I have explained about the upgrade of SCCM 1810 in the previous post and video. In this post, you will learn the SCCM 1810 improvement and new features. I will explain each improvements of SCCM 1810 with screenshots of settings so that it will be useful for you to understand.
Business Justification of SCCM 1810 Upgrade
SCCM 1810 has more than 20 fixes. SCCM 1810 provides fix for more than 20 documented issues which are there in SCCM 1806 version. Microsoft released a KB article to list down all the fixes which are included in SCCM 1810 version. More details available here.
High Availability – SCCM 1810 Improvements
Hierarchy support for SCCM site server high availability. SCCM CAS and child primary servers can have additional passive site servers for high availability. SCCM Central administration sites and SCCM child primary sites can now have an additional SCCM site server in passive mode.
SCCM Site System Server on Windows Cluster Node
SCCM primary server can be installed on the Windows role for Failover Clustering. SCCM supports the installation of the primary server on the Windows cluster node. Windows cluster node role is a prerequisite for SQL availability group and SQL always on.
You can create an SCCM highly available site with fewer servers by using SQL Always On and a site server in passive mode.
SCCM 1810 Content Management Improvements
SCCM 1810 comes with new boundary group options to give more granular control. More visibility to peer cache supported clients in management insights.
Prefer distribution points over peers with the same subnet: If you don’t want to use peer cache for some set of SCCM clients, then you can enable this option. This DP preference would help clients to download the content from DP rather than peer cache client.
Prefer cloud distribution points over distribution points: When you have a branch office with a faster internet link better than WAN connection, you can now prioritize SCCM Cloud DP rather than using on-prem DP for content download.
Task sequence support for boundary groups -- https://docs.microsoft.com/
Notify Resource – New Security Permission Added
Client notification actions are not working for SCCM admins after SCCM 1810 upgrade? If so, this is because of new security improvement in SCCM 1810. SCCM Client notification actions now require the Notify Resource permission under the collection section.
I could see only full administrator has the permission assigned to Notify Resources. So you may need to create a custom security role with Notifu Resource permission to resolve the issue mentioned above.
New Wakeup Device Option from Device Notification Action
SCCM 1810 comes with an improvement in device notification action. Now admin can wake up a device from SCCM console which is not in the same subnet as the site server.
The SCCM 1810 site server uses another client on the same subnet to send the wake on LAN request. SCCM client notification channel helps to identify another SCCM client that’s awake in the same remote subnet.
Collection Evaluation Improvements
SCCM 1810 comes with a couple of collection improvements. I can explain only one improvement which I tested now in this post. Have you noticed the following option “Schedule a full update on this collection” in collection properties?
In previous versions of SCCM 1806 or prior, to fully disable the schedule for query-based collection, you had to change the schedule to None from custom schedule window. Now the SCCM site disables the schedule when you disable “Schedule a full update on this collection” setting.
SCCM Console Administrator Authentication
SCCM console authentication (new tab in hierarchy settings) improvements in 1810 version. You can now specify the minimum authentication level for administrators to access SCCM sites. You can also exclude certain users or groups from the SCCM console authentication tab.
Microsoft provides the following three (3) options to deliver access control to all the sites in your SCCM hierarchy. You can’t have a different authentication method for different child primary servers.
- Windows authentication: Require authentication with Active Directory domain credentials.
- Certificate authentication: Require authentication with a valid certificate that’s issued by a trusted PKI certificate authority.
- Windows Hello for Business authentication: Require authentication with strong two-factor authentication that’s tied to a device and uses biometrics or a PIN.
Management Insights Improvements
I have a post which explains about the end to end management insight groups and rules of SCCM 1810. I would recommend reading this post to know more about management insight improvements.
The following are the management insight groups available with SCCM 1810 version. Along with this version, SCCM 1810 has an excellent dashboard overview of management insights.
- Software Center
- Simplified Management
- MacOS and Unix
- Cloud Services
- Proactive Maintenance
SCCM Internet Client Installation Improvements (CMG)
You can install SCCM client from the internet using Intune and SCCM CMG. You can Create a “Client app” from Intune portal with the latest SCCM client package and deploy the app to Windows 10 devices that you want to manage from the internet. SCCM 1810 Improvement to Client installation.
I have a post with more details about internet based SCCM client installation using SCCM CMG. With SCCM 1810 onwards, you need to use only two parameters to install the SCCM clients from the internet. The following are the two required ccmsetup properties are:
More details available in the following Microsoft documentation.
Required App compliance policy for co-managed devices
You have a new option in SCCM 1810. You can define compliance policy rules in SCCM for required applications. This app assessment is part of the overall compliance state sent to Microsoft Intune for co-managed devices.
Navigate to SCCM console – \Assets and Compliance\Overview\Compliance Settings\Compliance Policies
Success: Compliance Policy settings
• Name: Rule Complaince
The following platform versions are supported:
• All Windows 10 (64-bit)
• All Windows 10 (32-bit)
• All required updates installed with a deadline older than X days: 5
More details – https://docs.microsoft.com/
CMPivot and Scripts -SCCM 1810 Improvements
There are many new entities added to SCCM 1810 CMPivot. I think most of the WMI classes can be queried directly from CMPivot. More details about the CMPivot architecture and troubleshooting are available in my previous post here.
I have more detailed and updated post on SCCM Run Script improvements. I would recommend reading the same. Some of the highlights in the CMPivot is available in the following screenshot.
- CMPivot gives an option Save Favorite queries
- On the Query Summary tab, select the count of Failed or Offline devices, and then select the option to Create Collection
SCCM 1810 Driver Maintenance Improvements
With SCCM 1810, Microsoft added new metadata fields for Driver Manufacturer and driver Model metadata options. These manufacturers and model details help to organize the drivers in a better manner.
Use these fields to tag SCCM driver packages with information to assist in housekeeping, or to identify old and duplicate drivers that you can delete.
Task sequence support of Windows Autopilot for existing devices
With SCCM 1810, you have an option to create a task sequence support of Windows Autopilot existing devices. More Details – https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/existing-devices#create-an-autopilot-for-existing-devices-task-sequence
Repair Applications & Approve application requests via email
With SCCM 1810, the application approval behavior got improved. The application approval settings appear on the Deployment Settings page of the SCCM 1810 application deployment.
Also, there is a new application repair option for end users from software center got introduced with SCCM 1810 version. This repair option is also under application deployment settings page or tab under application deployment. Now you can use SCCM to repair applications!
- Allow end users to attempt to repair this application: Enabled
- Allow clients to use a metered Internet connection to download content: Disabled
Software Updates Phased Deployments & Maintenance Windows
Phased deployments are enabled for Software updates from SCCM 1810 onwards. The phased deployments are next level of automation of controlled deployments.
Also, SCCM 1810 improvements come with maintenance windows. SCCM Software Updates group to control the installation behavior of patching in maintenance windows. This behavior can be controlled via clients settings.
Enable installation of updates in “All deployments” maintenance window when “Software update” maintenance window is available. When you select YES, then the clients will be able to use other available maintenance windows to install software updates.
- SCCM 1810 Upgrade #Video Guide & Best Practices
- SCCM 1810 Upgrade Step by Step Walkthrough Guide
- Why Should I upgrade to 1810 ? What is New with SCCM 1810 -> https://docs.microsoft.com/en-us/sccm/core/plan-design/changes/whats-new-in-version-1810
- Windows 10 Support as SCCM Client – https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/support-for-windows-10
- Windows 10 ADK Support for SCCM 1810? https://docs.microsoft.com/en-us/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk