The product team behind System Center Configuration Manager at Microsoft (led by David James) have done an amazing amount of work in the last year alone.
They’ve released three major releases of System Center Configuration Manager Current Branch 1802, 1806 and 1810 for production use and at least 13 Technical Preview releases for lab use in 2018.
In this part I’ll cover the major Current Branch releases in 2018, and in Part 2 I’ll cover the Technical Preview releases.
What are Current Branch releases ?
Current Branch releases are the stable form of the finished product (System Center Configuration Manager), designed for Production use in small to large Enterprises. Current Branch releases contain many new features, some of which are pre-release and some are production ready, but either way these features have been tested previously in Technical Preview releases.
Current Branch releases are released 3 times per year and contain at least one baseline, typically released in the second month (YYMM eg: 1802). Baseline releases are used for new installations or for upgrades from previous versions of System Center Configuration Manager. You cannot upgrade from Technical Preview to Current Branch (or vice versa).
Before I start, I have a question, and it pertains to the rapid release schedule and the inevitable workload that must go with it. The question is:
“How can the Product team keep on releasing such a sustained amount of new content at this rapid pace and document those releases nearly real time ? “
The answer as I see it, is below.
- Customer feedback (directly in the 1806 console or via Uservoice)
- Customer demand (changing tech ensures that customers want new abilities)
- Skilled Engineering teams (skilled Program Managers and Engineers)
- Strong Leadership (from Satya down, the focus is on Empowering end users)
In case you didn’t already know, the Technical Preview releases are released monthly (or more) and contain a few new features each time to trial out on the tech hungry public. I don’t have stats for how many people deploy the technical preview releases but I would imagine it’s many considering the effort that goes into producing those releases.
Features that are deemed successful and in customer demand usually surface some months later as Pre release features in the Current Branch releases, and only once they have been put through their paces are they (in a later release of SCCM Current Branch) deemed Production ready. It’s a good way of testing new features and bringing them to market in a timely manner. SCCM development today is nothing like it was back when SCCM 2007 ruled the waves and anyone claiming it’s dead must be smoking something.
So let’s start with the major releases of System Center Configuration Manager (Current Branch) and highlight some of the new features.
SCCM CB 1802
SCCM CB 1802 was a baseline release (you can read about baselines here). You can use this version for new installs or upgrade to this version using the in place upgrade ability within the ConfigMgr console which I blogged about here.
This release contained a long list of bug fixes from previous versions and a huge list of new or changed features, most of which are listed below.
- Support for Windows 10 ARM64 devices
- Improved support for CNG certificates (Cryptography: Next Generation (CNG) certificates)
- Boundary group fallback for management points
- Cloud distribution point site affinity
- Management insights in System Center Configuration Manager provide information about the current state of your environment.
- Cloud management gateway support for Azure Resource Manager
- Configure hardware inventory to collect strings larger than 255 characters
- Microsoft intends to deprecate the Linux and UNIX client support in System Center Configuration Manager roughly one year from now, such that the clients will not be included in the SCCM 1902 release in early calendar 2019. The Configuration Manager 1810 release, in late calendar 2018, will be the last release to include the Linux and UNIX clients.
- Surface device dashboard
- Change in the Configuration Manager client install. Starting in this release, Silverlight is no longer installed on client devices automatically. For more information, see Prerequisites for deploying clients to Windows computers
- Co-management improvements. Transition Endpoint Protection workload to Intune using co-management. The Endpoint Protection workload can be transitioned to Intune after enabling co-management.
- Microsoft Edge browser policies
- Allow user interaction when installing an application
- Do not automatically upgrade superseded applications
- Approve application requests for users per device
- Starting in this release, Run Scripts is no longer a pre-release feature.
- Windows 10 in-place upgrade task sequence via cloud management gateway
- Improvements to Windows 10 in-place upgrade task sequence
- In Windows PE, when launching cmtrace.exe, you are no longer prompted to choose whether to make this program the default viewer for log files.
