Microsoft Adding 'Real-Time' Device Querying to SCCM
- By Kurt Mackie
- August 02, 2018
System Center Configuration Manager (SCCM) update 1806, the latest "semiannual channel" release of Microsoft's device and server management system, will arrive in the next few weeks, Microsoft said on Tuesday.
When available, the update will show up in the Updates and Servicing node of the SCCM console. Microsoft typically releases three semiannual channel (or branch) releases of SCCM per year.
Last month, Microsoft announced a new commercial release of the whole System Center suite of products. The components of the System Center product suite are listed as being at version 1807.
The SCCM update 1806 release is bringing a new capability to check the status of devices in "real time" called "CMPivot." It's built into the SCCM console and located in the Device Collections node. While SCCM has access to device data for general reporting purposes, CMPivot is conceived as a way to get the information right away through queries, with filterable results. It's perhaps more of a troubleshooting or compliance kind of tool.
For instance, it's possible to use CMPivot to check the firmware update status of devices subject to speculative execution side-channel attacks, a Microsoft document on CMPivot suggested. Such tracking has become a complicated task for IT organizations because they have to ensure that operating system updates and firmware (or "microcode") updates were applied for various client device processors, and new speculative execution variants seem to pop up every few months. In addition to the CMPivot tool, Microsoft offers the ability to check speculative execution side-channel patch compliance via its Windows Analytics and PowerShell tools.
SCCM Update 1806 includes some update handling improvements.
For instance, it provides help for the Windows Server Update Services (WSUS) patch management system. It has a new WSUS cleanup wizard that will "decline updates that are expired according to the supersedence rules defined on the software update point component properties," which perhaps may alleviate Microsoft's patch-upon-patch monthly update confusion. Also, SCCM's ability to subscribe to "third-party" (non-Microsoft) software updates can now be pushed out to WSUS.
Dashboard and Tooling Improvements
Microsoft added a new product lifecycle dashboard in the SCCM console. It shows the Microsoft Lifecycle Policy status for device software, including support end dates. There's also a new report on the compliance of software updates, which is called "Compliance 9 -- Overall health and compliance."
Microsoft also added a new Cloud Management dashboard. It shows usage details of the Cloud Management Gateway.
Microsoft now automatically installs the CMTrace tool with the SCCM client. The CMTrace tool is used to analyze log files. Also, Microsoft is now installing Configuration Manager's Server and Client Tools on the server with this update.
The Package Conversion Manager tool is now integrated with this update. It lets IT pros "convert legacy Configuration Manager 2007 packages into current branch applications," according to Microsoft's "What's New" document.
Also with this update, Microsoft now shows the recommended actions to take when Windows 10 in-place upgrades fail. Apparently, this capability supplements the diagnostic capabilities of the Windows SetupDiag standalone tool.
Microsoft is touting the ability to carry out phased deployments of applications with this 1806 update release. This feature appeared as a preview in SCCM update 1802, but it's now deemed ready for production use. Microsoft defines a phased deployment as automating "a coordinated, sequenced rollout of software across multiple collections," according to a document description. These rollouts can be gradual, according to the "What's New" document:
During a phased deployment, the rollout in each phase can now happen gradually. This behavior helps mitigate the risk of deployment issues, and decreases the load on the network caused by the distribution of content to clients.
There are some bandwidth enhancements. One of them is the Low Extra Delay Background Transport (LEDBAT) Windows Server 2019 capability that promises to only transfer updates when the bandwidth is available and not being used by end users.
Another enhancement is the ability of peer-to-peer cache content to get divided into parts for client updates. This so-called "partial download" feature is conceived as a way to reduce the transfer burdens on wide area networks.
Microsoft continues to improve its "comanagement" capability that works as a bridge between SCCM and Microsoft Intune, its mobile management solution. The idea behind comanagement is for organizations to move toward using Intune for device management, when they are ready.
With SCCM update 1806, the workloads that can be moved to Intune management now include device configuration, Office 365 deployments and mobile apps. Devices now will automatically synchronize and use Intune mobile device management policies. Organizations can now connect "more than one Configuration Manager environment to the same Intune tenant," Microsoft's announcement noted.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.