Microsoft released the new version 2002 of Microsoft Endpoint Configuration Manager (MEMCM). To take full advantage of new Configuration Manager features, firstly need to install/update the latest version. Refer to Installation guide Microsoft Endpoint Configuration Manager 2020 Version 2002, also update clients to the latest version respectively to take advantage.
Let’s have a look at the newly emerged features of Microsoft Endpoint Configuration Manager 2020 Version 2002
- Remove a central administration site
If your hierarchy consists of a central administration site (CAS) and a single child primary site, you can now remove the CAS. This action simplifies your Configuration Manager infrastructure to a single, standalone primary site. It removes the complexities of site-to-site replication and focuses your management tasks on the single primary site.
- New management insight rules
This release includes the following management insight rules:
- Active Directory Security Group Discovery is configured to run too frequently
- Active Directory System Discovery is configured to run too frequently
- Active Directory User Discovery is configured to run too frequently
- Collections limited to All Systems or All Users
- Heartbeat Discovery is disabled
- Long-running collection queries enabled for incremental updates
- Reduce the number of applications and packages on distribution points
- Secondary site installation issues
- Update all sites to the same version
Nine rules in the Configuration Manager Assessment group courtesy of Microsoft Premier Field Engineering. These rules are a sample of the many more check out details with some nice videos at Microsoft Premier provides in the Services Hub.
Two additional rules in the Cloud Services group to help you configure your site for adding secure HTTPS communication:
- Sites that don’t have proper HTTPS configuration
- Devices not uploaded to Azure AD
- Improvements to administration service
The administration service is a REST API for the SMS Provider. Previously, you had to implement one of the following dependencies:
- Enable Enhanced HTTP for the entire site
- Manually bind a PKI-based certificate to IIS on the server that hosts the SMS Provider role
- Proxy support for Azure Active Directory discovery and group sync
The site system’s proxy settings, including authentication, are now used by:
- Azure Active Directory (Azure AD) user discovery
- Azure AD user group discovery
- Synchronizing collection membership results to Azure Active Directory groups
- A critical status message shows server connection errors to required endpoints
If the Configuration Manager site server fails to connect to required endpoints for a cloud service, it raises a critical status message ID 11488. When the site server can’t connect to the service, the SMS_SERVICE_CONNECTOR component status changes to critical. View detailed status in the Component Status node of the Configuration Manager console.
- Token-based authentication for cloud management gateway
The cloud management gateway (CMG) supports many types of clients, but even with Enhanced HTTP, these clients require a client authentication certificate. This certificate requirement can be challenging to provision on internet-based clients that don’t often connect to the internal network, aren’t able to join Azure Active Directory (Azure AD), and don’t have a method to install a PKI-issued certificate.
- Connection Health dashboard shows client connection issues
Use the Desktop Analytics Connection Health dashboard in Configuration Manager to monitor the clients’ connectivity health. It now helps you to more easily identify client proxy configuration issues in two areas:
- Endpoint connectivity checks: If clients can’t reach a required endpoint, you see a configuration alert in the dashboard. Drill down to see the endpoints to which clients can’t connect because of proxy configuration issues.
- Connectivity status: If your clients use a proxy server to access the Desktop Analytics cloud service, the Configuration Manager now displays proxy authentication issues from clients. Drill down to see clients that are unable to enroll because of proxy authentication.
- Improvements to CMPivot
You can now search for CMPivot entities and entity object types with added new icons.
- Exclude certain subnets for peer content download
Boundary groups include the following option for peer downloads: During peer downloads, only use peers within the same subnet. If you enable this option, the content location list from the management point only includes peer sources that are in the same subnet and boundary group as the client. Depending on the configuration of your network, you can now exclude certain subnets for matching.
- Client log collection
You can now trigger a client device to upload its client logs to the site server by sending a client notification action from the Configuration Manager console.
- Wake up a device from the central administration site
From the central administration site (CAS), in the Devices or Device Collections node, you can now use the client notification action to Wake Up devices. This action was previously only available from a primary site.
- Improvements to support for ARM64 devices
The All Windows 10 (ARM64) platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.
