Anoop C Nair

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc...
SCUP Upgrade

Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher

Let’s learn how to upgrade the SCUP Environment SCCM System Center Updates Publisher. The new version of SCUP was released a few weeks ago. This post answers the following questions about SCUP Upgrade.

I have also created a video tutorial to help us understand how to upgrade the SCUP version to the latest one. Download the latest version of SCUP 6.0.278.0.

Do we need to uninstall the existing version of SCUP to install the new version? Do we lose all the configurations and data as part of the upgrade

System Center Updates Publisher (SCUP) is a stand-alone tool that enables independent software vendors (third-party -3rd – applications) or line-of-business application developers to manage custom updates.

What is Microsoft SCUP?

Let’s discuss the Microsoft SCUP. The section below will help you to see more details.

What is Microsoft SCUP?
Version: 6.0.278.0
File Name:- UpdatesPublisher.msi
Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher – Table 1

You wanted to learn more about SCUP and its functionality through video tutorials. I recommend reading the previous SCUP posts for more details on this topic.

Features of SCUP?

SCUP is a tool for importing updates from external catalogs (non-Microsoft update catalogs). It also enables the modification of updated definitions, including applicability and deployment metadata.

SCUP Upgrade Experience 

SCUP is the tool used to export updates to external catalogs. Using SCUP, we can publish updates to a WSUS server.

Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher - Fig.1
Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher – Fig.1

As I showed in the SCUP Upgrade video tutorial, the SCUP upgrade process is straightforward and smooth. You won’t lose any of your existing configuration.

In my experience, everything configured in the existing version of SCUP will remain the same. The following is the high-level process that I followed to upgrade the SCUP environment.

Download the latest version of SCUP from Microsoft Download Center. The size of the MSI file is not big. It’s only ~5 MB.

The old version of SCUP is installed and configured on the server. There is no need to remove the previous version of SCUP before installing the new one; the latest version will upgrade the previous version.

Once SCUP is successfully installed on the server, we can launch it from the start menu. It will take time for you to launch SCUP for the first time.

This is because all the configuration options will happen in the background once we launch SCUP for the first time.

I will share my detailed review of SCUP in a different post. I’m interested to see the changes Microsoft promised in their SCUP release blog post.

SCUP Prerequisites or Requirements

The following are the prerequisites for the new version of SCUP.

Supported Operating System

  • Windows 10, Windows 8.1, Windows Server 2012 R2, Windows Server 2016
  • A supported Windows Server Update Services (WSUS) console. On Windows Server, install the default Administration Console to meet this requirement.
  • For Windows 10, install the Remote Server Administration Tools (RSAT) for Windows operating systems.

SCCM Dependency

SCCM 2012 R2 SP2
SCCM 2012 R2 SP1
A supported version of SCCM CB.
SCCM LTSB version 1606

https://www.youtube.com/watch?v=sNn77zOSiBo

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr 1

SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr

The SCCM CB 1803 preview version was released a few weeks ago. I was busy with SCCM CB 1802 production posts, so I couldn’t get time to install it. In this post, we will review my SCCM CB 1803 upgrade experience.

What is the SCCM CB Preview Version? If you have not installed the SCCM preview version in the lab, I recommend downloading and installing the latest preview baseline version, SCCM CB 1711. The above download link should be used ONLY when you want to test the Preview version in your lab environment.

What is the SCCM CB Preview Version? The SCCM CB Preview version is valid only for 90 days or 3 months. It should NOT be installed in the production environment. The SCCM preview version supports a maximum of TEN(10) clients.

I have created a video tutorial to provide a real experience of the SCCM CB 1803 upgrade process.

SCCM CB 1803 Video Tutorial

This video tutorial also gives a real-life experience of the new features included in the 1803 preview version of SCCM CB. Subscribe to the YouTube channel for updates on the latest SCCM/Intune video tutorial.

SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr - Fig.1
SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr – Fig.1

SCCM CB 1803 – List of Features

Microsoft’s SCCM team was busy during the 1802 production release. The preview version 1803 doesn’t have as many new features as expected.

I could see only 21 features available under the SCCM 1803 console “\Administration\Overview\Updates and Servicing\Features.”

