SCCM

SCCM (A.K.A ConfigMgr) Explained
SCCM is Microsoft Microsoft Endpoint Manager Configuration Manager. This solution is used by most of the organizations in the world to manage their enterprise devices. This is the best resource to Learn and troubleshoot on issues.

How is SCCM (A.K.A ConfigMgr) Used?
SCCM solution is mainly used to manage Windows devices. But it has rich capability to manage and Mac OS devices as well. As per Microsoft, this tool is managing more than 75% of enterprise devices of the world. Linux and Unix devices are not supported by MEMCM (A.K.A Microsoft Endpoint Manager Configuration Manager)

How CAN SCCM Be Applied to Your Organization?
This solution can be used to install the application within your organization. OS deployment is another feature of this solution used within most of the enterprises. Another important use of this solution is to deploy patches across the enterprise and secure those devices.

There are 1000000 devices managed by this solution around the world. And SCCM device management solution is used within organizations to deploy millions of applications.

Server Client Application
This solution is a server-client application. All the managed clients’ inventory is stored in the CM SQL database.

SCCM Core infrastructure, Updates for Configuration Manager, Supported configurations for Configuration Manager, Cloud-attached management of CM, Co-management for Windows 10,
Manage clients on the internet, Windows as a service, CMPivot, Application management.

Other Uses for SCCM

SCCM can used for Manage apps from the Microsoft Store for Business, OS deployment, Introduction to OS deployment, Upgrade to Windows 10, Phased deployments, Software update management, Introduction to software updates management, Manage Office 365 ProPlus updates.

SCCM MVP community group is one of the known community groups in the IT Industry.

SCUP Upgrade

Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher

Let’s learn how to upgrade the SCUP Environment SCCM System Center Updates Publisher. The new version of SCUP was released a few weeks ago. This post answers the following questions about SCUP Upgrade.

I have also created a video tutorial to help us understand how to upgrade the SCUP version to the latest one. Download the latest version of SCUP 6.0.278.0.

Do we need to uninstall the existing version of SCUP to install the new version? Do we lose all the configurations and data as part of the upgrade

System Center Updates Publisher (SCUP) is a stand-alone tool that enables independent software vendors (third-party -3rd – applications) or line-of-business application developers to manage custom updates.

What is Microsoft SCUP?

Let’s discuss the Microsoft SCUP. The section below will help you to see more details.

What is Microsoft SCUP?
Version: 6.0.278.0
File Name:- UpdatesPublisher.msi
Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher – Table 1

You wanted to learn more about SCUP and its functionality through video tutorials. I recommend reading the previous SCUP posts for more details on this topic.

Features of SCUP?

SCUP is a tool for importing updates from external catalogs (non-Microsoft update catalogs). It also enables the modification of updated definitions, including applicability and deployment metadata.

SCUP Upgrade Experience 

SCUP is the tool used to export updates to external catalogs. Using SCUP, we can publish updates to a WSUS server.

Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher - Fig.1
Learn How to Upgrade SCUP Environment SCCM System Center Updates Publisher – Fig.1

As I showed in the SCUP Upgrade video tutorial, the SCUP upgrade process is straightforward and smooth. You won’t lose any of your existing configuration.

In my experience, everything configured in the existing version of SCUP will remain the same. The following is the high-level process that I followed to upgrade the SCUP environment.

Download the latest version of SCUP from Microsoft Download Center. The size of the MSI file is not big. It’s only ~5 MB.

The old version of SCUP is installed and configured on the server. There is no need to remove the previous version of SCUP before installing the new one; the latest version will upgrade the previous version.

Once SCUP is successfully installed on the server, we can launch it from the start menu. It will take time for you to launch SCUP for the first time.

This is because all the configuration options will happen in the background once we launch SCUP for the first time.

I will share my detailed review of SCUP in a different post. I’m interested to see the changes Microsoft promised in their SCUP release blog post.

SCUP Prerequisites or Requirements

The following are the prerequisites for the new version of SCUP.

Supported Operating System

  • Windows 10, Windows 8.1, Windows Server 2012 R2, Windows Server 2016
  • A supported Windows Server Update Services (WSUS) console. On Windows Server, install the default Administration Console to meet this requirement.
  • For Windows 10, install the Remote Server Administration Tools (RSAT) for Windows operating systems.

SCCM Dependency

SCCM 2012 R2 SP2
SCCM 2012 R2 SP1
A supported version of SCCM CB.
SCCM LTSB version 1606

https://www.youtube.com/watch?v=sNn77zOSiBo

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr 1

SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr

The SCCM CB 1803 preview version was released a few weeks ago. I was busy with SCCM CB 1802 production posts, so I couldn’t get time to install it. In this post, we will review my SCCM CB 1803 upgrade experience.

What is the SCCM CB Preview Version? If you have not installed the SCCM preview version in the lab, I recommend downloading and installing the latest preview baseline version, SCCM CB 1711. The above download link should be used ONLY when you want to test the Preview version in your lab environment.

