Enable employees to work anywhere on the devices that they choose
Deploying and managing Windows is easier than ever before with new improvements including the support of the latest Windows 10 features, Windows in-place upgrade, more frequent and easier updates, unified end-user portal, and on-premises mobile device management (MDM).
Through integration with Microsoft Intune, you can extend your System Center Configuration Manager to manage PCs, Macs, and Unix/Linux servers along with cloud-based mobile devices running Windows, iOS, and Android, all from a single management console.
Benefits
Empower user productivity
Enable employees to access the corporate applications that they need to be productive from anywhere, on whatever device they choose, while helping protect corporate information.
Unify your IT management infrastructure
Streamline operations with a unified infrastructure that integrates device management and protection across mobile, physical, and virtual environments.
Simplify administration
Administer client systems and offer improved visibility and enforcement options for maintaining system compliance.
Built to work with Windows 10
Choose the deployment, upgrade, update, and management capabilities of Windows 10 in Configuration Manager and Microsoft Intune that work best for your business.
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>System Center Configuration Manager – Enterprise Mobility + Security</title>
<atom:link href="https://cloudblogs.microsoft.com/enterprisemobility/feed/?product=system-center-configuration-manager" rel="self" type="application/rss+xml" />
<link>https://cloudblogs.microsoft.com/enterprisemobility</link>
<description></description>
<lastBuildDate>Sat, 09 Dec 2017 18:29:48 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<generator>https://wordpress.org/?v=4.9.1</generator>
<item>
<title>Update for the Configuration Manager Client Messaging SDK</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/27/update-for-the-configuration-manager-client-messaging-sdk/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/27/update-for-the-configuration-manager-client-messaging-sdk/#respond</comments>
<pubDate>Mon, 27 Nov 2017 22:22:53 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Certificates]]></category>
<category><![CDATA[ConfigMgr]]></category>
<category><![CDATA[System Center Configuration Manager]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=67564</guid>
<description><![CDATA[The Configuration Manager team is pleased to announce that an updated version of the Configuration Manager Client Messaging SDK version 5.1710.1059.1000 is now available on NuGet.org. Notable changes in this version: Support for Cryptography Next Generation (CNG) certificates on Configuration Manager 1710 and newer Bug fixes and improvements For more information about CNG support in <p><a class="read-more" title="Update for the Configuration Manager Client Messaging SDK" aria-label="Read more about Update for the Configuration Manager Client Messaging SDK" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/11/27/update-for-the-configuration-manager-client-messaging-sdk/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">The Configuration Manager team is pleased to announce that an updated version of the Configuration Manager Client Messaging SDK version 5.1710.1059.1000 is now available on NuGet.org.</span></span></p> <p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">Notable changes in this version:</span></span></p> <ul> <li><span style="color: #000000"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium">Support for Cryptography Next Generation (CNG) certificates on Configuration Manager 1710 and newer</span></span></span></li> <li><span style="color: #000000"><span style="font: 7pt 'Times New Roman';margin: 0px"></span><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium">Bug fixes and improvements</span></span></span></li> </ul> <p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium"><span style="color: #000000">For more information about CNG support in Configuration Manager, please see our </span><a href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/introducing-support-for-cryptography-next-generation-cng-certificates-in-configuration-manager/">blog post</a><span style="color: #000000"> on this topic. No code changes are required to use CNG certificates.</span></span></span></p> <p><span style="font-size: medium"><span style="background: white;margin: 0px;color: #41424e;font-family: 'Segoe UI',sans-serif">We invite you to try out our new Client Messaging SDK package</span><span style="background: white;margin: 0px;font-family: 'Segoe UI',sans-serif"><a href="https://www.nuget.org/packages/Microsoft.ConfigurationManagement.Messaging/5.1710.1059.1000">here</a> and leave us some feedback on our</span><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><a href="https://configurationmanager.uservoice.com/forums/300492-ideas/category/188224-sdk-and-extensibility">User Voice site</a>.</span></span></p> <p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">The Configuration Manager Team</span></span></p> <p> </p> <p><b><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">Additional Resources:</span></span></b></p> <ul> <li><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><a href="https://msdn.microsoft.com/en-us/library/mt744369.aspx">Configuration Manager Client Messaging SDK Documentation</a></span></li> <li><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><a href="https://docs.microsoft.com/en-us/sccm/develop/core/misc/system-center-configuration-manager-sdk">Configuration Manager SDK Documentation</a></span></li> <li><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><a href="https://docs.microsoft.com/en-us/nuget/consume-packages/overview-and-workflow">NuGet Package Consumption Overview</a></span></li> <li><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><a href="https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/what-has-changed-from-configuration-manager-2012">Whats New in System Center Configuration Manager</a></span></li> <li><span style="margin: 0px;color: #41424e;font-family: 'Segoe UI',sans-serif"><a href="https://aka.ms/cmcbforums">System Center Configuration Manager Forums</a></span></li> <li><span style="margin: 0px;color: #41424e;font-family: 'Segoe UI',sans-serif"><a href="https://aka.ms/cmcbsupport">System Center Configuration Manager Support</a></span></li> <li><span style="margin: 0px;color: #41424e;font-family: 'Segoe UI',sans-serif"><a href="https://aka.ms/configmgrfeedback">Report an issue</a></span></li> <li><span style="margin: 0px;color: #41424e;font-family: 'Segoe UI',sans-serif"><a href="https://aka.ms/configmgridea">Provide suggestions</a></span></li> </ul> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/27/update-for-the-configuration-manager-client-messaging-sdk/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>Now Available: Update 1710 for System Center Configuration Manager</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/now-available-update-1710-for-system-center-configuration-manager/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/now-available-update-1710-for-system-center-configuration-manager/#comments</comments>
<pubDate>Tue, 21 Nov 2017 00:00:31 +0000</pubDate>
<dc:creator><![CDATA[The Configuration Manager Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[ConfigMgr]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[MAM]]></category>
<category><![CDATA[MDM]]></category>
<category><![CDATA[Modern Apps]]></category>
<category><![CDATA[Office 365]]></category>
<category><![CDATA[On-Prem]]></category>
<category><![CDATA[System Center Configuration Manager]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=67486</guid>
