ConfigMgr 1606 Features to Implement Today

Author by Matt Herman

The release of the 1606 update for System Center Configuration Manager (ConfigMgr) continues Microsoft's commitment to deliver new features on a regular basis.  While I'm personally excited about the Windows Store integration, I realize that is not a feature most organizations will implement today.  Here are three features that you can start taking advantage of today, and one bonus feature to keep an eye on in the future.

 

Client Settings for Office 365 Updates 

WSUS and ConfigMgr have supported the deployment of Office 365 updates for a while now, but you had to direct the clients to ConfigMgr through install options or a GPO.  Now the solution can fully be managed through ConfigMgr with Client Settings.  Once 1606 is installed, you will the following options for Software Updates:

Machine generated alternative text:
General 
Background Intelligent Transfer 
Cloud Services 
Client Policy 
Compliance Settings 
Computer Agent 
Computer Restart 
Endpoint Protection 
Hardware Inventory 
Metered Internet Connections 
Power Management 
Remote Tools 
Software Deployment 
Software Inventory 
Software Updates 
e essaglng 
User and Device Affinity 
Security 
Concurrency Workstations 
Custom Device Settings 
Specify tha settings for devices These settings ovemde the defauH settings when they are assigned 
to a collection 
Specify how client computers deploy software updates 
[kvice 
Enable software updates on clients 
Software update scan schedule 
Schedule deployment reevaluation 
When any software update 
deployment deadline is reached. 
install all other software update 
deployments with deadline coming 
*'thin a specified period of time 
Pahod of time for which all pending 
deployments deadline in this time 
Enable management of the Office 
365 Client Agent 
Yes 
Occuæ every I days effective 
2/1/1970 1200 AM 
Occurs aver,' 7 days effective 
2/1/1970 1200 AM 
Not Configured 
Not Confi ured

The default setting is Not Configured.  Verify that you are deploying Office 365 updates through ConfigMgr, then go ahead and change this to Yes.  Now you can ensure that these updates will be released on your regular patching schedule, instead of Microsoft's.

 

Improvements for Software Updates in Task Sequences

Getting Software Updates to properly install during an Operating System Deployment (OSD) Task Sequence has been a struggle that we have traditionally used some tricks and work-arounds to make function properly.  Now we have a standard set of features to ensure the Software Update Scan runs and reboots do not prevent updates from completing.

First, you have the option to use a cached software update scan or initiate a full scan.

Machine generated alternative text:
Windows 10 Enterprise Task Sequence Editor 
Add 
Remove 
Restart in Windows P E 
Disk O- BIOS 
Disk O- LIEF' 
Pravrovision Bit Locker 
Apply Operating System 
Apply Windows Settings 
Apply Network Settings 
Microsoft Suface Pro 3 (Wn 
Microsoft Suface Pro 4 (Wn I 
Microsoft Suface 800k I Win I 
Lanovo Thinkpad (Win I 
Lanovo Thinkpad WE41 Win I 
Dell Precision M3800(Wn 10) 
Lenovo Thinkpad XI Caton 
Lanovo Thinkpad XI Carbon 
Setup Windows and Configurati 
Install Applications 
Lanovo System Update 5 
Install Suface Platform Installer = 
Install Suface Platform Installer 
SCEP Install 
SCEP Dafintion Update 
Coriiw-e CRAomze 
Install Updates 
Restart Computer 
Enable Aero (WinSAT) 
Enable Bit Locker 
User files 
Request user State Storage 
Restore user Files and Settings 
Release user State Storage 
P ropertias Options 
Install Software Updates 
Install Updates 
Install software updates based on the type of software update deployment 
O 
Required for installation - Mandatory software updates only 
@ Availableforinstallation - Al software updates 
[e] Evaluate software updates from cached scan results 
Apply

By default, this option is checked and a cached scan will be used.  Unchecking the option will initiate a full scan to make sure any applications installed during your task sequence are also patched.  There is a new Task Sequence variable, SMSTSSoftwareUpdateScanTimeout, that limits the amount of the scan can run.  By default this is set to 30 minutes, but can be modified for your environment.  On the Options tab, there is a new option to handle restarts during updates. 