What is the SCCM CB Preview Version? The SCCM CB Preview version is valid only for 90 days or 3 months. It should NOT be installed in the production environment. The SCCM preview version supports a maximum of TEN(10) clients.

I have created a video tutorial to provide a real experience of the SCCM CB 1803 upgrade process.

SCCM CB 1803 Video Tutorial

This video tutorial also gives a real-life experience of the new features included in the 1803 preview version of SCCM CB. Subscribe to the YouTube channel for updates on the latest SCCM/Intune video tutorial.

SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr - Fig.1
SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr – Fig.1

SCCM CB 1803 – List of Features

Microsoft’s SCCM team was busy during the 1802 production release. The preview version 1803 doesn’t have as many new features as expected.

I could see only 21 features available under the SCCM 1803 console “\Administration\Overview\Updates and Servicing\Features.”

  1. Add a passive primary site server.
  2. Approve Application requests for Users per Device
  3. Client Peer Cache
  4. Cloud Management Gateway
  5. Conditional Access for Managed PCs
  6. Create and Run Scripts
  7. Data Warehouse Service Point
  8. Device Health Attestation assessment for compliance
  9. Enable third (3rd) party update support for clients
  10. OMS Connector
  11. Passport for Work
  12. PFX Create
  13. Phased Deployments
  14. Run Task Sequence Step
  15. Server Groups
  16. Support for Cisco AnyConnect 4.0..7x and later for iOS
  17. Surface Driver Updates
  18. Task Sequence Content Pre-Caching
  19. VPN for Windows
  20. Windows Defender Application Control
  21. Windows Defender Exploit Guard Policy

High-Level Description of New FeaturesCustom Tab for Web Page in Software Center

Once you have upgraded the SCCM client and Server to 1803, you can now create a customized tab to open a web page in the Software Center.

  • Create Custom Tab in SCCM Software Center – In Client Settings, select the Software Center group. Specify a tab name and content URL for the customized tab.
  • Upgrade the SCCM CB client to 1803 and launch the Software center.
Enable copy/paste of asset details from SCCM Monitoring WorkSpace
Enable copy/paste functionality in the asset details pane in deployment and distribution status monitoring views.
SCCM CB 1803 Review of Upgrade and Features Configuration Manager ConfigMgr – Table 1

Enable 3rd software update support on SCCM CB clients

You can now enable the configuration of the ‘Allow signed updates from an intranet Microsoft update service location policy and installation of Windows Server Update Services code signing certificate on clients.

I have posted about this feature. I would recommend reading that post-SCCM CB 1802 Enable Third-Party Software Update Support.

  • Enable third-party software updates in Software Update Point top-level site component configuration
  • Configure (default) Software Updates client agent settings to enable third-party software updates on clients
  • Deploy custom Software Updates client agent setting to enable third-party software updates on clients
  • Successfully import third-party software updates signing certificate from Windows Software Update Services.

Improvements to PXE-enabled distribution points

The WDS requirement is removed from PXE-enabled DPs. This is possible if you are NOT using the multicast feature. Configure a PXE-enabled distribution point to use a PXE responder service that supports IPv6 and does not require Windows Deployment Services (WDS).

  • On the PXE tab of the distribution point properties, check “Enable a PXE responder without Windows Deployment Service” and click OK.

Maintenance windows Details in Software Center

The client machine’s software center displays maintenance Windows details, which is useful for troubleshooting scenarios for the help desk.

  • Software Center displays the next scheduled maintenance window on the Installation Status tab.

Partial download support in client peer cache to reduce WAN utilization

SCCM Client Peer cache is improving with every release of SCCM CB. Client peer cache sources can now divide content into parts. These parts minimize the network transfer to reduce WAN utilization.

Pull DP support Cloud DPs as a source.

You can set a cloud distribution point as a source for a pull distribution point.

Management Insights – SCEP for Mac and Unix Depreciation

I could see a new management insight option in the SCCM 1803 console: “\Administration\ Overview \ Management Insights\All Insights\MacOS and Unix.” It seems that SCEP for Mac and Unix will be depreciated by the last release of SCCM CB in 2018.

Resources

  1. SCCM CB 1803 Microsoft Documentation
  2. Know more about the SCCM Technical Preview Version 

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Microsoft Intune Training Course Intune Certification | Free training Videos 2

Microsoft Intune Training Course Intune Certification | Free training Videos

Microsoft Intune training course from Microsoft Learning is free. However, if you need a verified certificate, you’ll need to pay around USD 99$

Microsoft Course Number INF260x – Microsoft Azure Security Services includes one module on the Microsoft Intune device management solution. If this is your first edX course, I recommend you check out DemoX.

Updated Intune training 63 Episodes Of Free Intune Training For Device Management Admins HTMD Blog (anoopcnair.com). Learn Microsoft Intune – Use the Microsoft Intune Starters Kit to start learning Intune. Video experience of Intune training course and certification.

I have gone through the content of the Intune module, and it’s exciting and useful. One of the topics is How Intune Works? And the answer to that is “Intune device management works by using the protocols or APIs available in the mobile operating systems.”