<description><![CDATA[Happy Monday! We are delighted to announce that we have released version 1710 for the Current Branch (CB) of System Center Configuration Manager that includes new features and product enhancements! One of the key features in the 1710 release is co-management which enables a new and more practical path to transition the management of Windows <p><a class="read-more" title="Now Available: Update 1710 for System Center Configuration Manager" aria-label="Read more about Now Available: Update 1710 for System Center Configuration Manager" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/now-available-update-1710-for-system-center-configuration-manager/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Happy Monday! We are delighted to announce that we have released version 1710 for the Current Branch (CB) of System Center Configuration Manager that includes new features and product enhancements!</p> <p>One of the key features in the 1710 release is <strong>co-management</strong> which enables a new and more practical path to transition the management of Windows 10 devices to a modern management approach. While there are a few paths to move to modern management, we heard from our customers that until now, it wasnt always easy to make the transition. Some customer scenarios require the ConfigMgr agent, and there are also Windows 7 devices that need to be managed. Customers also use deeply integrated partner or homegrown solutions for ConfigMgr, and not to mention the complexity of planning and switching from traditional to modern management with existing IT systems, organizational structures, and processes. Many organizations were looking for a more simplified and manageable way to transition from ConfigMgr and AD to a modern management approach with Intune and Azure AD. This is now possible with co-management.</p> <p style="text-align: center"><img class="size-large wp-image-67528 aligncenter" src="https://cloudblogs.microsoft.com/uploads/prod/2017/11/co-management-1024x660.png" alt="Start a practical move to modern Windows 10 management with EMS" width="1024" height="660" srcset="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/11/co-management-1024x660.png 1024w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/11/co-management-300x193.png 300w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/11/co-management-768x495.png 768w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/11/co-management-330x213.png 330w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/11/co-management.png 1430w" sizes="(max-width: 1024px) 100vw, 1024px" /><em>You can download this infographic/slide <a href="https://gallery.technet.microsoft.com/Infographic-Start-a-43e7c705">here</a>.</em></p> <p> </p> <p>Starting with the Anniversary Update (June 2016), a Windows 10 device can be joined to on-premises Active Directory (AD) and cloud-based Azure AD at the same time. Co-management takes advantage of this improvement and enables the device to be managed by both ConfigMgr agent and Intune MDM. This allows organizations to move specific workloads of their management to the cloud making the transition in manageable chunks. For example, customers can transition device compliance check, resource access policies, or Windows 10 update management from ConfigMgr to Intune while continuing to use ConfigMgr for other workloads such as software distribution and deep device security configuration. Over time, it will be possible to transition more workloads through co-management. You can learn more from our <a href="https://www.youtube.com/watch?v=U9OvcpQVpL0">Ignite presentation</a> and <a href="https://docs.microsoft.com/sccm/core/clients/manage/co-management-overview">technical documentation</a>.</p> <p>We are also excited to see the continued growth in adoption of the Current Branch of Configuration Manager by our customers. A little less than 2 years since the initial release, we now have more than 50,000 organizations managing more than 100 million devices using the Current Branch of Configuration Manager. And thanks to our active <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview">Technical Preview Branch</a> community, the 1710 update includes feedback and usage data we have gathered from customers who have installed and road tested our monthly technical previews over the last few months. As always, 1710 has also been tested at scale by real customers, in real production environments.</p> <p>Here are just few of the enhancements that are available in this update:</p> <h2>Microsoft 365 Adoption</h2> <ul> <li><strong>OS Deployment support for Windows 10 version 1709</strong> You can now upgrade to the latest Windows 10 ADK version 1709 to deploy the latest Windows 10 build.</li> <li><strong>Configure and deploy Windows Defender Application Guard policies</strong> – You can now create and deploy Windows Defender Application Guard policies to Windows 10 clients that help protect your users by opening untrusted web sites in a virtualized browser.</li> <li><strong>Improvements to policies for Windows Defender Application Control</strong> You can now authorize software that is trusted by the Intelligent Security Graph as part of Windows Defender Application Control (previously Device Guard).</li> <li><strong>Windows Defender Exploit Guard</strong> You can now configure Windows Defender Exploit Guard policy that provides intrusion prevention rules and policies that make vulnerabilities more difficult to exploit in Windows 10.</li> </ul> <h2>Streamlined Infrastructure</h2> <ul> <li><strong>Support for next generation certificates</strong> – Most client-facing site roles can now use next generation certificates (or CNG from version 3 templates).</li> </ul> <h2>Modern Management</h2> <ul> <li><strong>Co-management</strong> You can now enable co-management that helps you to streamline the journey to modern management in a controlled and iterative way. Windows 10 devices can be concurrently managed by Configuration Manager and Intune as well as joined to Active Directory (AD) and Azure Active Directory (Azure AD). This enables a practical way for you to transition the management to Intune and Azure AD over time.</li> <li><strong>Check compliance for co-managed devices from Software Center when device compliance is managed by Intune</strong> – Users can now use Software Center to check the compliance of their co-managed Windows 10 devices when device compliance is enforced by Intune.</li> </ul> <h2>Configuration Manager connected with Microsoft Intune</h2> <ul> <li><strong>Device Health Attestation assessment for compliance policies for conditional access</strong> – Use Device Health Attestation status as a compliance policy rule for conditional access to company resources.</li> <li><strong>New compliance policy actions</strong> – You can now configure actions for compliance policies. These actions include setting a grace period for devices that are noncompliant before they lose access to company resources and creating emails to be sent to users with noncompliant devices.</li> <li><strong>App Protection settings to block printing and contact Sync</strong> – Additional settings have been added to block printing and contact sync on applications enlightened with Intune App Protection.</li> <li><strong>Improved VPN profile experience in Configuration Manager console</strong> – VPN profile settings are now filtered according to the platform. When creating new VPN profiles, each supported platform workflow contains only the settings appropriate for the platform. Existing VPN profiles are not affected.</li> <li><strong>Mobile device management support for ARM64 devices running Windows 10 </strong> Windows 10 MDM scenarios will be supported for ATM64 devices once these devices are available.</li> </ul> <h2>Customer Feedback</h2> <ul> <li><strong>Run Task Sequence step</strong> – This is a new step in the task sequence to run another task sequence, which creates a parent-child relationship between two task sequences.</li> <li><strong>Allow up to 512×512 pixel icons for application in Software Center</strong> – You can now deploy apps with up to 512×512 pixels icon to display in Software Center.</li> <li><strong>Software Center customization</strong> – You can now add enterprise branding elements and specify the visibility of tabs in Software Center. You can add a Software Center specific company name, set a color theme, set a company logo, and set the visibility of tabs for client devices</li> <li><strong>Improved descriptions for pending computer restarts</strong> – The reason for a pending computer restart is posted.</li> <li><strong>Create and run PowerShell scripts</strong> You can now create and run scripts with optional parameters, configure security scopes and monitor script results.</li> </ul> <p>For more details and to view the full list of new features in this update check out our <a href="https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1710">Whats new in version 1710 of System Center Configuration Manager</a> documentation.</p> <p><b class="x-hidden-focus">Updated 12/9/2017</b><b> Note:</b> The update is now globally available to all customers. The script to enable the first wave is no longer necessary.