It’s that time of the year again. The second of the triannual ConfigMgr releases is finally ready to hit your ConfigMgr consoles. It has some amazing new features to boot.
If you are familiar with the Technical Preview stream of monthly releases, then you know that a lot of these new 1806 toys have been around for the last few months. They’ve proved so successful that a chunk of them have made their way in to the main ConfigMgr release. The product group is working at breakneck speed to get these features out there, tested and working. They are doing an amazing job in achieving this.
But hey, I hear you if you’re not seeing the latest update in the ConfigMgr console right now. That’s because 1806 is still in the fast ring for early adopters. You need to opt in to bring it down. If it’s in the console, then it’s out of the fast ring phase and ready for general consumption.
Opting in is simple, just download the fast ring PowerShell script that the product group releases. Run this as an administrator on your site server using the syntax EnableFastUpdateRing1806.ps1 where SiteServer refers to the CAS or standalone primary site server.
You can update to 1806 from the following site versions – 1706, 1710 and 1802.
Here’s a run through of some of 1806’s features that caught my attention.
Site Server High Availability
For me this feature is a game changer. For so long we’ve had a single point of failure for our site servers. We are generally able to ‘keep the plates spinning’ by scaling our roles, introducing management point replicas, or using SQL Always On Availability Groups. However, it can be a dangerous game. If the site server went down then it was goodnight Vienna.
Now, you can introduce a site server in passive mode whilst your original site server runs in active mode. Some initial cool thoughts are that you will be able to rename your site server or even upgrade your site server operating systems. Just introduce the passive on Server 2016 and remove your current active running Server 2012!
If you want to set up a passive site server, you will need to install the role without any other ConfigMgr roles installed. The role will not show up in the Add Site System Roles otherwise.
Also, you will be warned if you haven’t moved your site server content library to a network share before trying to install the role.
Remote Content Library
All this leads on nicely to the remote content library. You can now locate the ContentLib off the local storage of the site server box. This allows for site server high availability. It could even be used to free up space on your CAS or primary site server.
You need to ensure that the site server computer account has read and write permissions to the share as a prerequisite. Also, if you have a distribution point on your CAS or primary, then you will not be able to the move the content library. The option will be greyed out for you.
Cloud Management Gateway Modifications
The Cloud Management Gateway (CMG) feature continues to mature with each ConfigMgr release.
In 1806, the CMG can serve content to clients. Previously, the CMG and the Cloud Distribution Point were separate roles. Now you can select the new Allow CMG to function as a cloud distribution point and serve content from Azure storage option on the Settings tab of the CMG to enable this feature.
A new CMG dashboard has been added in the Monitoring node of the ConfigMgr console. This dashboard gives a centralized overview for management of CMG usage. Also, the CMG Connection Analyzer, provides real-time verification to assist with troubleshooting. The analyzer reflects the current state of the CMG service and the communication channel from the CMG to any management points in the environment that allow CMG traffic flow.
Finally, a trusted root certificate is no longer required when creating a CMG if Azure Active Directory is being used for client authentication. This design improvement allows for secure client communication without the need for PKI certificates. It also means that clients can securely access content from distribution points without the need for the network access account.
Phased Deployment Improvements (and the Cool New Phased Application Deployment Feature)
Our June Insights blog features one of 1802’s funky new features, phased deployments of task sequences. 1806 makes improvements to this feature and also introduces the phased deployments of applications to the mix.
Let’s start with the cool phased applications feature. As with phased task sequences, you are able to sequence your rollout of an application. For example, you could first send your app to a pilot collection. When a percentage of success is achieved, then start to push the rollout further into your environment.
Phased task sequence deployments now include gradual rollout. This helps to further reduce the risk of your deployment and also assists in reducing network load. This is achieved by throttling the deployment over a period of time, defined in days. Also, you can add an additional 10 phases to your task sequence deployment!
Office Customization Tool Integration with the Office 365 Installer
One of my bugbears in ConfigMgr is the limitations imposed you when using the Office 365 installer to create your Office 365 applications. 1806 addresses some of my concerns about the flexibility of configuration.
The installer now integrates with the Office Customization Tool. The device running the ConfigMgr console will require Internet access via port 443 and must be able to access https://config.office.com to be able to take advantage of the new feature.
The Office 365 wizard prompts you to Go to the Office Customization Tool.
When there you can start to customize your Office 365 application accordingly.
Package Conversion Manager Integration
The Package Conversion Manager (PCM) is finally supported in ConfigMgr Current Branch. The tool is integrated into the console and is used to convert your ConfigMgr packages into applications. With ConfigMgr 2007 reaching the end of support life in July 2019, this tool will assist you with your migration to Current Branch. PCM is a pre-release feature and you’ll need to enable this to use it. If you already have a previous release of PCM installed, it is required that you remove this before upgrading to 1806.
Improved Secure Client Communications with the Enhanced Http Site System
The ConfigMgr product group are helping to ease the path towards secure communications for all ConfigMgr environments. The enhanced HTTP site system, enabled on the Client Computer Communication tab of the site properties, produces ConfigMgr-generated certificates for the HTTP site systems. Once again, this configuration allows for secure client communication without the need for PKI certificates. As a result, clients can securely access content from distribution points without the need for the network access account.
ConfigMgr UserVoice rocks! Thanks to the feedback from a few thousands ConfigMgr admins, the product group reacted and has incorporated third-party software patching into the ConfigMgr product. Third-party partner catalogs can be subscribed to in the ConfigMgr console. The updates can be published to your software update point (SUP), enabling you to deploy them out to your managed devices.
A requirement for this feature is that your SUP must be running in HTTPS mode for the WSUS API’s to handle the signing certificates. Clients do not need to be running HTTPS.
CMPivot was introduced in Technical Preview 1805. I blogged about this cool new feature at the SCCMentor blog. I noted how it was another feature which is transitioning ConfigMgr away from its moniker of Slow Moving Software (SMS). The CMPivot tool provides real-time state of currently connected devices in your targeted collection via the BGB channel—the channel used to report if devices are online or not.
The data consumed by CMPivot could be used for reporting purposes or to remediate situations quickly. Its pivoting capability means you can drill down into further queries and results from your initial search criteria. It’s an awesome tool. Try it out!
Multiple Hierarchies, One Intune Tenant
One feature lacking for businesses managing multiple ConfigMgr hierarchies has been the ability to add these into a single tenant for Azure AD and Intune management. With 1806 this limitation has been removed. Also, co-management now allows for connecting multiple hierarchies to the same Intune tenant. This will ease the transition for these businesses when moving their workloads to the cloud.
Send a Smile Not a Frown
Feedback, to the ConfigMgr team, can now be achieved directly in the console. The Smile or Frown button can be used to submit. You can add a screenshot to your message and, ideally, add your email address and any diagnostic data to support your feedback. The Windows 10 Feedback Hub can still be used, and is supported, but Microsoft encourages ConfigMgr admins to use this new feature.
See It Then Do It
The features discussed here are only the tip of the iceberg in this ConfigMgr release. I recommend that you take a look at the What’s New in version 1806 of Configuration Manager current branch document Microsoft has release on the TechNet documentation portal.
The second ConfigMgr release of the year doesn’t tie in with the Windows 10 semi-annual channel, where you may want to update your site to support the latest Windows 10 baseline. However, the product group has packed 1806 with some amazing features that will entice you to take the plunge and upgrade to this latest release. There’s nothing stopping you from doing this. Go for it!