The Content of the Intune Training Course Module

Let’s discuss the Content of the Intune Training Course Module. The list below will help you to see more details.

  • Microsoft Intune for Windows, iOS, and Android devices
  • Device Health Attestation
  • Mobile Device Management (MDM)
  • Mobile Application Management (MAM)
  • Data governance with GDPR
  • Security aspects of AutoPilot

How to Enrol in the Intune Training Course

You have four (4) options to enrol in the EdX training course. You can use either of the following options to start the training course. The table below will help you to see more details.

How to Enrol in the Intune Training Course
Facebook
Google
Microsoft
Create a New Account
Microsoft Intune Training Course Intune Certification | Free training Videos – Table 1

Review of Intune Training Course Content

Overall, the Intune training course content is good. This course is more about the security aspects of Microsoft Intune, but I agree that it covers Intune basics and design considerations, so Intune topics are helpful.

The General Data Protection Regulation (GDPR) will take effect in May 2018. The Intune module of this course provides more details about GDPR and privacy.

However, I also think the Microsoft learning team needs to update the content for some parts of the Intune training course. For example, the Intune training module references the Mobile Device Management Design Considerations Guide v2.

The TechNet gallery PDF document is pretty old (it was updated in 2015). It talks about Intune hybrid (with SCCM) architecture considerations, which are not relevant in 2018.

More Details on the First Topic of the Intune Training Course Module

The Intune module starts with a necessary explanation of Intune technology. It’s nicely explained.

What is Microsoft Intune
How Intune Works
Azure Active Directory integration with MDM Intune
MDM (Intune?) Design Considerations
 Identify your mobile device management requirements.
 Plan for mobile device management
 Plan for enhancing mobile device protection
 Plan for SaaS mobile device management
Application Management with Intune
General Data Protect Regulation with Intune

How is the Intune Training Course Placed?

To get the verified Certificate, you need to complete all the modules of the course INF260x. However, I covered only the Intune module in detail in this post. You have three(3) months to complete this course, and I think that is more than enough to finish the course.

One module will be released each week, with a moderated discussion board. Students will complete hands-on labs in an online virtual environment. A verified certificate is available after obtaining 70% of the course-graded events.

Start the Microsoft Azure Security Services training course

Microsoft Intune Training Course Intune Certification | Free training Videos - Fig.1
Microsoft Intune Training Course Intune Certification | Free training Videos – Fig.1

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Video Review of SCCM CB 1802 New Features 3

Video Review of SCCM CB 1802 New Features

Microsoft released the latest version of SCCM 1802 in the fast ring. To get more details, I recommend reading the newest production version of SCCM CB 1802 and the step-by-step upgrade guide.

Also, I believe SCCM CB 1802 helps organizations keep their infra neat and clean with new management insight features. In this post, we can discuss the review of SCCM 1802 new features.

Video tutorials help people discover the real-world experience of SCCM 1802’s new features.

Enabling the third-party update option will cause Software Update Point (SUP) to download the signing certificate used by Windows Server Update Services (WSUS) to sign third-party software updates.

Third-Party Updates – SCCM 1802 New Feature

If this option is enabled along with the software update client setting, the following local group policy, “Allow signed updates from an intranet Microsoft update service location,” will be created on a local machine.

The client will be configured to allow signed third-party updates, and the signing certificate will be installed in trusted publishers’ certificate stores on clients.

Enable third (3rd) party update support on clients – Enabled configuration by allowing signed third party updates policy and installing WSUS code signing certificate on clients. Enable Third-Party Software Update.

Duplicate Hardware Identifiers Improvement – SCCM 1802 New Feature

Navigate through SCCM console Administration – Site Configuration – Sites -Hierarchy Settings Properties – Client Approval and Conflicting Records. Some hardware is known to have duplicate IDs. Add them to the list so SCCM can ignore these PXE boot and client registration hardware IDs.

Add Duplicate Hardware ID – Specify the type of hardware ID and the value to include as a known duplicate. This ID will be ignored for PXE and client registration.

Duplicate Hardware Identifiers Improvement – SCCM 1802 New Feature
1. MAC address (12 hex characters)
2. SMBIOS GUID (32 hex characters)
Video Review of SCCM CB 1802 New Features – Table 1

Console Experience – SCCM 1802 Features

The primary user assigned to a device is available in the SCCM CB 1802 console. Navigate Assets and Compliance—Overview—Devices—Primary User(s).

Encryption Options – SCCM CB 1802 New Features

Configure client computers’ signing and encryption requirements when communicating with the SCCM site server. SCCM Clients always sign their client identification when communicating with the Application Catalog website.

Require Signing -Enabled by Default -This option requires that it’s signed when clients send data to management points.

Require SHA-256 -Enabled by Default – When clients sign data and communicate with site systems using HTTP. This option requires the client to use SHA-256 to sign the data. The client must support the SHA-256 hash algorithm to use this option. This option applies to clients that do not use PKI certificates.

Use Encryption – NOT enabled by default – This option uses 3DES to encrypt the SCCM client inventory data and state messages sent to the Management Points.