Note: If you previously selected the top-level Windows 10 platform, this action automatically selected both All Windows 10 (64-bit) and All Windows 10 (32-bit). This new platform isn’t automatically selected. If you want to add All Windows 10 (ARM64), manually select it in the list.
- Track configuration item remediations
You can now Track remediation history when supported on your configuration item compliance rules. When this option is enabled, any remediation that occurs on the client for the configuration item generates a state message. The history is stored in the Configuration Manager database.
- Microsoft Edge management dashboard
The Microsoft Edge management dashboard provides you insights on the usage of Microsoft Edge and other browsers. In this dashboard, you can:
- See how many of your devices have Microsoft Edge installed
- See how many clients have different versions of Microsoft Edge installed
- Have a view of the installed browsers across devices
- Have a view of preferred browser by device
- Improvements to Microsoft Edge management
You can now create a Microsoft Edge application that’s set up to receive automatic updates rather than having automatic updates disabled. This change allows you to choose to manage updates for Microsoft Edge with Configuration Manager or allow Microsoft Edge to automatically update. When creating the application, select Allow Microsoft Edge to automatically update the version of the client on the end user’s device on the Microsoft Edge Settings page.
- Task sequence as an app model deployment type
You can now install complex applications using task sequences via the application model. Add a deployment type to an app that’s a task sequence, either to install or uninstall the app. This feature provides the following behaviors:
- Display the app task sequence with an icon in the Software Center. An icon makes it easier for users to find and identify the app task sequence.
- Define additional metadata for the app task sequence, including localized information.
- Improvements to Check Readiness task sequence step
You can now verify more device properties in the Check Readiness task sequence step. Use this step in a task sequence to verify the target computer meets your prerequisite conditions.
- The architecture of the current OS
- Minimum OS version
- Maximum OS version
- Minimum client version
- Language of current OS
- AC power plugged in
- Network adapter is connected and not wireless
- Improvements to task sequence progress
The task sequence progress window now includes the following improvements:
- You can enable it to show the current step number, total number of steps, and percent completion
- Increased the width of the window to give you more space to better show the organization name in a single line
- Improvements to OS deployment
This release includes the following improvements to OS deployment:
- The task sequence environment includes a new read-only variable, _TSSecureBoot. Use this variable to determine the state of the secure boot on a UEFI-enabled device.
- Set task sequence variables to configure the user context for the Run Command Line and Run PowerShell Script steps.
- On the Run PowerShell Script step, you can now set the Parameters property to a variable.
- The Configuration Manager PXE responder now sends status messages to the site server. This change makes it easier to troubleshoot OS deployments that use this service.
- Evaluate software updates after a servicing stack update
Configuration Manager now detects if a servicing stack update (SSU) is part of an installation for multiple updates. When an SSU is detected, it’s installed first. After install of the SSU, a software update evaluation cycle runs to install the remaining updates. This change allows a dependent cumulative update to be installed after the servicing stack update. The device doesn’t need to restart between installs, and you don’t need to create an additional maintenance window. SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from the Software Center, the SSU might not be installed first.
- Integrate with Power BI Report Server
You can now integrate the Power BI Report Server with Configuration Manager reporting. This integration gives you modern visualization and better performance. It adds console support for Power BI reports similar to what already exists with SQL Server Reporting Services.
- Show boundary groups for devices
To help you better troubleshoot device behaviors with boundary groups, you can now view the boundary groups for specific devices. In the Devices node or when you show the members of a Device Collection, add the new Boundary Group(s) column to the list view.
- Search all subfolders for configuration items and configuration baselines
Similar to improvements in previous releases, you can now use the All Subfolders search option from the Configuration Items and Configuration Baselines nodes.
- OneTrace log groups
OneTrace now supports customizable log groups, similar to the feature in Support Center. Log groups allow you to open all log files for a single scenario. OneTrace currently includes groups for the following scenarios:
- Application management
- Compliance settings (also referred to as Desired Configuration Management)
- Software update
If you ask me all these features are quite useful. However, we will first start with New Management insight rules CM Pivot / Using Wakeup device from CAS. What are your thoughts?