</p> <p>For assistance with the upgrade process please post your questions in the <a href="https://social.technet.microsoft.com/Forums/en-US/home?forum=ConfigMgrDeployment">Site and Client Deployment forum</a>. To provide feedback or report any issues with the functionality included in this release, please use <a href="https://connect.microsoft.com/ConfigurationManagervnext/Feedback">Connect</a>.If theres a new feature or enhancement you want us to consider including in future updates, please use the <a href="http://configurationmanager.uservoice.com/">Configuration Manager UserVoice site</a>.</p> <p>Thank you,</p> <p>The System Center Configuration Manager team</p> <p> </p> <p><strong>Additional resources:</strong></p> <ul> <li><a href="https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/what-has-changed-from-configuration-manager-2012">Whats New in System Center Configuration Manager</a></li> <li><a href="https://docs.microsoft.com/en-us/sccm/core/plan-design/get-ready">Get Ready for System Center Configuration Manager</a></li> <li><a href="https://docs.microsoft.com/en-us/sccm/core/servers/deploy/start-using">Start Using System Center Configuration Manager</a></li> <li><a href="https://docs.microsoft.com/en-us/sccm/core/servers/deploy/install/upgrade-to-configuration-manager">Upgrade to System Center Configuration Manager</a></li> <li><a href="https://aka.ms/cmcbdocs">Documentation for System Center Configuration Manager</a></li> <li><a href="https://aka.ms/cmcbforums">System Center Configuration Manager Forums</a></li> <li><a href="https://aka.ms/cmcbsupport">System Center Configuration Manager Support</a></li> <li><a href="https://aka.ms/configmgrfeedback">Report an issue</a></li> <li><a href="https://aka.ms/configmgridea">Provide suggestions</a></li> </ul> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/20/now-available-update-1710-for-system-center-configuration-manager/feed/</wfw:commentRss>
<slash:comments>4</slash:comments>
</item>
<item>
<title>Update 1711 for Configuration Manager Technical Preview Branch – Available Now!</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/17/update-1711-for-configuration-manager-technical-preview-branch-available-now/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/17/update-1711-for-configuration-manager-technical-preview-branch-available-now/#comments</comments>
<pubDate>Fri, 17 Nov 2017 15:00:29 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[ConfigMgr]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[On-Prem]]></category>
<category><![CDATA[Public Preview]]></category>
<category><![CDATA[System Center Configuration Manager]]></category>
<category><![CDATA[Windows]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=67441</guid>
<description><![CDATA[Hello everyone! We are happy to let you know that update 1711 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features <p><a class="read-more" title="Update 1711 for Configuration Manager Technical Preview Branch Available Now!" aria-label="Read more about Update 1711 for Configuration Manager Technical Preview Branch Available Now!" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/11/17/update-1711-for-configuration-manager-technical-preview-branch-available-now/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Hello everyone! We are happy to let you know that update 1711 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features include:</p> <ul> <li><strong>Run Task Sequence step</strong> – This release includes improvements to the new Run Task Sequence step, which runs another task sequence creating a parent-child relationship between task sequences. See the <a href="https://docs.microsoft.com/sccm/core/get-started/capabilities-in-technical-preview-1711#improvements-to-run-task-sequence">online documentation</a> for more details about the improvements. This is currently the <a href="https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/8339997-daisy-chain-task-sequences-osd-and-non-osd">feature with the third highest number of votes on UserVoice</a></li> <li><strong>Allow user interaction when installing applications as system</strong> – Now users can interact with an application installation user interface in system context even during a task sequence. This feature is a <a href="https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/8340282-allow-interaction-with-the-user-when-installing-ap">popular request on UserVoice</a>.</li> </ul> <p>This release also includes the following improvement for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:</p> <ul> <li><strong>New options for compliance policies</strong> – You can now configure new options for compliance policies for Windows 10 devices. The new settings include policies for Firewall, User Account Control, Windows Defender Antivirus, and OS build versioning.</li> </ul> <p>Update 1711 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1703 baseline version of Configuration Manager Technical Preview Branch <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview">available on TechNet Evaluation Center</a>.</p> <p>We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use <a href="https://connect.microsoft.com/ConfigurationManagervnext/Feedback">Connect</a>. If theres a new feature or enhancement you want us to consider for future updates, please use the <a href="http://configurationmanager.uservoice.com/">Configuration Manager UserVoice site</a>.</p> <p>Thanks,</p> <p>The System Center Configuration Manager team</p> <p><strong>Configuration Manager Resources:</strong></p> <p><a href="https://docs.microsoft.com/sccm/core/get-started/technical-preview">Documentation for System Center Configuration Manager Technical Previews </a></p> <p><a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview">Try the System Center Configuration Manager Technical Preview Branch</a></p> <p><a href="https://docs.microsoft.com/sccm/">Documentation for System Center Configuration Manager </a></p> <p><a href="https://social.technet.microsoft.com/Forums/en-US/home?category=ConfigMgrCB">System Center Configuration Manager Forums </a></p> <p><a href="https://aka.ms/cmcbsupport">System Center Configuration Manager Support</a></p> <p><a href="https://www.microsoft.com/en-us/download/details.aspx?id=42645">Download the Configuration Manager Support Center</a></p> <p> </p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/11/17/update-1711-for-configuration-manager-technical-preview-branch-available-now/feed/</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
<item>
<title>Introducing support for Cryptography: Next Generation (CNG) certificates in Configuration Manager</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/introducing-support-for-cryptography-next-generation-cng-certificates-in-configuration-manager/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/introducing-support-for-cryptography-next-generation-cng-certificates-in-configuration-manager/#comments</comments>
<pubDate>Mon, 30 Oct 2017 22:03:35 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=67117</guid>
<description><![CDATA[We have added limited support for Cryptography: Next Generation (CNG) certificates in Update 1710 for System Center Configuration Manager Technical Preview. Now Configuration Manager clients can use PKI client authentication certificate with private key in CNG Key Storage Provider (KSP). With KSP support, Configuration Manager clients can now support hardware based private key such as <p><a class="read-more" title="Introducing support for Cryptography: Next Generation (CNG) certificates in Configuration Manager" aria-label="Read more about Introducing support for Cryptography: Next Generation (CNG) certificates in Configuration Manager" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/introducing-support-for-cryptography-next-generation-cng-certificates-in-configuration-manager/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>We have added limited support for Cryptography: Next Generation (CNG) certificates in <a href="https://cloudblogs.microsoft.com/enterprisemobility/?p=67111">Update 1710 for System Center Configuration Manager Technical Preview</a>. Now Configuration Manager clients can use PKI client authentication certificate with private key in CNG Key Storage Provider (KSP). With KSP support, Configuration Manager clients can now support hardware based private key such as TPM KSP for PKI client authentication certificate.</p> <p>We made the choice to prioritize some scenarios and this post gives an overview of the scenarios you can use to try CNG certificates and lists the scenarios that are not currently supported.