Video Review of SCCM CB 1802 New Features 1

Video Review of SCCM CB 1802 New Features

Microsoft released the latest version of SCCM 1802 in the fast ring. To get more details, I recommend reading the newest production version of SCCM CB 1802 and the step-by-step upgrade guide.

Also, I believe SCCM CB 1802 helps organizations keep their infra neat and clean with new management insight features. In this post, we can discuss the review of SCCM 1802 new features.

Video tutorials help people discover the real-world experience of SCCM 1802’s new features.

Enabling the third-party update option will cause Software Update Point (SUP) to download the signing certificate used by Windows Server Update Services (WSUS) to sign third-party software updates.

Third-Party Updates – SCCM 1802 New Feature

If this option is enabled along with the software update client setting, the following local group policy, “Allow signed updates from an intranet Microsoft update service location,” will be created on a local machine.

The client will be configured to allow signed third-party updates, and the signing certificate will be installed in trusted publishers’ certificate stores on clients.

Enable third (3rd) party update support on clients – Enabled configuration by allowing signed third party updates policy and installing WSUS code signing certificate on clients. Enable Third-Party Software Update.

Duplicate Hardware Identifiers Improvement – SCCM 1802 New Feature

Navigate through SCCM console Administration – Site Configuration – Sites -Hierarchy Settings Properties – Client Approval and Conflicting Records. Some hardware is known to have duplicate IDs. Add them to the list so SCCM can ignore these PXE boot and client registration hardware IDs.

Add Duplicate Hardware ID – Specify the type of hardware ID and the value to include as a known duplicate. This ID will be ignored for PXE and client registration.

Duplicate Hardware Identifiers Improvement – SCCM 1802 New Feature
1. MAC address (12 hex characters)
2. SMBIOS GUID (32 hex characters)
Video Review of SCCM CB 1802 New Features – Table 1

Console Experience – SCCM 1802 Features

The primary user assigned to a device is available in the SCCM CB 1802 console. Navigate Assets and Compliance—Overview—Devices—Primary User(s).

Encryption Options – SCCM CB 1802 New Features

Configure client computers’ signing and encryption requirements when communicating with the SCCM site server. SCCM Clients always sign their client identification when communicating with the Application Catalog website.

Require Signing -Enabled by Default -This option requires that it’s signed when clients send data to management points.

Require SHA-256 -Enabled by Default – When clients sign data and communicate with site systems using HTTP. This option requires the client to use SHA-256 to sign the data. The client must support the SHA-256 hash algorithm to use this option. This option applies to clients that do not use PKI certificates.

Use Encryption – NOT enabled by default – This option uses 3DES to encrypt the SCCM client inventory data and state messages sent to the Management Points.

Video Review of SCCM CB 1802 New Features - Fig.1
Video Review of SCCM CB 1802 New Features – Fig.1

Site Infrastructure Improvements – SCCM 1802 New Features

Let’s discuss the Site infrastructure Improvements – SCCM 1802 New Features. The list below will help you to see more details.

  • Reassign distribution point
  • Configure Windows Delivery Optimization(DO) to use SCCM boundary groups (Client Settings option)
  • Support for Windows 10 ARM64 devices
  • Improved support for CNG certificates
  • Boundary group fallback for management points
  • Cloud distribution point site affinity

Client Management Improvements – SCCM CB 1802 New Features

Let’s discuss the Client Management Improvements – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Cloud management gateway support for Azure Resource Manager
  • Configure hardware inventory to collect strings larger than 255 characters
  • Surface device dashboard
  • Primary User Details in the SCCM console
  • Change in the Configuration Manager client install – No Silverlight installed

Application Management Improvements – SCCM CB 1802 New Features

Let’s discuss the Application Management Improvements – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Allow user interaction when installing an application
  • Do not automatically upgrade superseded applications
  • Approve application requests for users per device
  • Run scripts improvements

SCCM CB Operating System Deployment Improvements

Let’s discuss the SCCM CB Operating System Deployment Improvements. The list below provides more details.

  • Windows 10 in-place upgrade task sequence via SCCM cloud management gateway (CMG)
  • Improvements to Windows 10 in-place upgrade task sequence
  • Improvements to operating system deployment
  • Deployment templates for task sequences
  • Phased deployments for task sequences

Software Center Changes – SCCM CB 1802 New Features

Let’s discuss the Software Center Changes – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Install multiple applications in the Software Center
  • Use Software Center to browse and install user-available applications on Azure AD-joined devices.
  • Hide installed applications in the Software Center
  • Hide unapproved applications in the Software Center
  • Software Center shows users additional compliance information
Video Review of SCCM CB 1802 New Features – Video 1

SCCM 1802 – Site System Server Roles

Let’s discuss the SCCM 1802 – Site System Server Roles. The list below will help you to see more details.

