Another month has passed by and finally we get to play with the latest Technical Preview release of System Center Configuration Manager from Microsoft. I would have blogged about it earlier but my lab took a nose dive and some important virtual machines went offline.
There are two main versions (of Configuration Manager) available:
- System Center Configuration Manager (Current Branch)
- System Center Configuration Manager (Technical Preview)
System Center Configuration Manager (Current Branch) is designed for use in production, for managing anything from small to very large Enterprises whereas System Center Configuration Manager (Technical Preview) is for lab environments only and is limited to 10 clients. The Technical Preview releases are released monthly, and contain the latest and greatest features being trialed in the product, and usually these new features are the result of feedback from uservoice.
Current Branch releases on the other hand are released only a few times per year and contain stable, tested features that are mature enough to release into production environments.
System Center Configuration Manager Technical Preview 1710 is now available. This release offers the following new features:
- Check compliance for co-managed devices from Software Center when conditional access is managed by Intune – Users can now use Software Center to check the compliance of their co-managed Windows 10 devices when conditional access is managed by Intune.
- Limit Windows 10 enhanced telemetry to only send data relevant to Windows Analytics Device Health – You can now set the Windows 10 telemetry data collection level to Enhanced (Limited). This setting enables you to gain actionable insight about devices in your environment without devices reporting all of the data in the Enhanced telemetry level with Windows 10 version 1709 or later.
- Configure and deploy Windows Defender Application Guard policies – You can now create and deploy Windows Defender Application Guard policies to Windows 10 clients that help protect your users by opening untrusted web sites in a virtualized browser (Edge and Internet Explorer).
- Authorize software that is trusted by the Intelligent Security Graph as part of Windows Defender Application Control – Device Guard policies in Configuration manager are now renamed to Windows Defender Application Control policies. This better reflects the scope of their functionality. On devices that run Windows 10 version 1709, software that is trusted by the Microsoft Intelligent Security Graph (ISG) can now be automatically authorized. The trustworthiness of the software is defined by reputation data from Windows Defender SmartScreen, Windows Defender Antivirus, and more.
- Configure Windows Defender Exploit Guard – Windows Defender Exploit Guard provides intrusion prevention rules and policies that make vulnerabilities more difficult to exploit in Windows 10. All Exploit Guard components are now configurable with Configuration Manager.
- Improved descriptions for pending computer restarts – The reason for a pending computer restart is posted.
- Run Scripts – We’ve added the ability to configure security scopes for the Run Scripts feature. We’ve also integrated an additional improved monitoring experience as part of the Run Scripts wizard.
This release also includes the following improvements based on your feedback from UserVoice:
- Allow up to 512×512 pixel icons for application in Software Center – You can now deploy apps with up to 512×512 pixels icon to display in Software Center. This was earlier capped at 250×250 pixels and anything larger showed up blurry on Software Center. We have now changed this after receiving feedback from our customers.
- Support for Cryptography: Next Generation certificates – We’ve added limited support for Cryptography: Next Generation (CNG) certificates. For more information about the supported scenarios please read Introducing support for Cryptography: Next Generation (CNG) certificates in Configuration Manager.
Installing this release
So how do you get Technical Preview installed ? There are two methods:
- Upgrade from a previous installation of Technical Preview (as shown in this guide).
- Do a clean install of Technical Preview 1703 (the latest TP baseline) by using the following guide and replace the base version in that guide with the TP1703 release and then upgrade.
Upgrading to this release
Once you have a Technical Preview release installed, in the Configuration Manager console browse to Administration, Overview, Updates and Servicing as shown below. Click on Check for Updates (in the ribbon)
Next, click on the OK button.
As instructed, if you want more details about what’s happening, you can read the DMPDownloader.log available in <drvletter>:\Program Files\Microsoft Configuration Manager\Logs, you can use CMTrace to do so.
And refresh the console by clicking on the Refresh icon in the ribbon, you should see the update pack is downloading,
and once it is downloaded the state will change to Ready to Install.
Installing the update
A wizard appears. Click Next.
the Features included in the update pack will be listed.
Select your client update settings and click Next
accept the EULA and configure the software assurance expiration date
and click through to the summary
Monitoring the Upgrade
At this point you should monitor the CMUpdate.log available in <drvletter>:\Program Files\Microsoft Configuration Manager\Logs, you can use CMTrace to do so. This log will detail the installation of the update pack. You should also pay attention to the following log files present in the root of C:\.
and after refreshing the console, the state of the update pack will change to Installing.
Clicking on Show Status will give you detailed info about the state the Installation is in, it is broken down into 5 distinct phases in the top pane:
- Prerequisite Check
- Post Installation
Selecting a phase will highlight what state the update is in, including what (if any) problems it has. In the screenshot below you can see it is in the Installation phase and has just completed the Start WMI section of that phase.
And after a while it should progress through to the Post Installation phase, And after refreshing the console you’ll be informed that a new version is available namely version 5.00.8570.1000.
and after a while the new console is installed.
You can read some more about the new features in Jorgens blog post here.
After Installing this version, you can check your Upgrade history by navigating to the Updates and Servicing node, and clicking on History in the ribbon.