Add boot images to the Download Package Content task sequence step.
- Deployment templates for task sequences
- The deployment wizard for task sequences can now create a deployment template. The deployment template can be saved and applied to an existing or new task sequence to create a deployment.
- Phased deployments for task sequences
- Install multiple applications in Software Center
- Use Software Center to browse and install user-available applications on Azure AD-joined devices
- Hide installed applications in Software Center
- Hide unapproved applications in Software Center
- Software Center shows user additional compliance information
- Schedule automatic deployment rule evaluation to be offset from a base day.
- Report for default browser counts
- Report on Windows AutoPilot device information
- Report on Windows 10 Servicing details for a specific collection
- Improvements to Configuration Manager Policies for Windows Defender Exploit Guard
- New host interaction settings for Windows Defender Application Guard
- For Windows 10 version 1709 and later devices, there are two new host interaction settings for Windows Defender Application Guard:
- Websites can be given access to the host’s virtual graphics processor.
Files downloaded inside the container can be persisted on the host.
- Improvements to the Configuration Manager console
For a summary of changes in 1802, see this post.
SCCM CB 1806
A few months after 1802 came out we got 1806 (July 31st to be exact).
System Center Configuration Manager Current Branch version 1806 brought even more improvements such as:-
- Send a smiley (for product feedback, you can see it in the screenshot above)
- CMTrace included with the clients
- Enhanced HTTP site system
- Improvements to CMG and Co Management
- PXE enabled distribution point without WDS
- Third-party software updates
For a more detailed list of the new features see below:-
- With 1802, the hybrid mobile device management feature is deprecated.
- CMPivot is a new in-console utility that now provides access to real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results.
- Site server high availability
Improvements to management insights
- Configuration Manager tools. The Configuration Manager server and client tools are now included on the server. Find them in the CD.Latest\SMSSETUP\Tools folder on the site server. No further installation required.
- Exclude Active Directory containers from discovery
- Configure a remote content library for the site server
- Cloud distribution point support for Azure Resource Manager
- Pull-distribution points support cloud distribution points as source
- Improvement to client push security. When using the client push method of installing the Configuration Manager client, the site can now require Kerberos mutual authentication. This enhancement helps to secure the communication between the server and the client.
- Enhanced HTTP site system. Using HTTPS communication is recommended for all Configuration Manager communication paths, but can be challenging for some customers due to the overhead of managing PKI certificates. The introduction of Azure Active Directory (Azure AD) integration reduces some but not all of the certificate requirements.
- Azure AD device identity
- CMTrace installed with client
- Cloud management dashboard
- Connection analyzer
- Improvements to cloud management gateway
- Version 1806 includes the following improvements to the cloud management gateway (CMG):
- Simplified client bootstrap command line
- Download content from a CMG
- Trusted root certificate isn’t required with Azure AD
Sync MDM policy from Microsoft Intune for a co-managed device
- Transition new workloads to Intune using co-management
- Support for multiple hierarchies to one Intune tenant
- Compliance settings
- Application management
Phased deployment of applications
- Provision Windows app packages for all users on a device
- Office Customization Tool integration with the Office 365 Installer
- The Office Customization Tool is now integrated with the Office 365 Installer in the Configuration Manager console. When creating a deployment for Office 365, dynamically configure the latest Office manageability settings. Microsoft updates the Office Customization Tool when they release new builds of Office 365. This integration allows you to take advantage of new manageability settings in Office 365 as soon as they’re available.
- Support for new Windows app package formats, new Windows 10 app package (.msix) and app bundle (.msixbundle) formats.
- Uninstall application on approval revocation
- Package Conversion Manager
- Improvements to phased deployments
- Phased deployment status
- Gradual rollout during phased deployments
- Improvements to Windows 10 in-place upgrade task sequence
- Improvements to PXE-enabled distribution points
- Network access account not required for some scenarios
- Mask sensitive data stored in task sequence variables
- Mask program name during Run Command Step of a task sequence. To prevent potentially sensitive data from being displayed or logged, configure the task sequence variable OSDDoNotLogCommand.