  • Distribution Point
  • Management Point
  • Service Connection Point
  • Site Database Server
  • Application Catalog Web service point
  • Application Catalog Website Point
  • Asset Intelligence Synchronization point
  • Certificate Registration Point
  • Cloud Management Gateway Connection Point
  • Data Warehouse Service Point
  • Endpoint Protection Point
  • Enrollment point
  • Enrollment Proxy point
  • Fallback status point
  • Reporting Services Point
  • Software Update point
  • State Migration Point

Resources

  1. Step by Step Video to Perform SCCM CB Upgrade to 1802
  2. Now Available: Update 1802 for SCCM Current Branch
  3. What’s new in version 1802 of System Center Configuration Manager CB

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr 2

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr

Let’s learn about Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr.We don’t like red alerts in SCCM monitoring nodes, especially those related to critical site Component status.

We can reset the SCCM site status message count on any component or site system to remove the red alerts from the console. However, I won’t recommend resetting the SCCM component or site system summarizer counter.

Instead, you need to check and understand why the SCCM site status summarizer contains a critical alert.

Check out the video tutorial on resetting the SCCM CB Critical Site Component Status. As mentioned above, I don’t recommend resetting the site or component status summarizer counter before fixing the issue. If you have a critical site status, then fix the issue before resetting the counter.

Why Reset the SCCM Site Status Summarizer Counter? 

SCCM/ConfigMgr site and component status message counts are automatically reset at the end of threshold periods. As part of troubleshooting, we may need to reset the counters to confirm whether everything is okay.

  • \Monitoring\Overview\System Status\Site Status
  • \Monitoring\Overview\System Status\Component Status

What is the SCCM Site Component Status Summarizer?

SCCM Status Summarizer helps admins determine the health or status of different SCCM/ConfigMgr CB Infrastructure aspects. The SCCM site and components status summarizers get input from status messages, states, and counts.

The current branch version of SCCM includes four (4) status summarizers. The post-SCCM Site Component Status Summarizers Troubleshoot Issues provides more information about these components.

What are the Options for Reconfiguring the SCCM Site & Component Status Summarizers?

Application Deployment Summarizer – The application deployment summarizer can be used to get SCCM clients’ application deployment status. To Configure application deployment summarize.

What are the Options for Reconfiguring the SCCM Site & Component Status Summarizers?
Navigate via \Administration\Overview \Site Configuration\Sites – click on the status summarizer ribbon button.
In the Status Summarizers dialog box, click Application Deployment Summarize and Edit.
In the Application Deployment Summarizer Properties dialog box, configure the required summarization intervals and then click OK.
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Table 1
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr - Fig.1
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Fig.1

Default Settings of Application Deployment Summarizer Frequency of status updates for deployment was modified in the last 30 days Number of Minutes: 60. The frequency of status updates for deployment was altered in the last 31 to 60 days. Number of Hours: 24. The frequency of deployment status updates was modified over 90 days ago. Number of days: 7

The Application Statistics Summarizer specifies how often application statistics should be updated. Intervals are based on the date the application was last modified. To change the application Statistics Summarizer configuration, follow the same steps mentioned above.

Summarization Frequency Frequency of the status updates for deployment was last modified in the last 30 days Number of minutes 240 Frequency of the status updates for deployment was later changed in the previous 31 to 90 days Number of hours 240 Frequency of the status updates for deployment was last modified over 90 days Number of days 7

Component Status Summarizer allows the setting of a threshold for each SCCM component. There are two (2) types of thresholds: the warning threshold and the critical threshold. We have options to disable SCCM status summarization for component status. Also, there are options to set the component status replication priority to the parent site.

To change the component Status Summarizer configuration, follow the same steps mentioned above to change the configuration.

Site System Status Summarizer allows disabling status summarization for site system status. It also allows you to set the replication priority of site system status for the parent site in your SCCM hierarchy. It gives the option to set a status summarization schedule. However, I have never used this option.

How to Reset the Critical Site or Component Status Summarizer Counters

The site System summarizer threshold allows you to specify the free space for displaying warning or critical icons in the site system. To change the configuration of Site System Status Summarize, follow the steps mentioned above.

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr - Fig.2
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Fig.2

The site and component status summarizer count can be reset from the SCCM console monitoring workspace. This will help eliminate some red alerts from your SCCM monitoring console.

How Do You Reset the SCCM Critical Site Status Summarizer Counters?

\Monitoring\Overview\System Status\Site Status

  1. Open the SCCM CB console
  2. Navigate via \Monitoring\Overview\System Status\Site Status
  3. Select the site status message you want to reset
  4. Click on the ribbon – Reset Counts icon
  5. As you can see in the video tutorial, click the Refresh button to make RED alerts GREEN.