</p> <h1>Supported in 1710 Technical Preview</h1> <p>Beginning with the 1710 Technical Preview you can use certificates created using CNG certificate templates for client-specific scenarios. The following scenarios are supported:</p> <ul> <li>Client registration and communication with a HTTPS management point</li> <li>Software distribution and application deployment with a HTTPS distribution point</li> <li>Operating system deployment (**see known issue below)</li> <li>Cloud Management Gateway configuration</li> <li>Client messaging SDK (with a soon to be released update) and ISV Proxy</li> </ul> <p><strong>Note:</strong> CNG is backward compatible with Crypto API (CAPI). CAPI certificates will continue to be supported even when CNG support is enabled on the client</p> <h1>Not supported for 1710 Technical Preview</h1> <ul> <li>Application Catalog Web service, Application Catalog website, Enrollment point, and Enrollment proxy point roles will not be operational when installed in HTTPS mode with CNG certificate bound to the web site in Internet Information Services (IIS). Software Center will not display applications and packages deployed to user or user group collection as available.</li> <li>State Migration Point will not be operational when installed in HTTPS mode with a CNG certificate bound to the web site in IIS.</li> <li>Using CNG certificates to create a Cloud Distribution Point is not supported.</li> <li>NDES Policy Module to Certificate Registration Point (CRP) communication will fail if the NDES Policy Module is using a CNG certificate for client authentication certificate.</li> <li>**Task sequence media creation will fail to create bootable media if a CNG certificate is specified.</li> </ul> <h1>Creating CNG certificate templates</h1> <p>You will need to create CNG certificate templates from the Certificate Authority (CA) and the enrolling certificate on the target machines (clients or servers) depending on the purpose and scenario you are testing e.g. client authentication, server authentication, etc.</p> <h2>Required certificate template properties (Windows CA):</h2> <ul> <li>Under the Compatibility tab, “Certification Authority” must be at least “Windows Server 2008” (recommended “Windows Server 2012”)</li> <li>Under the Compatibility tab, “Certificate recipient” must be at least “Windows Vista/Server 2008” (recommended “Windows 8/Windows Server 2012”)</li> <li>Under the Cryptography tab, make sure the “Provider Category is “Key Storage Provider”</li> </ul> <p><strong>Note:</strong> The requirements for your environment or organization may be different. Please consult with your PKI expert. The important points to consider are a certificate template must use a Key Storage Provider to be able to take advantage of CNG.</p> <p>For more information about creating and publishing new templates please refer to <em><a href="https://social.technet.microsoft.com/wiki/contents/articles/13303.windows-server-2012-certificate-template-versions-and-options.aspx">Windows Server 2012: Certificate Template Versions and Options.</a></em></p> <p>We hope this helps you get started with CNG certificates and we invite you to try one more of the supported scenarios. We welcome your feedback and you can report issues on <a href="https://connect.microsoft.com/ConfigurationManagervnext/Feedback">Connect</a> and request features or enhancements on <a href="http://configurationmanager.uservoice.com/">UserVoice.</a></p> <p>Thanks,</p> <p>Patrick Ngatchou</p> <p>Senior Software Engineering Manager,</p> <p>Enterprise Management and Mobility</p> <p> </p> <p><b><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">Configuration Manager Resources:</span></span></b></p> <p><a href="https://docs.microsoft.com/sccm/core/get-started/technical-preview"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif">Documentation for System Center Configuration Manager Technical Previews </span></a></p> <p><a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif">Try the System Center Configuration Manager Technical Preview Branch</span></a></p> <p><a href="https://docs.microsoft.com/sccm/"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif">Documentation for System Center Configuration Manager </span></a></p> <p><a href="https://social.technet.microsoft.com/Forums/en-US/home?category=ConfigMgrCB"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif">System Center Configuration Manager Forums </span></a></p> <p><a href="https://aka.ms/cmcbsupport"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif">System Center Configuration Manager Support</span></a></p> <p><a href="https://www.microsoft.com/en-us/download/details.aspx?id=42645"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif">Download the Configuration Manager Support Center</span></a></p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/introducing-support-for-cryptography-next-generation-cng-certificates-in-configuration-manager/feed/</wfw:commentRss>
<slash:comments>2</slash:comments>
</item>
<item>
<title>Update 1710 for Configuration Manager Technical Preview Branch – Available Now!</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/update-1710-for-configuration-manager-technical-preview-branch-available-now/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/update-1710-for-configuration-manager-technical-preview-branch-available-now/#comments</comments>
<pubDate>Mon, 30 Oct 2017 22:03:17 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[ConfigMgr]]></category>
<category><![CDATA[Public Preview]]></category>
<category><![CDATA[System Center Configuration Manager]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=67111</guid>
<description><![CDATA[Hello everyone! We are happy to let you know that update 1710 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features <p><a class="read-more" title="Update 1710 for Configuration Manager Technical Preview Branch Available Now!" aria-label="Read more about Update 1710 for Configuration Manager Technical Preview Branch Available Now!" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/update-1710-for-configuration-manager-technical-preview-branch-available-now/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Hello everyone! We are happy to let you know that update 1710 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features include:</p> <ul> <li><strong>Check compliance for co-managed devices from Software Center when conditional access is managed by Intune </strong>– Users can now use Software Center to check the compliance of their co-managed Windows 10 devices when conditional access is managed by Intune.</li> <li><strong>Limit Windows 10 enhanced telemetry to only send data relevant to Windows Analytics Device Health </strong>– You can now set the Windows 10 telemetry data collection level to Enhanced (Limited). This setting enables you to gain actionable insight about devices in your environment without devices reporting all of the data in the Enhanced telemetry level with Windows 10 version 1709 or later.</li> <li><strong>Configure and deploy Windows Defender Application Guard policies</strong> – You can now create and deploy Windows Defender Application Guard policies to Windows 10 clients that help protect your users by opening untrusted web sites in a virtualized browser (Edge and Internet Explorer).</li> <li><strong>Authorize software that is trusted by the Intelligent Security Graph as part of Windows Defender Application Control</strong> – Device Guard policies in Configuration manager are now renamed to Windows Defender Application Control policies. This better reflects the scope of their functionality. On devices that run Windows 10 version 1709, software that is trusted by the <a href="https://www.microsoft.com/en-us/security/intelligence">Microsoft Intelligent Security Graph</a> (ISG) can now be automatically authorized. The trustworthiness of the software is defined by reputation data from Windows Defender SmartScreen, Windows Defender Antivirus, and more.</li> <li><strong>Configure Windows Defender Exploit Guard</strong> – Windows Defender Exploit Guard provides intrusion prevention rules and policies that make vulnerabilities more difficult to exploit in Windows 10. All Exploit Guard components are now configurable with Configuration Manager.</li> <li><strong>Improved descriptions for pending computer restarts</strong> – The reason for a pending computer restart is posted.</li> <li><strong>Run Scripts</strong> – Weve added the ability to configure security scopes for the Run Scripts feature. Weve also integrated an additional improved monitoring experience as part of the Run Scripts wizard.