  1. Add a passive primary site server.
  2. Approve Application requests for Users per Device
  3. Client Peer Cache
  4. Cloud Management Gateway
  5. Conditional Access for Managed PCs
  6. Create and Run Scripts
  7. Data Warehouse Service Point
  8. Device Health Attestation assessment for compliance
  9. Enable third (3rd) party update support for clients
  10. OMS Connector
  11. Passport for Work
  12. PFX Create
  13. Phased Deployments
  14. Run Task Sequence Step
  15. Server Groups
  16. Support for Cisco AnyConnect 4.0..7x and later for iOS
  17. Surface Driver Updates
  18. Task Sequence Content Pre-Caching
  19. VPN for Windows
  20. Windows Defender Application Control
  21. Windows Defender Exploit Guard Policy

High-Level Description of New FeaturesCustom Tab for Web Page in Software Center

Once you have upgraded the SCCM client and Server to 1803, you can now create a customized tab to open a web page in the Software Center.

  • Create Custom Tab in SCCM Software Center – In Client Settings, select the Software Center group. Specify a tab name and content URL for the customized tab.
  • Upgrade the SCCM CB client to 1803 and launch the Software center.
Enable copy/paste of asset details from SCCM Monitoring WorkSpace
Enable copy/paste functionality in the asset details pane in deployment and distribution status monitoring views.
SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr – Table 1

Enable 3rd software update support on SCCM CB clients

You can now enable the configuration of the ‘Allow signed updates from an intranet Microsoft update service location policy and installation of Windows Server Update Services code signing certificate on clients.

I have posted about this feature. I would recommend reading that post-SCCM CB 1802 Enable Third-Party Software Update Support.

  • Enable third-party software updates in Software Update Point top-level site component configuration
  • Configure (default) Software Updates client agent settings to enable third-party software updates on clients
  • Deploy custom Software Updates client agent setting to enable third-party software updates on clients
  • Successfully import third-party software updates signing certificate from Windows Software Update Services.

Improvements to PXE-enabled distribution points

The WDS requirement is removed from PXE-enabled DPs. This is possible if you are NOT using the multicast feature. Configure a PXE-enabled distribution point to use a PXE responder service that supports IPv6 and does not require Windows Deployment Services (WDS).

  • On the PXE tab of the distribution point properties, check “Enable a PXE responder without Windows Deployment Service” and click OK.

Maintenance windows Details in Software Center

The client machine’s software center displays maintenance Windows details, which is useful for troubleshooting scenarios for the help desk.

  • Software Center displays the next scheduled maintenance window on the Installation Status tab.

Partial download support in client peer cache to reduce WAN utilization

SCCM Client Peer cache is improving with every release of SCCM CB. Client peer cache sources can now divide content into parts. These parts minimize the network transfer to reduce WAN utilization.

Pull DP support Cloud DPs as a source.

You can set a cloud distribution point as a source for a pull distribution point.

Management Insights – SCEP for Mac and Unix Depreciation

I could see a new management insight option in the SCCM 1803 console: “\Administration\ Overview \ Management Insights\All Insights\MacOS and Unix.” It seems that SCEP for Mac and Unix will be depreciated by the last release of SCCM CB in 2018.

Resources

  1. SCCM CB 1803 Microsoft Documentation
  2. Know more about the SCCM Technical Preview Version 

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Microsoft Intune Training Course Intune Certification | Free training Videos 2

Microsoft Intune Training Course Intune Certification | Free training Videos

Microsoft Intune training course from Microsoft Learning is free. However, if you need a verified certificate, you’ll need to pay around USD 99$

Microsoft Course Number INF260x – Microsoft Azure Security Services includes one module on the Microsoft Intune device management solution. If this is your first edX course, I recommend you check out DemoX.

Updated Intune training 63 Episodes Of Free Intune Training For Device Management Admins HTMD Blog (anoopcnair.com). Learn Microsoft Intune – Use the Microsoft Intune Starters Kit to start learning Intune. Video experience of Intune training course and certification.

I have gone through the content of the Intune module, and it’s exciting and useful. One of the topics is How Intune Works? And the answer to that is “Intune device management works by using the protocols or APIs available in the mobile operating systems.”