How Do You Reset the SCCM Critical Component Status Summarizer Counters?

\Monitoring\Overview\System Status\Component Status

  1. Open the SCCM CB console
  2. Navigate via \Monitoring\Overview\System Status\Component Status
  3. Select the component status message you want to reset
  4. Click on the ribbon – Reset Counts icon
  5. As you can see in the video tutorial, click the Refresh button to make RED alerts GREEN.
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Video 1

Resources

Status Message Queries – Track Who Deleted Modified Changed SCCM Settings

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access 3

Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access

Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access. Role-Based Access Controls (RBAC) are one of my favorite features in Microsoft Intune.

People chose Intune hybrid instead of Intune standalone because of the lack of RBAC. The Intune team introduced RBAC features into their product back in 2017. This post will teach us how to provide read-only access to the Intune console.

I have two (2) posts covering Intune role-based access controls in detail. I recommend reading them to learn more about Intune RBAC.

However, the Intune team did excellent work in including scope features in Intune RBAC. Now, it’s getting close to SCCM RBAC features. My previous posts about Intune RBAC follow.

How to Provide Read-Only Access to Intune

RBAC helps Intune Admins control who can perform various Intune tasks within your enterprise. There are six (6) built-in Intune roles (RBAC roles). I use the default Intune role, “Read Only Operator,” to provide read-only access to the Intune console.

  1. Navigate Azure PortalMicrosoft Intune blade – Intune rolesAll roles Read-Only Operator – Assignments  – Click on + Assign.
  2. Once you click on the “+ Assign” button, a new Read-Only Operator—Role assignments blade will be displayed.
  3. Enter the following information in the blade                                                  Assignment Name = Read-Only Intune Users
    Assignment Description = Details of Read-Only Assignment Group
    Members (Groups)# = Click on the + Add button and select the Azure AD User Group, including Intune Read-Only users (my example – Intune Read-Only Users). Scope (Groups)* = Click on + Add and select the Azure AD User or/and Device group. Only the operator would be able to manage the resources in this group. More details are below.
  4. Save the Intune Role assignment by clicking the OK button

Administrators in Scope Groups Role Assignment can target policies, applications, or small
tasks to these Scope Groups. So the Intune ReadOnly user group members (in my
example screenshot) could target procedures, applications, or small functions
for the users/devices in my scoping group Intune ReadOnly. This is as per the design.

  •  Member Group users are the administrators assigned to this role.
Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access - Fig.1
Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access – Fig.1

Do You know what the Intune Scope Group Is?

Do you know what the Intune scope group is? “The users or devices that a specified person (the member) can manage.” Intune ReadOnly users can manage devices or parts of their Scope Groups in the above example.

If you are an SCCM admin, then the SCOPE option is already there in SCCM 2012 and CB console. I’ve another post that talks about Configuration manager RBAC detail.

Intune Read-Only User Experience

In this scenario, the Intune read-only user is a regular user in Azure Active Directory (without any other access). However, the user has been assigned a valid Intune (EMS) license.

I will cover all the following scenarios with Intune’s read-only user experience. The video tutorial on read-only access to Intune provides more details.

Device Enrollment Experience for Read-Only User

The user has read or view access to all the device enrollment blades. However, I noticed that the Configure MDM Push Certificate blade doesn’t allow downloading the CSR file.

The Android work enrollment experience is different from Apple’s. While trying to sign up with an Intune read-only account, I can see the following error: An error occurred requesting the Android for Work signup URL.

Windows enrollment, Terms and conditions, Enrollment restrictions, Device categories, Corporate device identifiers, and Device enrollment managers also work as expected for Intune read-only users.

Device Compliance Experience for Read-Only Users

The device compliance experience is different from the device enrollment experience. Read-only users can change the compliance policy schedule time for actions for non-compliance, but it never gets saved. Instead, it gives an error while trying to save the configuration. So we are fine!

As per my testing, the read-only user cannot assign the compliance policy to any group. For more details, refer to the Read-only Access to Intune video tutorial. However, the read-only user has access to check the status of the compliance policy on devices.

Devices Blade Experience  for Intune Read-Only User

View access for the device’s blade is intact. The user can view the properties of all devices. The Azure AD scope option may provide some opportunities to limit read-only users from checking out the properties of devices that are not in read-only users’ scope.

Also, read-only users cannot perform remote actions on devices (such as Removing company data, Factory reset, Deletion, and Remote Lock).

Device Configuration Experience  for Intune Read-Only User

Configuration profiles blade provides a classic view experience for Intune read-only users. The read-only users have view access to Overview, Properties, Assignments, Device status, User status, and Per-setting status.

The Configuration PowerShell Scripts blade provides a different experience for Intune read-only users. Like the compliance policy experience (explained above), the PowerShell scripts blade offers the option to edit or rename PowerShell script names. But we are fine with that, as Intune won’t allow read-only users to save those changes.

