Blog

SCCM Overview

  • (4.0)
  • | 1653 Ratings |
  • Last Updated December 04, 2018

New Management Capabilities in System Center Configuration Manager Update 1706

SCCM( System Center Configuration Manager) Update 1706 is available as an in-console for the systems installed with the versions-1606, 1610 or 1702. Below listed are the some new functionalities added in the update 1706 of SCCM.

Site Infrastructure

Compliance Settings

Application Management

Operating System Deployment

Software Updates

Reporting

Mobile Devices Management and

Protect Devices

To gain in-depth knowledge and be on par with practical experience, then explore SCCM Training Course.

Site Infrastructure

Under this, we can see the following features:

  • Client peer cache supporting of update files for Office 365 and distribution of express installation files for Windows 10 is available in this release.

  • In this update, below are some additional accessibility improvements have been introduced for the Configuration Manager Console.

Keyboard Shortcuts Functionality
Ctrl + D Set the focus to the details pane, when available
Ctrl + I Set the focus to the breadcrumb bar, below the ribbon
Ctrl + L Set the focus to the Search field, when available
Ctrl + M Set the focus on the main (central) pane
Ctrl + T Set the focus to the top node in the navigation pane. If the focus was already in that pane, the focus is set to the last node you visited
Alt Change the focus in and out of the ribbon
  • Central Administration sites and Configuration Manager Primary sites include Configuration Manager Update Reset Tool which can be used to fix issues when there are downloading or replicating problems in in-console updates.

  • With this update, Configuration Manager Console can measure and display different parts of User Interface when viewed on high DPI devices.

  • In this release, Azure Active Directory(AD) integration with Configuration Manager is improved in a way that streamlines the configuration of Azure services usage with the Configuration Manager

Compliance Settings

In this updates, below are the new configuration item settings that have been added for Windows 10 devices that are enrolled with Intune, or managed on premises by Configuration Manager. The settings are:

  • Password

    • Device Encryption

  • Device

    • Device name modification

    • Region settings modification (desktop only)

    • Language settings modification

    • Power and sleep settings modification

    • Language settings modification

    • System time modification

  • Store

    • Use private store only

    • Auto-update apps from store

    • Store originated app launch

  • Microsoft Edge

    • Smartscreen prompt override for files

    • Block access to about:flags

    • Default search engine

    • SmartScreen prompt override

    • openSearch XML URL

    • WebRTC localhost IP address

    • Homepages (desktop only)

Frequently Asked SCCM Interview Questions

New device compliance policy rules

  • Block USB debugging on device. You do not have to configure this settings as USB debugging is already disabled on Android for Work devices.

  • Block apps from unknown sources. Require that devices prevent installation of apps from unknown sources. You do not have to configure this setting as Android for Work devices always restrict installation from unknown sources.

  • Required password type. Specify whether the user must create an alphanumeric password or a numeric password. For alphanumeric passwords, you also specify the minimum number of character sets that the password must have. The four character sets are: Lowercase, uppercase letters, symbols and numbers.

  • Supported on:

    • Windows Phone 8+

    • Windows 8.1+

    • iOS 6+

  • Supported on:

    • Android 4.0+

    • Samsung KNOX Standard 4.0+

  • Require threat scan on apps. This setting specifies that the Verify apps feature is enabled on the device.

  • Supported on:

  • Android 4.2 through 4.4

  • Samsung KNOX Standard 4.0+

Application Management

In Configuration Manager, you can deploy scripts to client devices using packages and programs. In this release, we've added new functionality that lets you take the following actions:

Run scripts on collections of Windows client PCs, and on-premises managed Windows PCs. You don't deploy scripts, instead, they are run in near real time on client devices.

Import PowerShell Scripts to Configuration Manager

Edit the scripts from the Configuration Manager console (for unsigned scripts only)

Mark scripts as Approved or Denied, to improve security

Examine the results returned by the script in the Configuration Manager console.

Beginning with this release, you can use three new mobile application management (MAM) policy settings:

Disable contact sync: Prevents the app from saving data to the native Contacts app on the device.

Block screen capture (Android devices only): Specifies that the screen capture capabilities of the device are blocked when using this app.

Disable printing: Prevents the app from printing work or school data.

Read Also: System Center 2012 R2 Configuration Manager Toolkit

Operating system deployment

  • Collapsible task sequence groups

This version introduces the ability to expand and collapse task sequence groups. You can expand or collapse individual groups or expand or collapse all groups at once.

  • Hardware inventory collects Secure Boot information

Hardware inventory now collects information about whether Secure Boot is enabled on clients. This information is stored in the SMS_Firmware class (introduced in version 1702) and enabled in hardware inventory by default.

  • Reload boot images with current Windows PE version

When you run Update Distribution Points on a selected boot image, you can now choose to reload the latest version of Windows PE (from the Windows ADK installation directory) in the boot image.

Software Updates

  • Improvements to Express Update download time

In this release, we have significantly improved the download time for Express Updates.

  • Manage Microsoft Surface driver updates

You can now use Configuration Manager to manage Microsoft Surface driver updates.

Prerequisites

All software update points must run Windows Server 2016.

This is a pre-release feature that you must turn on for it to be available.

To manage Surface driver updates

  1. Enable Synchronization for MS Surface drivers. Use the procedure in Configure classification and products and select the Include Microsoft Surface drivers and firmware updates, checkbox on the Classifications tab to enable Surface drivers.

  2. Deploy synchronized Microsoft Surface drivers

  3. Synchronize the Microsoft Surface drivers.

Explore SCCM Sample Resumes! Download & Edit, Get Noticed by Top Employers!Download Now!

Configure Windows Update for Business deferral policies

You can now configure deferral policies for Windows 10 Feature Updates or Quality Updates for Windows 10 devices managed directly by Windows Update for Business. You can manage the deferral policies in the new Windows Update for Business Policies node under Software Library > Windows 10 Servicing.

Improved user notifications for Office 365 updates

Improvements have been made to leverage the Office Click-to-Run user experience when a client installs an Office 365 update. This includes pop-up and in-app notifications, and a countdown experience.

Reporting

  • Use Windows Analytics with Configuration Manager

Windows Analytics is a set of solutions that run on Operations Management Suite. The solutions allow you to form insight into the current state of your environment. Devices in your environment report Windows telemetry data. The data can be accessed through the Operations Management Suite web portal. In the case of Upgrade Readiness the data is directly available in the monitoring node of the Configuration Manager console.

Mobile device management

  • Updates to Android for Work sharing configuration

With this release, the values for the Allow data sharing between work and personal profile setting in the Work Profile setting group have been updated. We’ve also added a custom setting to block copy-paste between work and personal profiles.

Android and iOS enrollment restrictions

With this release, you can now specify that users cannot enroll personal Android or iOS devices. New device restriction settings let you limit Android device enrollment to predeclared devices. For iOS devices, you can block enrollment of all devices except those enrolled with Apple's Device Enrollment Program, Apple Configurator, or the Intune device enrollment manager account.

Protect devices

  • Include trust for specific files and folders in a Device Guard policy

In this release, further capabilities are added to Device Guard policy management.

You can now optionally add trust for specific files for folders in a Device Guard policy. This lets you:

Trust line-of-business apps that cannot be deployed with Configuration Manager

Overcome issues with managed installer behaviors

Trust apps that are included in an operating system deployment image

List of Related Microsoft Certification Courses:

 

Subscribe For Free Demo

Free Demo for Corporate & Online Trainings.


DMCA.com Protection Status