News

Microsoft Starts Rolling Out Next 'Current Branch' Release of SCCM

• By Kurt Mackie
• March 26, 2018

System Center Configuration Manager (SCCM) is getting its newest "current branch" release with the rollout of Update 1802, Microsoft announced last week.

Update 1802 will get automatically delivered to subscribers "in the coming weeks," Microsoft said. However, it can also be accessed immediately by executing a PowerShell script that puts subscribers into an earlier distribution ring. IT pros will get notified when it has arrived.

The update gets enabled through the "Updates and Servicing" node of the SCCM console. It's possible to perform an in-place upgrade to Update 1802 from SCCM versions 1702, 1706 or 1710, according to Microsoft's "What's New" document.

In addition to the feature updates, Microsoft announced it is deprecating SCCM support for Linux and Unix machines in about a year's time. Instead, Microsoft wants organizations to use its Operations Management Suite to manage Linux servers. Here's how the "What's New" document described that switch:

Microsoft intends to deprecate the Linux and UNIX client support in System Center Configuration Manager roughly one year from now, such that the clients will not be included in the SCCM 1902 release in early calendar 2019. The Configuration Manager 1810 release, in late calendar 2018, will be the last release to include the Linux and UNIX clients, and they will be supported for the full lifecycle of Configuration Manager 1810.

Update 1802 Additions
Some of things that are new in Update 1802 seem like they must have been possible before. For instance, it's now possible to "set Microsoft Edge browser policies using SCCM." There's also a new report added to "show the default browser" used in client devices.

The ability to run PowerShell scripts from SCCM "is no longer a pre-release feature" with Update 1802, Microsoft noted. This so-called "Run Scripts" functionality was first introduced in SCCM version 1706. With Update 1802, it's possible to use SCCM to "run scripts on collections or individual on-premises managed Windows PCs," according to a Microsoft "PowerShell Scripts" document. Community-shared PowerShell scripts can be used, but Microsoft cautioned users to be careful using them. In addition, using parameters with PowerShell scripts "opens a surface area for potential PowerShell injection attack risk."

Automatic deployment rules for software updates in SCCM can now be offset from Microsoft's base patch rollout day. It's an "update Tuesday" help for some users around the globe. For instance, Microsoft explained that "if patch Tuesday actually falls on Wednesday for you, the evaluation schedule can be set for the second Tuesday of the month offset by one day." 

Distribution sites now can be moved between sites with Update 1802. Organizations can now "reassign a distribution point to another primary site without redistributing the content," according to the "What's New" document. In addition, boundary groups can be used to specify content delivery when updating Windows 10 PCs using Microsoft's Windows Delivery Optimization peer-to-peer technology. There's a setting that applies a boundary group identifier onto a client. "When the client communicates with the Delivery Optimization cloud service, it uses this identifier to locate peers with the desired content," the document explained.

Distribution sites also are getting a new "point site affinity" feature for better updating clients connected to the Internet. This feature "prioritizes cloud distribution points from the client's assigned site," thus avoiding an issue where clients were getting content from distant cloud distribution sites.

Improvements were added to the "comanagement" capability in SCCM. Comanagement is a transitional solution that permits the management of Active Directory domain-joined devices alongside Azure Active Directory-managed devices (typically using a mobile management solution like Microsoft Intune). With Update 1802, Microsoft permits the transitioning of the Endpoint Protection workloads to Intune. In addition, the SCCM console now has a dashboard showing comanagement information, with graphs showing devices that may need attention.

Other new features in SCCM Update 1802 may not seem so acutely needed right now. For instance, the update added support for the management of Windows 10 ARM 64 processor-based clients. There are some ARM-based servers out there, but so far, Microsoft has mostly touted the use of its Windows 10 S operating system with client devices using ARM 64 chips. These new "Always Connected" PCs were initially aimed at consumer and education users, but support on 4G and LTE networks could make them useful for business travelers, if they're OK with just running Windows Store apps. Windows 10 in S mode recently got a boost when Microsoft announced it will ease the ability of Windows 10 users to switch to S mode, regardless of Windows 10 edition they are using, starting with the next Windows 10 update release.

Cloud Management Gateway Support
One understated addition in Update 1802 is its improved support for the Cloud Management Gateway service. Using the Cloud Management Gateway with SCCM purportedly represents a simpler way to manage Internet-connected clients. Such support was already available in SCCM Update 1610 more than a year ago, but now it's "no longer a pre-release feature," according to the "What's New" document. Possibly, Cloud Management Gateway support in SCCM is still at the preview stage of some sort. Microsoft didn't describe its status.

The Cloud Management Gateway is barely described in a Microsoft FAQ, but it can be used to manage traditional Active Directory domain-joined Windows clients and Windows 10 clients managed using Azure Active Directory. Update 1802 adds support for deploying the Cloud Management Gateway using Azure Resource Manager, which avoids having to maintain a management certificate. Also new is that Windows 10 task sequence in-place upgrades can be performed "via the Cloud Management Gateway and Cloud Distribution Point."

Using the Cloud Management Gateway requires having a subscription to Azure Cloud Services in its Platform-as-a-Service implementation. Also required is a subscription to use Azure Virtual Machines Standard A2. In addition, there are associated outbound data transfer costs, according to Microsoft's "Planning" document.