SCCM Overview

SCCM( System Center Configuration Manager) Update 1706 is available as an in-console for the systems installed with the versions-1606, 1610, or 1702. Below listed are some new functionalities added in update 1706 of SCCM.

New Management Capabilities in System Center Configuration Manager 

1. Site Infrastructure
2. Compliance Settings
3. Application Management
4. Operating System Deployment
5. Software Updates
6. Reporting
7. Mobile devises Management and
8. Protect Devices

If you want to enrich your career and become an SCCM certified professional, then enrol on "SCCM Training" - This course will help you to achieve excellence in this domain.

Site Infrastructure

Under this, we can see the following features:

• Client peer cache supporting of update files for Office 365 and distribution of express installation files for Configuration Manager Windows 10 is available in this release.
• In this update, below are some additional accessibility improvements that have been introduced for the Configuration Manager Console.

Keyboard Shortcuts	Functionality
Ctrl + D	Set the focus to the details pane, when available
Ctrl + I	Set the focus to the breadcrumb bar, below the ribbon
Ctrl + L	Set the focus to the Search field, when available
Ctrl + M	Set the focus on the main (central) pane
Ctrl + T	Set the focus to the top node in the navigation pane. If the focus was already in that pane, the focus is set to the last node you visited
Alt	Change the focus in and out of the ribbon

• Central Administration sites and Configuration Manager Primary sites include Configuration Manager Update Reset Tool which can be used to fix issues when there are downloading or replicating problems in in-console updates.
• With this update, the Configuration Manager Console can measure and display different parts of the User Interface when viewed on high DPI devices.
• In this release, Azure Active Directory(AD) integration with Configuration Manager is improved in a way that streamlines the configuration of Azure services used with the Configuration Manager

Compliance Settings

In these updates, below are the new SCCM configuration item settings that have been added for Windows 10 devices that are enrolled with Intune, or managed on-premises by Configuration Manager. The settings are:

• Password

  • Device Encryption

• Device

  • Device name modification

  • Region settings modification (desktop only)

  • Language settings modification

  • Power and sleep settings modification

  • Language settings modification

  • System time modification

• Store

  • Use private store only

  • Auto-update apps from the store

  • The store originated app launch

• Microsoft Edge

  • The SmartScreen prompt override for files

  • Block access to about: flags

  • Default search engine

  • SmartScreen prompt override

  • OpenSearch XML URL

  • WebRTC localhost IP address

  • Homepages (desktop only)

Related Article: Best SCCM Interview Questions

New Device Compliance Policy Rules

• Block USB debugging on the device. You do not have to configure these settings as USB debugging is already disabled on Android for Work devices.
• Block apps from unknown sources. Require that devices prevent the installation of apps from unknown sources. You do not have to configure this setting as Android for Work devices always restrict installation from unknown sources.
• Required password type. Specify whether the user must create an alphanumeric password or a numeric password. For alphanumeric passwords, you also specify the minimum number of character sets that the password must-have. The four character sets are Lowercase, uppercase letters, symbols, and numbers.

Supported on:

• Windows Phone 8+
• Windows 8.1+
• iOS 6+

Supported on:

• Android 4.0+
• Samsung KNOX Standard 4.0+

Require threat scan on apps.

This setting specifies that the Verify apps feature is enabled on the device.

Supported on:

• Android 4.2 through 4.4
• Samsung KNOX Standard 4.0+

Application Management

In Configuration Manager, you can deploy scripts to client devices using packages and programs. In this release, we've added new functionality that lets you take the following actions:

• Run scripts on collections of Windows client PCs, and on-premises managed Windows PCs. You don't deploy scripts, instead, they are run in near real-time on client devices.
• Import PowerShell Scripts to Configuration Manager
• Edit the scripts from the Configuration Manager console (for unsigned scripts only)
• Mark scripts as Approved or Denied, to improve security
• Examine the results returned by the script in the Configuration Manager console.

Beginning with this release, you can use three new mobile application management (MAM) policy settings:

• Disable contact sync: Prevents the app from saving data to the native Contacts app on the device.
• Block screen capture (Android devices only): Specifies that the screen capture capabilities of the device are blocked when using this app.
• Disable printing: Prevents the app from printing work or school data.

Operating system deployment

• Collapsible task sequence groups

This version introduces the ability to expand and collapse task sequence groups. You can expand or collapse individual groups or expand or collapse all groups at once.

• Hardware inventory collects Secure Boot information

Hardware inventory now collects information about whether Secure Boot is enabled on clients. This information is stored in the SMS_Firmware class (introduced in SCCM version 1702) and enabled in hardware inventory by default.

• Reload boot images with the current Windows PE version

When you run Update Distribution Points on a selected boot image, you can now choose to reload the latest version of Windows PE (from the Windows ADK installation directory) in the boot image.

Software Updates

• Improvements to Express Update download time

In this release, we have significantly improved the download time for Express Updates.

• Manage Microsoft Surface driver updates

You can now use Configuration Manager to manage Microsoft Surface driver updates.

Prerequisites

• All software update points must run Windows Server 2016.
• This is a pre-release feature that you must turn on for it to be available.

To manage Surface driver updates

1. Enable Synchronization for MS Surface drivers. Use the procedure in Configure classification and products and select the Include Microsoft Surface drivers and firmware updates, a checkbox on the Classifications tab to enable Surface drivers.
2. Deploy synchronized Microsoft Surface drivers
3. Synchronize the Microsoft Surface drivers.

Configure Windows Update for Business deferral policies

You can now configure deferral policies for Windows 10 Feature Updates or Quality Updates for Windows 10 devices managed directly by Windows Update for Business. You can manage the deferral policies in the new Windows Update for Business Policies node under Software Library > Windows 10 Servicing.

Leave an Inquiry to learn SCCM Course in Bangalore

Improved user notifications for Office 365 updates

Improvements have been made to leverage the Office Click-to-Run user experience when a client installs an Office 365 update. This includes pop-up and in-app notifications, and a countdown experience.

Reporting

• Use Windows Analytics with Configuration Manager

Windows Analytics is a set of solutions that run on the Operations Management Suite. The solutions allow you to form insight into the current state of your environment. Devices in your environment report Windows telemetry data. The data can be accessed through the Operations Management Suite web portal. In the case of Upgrade Readiness, the data is directly available in the monitoring node of the Configuration Manager console.

Mobile Device Management

• Updates to Android for Work sharing configuration

With this release, the values for the Allow data sharing between work and personal profile settings in the Work Profile setting group have been updated. We’ve also added a custom set to block copy-paste between work and personal profiles.

• Android and iOS enrollment restrictions

With this release, you can now specify that users cannot enroll in personal Android or iOS devices. New device restriction settings let you limit Android device enrollment to predeclared devices. For iOS devices, you can block the enrollment of all devices except those enrolled with the Apple Device Enrollment Program, Apple Configurator, or the Intune device enrollment manager account.

• Protect devices

Include trust for specific files and folders in a Device Guard policy

In this release, further capabilities are added to Device Guard policy management.

You can now optionally add trust for specific files for folders in a Device Guard policy. This lets you:

• Trust line-of-business apps that cannot be deployed with Configuration Manager
• Overcome issues with managed installer behaviors
• Trust apps that are included in an operating system deployment image

Explore SCCM Sample Resumes! Download & Edit, Get Noticed by Top Employers!

List of Related Microsoft Certification Courses:

SSIS	Power BI
SSRS	SQL Server
SSAS	SQL Server DBA
SharePoint	BizTalk Server
Team Foundation Server	BizTalk Server Administrator