A new month, a new technical preview and new thoughts!

It is probably needless to say but “Do NOT install technical previews in your production environments!!”

Send feedback:
Technical preview 1702 introduces a new option in SCCM to send feedback or do feature requests. The home ribbon will have a feedback option but you can also klick on any object in the console. When clicking on feedback, a browser will open a link to the System Center Configration Manager Feedback site. Does this add any value to SCCM? No I do not think so! although it will be a lot easier to send feedback to Microsoft. I just hope it will not be used as a place for bashing whenever things go wrong.


Updates and Servicing:
With 1702 they have simplified the updates and servicing view. When SCCM is more than two (or more updates) behind ‘Updates and Servicing’ will only show the most recent version available. Every new update contains all previous updates so in my opinion this is a great feature. Off course you will still be able to download more previous versions but you will get a warning that it is super-seeded by a newer version. The most recent update will be downloaded automatically when available while older updates, also when not used, will be automatically deleted from the ‘EasySetupPayload’ folder.

Peer Cache improvements:
From now on, a peer cache source computer will reject a request for content when the peer cache source computer meets any of the following conditions:

  • Is in low battery mode.
  • CPU load exceeds 80% at the time the content is requested.
  • Disk I/O has an AvgDiskQueueLength that exceeds 10.
  • There are no more available connections to the computer.

I really like these new settings! They will give us more control over when devices are available for peer caching. You simply don’t want to encumber systems which are low on resources. This way your are more likely to use peer caching.

Use Azure Active Directory Domain Services to manage devices, users, and groups:
With this technical preview version you can manage devices that are joined to an Azure Active Directory (AD) Domain Services managed domain. You can also discover devices, users and groups in that domain with various Configuration Manager Discovery methods. At the moment I am not using Azure AD in combination with SCCM but this is great feature for people who are working with Azure AD.

Conditional access device compliance policy improvements:
This feature only applies to iOS and Android devices. This will help organizations to mitigate data leakage through unsecured iOS or Android apps. You have to configure the apps in a non-compliant list yourself. It will block access to corporate resources that support conditional access until the user has removed the app. Downside is that you will need to determine and configure the apps by yourself. If you are not aware of the app that could be leaking data, this feature won’t help you much. But it will certainly help blocking certain apps which you don’t want to be installed on your corporate iOS or Android devices. For example when a app uses excessive data consumption.

Antimalware client version alert:
When 20% (default) or more of your managed clients is using an outdated version of anti-malware (Windows Defender or Endpoint Protection client) Configuration Manager Endpoint Protection will generate an alert. Great feature when u are using SCEP or Windows Defender in your environment. I wonder how this is measured and in which time frame will a client be marked as outdated?

Compliance assessment for Windows Update for Business updates:
I am not going to explain what ‘Windows Update for Business Updates’ is. Therefor I would like to point you to the following technet article. From this technical preview on you can now configure a compliance policy update rule to include a Windows Update for Business assessment result as part of the conditional access evaluation.

Important: You must have Windows 10 Insider Preview Build 15019 or later to use compliance assessment for Windows Update for Business updates.

Improvements to Software Center settings and notification messages for high-impact task sequences:
This release includes the following improvements to Software Center settings and notification messages for high-impact deployment task sequences:

  • In the properties for the task sequence, you can now configure any task sequence, including non-operating system task sequences, as a high-risk deployment. Any task sequence that meets certain conditions is automatically defined as high-impact. For details, see Manage high-risk deployments.
  • In the properties for the task sequence, you can choose to use the default notification message or create your own custom notification message for high-impact deployments.
  • In the properties for the task sequence, you can configure Software Center properties, which include make a restart required, the download size of the task sequence, and the estimated run time.
  • The default high-impact deployment message for in-place upgrades now states that your apps, data, and settings are automatically migrated. Previously, the default message for any operating system installation indicated that all apps, data, and settings would be lost, which was not true for an in-place upgrade.

This is simply awesome! I believe that user communication is a key feature for a successful deployment of software, applications and releases. For complex updates I always use the Powershell App Deployment Toolkit and all of its nice features. But for more straight forward and simple deployments, which will need less communication, I can use this new feature. Hopefully they will expand it with more possibilities in the near future.

Check for running executable files before installing an application:
Again this is a great new feature which they added, too bad its only for applications in some scenarios I still use packages. But nevertheless this is a great feature which I will be going to use on a frequent base! I always had to use scripts or the Powershell App Deployment Toolkit to achieve this, this will save me a lot of work in the future! Hopefully they will expand this feature in the future for packages and task sequences and maybe add a message. A nice addition to this will be to let the users decide themselves if they want to close the process/executable before continuing or if they want to delay the installation until a pre-defined deadline.

Well these were my first thought on SCCM CB technical preview 1702 this month and I will be continuing my ‘first thoughts’ on all upcoming technical previews. If you have any thoughts yourself or any questions please post them below in the comment area.

Source: https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1702

Share This