Video Review of SCCM CB 1802 New Features - Fig.1
Video Review of SCCM CB 1802 New Features – Fig.1

Site Infrastructure Improvements – SCCM 1802 New Features

Let’s discuss the Site infrastructure Improvements – SCCM 1802 New Features. The list below will help you to see more details.

  • Reassign distribution point
  • Configure Windows Delivery Optimization(DO) to use SCCM boundary groups (Client Settings option)
  • Support for Windows 10 ARM64 devices
  • Improved support for CNG certificates
  • Boundary group fallback for management points
  • Cloud distribution point site affinity

Client Management Improvements – SCCM CB 1802 New Features

Let’s discuss the Client Management Improvements – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Cloud management gateway support for Azure Resource Manager
  • Configure hardware inventory to collect strings larger than 255 characters
  • Surface device dashboard
  • Primary User Details in the SCCM console
  • Change in the Configuration Manager client install – No Silverlight installed

Application Management Improvements – SCCM CB 1802 New Features

Let’s discuss the Application Management Improvements – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Allow user interaction when installing an application
  • Do not automatically upgrade superseded applications
  • Approve application requests for users per device
  • Run scripts improvements

SCCM CB Operating System Deployment Improvements

Let’s discuss the SCCM CB Operating System Deployment Improvements. The list below provides more details.

  • Windows 10 in-place upgrade task sequence via SCCM cloud management gateway (CMG)
  • Improvements to Windows 10 in-place upgrade task sequence
  • Improvements to operating system deployment
  • Deployment templates for task sequences
  • Phased deployments for task sequences

Software Center Changes – SCCM CB 1802 New Features

Let’s discuss the Software Center Changes – SCCM CB 1802 New Features. The list below will help you to see more details.

  • Install multiple applications in the Software Center
  • Use Software Center to browse and install user-available applications on Azure AD-joined devices.
  • Hide installed applications in the Software Center
  • Hide unapproved applications in the Software Center
  • Software Center shows users additional compliance information
Video Review of SCCM CB 1802 New Features – Video 1

SCCM 1802 – Site System Server Roles

Let’s discuss the SCCM 1802 – Site System Server Roles. The list below will help you to see more details.

  • Distribution Point
  • Management Point
  • Service Connection Point
  • Site Database Server
  • Application Catalog Web service point
  • Application Catalog Website Point
  • Asset Intelligence Synchronization point
  • Certificate Registration Point
  • Cloud Management Gateway Connection Point
  • Data Warehouse Service Point
  • Endpoint Protection Point
  • Enrollment point
  • Enrollment Proxy point
  • Fallback status point
  • Reporting Services Point
  • Software Update point
  • State Migration Point

Resources

  1. Step by Step Video to Perform SCCM CB Upgrade to 1802
  2. Now Available: Update 1802 for SCCM Current Branch
  3. What’s new in version 1802 of System Center Configuration Manager CB

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr 4

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr

Let’s learn about Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr.We don’t like red alerts in SCCM monitoring nodes, especially those related to critical site Component status.

We can reset the SCCM site status message count on any component or site system to remove the red alerts from the console. However, I won’t recommend resetting the SCCM component or site system summarizer counter.

Instead, you need to check and understand why the SCCM site status summarizer contains a critical alert.

Check out the video tutorial on resetting the SCCM CB Critical Site Component Status. As mentioned above, I don’t recommend resetting the site or component status summarizer counter before fixing the issue. If you have a critical site status, then fix the issue before resetting the counter.

Why Reset the SCCM Site Status Summarizer Counter? 

SCCM/ConfigMgr site and component status message counts are automatically reset at the end of threshold periods. As part of troubleshooting, we may need to reset the counters to confirm whether everything is okay.

  • \Monitoring\Overview\System Status\Site Status
  • \Monitoring\Overview\System Status\Component Status

What is the SCCM Site Component Status Summarizer?

SCCM Status Summarizer helps admins determine the health or status of different SCCM/ConfigMgr CB Infrastructure aspects. The SCCM site and components status summarizers get input from status messages, states, and counts.

The current branch version of SCCM includes four (4) status summarizers. The post-SCCM Site Component Status Summarizers Troubleshoot Issues provides more information about these components.

What are the Options for Reconfiguring the SCCM Site & Component Status Summarizers?

Application Deployment Summarizer – The application deployment summarizer can be used to get SCCM clients’ application deployment status. To Configure application deployment summarize.

What are the Options for Reconfiguring the SCCM Site & Component Status Summarizers?
Navigate via \Administration\Overview \Site Configuration\Sites – click on the status summarizer ribbon button.
In the Status Summarizers dialog box, click Application Deployment Summarize and Edit.
In the Application Deployment Summarizer Properties dialog box, configure the required summarization intervals and then click OK.
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Table 1
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr - Fig.1
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Fig.1

Default Settings of Application Deployment Summarizer Frequency of status updates for deployment was modified in the last 30 days Number of Minutes: 60. The frequency of status updates for deployment was altered in the last 31 to 60 days. Number of Hours: 24. The frequency of deployment status updates was modified over 90 days ago. Number of days: 7

The Application Statistics Summarizer specifies how often application statistics should be updated. Intervals are based on the date the application was last modified. To change the application Statistics Summarizer configuration, follow the same steps mentioned above.