I had a similar experience with the PowerShell Script assignment. It allows a PowerShell script to be assigned to change the assignments, but it won’t allow the read-only user to save the changes.

Mobile Apps (Applications) Experience  for Intune Read-Only User

Intune read-only users’ mobile app experience is similar to that of device enrollment. Mobile apps Manage options provide standard view access to read-only users for Apps, App configuration policies, App protection policies, App selective wipe, and iOS app provisioning profiles.

Monitor options under mobile apps give a similar view experience for App licenses, Discovered apps, App install status, App protection status, and Audit logs.

SETUP options also give a similar view experience for iOS VPP tokens, Windows enterprise certificate, Windows Symantec certificate, Microsoft Store for Business, Windows sideloading keys, Company Portal branding, App categories, and Android for Work.

Conditional Access Experience  for Intune Read-Only User

The Conditional Access blade provides view access to read-only operators. I would love to see Azure AD Conditional Access What If work fine for read-only users. This would be very helpful from a learning perspective.

All the following items work fine as expected to provide standard view access.

Conditional Access Experience  for Intune Read-Only User
On-premises access
Users
Groups
Intune roles
Software Updates
Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access – Table 1
Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access - Fig.2
Intune Read-Only Experience Learn to Create Read-Only Operators Roles Admin Access – Fig.2

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM Management Insights Clean Healthy SCCM CB Environment 4

SCCM Management Insights Clean Healthy SCCM CB Environment

SCCM Management Insights Clean Healthy SCCM CB Environment Configuration Manager ConfigMgr. SCCM CB Management Insights is one of my favorite features. However, it is not listed in the features list in the SCCM CB 1802 console.

However, management insights were by default enabled in 1802 and later. Trust me, it is very useful to keep your environment neat and clean. As a central admin of a global SCCM team, I will love this feature.

[New Post – Read this post to get the latest details about SCCM Management Insights]

In the previous post, I provided tips and tricks for maintaining an SCCM environment. My honest recommendation is to read those to get more details about SCCM health. MGMT insights is another way to track the health and tidiness of your SCCM environment.

What is Management Insights in SCCM?

Management Insights is similar to a robotic assistant that will keep an on your SCCM environment for you and let you know the details. Who is not following your standard processes? Who is doing wrong or not recommended things within your SCCM hierarchy?

Management insight helps to gain valuable insights into the current state of the SCCM CB environment based on analysis of data in the site database. I assume the SCCM product group will provide an option to create custom management insights in the future. The Management Insights feature was introduced with the SCCM CB 1708 preview version.

SCCM Management Insights Clean Healthy SCCM CB Environment - Fig.1
SCCM Management Insights Clean Healthy SCCM CB Environment – Fig.1

Where is Management Insights Located in the SCCM CB Console?

Launch the SCCM CB console and navigate via \Administration\Overview\Management Insights

1. \Administration\Overview\Management Insights\All Insights
2. \Administration\Overview\Management Insights\All Insights\Software Center
3. \Administration\Overview\Management Insights\All Insights\Applications
4. \Administration\Overview\Management Insights\All Insights\Simplified Management
5. \Administration\Overview\Management Insights\All Insights\Collections
6. \Administration\Overview\Management Insights\All Insights\Cloud Services

What are the Features of Management Insights in SCCM?

We have five (5) built-in management insights options in SCCM CB 1802. Let’s take a look at those in detail. The below table helps you to show more details.

What are the Features of Management Insights in SCCM?
Software Center – Insights for managing the software center
Applications – Insights for your application management
Simplified Management – Insights that help you simplify the day-to-day management of your SCCM environment
Collection – Insights that help simplify your management by cleaning up and re-configuring collections
Cloud Services – Modernise and simplify your management infrastructure by leveraging the power of the cloud. SCCM is integrated with many cloud services, enabling more straightforward and more modern management of your devices.
SCCM Management Insights Clean Healthy SCCM CB Environment – Table 1

Software Center – Insights for Managing Software Center

Software Center helps you get information and insights into software center versions available in your SCCM environment. A couple of out-of-the-box rules are created to find software center versions. Also, it helps to clean up the old version of SCCM software center and learn how to get new software center versions.

Rule 1 – Direct your user to the software center instead of the application catalog
Rule 2 – Use the new version of the Software Center

The application catalog is depreciated, and you should deploy the new version of the software center – More details in Microsoft documentation.

Applications – Insights for Your Application Management

Application management options in management insight can help you find evil things happening within the application creation world. Using this feature, let’s clean up the OLD applications in your SCCM environment. This helps to keep the health of all your application echo systems.