The Content of the Intune Training Course Module

Let’s discuss the Content of the Intune Training Course Module. The list below will help you to see more details.

  • Microsoft Intune for Windows, iOS, and Android devices
  • Device Health Attestation
  • Mobile Device Management (MDM)
  • Mobile Application Management (MAM)
  • Data governance with GDPR
  • Security aspects of AutoPilot

How to Enrol in the Intune Training Course

You have four (4) options to enrol in the EdX training course. You can use either of the following options to start the training course. The table below will help you to see more details.

How to Enrol in the Intune Training Course
Facebook
Google
Microsoft
Create a New Account
Microsoft Intune Training Course Intune Certification | Free training Videos – Table 1

Review of Intune Training Course Content

Overall, the Intune training course content is good. This course is more about the security aspects of Microsoft Intune, but I agree that it covers Intune basics and design considerations, so Intune topics are helpful.

The General Data Protection Regulation (GDPR) will take effect in May 2018. The Intune module of this course provides more details about GDPR and privacy.

However, I also think the Microsoft learning team needs to update the content for some parts of the Intune training course. For example, the Intune training module references the Mobile Device Management Design Considerations Guide v2.

The TechNet gallery PDF document is pretty old (it was updated in 2015). It talks about Intune hybrid (with SCCM) architecture considerations, which are not relevant in 2018.

More Details on the First Topic of the Intune Training Course Module

The Intune module starts with a necessary explanation of Intune technology. It’s nicely explained.

What is Microsoft Intune
How Intune Works
Azure Active Directory integration with MDM Intune
MDM (Intune?) Design Considerations
 Identify your mobile device management requirements.
 Plan for mobile device management
 Plan for enhancing mobile device protection
 Plan for SaaS mobile device management
Application Management with Intune
General Data Protect Regulation with Intune

How is the Intune Training Course Placed?

To get the verified Certificate, you need to complete all the modules of the course INF260x. However, I covered only the Intune module in detail in this post. You have three(3) months to complete this course, and I think that is more than enough to finish the course.

One module will be released each week, with a moderated discussion board. Students will complete hands-on labs in an online virtual environment. A verified certificate is available after obtaining 70% of the course-graded events.

Start the Microsoft Azure Security Services training course

Microsoft Intune Training Course Intune Certification | Free training Videos - Fig.1
Microsoft Intune Training Course Intune Certification | Free training Videos – Fig.1

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Video Review of SCCM CB 1802 New Features 3

Video Review of SCCM CB 1802 New Features

Microsoft released the latest version of SCCM 1802 in the fast ring. To get more details, I recommend reading the newest production version of SCCM CB 1802 and the step-by-step upgrade guide.

Also, I believe SCCM CB 1802 helps organizations keep their infra neat and clean with new management insight features. In this post, we can discuss the review of SCCM 1802 new features.

Video tutorials help people discover the real-world experience of SCCM 1802’s new features.

Enabling the third-party update option will cause Software Update Point (SUP) to download the signing certificate used by Windows Server Update Services (WSUS) to sign third-party software updates.

Third-Party Updates – SCCM 1802 New Feature

If this option is enabled along with the software update client setting, the following local group policy, “Allow signed updates from an intranet Microsoft update service location,” will be created on a local machine.

The client will be configured to allow signed third-party updates, and the signing certificate will be installed in trusted publishers’ certificate stores on clients.

Enable third (3rd) party update support on clients – Enabled configuration by allowing signed third party updates policy and installing WSUS code signing certificate on clients. Enable Third-Party Software Update.

Duplicate Hardware Identifiers Improvement – SCCM 1802 New Feature

Navigate through SCCM console Administration – Site Configuration – Sites -Hierarchy Settings Properties – Client Approval and Conflicting Records. Some hardware is known to have duplicate IDs. Add them to the list so SCCM can ignore these PXE boot and client registration hardware IDs.

Add Duplicate Hardware ID – Specify the type of hardware ID and the value to include as a known duplicate. This ID will be ignored for PXE and client registration.