</li> </ul> <p>This release also includes the following improvements based on your feedback from UserVoice:</p> <ul> <li><strong>Allow up to 512×512 pixel icons for application in Software Center</strong> – You can now deploy apps with up to 512×512 pixels icon to display in Software Center. This was earlier capped at 250×250 pixels and anything larger showed up blurry on Software Center. We have now changed this after receiving feedback from our customers.</li> <li><strong>Support for Cryptography: Next Generation certificates</strong> Weve added limited support for Cryptography: Next Generation (CNG) certificates. For more information about the supported scenarios please read <a href="https://cloudblogs.microsoft.com/enterprisemobility/?p=67117"><em>Introducing support for Cryptography: Next Generation (CNG) certificates in Configuration Manager</em></a>.</li> </ul> <p>Update 1710 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1703 baseline version of Configuration Manager Technical Preview Branch <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview">available on TechNet Evaluation Center</a>.</p> <p>We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use <a href="https://connect.microsoft.com/ConfigurationManagervnext/Feedback">Connect</a>. If theres a new feature or enhancement you want us to consider for future updates, please use the <a href="http://configurationmanager.uservoice.com/">Configuration Manager UserVoice site</a>.</p> <p>Thanks,</p> <p>The System Center Configuration Manager team</p> <p><strong>Configuration Manager Resources:</strong></p> <p><a href="https://docs.microsoft.com/sccm/core/get-started/technical-preview">Documentation for System Center Configuration Manager Technical Previews </a></p> <p><a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview">Try the System Center Configuration Manager Technical Preview Branch</a></p> <p><a href="https://docs.microsoft.com/sccm/">Documentation for System Center Configuration Manager </a></p> <p><a href="https://social.technet.microsoft.com/Forums/en-US/home?category=ConfigMgrCB">System Center Configuration Manager Forums </a></p> <p><a href="https://aka.ms/cmcbsupport">System Center Configuration Manager Support</a></p> <p><a href="https://www.microsoft.com/en-us/download/details.aspx?id=42645"><span style="margin: 0px;font-family: 'Segoe UI',sans-serif">Download the Configuration Manager Support Center</span></a></p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/30/update-1710-for-configuration-manager-technical-preview-branch-available-now/feed/</wfw:commentRss>
<slash:comments>5</slash:comments>
</item>
<item>
<title>AMA: Co-management with Microsoft Intune and System Center Configuration Manager</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/13/ama-co-management-with-microsoft-intune-and-system-center-configuration-manager/</link>
<pubDate>Fri, 13 Oct 2017 18:15:21 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[ConfigMgr]]></category>
<category><![CDATA[System Center Configuration Manager]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=57043</guid>
<description><![CDATA[Hello Everyone! We are having another Ask Microsoft Anything with the Configuration Manager team. This time we are focusing on a specific topic: co-management with Microsoft Intune and System Center Configuration Manager. The co-management feature team will be there to answer your questions and listen to your feedback. Join the AMA: https://aka.ms/Co-managementAMA View the invite: <p><a class="read-more" title="AMA: Co-management with Microsoft Intune and System Center Configuration Manager" aria-label="Read more about AMA: Co-management with Microsoft Intune and System Center Configuration Manager" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/13/ama-co-management-with-microsoft-intune-and-system-center-configuration-manager/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium">Hello Everyone! We are having another Ask Microsoft Anything with the Configuration Manager team. This time we are focusing on a specific topic: co-management with Microsoft Intune and System Center Configuration Manager.</span></span></p> <p><span style="margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium">The co-management feature team will be there to answer your questions and listen to your feedback.</span></span></p> <ul> <li><span style="font-size: medium"><span style="margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif">Join the AMA: </span><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><a href="https://aka.ms/Co-managementAMA">https://aka.ms/Co-managementAMA</a></span></span></li> <li><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium"><span style="color: #000000">View the invite: </span><a href="https://aka.ms/Co-ManagementAMA/invite">https://aka.ms/Co-ManagementAMA/invite</a></span></span></li> </ul> <h1><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #2f5496;font-family: Thread-000017ac-Id-00000007;font-size: x-large">When</span></span></h1> <p><span style="margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium">Thursday October 19, 2017 from 9:00 a.m. to 10:00 a.m. Pacific Time</span></span></p> <h1><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #2f5496;font-family: Thread-000017ac-Id-00000007;font-size: x-large">Where</span></span></h1> <p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium"><a href="https://aka.ms/Co-managementAMA">The System Center AMA space</a></span></span></p> <h1><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #2f5496;font-family: Thread-000017ac-Id-00000007;font-size: x-large">What is an AMA session?</span></span></h1> <p><span style="margin: 0px;color: #333333;font-family: 'Segoe UI',sans-serif"><span style="font-size: medium">An AMA is a live online event similar to a YamJam on Yammer or an Ask Me Anything on Reddit. This AMA gives you the opportunity to connect with members of the product engineering team.</span></span></p> <p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">We hope you will join us. We appreciate the opportunity to learn from our customers and partners.</span></span></p> <p> </p> <p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">Thank you</span></span></p> <p><span style="margin: 0px;font-family: 'Segoe UI',sans-serif"><span style="color: #000000;font-size: medium">The Configuration Manager Team</span></span></p> ]]></content:encoded>
</item>
<item>
<title>Improving experience for VPN profiles for ConfigMgr and Hybrid MDM</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/improving-experience-for-vpn-profiles-for-configmgr-and-hybrid-mdm/</link>
<pubDate>Sat, 07 Oct 2017 03:30:30 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=56716</guid>
<description><![CDATA[Starting in the System Center Configuration Manager 1709 Technical Preview, we’re making it easier to determine which VPN profile settings are supported on each platform – like the changes we’ve made to compliance policies and configuration items. When creating a new VPN profile, you’ll first choose the platform it applies to, and then all the <p><a class="read-more" title="Improving experience for VPN profiles for ConfigMgr and Hybrid MDM" aria-label="Read more about Improving experience for VPN profiles for ConfigMgr and Hybrid MDM" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/improving-experience-for-vpn-profiles-for-configmgr-and-hybrid-mdm/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Starting in the <a href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/update-1709-for-configuration-manager-technical-preview-branch-available-now/">System Center Configuration Manager 1709 Technical Preview</a>, we’re making it easier to determine which VPN profile settings are supported on each platform – like the changes we’ve made to compliance policies and configuration items. When creating a new VPN profile, you’ll first choose the platform it applies to, and then all the settings in the following wizard pages will apply to the selected platform. This will make it much easier to avoid creating an invalid profile – which will in turn reduce the need to troubleshoot broken VPN profiles or to contact support.</p> <p>We started down this path several releases ago when we split the Windows 10 VPN workflow from the all platforms workflow. Now, we’ve split up all the supported platforms so they’ll each have their own path.</p> <p>In addition to splitting out the workflows by platform, we’ve also combined the Configuration Manager client and hybrid mobile device management (MDM) workflows for Windows 10, since both management methods now support the same settings. For Windows 8.1, we’ve clearly marked the settings supported by Configuration Manager only, and we’ve retained the import option.