Rule 1Applications without deployments

Simplified Management – Simplify the Day to Day MGMT of Your Environment

SCCM simplified management rule in the SCCM management insight feature helps to find out the non-SCCM CB client versions in your environment. This will help to keep your SCCM environment healthy and updated.

Rule 1 – Non-CB Client Versions

Collection – Simplify Device Management

SCCM management insights help simplify device management options for your organization. The following rule of MGMT insights helps you keep an eye on your environment’s collections. This helps you clean up and reconfigure collections.

Rule 1 – Empty Collections

Cloud Services – Modernise & Simplify Device MGMT Infrastructure

Cloud services management insights are to get more details about modern management scenarios. One of the key modern management scenarios is enabling and keeping track of the co-management features.

Modernise and simplify your management infrastructure by leveraging the power of the cloud. SCCM is integrated with many cloud services, all of which enable simpler and more modern device management.

Rule 1

Assess co-management readiness. There are three (3) prerequisites for co-management. 1. Update clients to the latest Windows 10 version, 2. Configure Azure Services for use with SCCM and 3. Enable Devices to be hybrid Azure Active Directory Joined.

Rule 2

Configure Azure Services to use with SCCM

Rule 3

Enable Devices to be hybrid Azure Active Directory joined

Rule 4

Update Clients to the latest Windows Version

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM 1802 Upgrade

Step by Step Video to Perform SCCM 1802 Upgrade Configuration Manager ConfigMgr

The Microsoft SCCM team released the new production version of SCCM 1802. When you have a service connection point in Online mode, this post will provide an end-to-end video tutorial on the SCCM 1802 Upgrade.

Update: Microsoft already tweaked SCCM 1802 not to block upgrades for DPs running Windows 2008. Here is Djam’s tweet on this topic.

The 1802 production upgrade process should be initiated from top-level sever CAS or stand-alone primary. This upgrade process automatically upgrades Primary child servers and remote systems system servers (MP, DP, and SUP).

SCCM CB secondary site servers are not supported for automatic upgrade. I also produced a quick review after the SCCM CB upgrade to 1802 in this post.

Step by Step SCCM CB upgrade to 1802 Primary Standalone – SCCM Primary Upgrade Video Guide

The 1802 production upgrade process should be initiated from top-level sever CAS or stand-alone primary. This upgrade process automatically upgrades CAS, primary servers, and remote system servers.

It does not support the automatic upgrade of SCCM CB secondary site servers. I also produced a quick review after the SCCM CB upgrade to 1802 in this post.

Step by Step Video to Perform SCCM 1802 Upgrade Configuration Manager ConfigMgr – Video 1

SCCM CB 1802 is the latest (NEW) baseline build. You can download SCCM CB 1802 from MSDN or the Volume Licensing portal. Once the 1802 baseline build is downloaded, then you can build a new SCCM infra with 1802. There are two scenarios where you can use the baseline version.

What is the Latest Baseline Build for SCCM CB?

I recommend using the following checklist before starting the SCCM CB upgrade process. For more details about the SCCM 1802 checklist, click here.

  • Use the latest baseline version when installing a new site in a new hierarchy.
  • SCCM CB 1802 Baseline version to upgrade from SCCM 2012

SCCM 1802 Upgrade Checklist

Make sure your SCCM server infra is supported for SCCM CB 1802. For more details, run the setup prerequisite checker at least one week before the SCCM CB 1802 upgrade.

  1. Plan the upgrade of remote SCCM CB 1802 consoles or the console published in Citrix. Even though SCCM CB 1802 supports a 1710 console.
  2. Ensure that all sites run a version of SCCM that supports updates to 1802. The minimum supported version for the SCCM CB 1802 upgrade is 1702. If your existing SCCM CB environment is not 1702 or later, you won’t get the SCCM CB 1802 production update in the console.
  3. Review the Windows ADK version for Windows 10—Make sure your Windows 10 ADK version is 1709 or later. I recommend updating the Windows ADK 1709 before the SCCM CB 1802 upgrade. This helps the default boot images get automatically updated to the latest version of Windows PE. Also, remember that the custom boot images must be updated manually.
  4. Review the backlog of File and SQL-based Replication
  5. Disable database replicas for MP at primary sites (Also, SUP with NLB)
  6. Set SQL Server AlwaysOn availability groups to manual failover
  7. Disable site maintenance tasks (backup, delete an aged client, and delete old discovery) at each site (primary and CAS)
  8. Temporarily stop any antivirus software
  9. Create a backup of the site database at the SCCM CAS and primary sites
  10. Plan and Use client piloting for a newer version of the SCCM CB 1802 client

How to Start SCCM 1802 Upgrade

I hope you have already gone through before going through the upgrade process. Login to CAS or a stand-alone primary server and launch the SCCM CB console. Navigate the SCCM console via – Administration > Overview > Cloud Services > Updates and Servicing. Make sure you right-click and select “Install Update Pack”.