Duplicate Hardware Identifiers Improvement – SCCM 1802 New Feature
1. MAC address (12 hex characters)
2. SMBIOS GUID (32 hex characters)
Video Review of SCCM CB 1802 New Features – Table 1

Console Experience – SCCM 1802 Features

The primary user assigned to a device is available in the SCCM CB 1802 console. Navigate Assets and Compliance—Overview—Devices—Primary User(s).

Encryption Options – SCCM CB 1802 New Features

Configure client computers’ signing and encryption requirements when communicating with the SCCM site server. SCCM Clients always sign their client identification when communicating with the Application Catalog website.

Require Signing -Enabled by Default -This option requires that it’s signed when clients send data to management points.

Require SHA-256 -Enabled by Default – When clients sign data and communicate with site systems using HTTP. This option requires the client to use SHA-256 to sign the data. The client must support the SHA-256 hash algorithm to use this option. This option applies to clients that do not use PKI certificates.

Use Encryption – NOT enabled by default – This option uses 3DES to encrypt the SCCM client inventory data and state messages sent to the Management Points.

Video Review of SCCM CB 1802 New Features - Fig.1
Video Review of SCCM CB 1802 New Features – Fig.1

Site Infrastructure Improvements – SCCM 1802 New Features

Let’s discuss the Site infrastructure Improvements – SCCM 1802 New Features. The list below will help you to see more details.

  • Reassign distribution point
  • Configure Windows Delivery Optimization(DO) to use SCCM boundary groups (Client Settings option)
  • Support for Windows 10 ARM64 devices
  • Improved support for CNG certificates
  • Boundary group fallback for management points
  • Cloud distribution point site affinity

Client Management Improvements – SCCM CB 1802 New Features

Let’s discuss the Client Management Improvements – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Cloud management gateway support for Azure Resource Manager
  • Configure hardware inventory to collect strings larger than 255 characters
  • Surface device dashboard
  • Primary User Details in the SCCM console
  • Change in the Configuration Manager client install – No Silverlight installed

Application Management Improvements – SCCM CB 1802 New Features

Let’s discuss the Application Management Improvements – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Allow user interaction when installing an application
  • Do not automatically upgrade superseded applications
  • Approve application requests for users per device
  • Run scripts improvements

SCCM CB Operating System Deployment Improvements

Let’s discuss the SCCM CB Operating System Deployment Improvements. The list below provides more details.

  • Windows 10 in-place upgrade task sequence via SCCM cloud management gateway (CMG)
  • Improvements to Windows 10 in-place upgrade task sequence
  • Improvements to operating system deployment
  • Deployment templates for task sequences
  • Phased deployments for task sequences

Software Center Changes – SCCM CB 1802 New Features

Let’s discuss the Software Center Changes – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Install multiple applications in the Software Center
  • Use Software Center to browse and install user-available applications on Azure AD-joined devices.
  • Hide installed applications in the Software Center
  • Hide unapproved applications in the Software Center
  • Software Center shows users additional compliance information
Video Review of SCCM CB 1802 New Features – Video 1

SCCM 1802 – Site System Server Roles

Let’s discuss the SCCM 1802 – Site System Server Roles. The list below will help you to see more details.

  • Distribution Point
  • Management Point
  • Service Connection Point
  • Site Database Server
  • Application Catalog Web service point
  • Application Catalog Website Point
  • Asset Intelligence Synchronization point
  • Certificate Registration Point
  • Cloud Management Gateway Connection Point
  • Data Warehouse Service Point
  • Endpoint Protection Point
  • Enrollment point
  • Enrollment Proxy point
  • Fallback status point
  • Reporting Services Point
  • Software Update point
  • State Migration Point

Resources

  1. Step by Step Video to Perform SCCM CB Upgrade to 1802
  2. Now Available: Update 1802 for SCCM Current Branch
  3. What’s new in version 1802 of System Center Configuration Manager CB

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr 4

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr

Let’s learn about Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr.We don’t like red alerts in SCCM monitoring nodes, especially those related to critical site Component status.

We can reset the SCCM site status message count on any component or site system to remove the red alerts from the console. However, I won’t recommend resetting the SCCM component or site system summarizer counter.

Instead, you need to check and understand why the SCCM site status summarizer contains a critical alert.