</p> <p>Finally, we’ve removed the Automatic VPN page, since all the settings configured by this page were deprecated by their respective platforms, making this page obsolete.</p> <p>In this blog post, we’d like to answer some questions you may have.</p> <h1>Why did you make this change?</h1> <p>The main driver for this change is to prevent customers from inadvertently creating invalid VPN profiles. Prior to this change, all VPN settings for all platforms supported by Configuration Manager were exposed in the all platforms workflow. Some settings were labeled by platform (specifically, per-app VPN for iOS), but beyond this it was to tell which settings applied to which platform; also, the Automatic VPN page was still there even after it had become obsolete.</p> <p>Customers and support staff would then ask why a specific configuration wasn’t working correctly. In most cases, they had created a profile with settings that were not supported by the platform. Sometimes the setting was supported for one of the targeted platforms, but not another, and it was impossible to tell from the user experience. Finding out that the configuration the customer wanted to use wasn’t supported was disappointing and frustrating for everyone involved. These changes are designed to prevent these issues.</p> <p>In earlier releases, we made similar changes in compliance policies and configuration items for the same reason. VPN is the first of the company resource access profiles to get this treatment, and while it was mainly designed to improve the experience for MDM profiles, the updates benefit devices managed by the Configuration Manager client as well – particularly because the Windows 8.1 settings are clearly set apart from all the mobile platforms now.</p> <h1>What about my existing profiles?</h1> <p>We understand that many of our customers use VPN profiles for multiple platforms, and by this point, you might be concerned. However, you don’t need to worry about your existing profiles; one of our goals was to ensure that all existing profiles continue to work as they did before the change. When you upgrade, you will still see the same properties pages, and no changes will be made to the profiles themselves. All new profiles will use the new experience, but all existing profiles will still use the previous experience.</p> <h1>Let us know what you think!</h1> <p>If you’re eager to have similar changes applied to other profile types, please leave a request on UserVoice:</p> <ul> <li><a href="https://configurationmanager.uservoice.com/">https://configurationmanager.uservoice.com/</a></li> <li><a href="https://microsoftintune.uservoice.com/">https://microsoftintune.uservoice.com/</a></li> </ul> <p>If you still have questions, or are experiencing issues, reach out to your Microsoft contact or support team.</p> <ul> <li><a href="https://aka.ms/cmcbsupport">Open a support request for Configuration Manager</a></li> <li><a href="https://docs.microsoft.com/en-us/intune/get-support">Open a support request for Intune</a></li> </ul> <p>You can also find more information about this change <a href="https://docs.microsoft.com/sccm/core/get-started/capabilities-in-technical-preview-1709#improved-vpn-profile-experience-in-configuration-manager-console">here</a>.</p> <p>Thanks,</p> <p>Tyler Castaldo</p> <p>Program Manager, Enterprise Mobility</p> ]]></content:encoded>
</item>
<item>
<title>Update 1709 for Configuration Manager Technical Preview Branch – Available Now!</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/update-1709-for-configuration-manager-technical-preview-branch-available-now/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/update-1709-for-configuration-manager-technical-preview-branch-available-now/#comments</comments>
<pubDate>Fri, 06 Oct 2017 20:28:16 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=56704</guid>
<description><![CDATA[Hello everyone! We are happy to let you know that update 1709 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This month’s new preview features <p><a class="read-more" title="Update 1709 for Configuration Manager Technical Preview Branch Available Now!" aria-label="Read more about Update 1709 for Configuration Manager Technical Preview Branch Available Now!" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/update-1709-for-configuration-manager-technical-preview-branch-available-now/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Hello everyone! We are happy to let you know that update 1709 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This month’s new preview features include:</p> <ul> <li><strong>Co-management </strong>– Co-management is a solution where Windows 10 devices with Fall Creators Update can be concurrently managed by Configuration Manager and Intune, as well as joined to Active Directory (AD) and Azure Active Directory (Azure AD) to provide a way for you to modernize Windows 10 management over time. You can read more about co-management <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-microsoft-intune-and-system-center-configuration-manager-ignite-2017/">here</a>and in the preview documentation <a href="https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1709#co-management-for-windows-10-devices">here</a>.</li> </ul> <p>This release also includes the following improvement for customers using System Center Configuration Manager connected with Microsoft Intune to manage mobile devices:</p> <ul> <li><strong>Improved VPN Profile Experience in Configuration Manager Console</strong> – VPN profile settings are now filtered according to platform. When you create new VPN profiles, each supported platform will contain only the settings appropriate for the platform. Existing VPN profiles are not affected. You can read more about this change <a href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/improving-experience-for-vpn-profiles-for-configmgr-and-hybrid-mdm/">here</a>.</li> </ul> <p>Update 1709 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1703 baseline version of Configuration Manager Technical Preview Branch <a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview">available on TechNet Evaluation Center</a>.</p> <p>We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use <a href="https://connect.microsoft.com/ConfigurationManagervnext/Feedback">Connect</a>. If there’s a new feature or enhancement you want us to consider for future updates, please use the <a href="http://configurationmanager.uservoice.com/">Configuration Manager UserVoice site</a>.</p> <p>Thanks,</p> <p>The System Center Configuration Manager team</p> <p><strong>Configuration Manager Resources:</strong></p> <p><a href="https://docs.microsoft.com/sccm/core/get-started/technical-preview">Documentation for System Center Configuration Manager Technical Previews </a></p> <p><a href="https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection-technical-preview">Try the System Center Configuration Manager Technical Preview Branch</a></p> <p><a href="https://docs.microsoft.com/sccm/">Documentation for System Center Configuration Manager </a></p> <p><a href="https://social.technet.microsoft.com/Forums/en-US/home?category=ConfigMgrCB">System Center Configuration Manager Forums </a></p> <p><a href="https://aka.ms/cmcbsupport">System Center Configuration Manager Support</a></p> <p><a href="https://www.microsoft.com/en-us/download/details.aspx?id=42645">Download the Configuration Manager Support Center</a></p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/06/update-1709-for-configuration-manager-technical-preview-branch-available-now/feed/</wfw:commentRss>
<slash:comments>4</slash:comments>
</item>
<item>
<title>What’s new with Microsoft Intune and System Center Configuration Manager @ Ignite 2017</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-microsoft-intune-and-system-center-configuration-manager-ignite-2017/</link>
<pubDate>Wed, 27 Sep 2017 15:00:24 +0000</pubDate>
<dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=55805</guid>