Summarization Frequency Frequency of the status updates for deployment was last modified in the last 30 days Number of minutes 240 Frequency of the status updates for deployment was later changed in the previous 31 to 90 days Number of hours 240 Frequency of the status updates for deployment was last modified over 90 days Number of days 7

Component Status Summarizer allows the setting of a threshold for each SCCM component. There are two (2) types of thresholds: the warning threshold and the critical threshold. We have options to disable SCCM status summarization for component status. Also, there are options to set the component status replication priority to the parent site.

To change the component Status Summarizer configuration, follow the same steps mentioned above to change the configuration.

Site System Status Summarizer allows disabling status summarization for site system status. It also allows you to set the replication priority of site system status for the parent site in your SCCM hierarchy. It gives the option to set a status summarization schedule. However, I have never used this option.

How to Reset the Critical Site or Component Status Summarizer Counters

The site System summarizer threshold allows you to specify the free space for displaying warning or critical icons in the site system. To change the configuration of Site System Status Summarize, follow the steps mentioned above.

Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr - Fig.2
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Fig.2

The site and component status summarizer count can be reset from the SCCM console monitoring workspace. This will help eliminate some red alerts from your SCCM monitoring console.

How Do You Reset the SCCM Critical Site Status Summarizer Counters?

\Monitoring\Overview\System Status\Site Status

  1. Open the SCCM CB console
  2. Navigate via \Monitoring\Overview\System Status\Site Status
  3. Select the site status message you want to reset
  4. Click on the ribbon – Reset Counts icon
  5. As you can see in the video tutorial, click the Refresh button to make RED alerts GREEN.

How Do You Reset the SCCM Critical Component Status Summarizer Counters?

\Monitoring\Overview\System Status\Component Status

  1. Open the SCCM CB console
  2. Navigate via \Monitoring\Overview\System Status\Component Status
  3. Select the component status message you want to reset
  4. Click on the ribbon – Reset Counts icon
  5. As you can see in the video tutorial, click the Refresh button to make RED alerts GREEN.
Reset SCCM CB Critical Site Component Status Summarizer Counter ConfigMgr – Video 1

Resources

Status Message Queries – Track Who Deleted Modified Changed SCCM Settings

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM Management Insights Clean Healthy SCCM CB Environment 5

SCCM Management Insights Clean Healthy SCCM CB Environment

SCCM Management Insights Clean Healthy SCCM CB Environment Configuration Manager ConfigMgr. SCCM CB Management Insights is one of my favorite features. However, it is not listed in the features list in the SCCM CB 1802 console.

However, management insights were by default enabled in 1802 and later. Trust me, it is very useful to keep your environment neat and clean. As a central admin of a global SCCM team, I will love this feature.

[New Post – Read this post to get the latest details about SCCM Management Insights]

In the previous post, I provided tips and tricks for maintaining an SCCM environment. My honest recommendation is to read those to get more details about SCCM health. MGMT insights is another way to track the health and tidiness of your SCCM environment.

What is Management Insights in SCCM?

Management Insights is similar to a robotic assistant that will keep an on your SCCM environment for you and let you know the details. Who is not following your standard processes? Who is doing wrong or not recommended things within your SCCM hierarchy?

Management insight helps to gain valuable insights into the current state of the SCCM CB environment based on analysis of data in the site database. I assume the SCCM product group will provide an option to create custom management insights in the future. The Management Insights feature was introduced with the SCCM CB 1708 preview version.

SCCM Management Insights Clean Healthy SCCM CB Environment - Fig.1
SCCM Management Insights Clean Healthy SCCM CB Environment – Fig.1

Where is Management Insights Located in the SCCM CB Console?

Launch the SCCM CB console and navigate via \Administration\Overview\Management Insights

1. \Administration\Overview\Management Insights\All Insights
2. \Administration\Overview\Management Insights\All Insights\Software Center
3. \Administration\Overview\Management Insights\All Insights\Applications
4. \Administration\Overview\Management Insights\All Insights\Simplified Management
5. \Administration\Overview\Management Insights\All Insights\Collections
6. \Administration\Overview\Management Insights\All Insights\Cloud Services

What are the Features of Management Insights in SCCM?

We have five (5) built-in management insights options in SCCM CB 1802. Let’s take a look at those in detail. The below table helps you to show more details.

What are the Features of Management Insights in SCCM?
Software Center – Insights for managing the software center
Applications – Insights for your application management
Simplified Management – Insights that help you simplify the day-to-day management of your SCCM environment
Collection – Insights that help simplify your management by cleaning up and re-configuring collections
Cloud Services – Modernise and simplify your management infrastructure by leveraging the power of the cloud. SCCM is integrated with many cloud services, enabling more straightforward and more modern management of your devices.
SCCM Management Insights Clean Healthy SCCM CB Environment – Table 1

Software Center – Insights for Managing Software Center

Software Center helps you get information and insights into software center versions available in your SCCM environment. A couple of out-of-the-box rules are created to find software center versions. Also, it helps to clean up the old version of SCCM software center and learn how to get new software center versions.

