Microsoft Green-Lights Next SCCM 'Current Branch' Version
- By Kurt Mackie
- March 28, 2017
The next "current branch" version of Microsoft's System Center Configuration Manager (SCCM) product, update 1702, has begun its global rollout.
Update 1702 can be installed from SCCM's Updates and Servicing node when it arrives "in the coming weeks," according to Microsoft's announcement. It's also possible to get it right away by running this PowerShell script.
The update can be installed via an in-place upgrade if organizations had versions 1606 or 1610 previously installed. Microsoft had explained this restriction late last year. Essentially, SCCM users can upgrade in place to the next current branch version if they're not more than two SCCM releases behind in the upgrade release cycle. Microsoft released update 1602 in March of last year, so that branch likely is seen as unsupported.
The current branch is actually the main release of the SCCM product for organizations to install under Microsoft's service model for SCCM. This service model delivers a current branch several times per year, a long-term servicing branch and technical preview releases (for testing purposes). Microsoft had explained this three-pronged SCCM update scheme back in November. It's a little confusing because the main update release for Windows 10 is called "current branch for business," which SCCM never gets. Each SCCM current branch is supported for one year under Microsoft's Modern Lifecycle Policy, so if SCCM doesn't get updated after a year, it can become an unsupported product, which means it'll no longer receive any future security updates.
One big caveat for IT pros installing SCCM version 1702 is that this update drops support for managing SQL Server 2008 R2, Windows Server 2008/R2 and Windows XP Embedded, as explained in Microsoft's SCCM 1702 documentation. The caveat was noted Monday by Prajwal Desai, a Microsoft Most Valuable Professional, in a Twitter post.
SCCM version 1702 is notable for being the release that will work with the coming Windows 10 "creators update," which is likely to arrive either this week or sometime next month. To get imaging support for the creators update, Microsoft's announcement recommended upgrading to the latest Windows 10 Assessment and Deployment Kit (ADK). The ADKs can be downloaded from this page. Microsoft now releases these kits for specific Windows 10 build versions, but the ADK for the creators update wasn't shown at press time.
This version of SCCM also notably brings support for Express Update files technology, which just delivers the changed bits. Express Update technology for SCCM and Windows Server Update Services is expected to reduce the size of a Windows 10 quality update to about 100MB per month, according to a February talk by Michael Niehaus, a senior product marketing manager at Microsoft. Back then, Niehaus had said that Microsoft was still "working out the kinks" for those products, but Express Update technology apparently is ready now.
Peer caching is improved with this release. PCs with low battery reserves or with CPU loads greater than 80 percent will reject a request for content.
Microsoft also turned on conditional access controls with SCCM update 1702. User access to applications can be limited to just the PCs that are deemed compliant with policies.
Microsoft added a top-requested feature in this release. End users will get informed about a coming update if they are running certain executable files listed in the "Install Behavior tab." In addition, Microsoft now lets IT pros customize the warnings they'll get from the Software Center when "running a high-risk deployment, such as a task sequence to install a new operating system."
Microsoft added updated capabilities for organizations running SCCM with Intune, which is Microsoft's mobile management solution. SCCM version 1702 adds Android for Work support. Apple Volume Purchase Program policies can now be synced with enrolled devices using the SCCM console. Microsoft also added support for 42 Apple iOS device settings.
Another mobile device support addition is the ability to view threat details reported by the Lookout service. Microsoft and Lookout formed a partnership in June that integrates the Lookout Mobile Endpoint Security risk assessment service with the Microsoft Enterprise Mobility + Security suite, which is one way to license Microsoft's Intune service.