SCCM (A.K.A ConfigMgr) Explained
SCCM is Microsoft Microsoft Endpoint Manager Configuration Manager. This solution is used by most of the organizations in the world to manage their enterprise devices. This is the best resource to Learn and troubleshoot on issues.
How is SCCM (A.K.A ConfigMgr) Used?
SCCM solution is mainly used to manage Windows devices. But it has rich capability to manage and Mac OS devices as well. As per Microsoft, this tool is managing more than 75% of enterprise devices of the world. Linux and Unix devices are not supported by MEMCM (A.K.A Microsoft Endpoint Manager Configuration Manager)
How CAN SCCM Be Applied to Your Organization?
This solution can be used to install the application within your organization. OS deployment is another feature of this solution used within most of the enterprises. Another important use of this solution is to deploy patches across the enterprise and secure those devices.
There are 1000000 devices managed by this solution around the world. And SCCM device management solution is used within organizations to deploy millions of applications.
Server Client Application
This solution is a server-client application. All the managed clients’ inventory is stored in the CM SQL database.
SCCM Core infrastructure, Updates for Configuration Manager, Supported configurations for Configuration Manager, Cloud-attached management of CM, Co-management for Windows 10,
Manage clients on the internet, Windows as a service, CMPivot, Application management.
Other Uses for SCCM
SCCM can used for Manage apps from the Microsoft Store for Business, OS deployment, Introduction to OS deployment, Upgrade to Windows 10, Phased deployments, Software update management, Introduction to software updates management, Manage Office 365 ProPlus updates.
SCCM MVP community group is one of the known community groups in the IT Industry.
Free LinkedIn Learning Courses for SCCM Intune. I agree with the following sentence, so I’m sharing my experience with LinkedIn learning. Microsoft MVPs are notorious for passionately sharing their knowledge with the world.
In this post, we will learn about free LinkedIn learning courses available for SCCM and Intune (Learn SCCM Intune).
SCCM is great, and it will not die, as per Microsoft. But don’t abandon Intune learning. I strongly recommend going through the Intune learning process.
Microsoft MVPAward program celebrated its 25th anniversary. As part of the 25th-anniversary celebrations, LinkedIn unlocked 15 Courses Covering Key Technology Skills. The following is the list of 15 courses that LinkedIn has unlocked. This post will discuss more details about SCCM and Intune free study materials.
Table of Contents
Introduction
I have a full-blown post about systematic learning of SCCM and Intune. The approach to learning should be the same as I mentioned in the post, which was published back in 2015. I learned SCCM the hard way. There was no one to handhold and teach me.
Great Learning – What to Learn Intune? Great Resource Around you!
Free LinkedIn Learning Courses for SCCM Intune – Table 1
My Favourites Microsoft System Center Configuration Manager… SCCM CB Learning Microsoft Enterprise Mobility Suite (Azure AD and Intune) Office 365 for Administrators: Supporting Users Part 1 Windows 10: Deploy and Manage Virtual Applications Productivity Apps Excel 2016: Get & Transform PowerPoint: Designing Better Slides OneNote Tips and Tricks Visio Tips and Tricks Automation & Developer Microsoft Graph for Developers API Development in .NET with GraphQL ASP.NET Core: Razor Pages ASP.NET Core New Features Microsoft Cybersecurity Stack: Advanced Identity… Microsoft Cloud Services: Troubleshooting Online… Building and Securing RESTful APIs in ASP.NET Core
I never got a chance to attend training before being pushed to work on SCCM. That is a different experience, as I explained in the future of SCCM/Intune jobs post.
How Do You Get Access to Free SCCM and Intune Video Courses?
These 15 courses are free only for a limited period. As per the MVP Award program post, they are unlocked for the general public until the middle of April! So don’t waste time—start learning SCCM/Intune using LinkedIn study materials.
In the video tutorial here, I explain how to start learning through LinkedIn courses. However, the SCCM course won’t work from the following link. I recommend using the link I provided in the next section of the post.