Rule 1 – Direct your user to the software center instead of the application catalog
Rule 2 – Use the new version of the Software Center

The application catalog is depreciated, and you should deploy the new version of the software center – More details in Microsoft documentation.

Applications – Insights for Your Application Management

Application management options in management insight can help you find evil things happening within the application creation world. Using this feature, let’s clean up the OLD applications in your SCCM environment. This helps to keep the health of all your application echo systems.

Rule 1Applications without deployments

Simplified Management – Simplify the Day to Day MGMT of Your Environment

SCCM simplified management rule in the SCCM management insight feature helps to find out the non-SCCM CB client versions in your environment. This will help to keep your SCCM environment healthy and updated.

Rule 1 – Non-CB Client Versions

Collection – Simplify Device Management

SCCM management insights help simplify device management options for your organization. The following rule of MGMT insights helps you keep an eye on your environment’s collections. This helps you clean up and reconfigure collections.

Rule 1 – Empty Collections

Cloud Services – Modernise & Simplify Device MGMT Infrastructure

Cloud services management insights are to get more details about modern management scenarios. One of the key modern management scenarios is enabling and keeping track of the co-management features.

Modernise and simplify your management infrastructure by leveraging the power of the cloud. SCCM is integrated with many cloud services, all of which enable simpler and more modern device management.

Rule 1

Assess co-management readiness. There are three (3) prerequisites for co-management. 1. Update clients to the latest Windows 10 version, 2. Configure Azure Services for use with SCCM and 3. Enable Devices to be hybrid Azure Active Directory Joined.

Rule 2

Configure Azure Services to use with SCCM

Rule 3

Enable Devices to be hybrid Azure Active Directory joined

Rule 4

Update Clients to the latest Windows Version

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

SCCM 1802 Upgrade

Step by Step Video to Perform SCCM 1802 Upgrade Configuration Manager ConfigMgr

The Microsoft SCCM team released the new production version of SCCM 1802. When you have a service connection point in Online mode, this post will provide an end-to-end video tutorial on the SCCM 1802 Upgrade.

Update: Microsoft already tweaked SCCM 1802 not to block upgrades for DPs running Windows 2008. Here is Djam’s tweet on this topic.

The 1802 production upgrade process should be initiated from top-level sever CAS or stand-alone primary. This upgrade process automatically upgrades Primary child servers and remote systems system servers (MP, DP, and SUP).

SCCM CB secondary site servers are not supported for automatic upgrade. I also produced a quick review after the SCCM CB upgrade to 1802 in this post.

Step by Step SCCM CB upgrade to 1802 Primary Standalone – SCCM Primary Upgrade Video Guide

The 1802 production upgrade process should be initiated from top-level sever CAS or stand-alone primary. This upgrade process automatically upgrades CAS, primary servers, and remote system servers.

It does not support the automatic upgrade of SCCM CB secondary site servers. I also produced a quick review after the SCCM CB upgrade to 1802 in this post.

Step by Step Video to Perform SCCM 1802 Upgrade Configuration Manager ConfigMgr – Video 1

SCCM CB 1802 is the latest (NEW) baseline build. You can download SCCM CB 1802 from MSDN or the Volume Licensing portal. Once the 1802 baseline build is downloaded, then you can build a new SCCM infra with 1802. There are two scenarios where you can use the baseline version.

What is the Latest Baseline Build for SCCM CB?

I recommend using the following checklist before starting the SCCM CB upgrade process. For more details about the SCCM 1802 checklist, click here.

  • Use the latest baseline version when installing a new site in a new hierarchy.
  • SCCM CB 1802 Baseline version to upgrade from SCCM 2012

SCCM 1802 Upgrade Checklist

Make sure your SCCM server infra is supported for SCCM CB 1802. For more details, run the setup prerequisite checker at least one week before the SCCM CB 1802 upgrade.

  1. Plan the upgrade of remote SCCM CB 1802 consoles or the console published in Citrix. Even though SCCM CB 1802 supports a 1710 console.
  2. Ensure that all sites run a version of SCCM that supports updates to 1802. The minimum supported version for the SCCM CB 1802 upgrade is 1702. If your existing SCCM CB environment is not 1702 or later, you won’t get the SCCM CB 1802 production update in the console.
  3. Review the Windows ADK version for Windows 10—Make sure your Windows 10 ADK version is 1709 or later. I recommend updating the Windows ADK 1709 before the SCCM CB 1802 upgrade. This helps the default boot images get automatically updated to the latest version of Windows PE. Also, remember that the custom boot images must be updated manually.
  4. Review the backlog of File and SQL-based Replication
  5. Disable database replicas for MP at primary sites (Also, SUP with NLB)
  6. Set SQL Server AlwaysOn availability groups to manual failover
  7. Disable site maintenance tasks (backup, delete an aged client, and delete old discovery) at each site (primary and CAS)
  8. Temporarily stop any antivirus software
  9. Create a backup of the site database at the SCCM CAS and primary sites
  10. Plan and Use client piloting for a newer version of the SCCM CB 1802 client

How to Start SCCM 1802 Upgrade

I hope you have already gone through before going through the upgrade process. Login to CAS or a stand-alone primary server and launch the SCCM CB console. Navigate the SCCM console via – Administration > Overview > Cloud Services > Updates and Servicing. Make sure you right-click and select “Install Update Pack”.