You can go through the Wizard, as I showed in the SCCM CB 1802 upgrade video tutorial. But remember to select pilot collection for new client version deployments. The following is a sample summary of my lab’s SCCM CB 1802 update package installation.

Success: Install Update Package Configuration Manager 1802
Prerequisite warnings will be ignored
Turn on the following features:
• Approve application requests for users per device
• Enable third-party update support for clients
• Support for Cisco AnyConnect 4.0.07x and later for iOS
• Phased Deployments
Test a new version of the client in the pilot

Find Out SCCM CB Update Stage IDs and Stage Names

SCCM CB 1802 production Upgrade process is straight, as you can see in the video tutorial for the 1802 upgrade. Check the status from the monitoring workspace (\Monitoring\Overview \Updates and Servicing Status\Configuration Manager 1802) and the logs.

If you have trouble downloading the SCCM CB 1802 production update, refer to my previous troubleshooting guide. The SCCM 1802 Upgrade is usually super easy, but in this case, it requires fixing the SCCM CB update Redist Download Issue.

Stage IdStage Name
10Download
11Replication
12Prerequisite Check
13Installation
14Post Installation
Step by Step Video to Perform SCCM 1802 Upgrade Configuration Manager ConfigMgr – Table 1

SCCM CB 1802 Versions

All the features available in the SCCM 1802 preview version are unavailable in the production version of SCCM 1802. This is expected, and I noted this in the SCCM CB 1802 preview post. I’m pointing out the features listed below in the SCCM console.

  • SCCM CB 1802 Version 1802
  • SCCM CB 1802 Console Version 5.1802.1082.1700
  • SCCM CB 1802 Site Version 5.0.8634.1000
  • SCCM CB 1802 Build Number 8634
  • SCCM CB 1802 Client Version 5.00.8634.1007

Features Overview of SCCM 1802 Production Release 

The SCCM CB 1802 production release has five (5) pre-release features and Fifteen (15) production features. Management Insight is one of the exciting features missing from the SCCM 1802 production release (at least from the SCCM console features GUI), but it is available on the product.

\Administration\Overview\Updates and Servicing\Features

Five(5) Pre-Release Features of SCCM CB 1802 Production Release

What is the SCCM Data Warehouse Service Point? Use the data warehouse service point to periodically copy data from your SCCM site database to another DB for long-term storage and trend analysis.

  • Windows Defender Application Control
  • Phased Deployments
  • Enable third (3rd) party update support on clients
  • Server Groups
  • Support for Cisco AnyConnect 4.0..7x and later for iOS

Fifteen(15) Release Features of SCCM CB 1802 Production Release

Let’s discuss the Fifteen(15) Release Features of the SCCM CB 1802 Production Release. The list below will help you to see more details.

  • PFX Create
  • Passport for Work
  • Windows Defender Exploit Guard Policy
  • Surface Driver Updates
  • OMS Connector
  • Device Health Attestation assessment for compliance policy for CA
  • Create and Run Scripts
  • Client Peer Cache
  • Approve Application requests for Users per Device
  • Run Task Sequence Step (Promoted)
  • Conditional Access for Managed PCs
  • Task Sequence Content Pre-Caching
  • Data Warehouse Service Point
  • Cloud Management Gateway
  • VPN for Windows

Not Listed Features?

Let’s discuss the Not Listed Features. The list below will help you to see more details.

  • Reassignment Distribution Point (The feature is by default enabled and removed from the features list)
  • Add a passive primary site server. 
  • Surface Device Dashboard  ( The feature is by default enabled and removed from the features list)
  • Management Insights  ( The feature is by default enabled and removed from the features list)
  • Office 365 Support Volume Licensing SKU in C2R Wizard 
  • Passport for Work ( The feature is by default enabled and removed from the features list)

Quick Explanation about New Features of SCCM 1802 Production Release

What is SCCM Cloud Management Gateway (CMG) – SCCM CMG Provides a simple way to manage SCCM clients on the Internet. The gateway server (Azure PaaS) is deployed to Microsoft Azure. This Connects internet clients to your on-premises SCCM infrastructure.

Windows Defender Application Control – Windows Defender Application Control helps lock down Windows 10 computers so that they can only run trusted software.

What are SCCM Phased Deployments – Phased Deployments automate a coordinated, sequenced roll-out of software across multiple collections

Enable third (3rd) party update support on clients – Enabled configuration by allowing signed third party updates policy and installing WSUS code signing certificate on clients.

Client Settings Changes After SCCM 1802 Upgrade

There are two (2) types of client setting policies. User Client Settings and Device Client Settings are two of them. However, there is one mother of client settings policy, and that is called Default Client Settings. Windows Analytics setting is only available in default policies.