Check out the video tutorial on resetting the SCCM CB Critical Site Component Status. As mentioned above, I don’t recommend resetting the site or component status summarizer counter before fixing the issue. If you have a critical site status, then fix the issue before resetting the counter.

Why Reset the SCCM Site Status Summarizer Counter? 

SCCM/ConfigMgr site and component status message counts are automatically reset at the end of threshold periods. As part of troubleshooting, we may need to reset the counters to confirm whether everything is okay.

  • \Monitoring\Overview\System Status\Site Status
  • \Monitoring\Overview\System Status\Component Status

What is the SCCM Site Component Status Summarizer?

SCCM Status Summarizer helps admins determine the health or status of different SCCM/ConfigMgr CB Infrastructure aspects. The SCCM site and components status summarizers get input from status messages, states, and counts.

The current branch version of SCCM includes four (4) status summarizers. The post-SCCM Site Component Status Summarizers Troubleshoot Issues provides more information about these components.

What are the Options for Reconfiguring the SCCM Site & Component Status Summarizers?

Application Deployment Summarizer – The application deployment summarizer can be used to get SCCM clients’ application deployment status. To Configure application deployment summarize.

What are the Options for Reconfiguring the SCCM Site & Component Status Summarizers?
Navigate via \Administration\Overview \Site Configuration\Sites – click on the status summarizer ribbon button.
In the Status Summarizers dialog box, click Application Deployment Summarize and Edit.
In the Application Deployment Summarizer Properties dialog box, configure the required summarization intervals and then click OK.
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Table 1
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr - Fig.1
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Fig.1

Default Settings of Application Deployment Summarizer Frequency of status updates for deployment was modified in the last 30 days Number of Minutes: 60. The frequency of status updates for deployment was altered in the last 31 to 60 days. Number of Hours: 24. The frequency of deployment status updates was modified over 90 days ago. Number of days: 7

The Application Statistics Summarizer specifies how often application statistics should be updated. Intervals are based on the date the application was last modified. To change the application Statistics Summarizer configuration, follow the same steps mentioned above.

Summarization Frequency Frequency of the status updates for deployment was last modified in the last 30 days Number of minutes 240 Frequency of the status updates for deployment was later changed in the previous 31 to 90 days Number of hours 240 Frequency of the status updates for deployment was last modified over 90 days Number of days 7

Component Status Summarizer allows the setting of a threshold for each SCCM component. There are two (2) types of thresholds: the warning threshold and the critical threshold. We have options to disable SCCM status summarization for component status. Also, there are options to set the component status replication priority to the parent site.

To change the component Status Summarizer configuration, follow the same steps mentioned above to change the configuration.

Site System Status Summarizer allows disabling status summarization for site system status. It also allows you to set the replication priority of site system status for the parent site in your SCCM hierarchy. It gives the option to set a status summarization schedule. However, I have never used this option.

How to Reset the Critical Site or Component Status Summarizer Counters

The site System summarizer threshold allows you to specify the free space for displaying warning or critical icons in the site system. To change the configuration of Site System Status Summarize, follow the steps mentioned above.

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr - Fig.2
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Fig.2

The site and component status summarizer count can be reset from the SCCM console monitoring workspace. This will help eliminate some red alerts from your SCCM monitoring console.

How Do You Reset the SCCM Critical Site Status Summarizer Counters?

\Monitoring\Overview\System Status\Site Status

  1. Open the SCCM CB console
  2. Navigate via \Monitoring\Overview\System Status\Site Status
  3. Select the site status message you want to reset
  4. Click on the ribbon – Reset Counts icon
  5. As you can see in the video tutorial, click the Refresh button to make RED alerts GREEN.

How Do You Reset the SCCM Critical Component Status Summarizer Counters?

\Monitoring\Overview\System Status\Component Status

  1. Open the SCCM CB console
  2. Navigate via \Monitoring\Overview\System Status\Component Status
  3. Select the component status message you want to reset
  4. Click on the ribbon – Reset Counts icon
  5. As you can see in the video tutorial, click the Refresh button to make RED alerts GREEN.
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Video 1

Resources

Status Message Queries – Track Who Deleted Modified Changed SCCM Settings

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…