You can go through the Wizard, as I showed in the SCCM CB 1802 upgrade video tutorial. But remember to select pilot collection for new client version deployments. The following is a sample summary of my lab’s SCCM CB 1802 update package installation.

Success: Install Update Package Configuration Manager 1802
Prerequisite warnings will be ignored
Turn on the following features:
• Approve application requests for users per device
• Enable third-party update support for clients
• Support for Cisco AnyConnect 4.0.07x and later for iOS
• Phased Deployments
Test a new version of the client in the pilot

Find Out SCCM CB Update Stage IDs and Stage Names

SCCM CB 1802 production Upgrade process is straight, as you can see in the video tutorial for the 1802 upgrade. Check the status from the monitoring workspace (\Monitoring\Overview \Updates and Servicing Status\Configuration Manager 1802) and the logs.

If you have trouble downloading the SCCM CB 1802 production update, refer to my previous troubleshooting guide. The SCCM 1802 Upgrade is usually super easy, but in this case, it requires fixing the SCCM CB update Redist Download Issue.

Stage IdStage Name
10Download
11Replication
12Prerequisite Check
13Installation
14Post Installation
Step by Step Video to Perform SCCM 1802 Upgrade Configuration Manager ConfigMgr – Table 1

SCCM CB 1802 Versions

All the features available in the SCCM 1802 preview version are unavailable in the production version of SCCM 1802. This is expected, and I noted this in the SCCM CB 1802 preview post. I’m pointing out the features listed below in the SCCM console.

  • SCCM CB 1802 Version 1802
  • SCCM CB 1802 Console Version 5.1802.1082.1700
  • SCCM CB 1802 Site Version 5.0.8634.1000
  • SCCM CB 1802 Build Number 8634
  • SCCM CB 1802 Client Version 5.00.8634.1007

Features Overview of SCCM 1802 Production Release 

The SCCM CB 1802 production release has five (5) pre-release features and Fifteen (15) production features. Management Insight is one of the exciting features missing from the SCCM 1802 production release (at least from the SCCM console features GUI), but it is available on the product.

\Administration\Overview\Updates and Servicing\Features

Five(5) Pre-Release Features of SCCM CB 1802 Production Release

What is the SCCM Data Warehouse Service Point? Use the data warehouse service point to periodically copy data from your SCCM site database to another DB for long-term storage and trend analysis.

  • Windows Defender Application Control
  • Phased Deployments
  • Enable third (3rd) party update support on clients
  • Server Groups
  • Support for Cisco AnyConnect 4.0..7x and later for iOS

Fifteen(15) Release Features of SCCM CB 1802 Production Release

Let’s discuss the Fifteen(15) Release Features of the SCCM CB 1802 Production Release. The list below will help you to see more details.

  • PFX Create
  • Passport for Work
  • Windows Defender Exploit Guard Policy
  • Surface Driver Updates
  • OMS Connector
  • Device Health Attestation assessment for compliance policy for CA
  • Create and Run Scripts
  • Client Peer Cache
  • Approve Application requests for Users per Device
  • Run Task Sequence Step (Promoted)
  • Conditional Access for Managed PCs
  • Task Sequence Content Pre-Caching
  • Data Warehouse Service Point
  • Cloud Management Gateway
  • VPN for Windows

Not Listed Features?

Let’s discuss the Not Listed Features. The list below will help you to see more details.

  • Reassignment Distribution Point (The feature is by default enabled and removed from the features list)
  • Add a passive primary site server. 
  • Surface Device Dashboard  ( The feature is by default enabled and removed from the features list)
  • Management Insights  ( The feature is by default enabled and removed from the features list)
  • Office 365 Support Volume Licensing SKU in C2R Wizard 
  • Passport for Work ( The feature is by default enabled and removed from the features list)

Quick Explanation about New Features of SCCM 1802 Production Release

What is SCCM Cloud Management Gateway (CMG) – SCCM CMG Provides a simple way to manage SCCM clients on the Internet. The gateway server (Azure PaaS) is deployed to Microsoft Azure. This Connects internet clients to your on-premises SCCM infrastructure.

Windows Defender Application Control – Windows Defender Application Control helps lock down Windows 10 computers so that they can only run trusted software.

What are SCCM Phased Deployments – Phased Deployments automate a coordinated, sequenced roll-out of software across multiple collections

Enable third (3rd) party update support on clients – Enabled configuration by allowing signed third party updates policy and installing WSUS code signing certificate on clients.