Machine generated alternative text:
Windows 10 Enterprise Task Sequence Editor 
Add 
Remove 
Restart in Windows P E 
Disk O- BIOS 
Pa,tition Disk O- LIEF' 
Pravrovision Bit Locker 
Apply Operating System 
Apply Windows Settings 
Apply Network Settings 
Microsoft Suface Pro 3 (Wn 
Microsoft Suface Pro 4 (Wn 
Microsoft Suface 800k I Win I 
Properties Options 
Disable this step 
e] Retry this step f computer unexpectedly restarts 
Number of times to retry 
Continue on error 
Add Condition 
Remove 
Remove All 
This group/stap h'ill nun if the follo',ving conditions are mat: 
Task Sequence Variable SMSTSMadiaT','Da not aouals "Full Media" 
Lanovo Thinkpad (Win I 
Lanovo Thinkpad WS41 (Win I 
O Dell Precision M3800(Wn 10) 
Lanovo Thinkpad XI Caton 
Lanovo Thinkpad XI Carbon 
Setup Windows and Configurati 
Install Applications 
Lanovo System Update 5 
Install Suface Platform Installer = 
Install Suface Platform Installer 
SCEP Install 
SCEP Dafintion Update 
Coriiw-e CRAomze 
Install Updates 
Restart Computer 
Enable Aero (WinSAT) 
Enable Bit Locker 
User files 
Request user State Storage 
Restore user Files and Settings 
Release user State Storage

The option is unchecked by default.  When you check it, you also need to set the number of reboots to be allowed. 

 

Client Settings for Cache Size

There is a new set of options for controlling Cache Size, BranchCache and peer to peer content sharing. 

Machine generated alternative text:
General 
Background Intelligent Transfer 
Cloud Services 
Client Policy 
Compliance Settings 
Computer Agent 
Computer Restart 
Endpoint Protection 
Hardware Inventory 
Metered Internet Connections 
Power Management 
Remote Tools 
Software Deployment 
Software Inventory 
Software Metering 
Software Updates 
State Messaging 
User and Device Affinity 
Client Cache Settings 
Security 
Concurrency Workstations 
Custom Device Settings 
Specify the settings for deuces These settings ovemde the defauH settings when they are assigned 
to a collection 
Specify client cache settings and whathar clients can obtain content from a peer 
The client cache siza can expand to tha maximum siza in MB or tha percentage of the disk whichever is less 
Configure 8ranchCache 
Enable 8ranchCache 
Maximum 8ranchCache cache size (percentage 
of disk) 
Configure client cache size 
Maximum cache size (MB) 
Maximum cache size (percentage of disk) 
Enable Configuration Manager client in full OS to 
shara content 
Port for Intlal network broadcast 
Enable H TTPS for client peer communication 
Port for content download from peer 
(HTTP/HTTPS) 
10 
5120 
No

The default settings are shown above.  The middle section for Cache Size allows you to target the setting by collection, but also by the percent of the hard drive size.  With support for Windows 10 on tablets and other devices with smaller solid state hard drives, this is a nice option to ensure ConfigMgr cache does not over take the drive.

 

Pre-Release Feature: OMS Connector

The 1606 update includes support for pre-release features.  At this point, I don't recommend this on your production ConfigMgr site,  but it provides another way to get exposure to what's coming in future releases. 

The OMS Connector is particularly interesting to me for the functionality it will bring for patching servers.  Connecting ConfigMgr with OMS allows to you use the collections and organization you have already built to manage your server environment with the dashboards and full feature set of OMS.  In terms of updates, you will be able to quickly go from a dashboard showing update status to the deployment of patches to a ConfigMgr collection, without leaving OMS.  When the updates install on the server, they will still reference the catalog on your ConfigMgr Software Update Point and download files from the assigned Distribution Point.  Watch for more on this feature in future blogs and the 1610 update for ConfigMgr.

Author

Matt Herman

Technical Architect