Thursday, March 24, 2016

Current Branch Update ConfigMgr 1602

Microsoft announced the release today of System Center Configuration Manager (SCCM) 1602, which is the latest update to its device management product. The "1602" part of the update's name refers to its year and month release time (as in "2016 February"), but Microsoft announced its arrival today in March. It's just an update and not a new current branch for business release.
The current branch of System Center Configuration Manager was released on December 8, 2015. Today's announcement was the first update for the current branch with new features, not a brand new release.
SCCM as a Service
Microsoft now updates SCCM like the service model of Windows 10, with updates pushed down at certain intervals, called "current branch" and "current branch for business" for summer and fall releases. There's also a "long-term servicing branch" option for Windows 10. Possibly, Windows 10 will get an altered update cycle with this year's releases
Prior to this update, the current branch release of SCCM was known as "1511" (for "2015 November"). Microsoft announced the SCCM 1511 current branch in December.
A new current branch update is supposed to appear every month, per past Microsoft descriptions of its update process. A new current branch for business update is expected to appear every four months, so 1602, released after three months, wasn't the next current branch for business release.
These updates appear in the Updates and Servicing node of SCCM's console.
Microsoft has a similar update model for Office 365, but it uses slightly different terminology. "Branches" are called "channels" for Office 365 updates. Office 365 has "current channel" updates every month and "deferred channel" updates every four months.
If we fail to update to the next current branch for business after eight months' time, then we risk running "unsupported software." That means that the software will no longer get updates and security patches, a risky situation.
SCCM 1602 Perks
Organizations are getting plenty of perks with SCCM 1602. It enables in-place upgrades of Windows Server 2008 R2 to Windows Server 2012 R2.Other benefits include the ability to see the clients that are online and view the "health" of Windows 10 devices.
Another big benefit of SCCM 1602 concerns the management of Office 365 clients. They can be managed using SCCM's "Software Update Management workflow." This capability is possible for "Office 365 ProPlus, Visio Pro for Office 365 and Project Pro for Office 365,"
Intune-SCCM Management
Microsoft also announced new capabilities with SCCM 1602 when integrated with Microsoft Intune, which is Microsoft's mobile device management service. Organizations can use Intune as a standalone tool or it can be integrated with SCCM. The standalone tool tends to get its new capabilities faster than the integrated SCCM solution.
One new capability in the integrated Intune-SCCM solution is the ability to impose conditional access on devices. we can now specify with SCCM 1602 that devices have to have current software updates, antimalware protection and BitLocker encryption to connect with a network.
SCCM 1602 with Intune also permits Microsoft Edge browser deployments to devices. Edge browser settings can be changed with the SCCM 1602-Intune combo.
Some management capabilities for Apple iOS devices are unlocked with SCCM 1602 and Intune. we can set policies to "dynamically change settings such as server name or port for iOS applications."  They can enable iOS Activation Lock on devices or they can bypass it.
This update includes the following improvements:
  • Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
  • Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
  • Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
  • Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
  • New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan.
  • Windows 10 Servicing: New improvements were added based on your feedback such as filters in servicing plans for upgrades that meet specified criteria, integration with deployment verification and a dialog in Software Center when starting an upgrade.
This update also includes new features for customers using System Center Configuration Manager integrated with Microsoft Intune. Some of the features that you can expect to see are:
  • Conditional Access for PCs Managed by Configuration Manager: You can now use conditional access capabilities to help secure access to Office 365 and other services on PCs managed with Configuration Manager agent. Conditions that can be used to control access include: Workplace Join, BitLocker, Antimalware, and Software Updates.
  • Windows 10 Conditional Access Enhancements: For Windows 10 devices that are managed through the Intune MDM channel, you can now set and deploy an updated Compliance Policy that includes additional compliance checks and integration with Health Attestation Service.
  • Microsoft Edge Configuration Settings: You can now set and deploy Microsoft Edge settings on Windows 10 devices.
  • Windows 10 Team Support: You can now set and deploy Windows 10 Team configuration settings.
  • Apple Volume Purchase Program (VPP) Support: You can now manage and deploy applications purchased through the Apple Volume Purchase Program for Business portal.
  • iOS App Configuration: You can now create and deploy iOS app configuration policies to dynamically change settings such as server name or port for iOS applications that support these configurations.
  • iOS Activation Lock Management: New capabilities include enabling iOS Activation Lock management, querying for the status, retrieving bypass codes, and performing an Activation Lock bypass on corporate-owned iOS devices.
  • Kiosk Mode for Samsung KNOX Devices: Kiosk mode allows you to lock a managed mobile device to only allow certain apps and features.
  • User Acceptance of Terms and Conditions: You can now see which users have or have not accepted the deployed terms and conditions.

.