierarchies – You can now install the BitLocker self-service portal and the administration and monitoring website at the central administration site.

Configuration Manager console

Community hub and GitHub – (First introduced in June 2020)

The IT admin community has developed a wealth of knowledge over the years. Rather than reinventing items like scripts and reports from scratch, we’ve built a Configuration Manager Community hub where you can share with each other. The Community hub fosters creativity by building on others’ work and having other people build on yours. GitHub already has industry-wide processes and tools built for sharing. Now, the Community hub will leverage those tools directly in the Configuration Manager console as foundational pieces for driving this new community. For the initial release, the content made available in the Community hub will be uploaded only by Microsoft.

Notifications from Microsoft

You can now choose to receive notifications from Microsoft in the Configuration Manager console. These notifications help you stay informed about new or updated features, changes to Configuration Manager and attached services, and issues that require action to remediate.

Other updates

For more details and to view the full list of new features in this update, check out our What’s new in version 2006 of Microsoft Endpoint Configuration Manager documentation.


SCCM CB | How to configure and use Peer Cache in SCCM CB (Application, package and OSD)

Commentaires fermés avril 30th, 2019


In this post, I explain you how to configure and use the peer cache with Sccm CB application, package and OSD deployment.

For the start, it’s need to be clarify one point, the Peer Cache feature is available since the SCCM 1610 version.

Configuration Manager doesn’t enable this optional feature by default. You must enable this feature before using it. For more information, see Enable optional features from updates.

For enable the peer cache feature, it’s necessary to activate the feature in Administration>Overview>Updates and Servicing>Features

You can minimize and improve the network transferts in activated the option below (Configure client peer cache sources to divide content into parts. These parts minimize the network transfer to reduce WAN utilization):

After that, le’t go for the peer cache configuration!

The first one is the prerequisite:

  • One or many workstations dedicated to be peer cache client
  • Boundaries and boundaries Group configured
  • Collection with Clients Settings configured with the peer cache option

Reminder for the peer client cache configuration:

A peer cache source rejects requests for content when it meets any of the following conditions at the time a peer requests content:
  1. Low battery mode
  2. Processor load exceeds 80%
  3. Disk I/O has an AvgDiskQueueLength that exceeds 10
  4. There are no more available connections to the computer

A-Peer cache configuration and requirement parameters

1-Create the target collection for the peer cache client (in my example, i have two clients)

2-Create a new custom clients settings with this parameter under:

Configure client cache size = Yes

Maximum cache size (in my example, i put the maximum for the cache client=65000)

Maximum cache size = 20

Enable Configuration Manager client un full OS to share content = Yes

Port for initial network broadcast = 8004 (You don’t miss to open this port on yours firewalls)

Por for content download from peer = 8003 (You don’t miss to open this port on yours firewalls)

3-Create a second collection with all clients included in the same boundaries group that the peer cache client (This collection is used for generalize application deployment = after you will deploy the application on yours peer cache client)

4-Deploy an application to the peer cache clients (in my example, i take 7-Zip = ELY00029=Package ID)

5-At this moment, i can check in CAS.log if the package is donwloaded in the cache of my client by the distribution point and if his present in the cache (this step is necessary and it’s just for one time, the first time)

6-Now, if i install the 7 Zip package on another workstation included in the same boundaries group, the package is good downloaded by the peer cache client (DataTransferService.log)

7-The 7-Zip application installed correctly and by the peer client cache :-)

B-Configure Peer cache for OS Deployment

In this example,  the peer cache works the same way that the application and package model deployment, it’s necesseray to deploy your OS image and package OSD for the first one in your branch

1-Prepare your task sequence to deploy OSD

2-For that your peer cache client keep all objects OSD in her cache, it’s necessery to add variable in collection SMSTSPreserveContent=True

For information, when you have finish and you want to deploy OS using the peer cache feature, it’s necessary to put the variable (SMSTSPeerDownload=True) on the collection

3-Launch your OS Deployment…

4-After you will find the config manager client cache with the package OSD in his cache, you first peer cache client for OSD is ready!

5-You can see the log result of smsts.log and that he use good the peer cache feature (network)

Package ID=ELY00004

Package ID=ELY00014

Package ID=ELY00015


Enjoy! :-)

Sources Peer cache for Configuration Manager clients