Client Settings Changes After SCCM 1802 Upgrade

There are two (2) types of client setting policies. User Client Settings and Device Client Settings are two of them. However, there is one mother of client settings policy, and that is called Default Client Settings. Windows Analytics setting is only available in default policies.

  • 22 categories are there in SCCM CB 1802 Default Client Settings Policies
  • 20 categories are there in SCCM CB 1802 Device Client Setting (User and Device Affinity are missing)
  • 3 categories are there in SCCM CB 1802 User Client Settings (Cloud Services, Enrollment, and User & Device Affinity)

Co-Management Changes – SCCM 1802 Production Release

For Windows 10 devices that are in a co-management state, you can have Microsoft Intune start managing different workloads.

Choose pilot Intune to have Intune Manage the workloads for only the clients in the pilot group. If you are not ready to move the workload to Intune, select SCCM (ConfigMgr). More details here.

You can move the co-management workloads with SCCM, Intune, or both. We can offload four (4) workloads to Intune. Endpoint protection (Windows Defender ) is newly added to the SCCM 1802 production version. I have a post about the co-management strategy.

  • Compliance Policies – Intune Compliance Policies
  • Resource Access Policies – Intune WiFi and VPN Profiles
  • Windows Update Policies – Windows Update for Business – Patching
  • Endpoint Protection – Windows Defender

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…

MVPHackADoc

Learn to Fix Microsoft SCCM Intune Documentation

Let’s learn how to fix Microsoft SCCM Intune Documentation Configuration Manager ConfigMgr. How many of us complain about SCCM Intune documentation?

The documentation is not updated, relevant, etc. Here is the real opportunity to help yourself and update the SCCM and Intune documentation.

But don’t worry about the quality of the SCCM Intune documentation, as there are several steps to validate before your edits/changes are published. Hack a doc is the theme of this post 😉

Check out the Video “Learn How to Help Fixing SCCM Intune Documentation Issues“. This post will give you all the details on learning to fix Microsoft SCCM Intune Documentation.

Learn to Fix Microsoft SCCM Intune Documentation

We had a great MVPHackaDoc session with Aaron during the MVP Summit 2018. All the credits to Aaron taught me how to update SCCM/Intune documentation. I don’t recommend going around and editing or updating all the documentation. But start small before you leap.

Start Small

Learn to Fix Microsoft SCCM Intune Documentation – Video 1

What has Changed?

The Microsoft documentation service (https://docs.microsoft.com) is hosted on the GitHub platform, which improves the user experience while reading the documentation.

Even SCCM and Intune documents have been migrated to a new platform. The following is my list of key features of the new docs on the Microsoft platform.

  • Readability
  • Estimated Reading Time
  • Content and Site Navigation
  • Shortened Article Length
  • Responsive Design
  • Community Contributions
  • Social Sharing
  • Friendly URLs

How to Start Updating SCCM Intune Documentation?

I hope you read a lot of Microsoft documentation every day. You found the wrong article and want to inform the Microsoft Doc team about this incorrect information.

  • If you don’t have one, create one. It took me one and two minutes to do so.
  • You can select the GitHub Free plan during the signup process and tailor your experience to include a short introduction about yourself.
  • Open the article you identified and click the EDIT button, as I showed in the video tutorial. You should open the article from the same browser you are already logged in to from your GitHub account.
  • Once you click on the EDIT button on that article, it will redirect to the GitHub editor.
  • You will perform all the updates in the GitHub editor.

Identify the Article and Start Contributing

How to Contribute to SCCM Intune Documentation

As Aaron mentioned in his “MVP Hack a Doc” session, start small. Standard GitHub accounts may not have access to edit live document code. And you will get the following error when you try to edit or update an article.

  • You’re editing a file in a project you don’t have write access to.
  • Submitting a change to this file will write it to a new branch in your fork.
  • AnoopCNair/SCCMdocs so that you can send a pull request.

As I have shown in the “Hack A Doc video, A perfect example of raising an issue from Jason. He raised a problem and a documentation BUG was filed to fix this issue. 

I also tried creating a pull request, but I think that requires more access to edit the master file. A normal GitHub account may not have access to proceed with a pull request.

Another interesting thing I learned was how to select the best title, title suffix, description, and ms. Custom, ms. Date, and Ms. Prod for technical articles. As Aaron suggested, we can start doing the following things:-

Start Doing the Following Things
Clarifications
Examples
SDK, PowerShell
Guidance tips
Translations
See something, fix something
Learn to Fix Microsoft SCCM Intune Documentation – Table 1

I have tried raising an issue with documentation, which is the best and easiest part I learned during the MVPHackaDoc session. I have more details about the problems raised in Hack A Doc’s video tutorial.

Another useful option trying to try to track the documentation issues with th GitHub account. So we can rest assured that Microsoft is aware of this bug and will fix it soon. Following is the file structure of the GitHub article (for example) SCCMdocs/sccm/core/plan-design/hierarchy/accounts.md .

Start Contributing = Raising an Issue

Learn to Fix Microsoft SCCM Intune Documentation - Fig.1
Learn to Fix Microsoft SCCM Intune Documentation – Fig.1

Resources

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…