  • 22 categories are there in SCCM CB 1802 Default Client Settings Policies
  • 20 categories are there in SCCM CB 1802 Device Client Setting (User and Device Affinity are missing)
  • 3 categories are there in SCCM CB 1802 User Client Settings (Cloud Services, Enrollment, and User & Device Affinity)

Co-Management Changes – SCCM 1802 Production Release

For Windows 10 devices that are in a co-management state, you can have Microsoft Intune start managing different workloads.

Choose pilot Intune to have Intune Manage the workloads for only the clients in the pilot group. If you are not ready to move the workload to Intune, select SCCM (ConfigMgr). More details here.

You can move the co-management workloads with SCCM, Intune, or both. We can offload four (4) workloads to Intune. Endpoint protection (Windows Defender ) is newly added to the SCCM 1802 production version. I have a post about the co-management strategy.

  • Compliance Policies – Intune Compliance Policies
  • Resource Access Policies – Intune WiFi and VPN Profiles
  • Windows Update Policies – Windows Update for Business – Patching
  • Endpoint Protection – Windows Defender

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

MVPHackADoc

Learn to Fix Microsoft SCCM Intune Documentation

Let’s learn how to fix Microsoft SCCM Intune Documentation Configuration Manager ConfigMgr. How many of us complain about SCCM Intune documentation?

The documentation is not updated, relevant, etc. Here is the real opportunity to help yourself and update the SCCM and Intune documentation.

But don’t worry about the quality of the SCCM Intune documentation, as there are several steps to validate before your edits/changes are published. Hack a doc is the theme of this post 😉

Check out the Video “Learn How to Help Fixing SCCM Intune Documentation Issues“. This post will give you all the details on learning to fix Microsoft SCCM Intune Documentation.

Learn to Fix Microsoft SCCM Intune Documentation

We had a great MVPHackaDoc session with Aaron during the MVP Summit 2018. All the credits to Aaron taught me how to update SCCM/Intune documentation. I don’t recommend going around and editing or updating all the documentation. But start small before you leap.

Start Small

Learn to Fix Microsoft SCCM Intune Documentation – Video 1

What has Changed?

The Microsoft documentation service (https://docs.microsoft.com) is hosted on the GitHub platform, which improves the user experience while reading the documentation.

Even SCCM and Intune documents have been migrated to a new platform. The following is my list of key features of the new docs on the Microsoft platform.

  • Readability
  • Estimated Reading Time
  • Content and Site Navigation
  • Shortened Article Length
  • Responsive Design
  • Community Contributions
  • Social Sharing
  • Friendly URLs

How to Start Updating SCCM Intune Documentation?

I hope you read a lot of Microsoft documentation every day. You found the wrong article and want to inform the Microsoft Doc team about this incorrect information.

  • If you don’t have one, create one. It took me one and two minutes to do so.
  • You can select the GitHub Free plan during the signup process and tailor your experience to include a short introduction about yourself.
  • Open the article you identified and click the EDIT button, as I showed in the video tutorial. You should open the article from the same browser you are already logged in to from your GitHub account.
  • Once you click on the EDIT button on that article, it will redirect to the GitHub editor.
  • You will perform all the updates in the GitHub editor.

Identify the Article and Start Contributing

How to Contribute to SCCM Intune Documentation

As Aaron mentioned in his “MVP Hack a Doc” session, start small. Standard GitHub accounts may not have access to edit live document code. And you will get the following error when you try to edit or update an article.

  • You’re editing a file in a project you don’t have write access to.
  • Submitting a change to this file will write it to a new branch in your fork.
  • AnoopCNair/SCCMdocs so that you can send a pull request.

As I have shown in the “Hack A Doc video, A perfect example of raising an issue from Jason. He raised a problem and a documentation BUG was filed to fix this issue. 

I also tried creating a pull request, but I think that requires more access to edit the master file. A normal GitHub account may not have access to proceed with a pull request.

Another interesting thing I learned was how to select the best title, title suffix, description, and ms. Custom, ms. Date, and Ms. Prod for technical articles. As Aaron suggested, we can start doing the following things:-

Start Doing the Following Things
Clarifications
Examples
SDK, PowerShell
Guidance tips
Translations
See something, fix something
Learn to Fix Microsoft SCCM Intune Documentation – Table 1

I have tried raising an issue with documentation, which is the best and easiest part I learned during the MVPHackaDoc session. I have more details about the problems raised in Hack A Doc’s video tutorial.

Another useful option trying to try to track the documentation issues with th GitHub account. So we can rest assured that Microsoft is aware of this bug and will fix it soon. Following is the file structure of the GitHub article (for example) SCCMdocs/sccm/core/plan-design/hierarchy/accounts.md .