<description><![CDATA[Organizations are continuing to experience an increasing number of devices and cloud services that are being used by their employees. While this allows people to achieve more at work, it also requires IT to enable and support new and more complex scenarios with the same budget and resources. Organizations are looking for a solution that <p><a class="read-more" title="What’s new with Microsoft Intune and System Center Configuration Manager @ Ignite 2017" aria-label="Read more about What’s new with Microsoft Intune and System Center Configuration Manager @ Ignite 2017" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-microsoft-intune-and-system-center-configuration-manager-ignite-2017/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Organizations are continuing to experience an increasing number of devices and cloud services that are being used by their employees. While this allows people to achieve more at work, it also requires IT to enable and support new and more complex scenarios with the same budget and resources. Organizations are looking for a solution that allows them to manage their users, various device platforms, and different types of apps using an integrated, modern platform. We are excited to announce new features in Microsoft Intune to expand its unified endpoint management (UEM) capabilities. These improvements include conditional access enhancements across all platforms, integration with Jamf for macOS device compliance, a new co-management capability with System Center Configuration Manager (ConfigMgr) for modern Windows 10 management, and more.</p> <h2>Microsoft 365</h2> <p><a href="https://www.microsoft.com/en-us/microsoft-365/default.aspx">Microsoft 365</a> is designed to enable a modern workplace for employees and a new approach for IT to simplify management, improve security, and lower costs. You can read more about this new approach in Brad Andersons <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/09/25/maximizing-its-impact-with-microsoft-365-powered-devices/">Microsoft 365 powered device blog post</a> and our <a href="https://youtu.be/JA7eH8SnDtk">latest Mechanics video</a>.</p> <p><img class="size-large wp-image-56035 aligncenter" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/160-1024x576.png" alt="" width="1024" height="576" srcset="https://cloudblogs.microsoft.com/uploads/media/2017/09/160-1024x576.png 1024w, https://cloudblogs.microsoft.com/uploads/media/2017/09/160-300x169.png 300w, https://cloudblogs.microsoft.com/uploads/media/2017/09/160-768x432.png 768w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p align="center"><em><a href="https://gallery.technet.microsoft.com/Infographic-Simplify-37e77674">You can download this infographic here</a>.</em></p> <p align="left">One of the key elements of Microsoft 365 powered device is the ability to modernize the deployment and management of Windows 10 and Office 365 ProPlus. We have been regularly adding new modern management features in Intune since the release of Windows 10. Some of recent improvements include the ability to <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/08/10/deploying-office-365-proplus-with-microsoft-intune/">deploy Office 365 ProPlus</a>, BitLocker management, integration with Windows Update for Business, and more. We are also working on new features including the ability to run PowerShell scripts on Windows 10 devices using Intune Management Extension, new Windows 10 MDM settings, and enhanced support for Windows AutoPilot, Windows Defender ATP, Windows Store for Business, and Surface Hub.</p> <p align="left">While there are many benefits of modern management, most organizations are still using an on-premises Windows Server Active Directory (AD) and System Center Configuration Manager (ConfigMgr) to manage their Windows devices. Based on conversations with our customers, we heard that until now, it wasnt always easy to move to modern management. Some customer scenarios require the ConfigMgr agent, and there are also Windows 7 devices that need to be managed. Customers also use deeply integrated partner or homegrown solutions for ConfigMgr, and not to mention the complexity of planning and switching from traditional to modern management with existing IT systems, organizational structures, and processes. Many organizations were looking for a more simplified and manageable way to transition from ConfigMgr and AD to a modern management approach with Intune and Azure AD. We are excited to make this possible with a new feature of ConfigMgr and Intune called <strong>co-management</strong>.</p> <p align="left"><img class="size-large wp-image-56055 aligncenter" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/219-1024x576.png" alt="" width="1024" height="576" srcset="https://cloudblogs.microsoft.com/uploads/media/2017/09/219-1024x576.png 1024w, https://cloudblogs.microsoft.com/uploads/media/2017/09/219-300x169.png 300w, https://cloudblogs.microsoft.com/uploads/media/2017/09/219-768x432.png 768w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p>Co-management delivers a bridge that simplifies planning and reduces the risks as organizations transition the management of Windows 10 devices to cloud-based Intune and Azure AD. Co-management helps to streamline the journey to modern management in a controlled and iterative way. This allows IT to modernize some workloads of Windows 10 management (e.g. device compliance assessment for conditional access) while maintaining ConfigMgr for other workloads (e.g. Win32 app distribution) based on your needs and at your own pace with the end goal to fully transition to modern management.</p> <p><img class="size-large wp-image-56046 aligncenter" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/311-1024x550.png" alt="" width="1024" height="550" srcset="https://cloudblogs.microsoft.com/uploads/media/2017/09/311-1024x550.png 1024w, https://cloudblogs.microsoft.com/uploads/media/2017/09/311-300x161.png 300w, https://cloudblogs.microsoft.com/uploads/media/2017/09/311-768x413.png 768w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p>Starting with the Anniversary Update (June 2016), a Windows 10 device can be joined to on-premises Active Directory (AD) and cloud-based Azure AD at the same time. Co-management takes advantage of this improvement and enables the device to be managed by both ConfigMgr agent and Intune MDM. This allows organizations to move parts or workloads of their management to the cloud making the move in manageable chunks. For example, customers can transition device compliance check, resource access profile deployment, or Windows 10 update management from ConfigMgr to Intune while continuing to use ConfigMgr for other workloads such as software distribution and deep device security configuration. Overtime, it will be possible to transition more workloads through co-management.</p> <p><img class="size-large wp-image-56085 aligncenter" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/Picture5Intune-1024x543.png" alt="" width="1024" height="543" srcset="https://cloudblogs.microsoft.com/uploads/media/2017/09/Picture5Intune-1024x543.png 1024w, https://cloudblogs.microsoft.com/uploads/media/2017/09/Picture5Intune-300x159.png 300w, https://cloudblogs.microsoft.com/uploads/media/2017/09/Picture5Intune-768x407.png 768w" sizes="(max-width: 1024px) 100vw, 1024px" />Another common use case is the ability to modernize OS deployment where a traditional imaging process can be replaced with Windows AutoPilot integrated with Intune and Azure AD while the rest of provisioning and management is done through ConfigMgr.</p> <p>You will be able to learn more about these improvements in the recordings of our Ignite sessions (search for BRK3057, BRK3075, BRK3076, and BRK2079 on <a href="https://myignite.microsoft.com/videos">https://myignite.microsoft.com/videos</a> after Ignite ends) as well as test it out in your lab in the upcoming ConfigMgr Technical Preview Branch release (version 1709). We are planning to make co-management generally available with the 1710 release of ConfigMgr Current Branch later this year.</p> <h2>Integration with Jamf for macOS device compliance</h2> <p>As a unified endpoint management (UEM) solution, we are always looking for ways to extend our platform through our partners to satisfy the unique needs of our customers. Today, we are excited to announce our integration with <a href="https://www.jamf.com/">Jamf</a>, a well-known solution for managing the Apple ecosystem. Jamf will integrate with Intunes device compliance engine to provide an automated compliance management solution for macOS devices accessing applications connected with Azure AD authentication.</p> <p><img class="size-large wp-image-56045 aligncenter" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/410-1024x575.png" alt="" width="1024" height="575" srcset="https://cloudblogs.microsoft.com/uploads/media/2017/09/410-1024x575.png 1024w, https://cloudblogs.microsoft.com/uploads/media/2017/09/410-300x169.png 300w, https://cloudblogs.microsoft.com/uploads/media/2017/09/410-768x432.png 768w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p>Jamf will send macOS device state information to Intune which will then evaluate it for compliance with the policies defined in the Intune console. Based on the device compliance state as well as other conditions (such as location, user risk, etc), Conditional Access will allow, block, or enforce MFA for macOS devices accessing cloud and on-premises applications connected with Azure AD, including Office 365.