- Task sequence variable for DISM parameters when installing drivers
- Option to use full disk encryption, previously used Pre-Provision BitLocker, now you have a new option to do FDE.
- Client provisioning mode isn’t enabled with Windows 10 upgrade compatibility scan
- Now when you enable the option to Perform Windows Setup compatibility scan without starting upgrade, the Upgrade Operating System task sequence step doesn’t put the Configuration Manager client into provisioning mode.
- Application catalog roles are no longer required to display user-available applications in Software Center.
- Use client settings to control whether the link to Open the Application Catalog web site appears in the Installation status node of Software Center.
- Maintenance windows in Software Center
- Third-party software updates
- Deploy software updates without content
- Filter automatic deployment rules by software update architecture
- Improved WSUS maintenance
- New software updates compliance report
- Improvement to hardware inventory for large integer values
- Hardware inventory default unit revision
- Configuration Manager console
Product lifecycle dashboard
- Copy asset details from monitoring views
- Improvements to the Surface dashboard
- View the currently signed on user for a device
- Submit feedback from the Configuration Manager console
- For more details about the new features in SCCM 1806 see this post.
SCCM 1810 CB
Mid to late November 2018, System Center Configuration Manager Current Branch version 1810 was released. As with all SCCM Current Branch releases you can opt to install it early on in the Fast ring by utilizing a PowerShell script, or wait the first few weeks until any major gotchas (if any) are identified and fixed and download it in the slow ring.
- Support for Windows Server 2019
- Hierarchy support for site server high availability
- Improvements to setup prerequisites
- When you install or update to version 1810, Configuration Manager setup now includes or improves some prerequisite checks
- New permission for client notification actions
- Client notification actions now require the Notify Resource permission on the SMS_Collection class.
- Boundary groups now include the following additional settings to give you more control over content distribution in your environment:
- Prefer distribution points over peers with the same subnet: By default, the management point prioritizes peer cache sources at the top of the list of content locations. This setting reverses that priority for clients that are in the same subnet as the peer cache source.
- Prefer cloud distribution points over distribution points: If you have a branch office with a faster internet link, you can now prioritize cloud content.
- Management insights rule for peer cache source client version
- Client management, New client notification action to wake up device
- Improvements to collection evaluation
- Improvement to client installation
- Improvements to internet-based client setup
- Required app compliance policy for co-managed devices
- Improvement to co-management dashboard
- Application management, you can now convert applications to MSIX and repair applications
- Approve application requests via email
- Detection methods don’t load Windows PowerShell profiles
- Task sequence support of Windows Autopilot for existing devices
- Specify the drive for offline OS image servicing
- Task sequence support for boundary groups
Improvements to driver maintenance
- New task sequence variable for last action name
- Along with the task sequence variable _SMSTSLastActionRetCode, the task sequence also sets a new variable _SMSTSLastActionName.
- Phased deployment of software updates
- Improvement to maintenance windows for software updates
- Improvement to lifecycle dashboard
- Improvement to data warehouse
- Configuration Manager administrator authentication
- Support Center
- Use Support Center for client troubleshooting, real-time log viewing, or capturing the state of a Configuration Manager client computer for later analysis. Support Center is a single tool to combine many administrator troubleshooting tools. Find the Support Center installer on the site server in the cd.latest\SMSSETUP\Tools\SupportCenter folder.
- Management insights dashboard
- Improvements to CMPivot
- Improvements to scripts
- You can now view detailed script output in raw or structured JSON format. This formatting makes the output easier to read and analyze.
- An Intune connection is no longer required for on-premises MDM
For a detailed list of what’s new in 1810, see here.
So there you have it, three major Current Branch release in 2018 and all packed with amazing new features. Please join me in Part 2 where we’ll take a look at the Technical Preview releases released in 2018.