Start Contributing = Raising an Issue

Learn to Fix Microsoft SCCM Intune Documentation - Fig.1
Learn to Fix Microsoft SCCM Intune Documentation – Fig.1

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Free LinkedIn Learning Courses for SCCM Intune 6

Free LinkedIn Learning Courses for SCCM Intune

Free LinkedIn Learning Courses for SCCM Intune. I agree with the following sentence, so I’m sharing my experience with LinkedIn learning. Microsoft MVPs are notorious for passionately sharing their knowledge with the world.

In this post, we will learn about free LinkedIn learning courses available for SCCM and Intune (Learn SCCM Intune).

SCCM is great, and it will not die, as per Microsoft. But don’t abandon Intune learning. I strongly recommend going through the Intune learning process.

Microsoft MVP Award program celebrated its 25th anniversary. As part of the 25th-anniversary celebrations, LinkedIn unlocked 15 Courses Covering Key Technology Skills. The following is the list of 15 courses that LinkedIn has unlocked. This post will discuss more details about SCCM and Intune free study materials.

Introduction

I have a full-blown post about systematic learning of SCCM and Intune. The approach to learning should be the same as I mentioned in the post, which was published back in 2015. I learned SCCM the hard way. There was no one to handhold and teach me.

Great Learning – What to Learn Intune? Great Resource Around you!
(1) LinkedIn Learning Courses for Microsoft Intune
(2) Learning How to Learn SCCM Intune Azure
(3) Learn Intune Beginners Guide MDM MAM MIM
(4) Microsoft Intune for SCCM Admins Part 1
Free LinkedIn Learning Courses for SCCM Intune – Table 1

My Favourites Microsoft System Center Configuration Manager… SCCM CB Learning Microsoft Enterprise Mobility Suite (Azure AD and Intune) Office 365 for Administrators: Supporting Users Part 1 Windows 10: Deploy and Manage Virtual Applications Productivity Apps Excel 2016: Get & Transform PowerPoint: Designing Better Slides OneNote Tips and Tricks Visio Tips and Tricks Automation & Developer Microsoft Graph for Developers API Development in .NET with GraphQL ASP.NET Core: Razor Pages ASP.NET Core New Features Microsoft Cybersecurity Stack: Advanced Identity… Microsoft Cloud Services: Troubleshooting Online… Building and Securing RESTful APIs in ASP.NET Core

How to Start Learning SCCM and Intune?

I never got a chance to attend training before being pushed to work on SCCM. That is a different experience, as I explained in the future of SCCM/Intune jobs post.

How Do You Get Access to Free SCCM and Intune Video Courses?

These 15 courses are free only for a limited period. As per the MVP Award program post, they are unlocked for the general public until the middle of April! So don’t waste time—start learning SCCM/Intune using LinkedIn study materials.

In the video tutorial here, I explain how to start learning through LinkedIn courses. However, the SCCM course won’t work from the following link. I recommend using the link I provided in the next section of the post.

  1. Open https://learning.linkedin.com/events/2018/03/msft-mvp-global-summit
  2. No need to log in to LinkedIn to access these courses (anonymous access is allowed)
  3. Open any of the 15 free courses available
Free LinkedIn Learning Courses for SCCM Intune - Fig.1
Free LinkedIn Learning Courses for SCCM Intune – Fig.1

Start Free SCCM Online Course

To start the cause, you don’t need to log in with your LinkedIn account. Also, you don’t need to start the trial version of LinkedIn learning for a month. You can access the SCCM course from a private browser without logging in.

  • To start the Free SCCM online course from a private browser
  • Content of the SCCM CB Course
  • Introduction (More details about SCCM CB content at the bottom of the post)
  1. Planning and Deploying a Standalone Primary Site
  2. Designing and Deploying a Multiple-Site Hierarchy
  3. Planning Resource Discovery and Client Deployment
  4. Managing Content and Replicating Data in Configuration Manager
  5. Configuring Internet and Cloud-Based Client Management
  6. Maintaining and Monitoring SCCM CB
  7. Upgrading to SCCM CB
    Conclusion

Start Free Intune Online Course

Intune course is part of EMS. So, the EMS course includes both Azure AD and Microsoft Intune. I have an Intune starter kit that can help you start learning Intune from scratch. More details are available in the Intune guide for beginners in the enterprise mobility world.

  • Start the course Directly from the following link
  • Content of the Intune Course

Microsoft Intune

With Intune, you can easily manage apps and devices. You can also configure Intune to manage iOS and Android. More details are explained below.

  • Manage apps and devices with Intune – 3m 30s
  • Configure Intune to manage iOS and Android – 4m 0s
  • Build and deploy a basic policy for iOS or Android – 5m 17s
  • Deploy and manage mobile apps -5m 15s
  • Enrol your first device – 2m 45s

Resource

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…