</p> <p>This integrated solution will be available in late 2017. For more information tune into the Jamf Nation User Conference Keynote livestream on Wednesday, October 25: <a href="https://www.jamf.com/events/jamf-nation-user-conference/2017/">https://www.jamf.com/events/jamf-nation-user-conference/2017/</a>.</p> <h2>The next wave of conditional access</h2> <p>In June, we announced the <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/">general availability of the new conditional access admin experience</a> in the Azure portal. This powerful, simplified new experience makes it easy to manage policies that bring together services across EMS, including Azure AD Premium, Microsoft Intune, and combines it with the insight from the <a href="https://www.microsoft.com/en-us/security/intelligence">Microsoft Intelligent Security Graph</a>, which scans billions of signals to determine user risk levels.</p> <p>Today, Microsoft announced a whole new wave of scenarios that expand our conditional access capabilities, including integration across EMS Azure Information Protection and Microsoft Cloud App Security services, as well as additional scenarios that leverage Intunes core MAM and MDM capabilities.</p> <p>You can read about this next wave of conditional access capabilities in <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-azure-active-directory-ignite-2017/">this post from Alex Simons</a> that was published earlier today.</p> <h2>In case you missed it</h2> <p>As always, the last couple of months have been busy with the release of several product updates and new features. Here is a recap of some of these releases that were getting a positive customer feedback on.</p> <ul> <li><strong>iOS 11 and Android O support</strong>: In recent weeks, both Google and Apple announced updates to their operating systems. As you plan for both updates within your organizations, you can have the confidence that all existing Intune capabilities will continue to work as expected when users upgrade.</li> <li><strong>Enhanced macOS support</strong>: Over the last month, we added several improvements to our macOS management capabilities, including <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/08/23/azure-ad-and-intune-now-support-macos-in-conditional-access/">conditional access support</a> and a new <a href="https://www.microsoft.com/en-us/download/details.aspx?id=55770">Company Portal</a> for end users.</li> <li><strong>Intune Data Warehouse</strong>: The <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/08/08/the-intune-data-warehouse-enabling-deeper-reporting-capabilities-now-in-public-preview/">new Intune Data Warehouse</a> takes our reporting capabilities a step further, giving you more powerful custom reporting around your environment over time. With a dataset spanning up to 90 days of historical data, you can connect the Intune Data Warehouse to Power BI, Excel or another analytics tool that supports OData feeds to view historical trends, get daily snapshots, and create other custom reports across multiple tables.</li> <li><strong>Mobile Threat Defense ecosystem</strong>: This past year, weve introduced integration with several leading Mobile Threat Defense (MTD) solutions, including Lookout, Skycure, and Check Point. This month, were excited to <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/09/19/ems-and-zimperium-integration-ensures-risk-free-devices-before-accessing-corporate-resources/">introduce our latest integration with Zimperium</a>. This integration helps organizations defend against both known and unknown mobile threats and ensure that devices are risk-free and secure before users access corporate resources.</li> </ul> <p>We are excited for you to try these new improvements! Please keep sending us your feedback.</p> <h2>Additional resources:</h2> <ul> <li><a href="https://microsoftintune.uservoice.com/?WT.mc_id=Blog_Intune_Announce_PCIT">Submit feedback and suggestions to the Intune engineering team</a></li> <li><a href="https://docs.microsoft.com/intune">Find technical resources on the Intune docs site</a></li> <li><a href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=microsoft-intune">Subscribe to the Intune blog RSS feed</a></li> <li>Follow us on <a href="https://twitter.com/MSIntune">Twitter</a></li> </ul> ]]></content:encoded>
</item>
<item>
<title>System Center Updates Publisher September 2017 Preview is now available</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/26/system-center-updates-publisher-september-2017-preview-is-now-available/</link>
<pubDate>Tue, 26 Sep 2017 19:00:14 +0000</pubDate>
<dc:creator><![CDATA[Yvette O'Meally]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Software Updates]]></category>
<category><![CDATA[System Center Configuration Manager]]></category>
<category><![CDATA[WSUS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=55285</guid>
<description><![CDATA[System Center Updates Publisher (SCUP) Preview 2 is now available. If this is your first time looking at the SCUP Preview check out the announcement for Preview 1 here. In SCUP Preview 2, the update catalog format has been enhanced to provide a better experience for users when consuming large update catalogs. Improvement include: Indexing <p><a class="read-more" title="System Center Updates Publisher September 2017 Preview is now available" aria-label="Read more about System Center Updates Publisher September 2017 Preview is now available" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/09/26/system-center-updates-publisher-september-2017-preview-is-now-available/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>System Center Updates Publisher (SCUP) Preview 2 is now available. If this is your first time looking at the SCUP Preview check out the announcement for Preview 1 <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/07/03/system-center-updates-publisher-june-2017-preview-is-now-available/">here</a>.</p> <p>In SCUP Preview 2, the update catalog format has been enhanced to provide a better experience for users when consuming large update catalogs. Improvement include:</p> <ul> <li><strong>Indexing for quicker imports of previously imported catalogs</strong> – Catalog producers can now index their catalogs. This will allow users to import large catalogs containing few new updates more quickly.</li> <li><strong>Inclusion of signing certificates within updates catalogs</strong> – Catalog producers can now include signing certificates with their updates catalogs. This enables users to add the certificates to the trusted publishers list during import so that approval prompts will not block publish operations.</li> </ul> <p>Note: While old catalog formats are still supported, catalog producers will need to add information to their existing catalogs to take advantage of these improvements.</p> <ul> <li><strong>Signature Timestamp</strong> – Updates published to a WSUS server will by default have the signature time-stamped. Note, this functionality requires internet access. If you have upgraded from preview 1 this will not be automatically enabled. To enable or disable the signature timestamp or configure the timestamp server that is used see the <strong>Advanced</strong> page under <strong>Options</strong>.</li> </ul> <p>Preview 2 also includes fixes for issues based on feedback submitted during the first preview.</p> <h2>Joining the preview</h2> <p>We are excited to have you join our preview! To get started:</p> <ol> <li>Download the SCUP Preview <a href="https://www.microsoft.com/en-us/download/details.aspx?id=55543">here</a>.</li> <li>Run UpdatesPublisher.msi on a computer that meets the prerequisites.</li> <li>Configure the options for SCUP.</li> <li>Start using the features of SCUP.</li> </ol> <p>For a walkthrough of these steps please read our <a href="https://docs.microsoft.com/en-us/sccm/sum/tools/updates-publisher">System Center Updates Publisher documentation</a>.</p> <p>We would love to hear your feedback. If you have a feature request, share your ideas with us on the <a href="http://configurationmanager.uservoice.com/">Configuration Manager UserVoice site</a>. You can report issues with SCUP on <a href="https://connect.microsoft.com/ConfigurationManagervnext">Connect</a> or reach out to us directly at <a href="mailto:[email protected]">[email protected]</a>.</p> ]]></content:encoded>
</item>
</channel>
</rss>