No need to log in to LinkedIn to access these courses (anonymous access is allowed)
Open any of the 15 free courses available
Free LinkedIn Learning Courses for SCCM Intune – Fig.1
Start Free SCCM Online Course
To start the cause, you don’t need to log in with your LinkedIn account. Also, you don’t need to start the trial version of LinkedIn learning for a month. You can access the SCCM course from a private browser without logging in.
To start the Free SCCM online course from a private browser
Content of the SCCM CB Course
Introduction (More details about SCCM CB content at the bottom of the post)
Planning and Deploying a Standalone Primary Site
Designing and Deploying a Multiple-Site Hierarchy
Planning Resource Discovery and Client Deployment
Managing Content and Replicating Data in Configuration Manager
Configuring Internet and Cloud-Based Client Management
Maintaining and Monitoring SCCM CB
Upgrading to SCCM CB Conclusion
Start Free Intune Online Course
Intune course is part of EMS. So, the EMS course includes both Azure AD and Microsoft Intune. I have an Intune starter kit that can help you start learning Intune from scratch. More details are available in the Intune guide for beginners in the enterprise mobility world.
Start the course Directly from the following link
Content of the Intune Course
Microsoft Intune
With Intune, you can easily manage apps and devices. You can also configure Intune to manage iOS and Android. More details are explained below.
Manage apps and devices with Intune – 3m 30s
Configure Intune to manage iOS and Android – 4m 0s
Build and deploy a basic policy for iOS or Android – 5m 17s
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…
Let us learn about SCCM Audit Status Messages Track Who Deleted Modified Changed Settings. Track Who Deleted Modified Changed SCCM Settings (SCCM Audit Status Messages) Configuration Manager ConfigMgr.
SCCM Audit status messages are constructive in tracking who did what in your SCCM environment. The Audit Status messages will help you get answers for most of the unforeseen issues in the SCCM environment.
This post will show how to track who deleted, modified, or changed SCCM Settings. It’s important to note that SCCM Current Branch (CB) Audit status messages are purged from the database after 180 days.
All these SCCM audit status messages are under the MessageType = 768. I have uploaded a YouTube video to explain the process of audit reporting.
Table of Contents
SCCM Audit Status Messages Track Who Deleted Modified Changed Settings – Video 1
This Post will Give you Answers to the Following Questions
I have explained the best ways to look at the audit status messages. I think this will help you to track down the culprit. There are three (3) ways to track down and analyze SCCM CB audit status messages.
Who created/deleted Azure Services?
Who Approved the Script?
Who started the download of updates and the Servicing package?
Who deleted the collection? Who removed the member of a collection? Who modified the collection query?
Who deployed/deleted the application package or Task Sequence?
Who removed/modified the Boundary or Boundary Group?
Who installed/deleted site system server roles?
Who changed/deleted the client settings?
Who took the remote control of the machine?
In this post, I will explain how to review SCCM audit status messages using different methods.
Status Message Queries
SCCM SSRS Audit Reports
SQL Management Studio
SCCM Audit Status Messages Track Who Deleted Modified Changed Settings – Table 1
Review Audit Status Messages with Status Message Queries
The SCCM CB console has 17 out-of-the-box audit status message queries. These queries are built into the SCCM system, so you don’t need to create them manually.
Launch the SCCM console and navigate via \Monitoring\Overview\System Status\Status Message Queries. Make sure you filter the status message queries with AUDIT.
You have the following options for each query available under SCCM audit status messages. To protect the audit status messages, it is important to follow the proper RBAC policies in your environment.
Examples of these reports are available at the bottom of the post, or you can refer to the YouTube video tutorial here. I have also noted the specific Audit Status message IDs for each category in the following section of this post.
Show Messages – Review/Read the Audit Messages
Delete Messages – Delete the Audit status messages (Important)
Refresh – Refresh the query
Delete – Delete the Query from SCCM (Important)
Set Security Scope – To set security scope for specific audit status message query (Important)
SCCM Audit Status Messages Track Who Deleted Modified Changed Settings – Fig.1
Review Audit Status Messages with SCCM SSRS Reports
There are two ways to access SSRS reports. One from the SCCM console and the other from a web browser. How you prefer to read SCCM audit status message reports doesn’t matter. Your SCCM SSRS report is not working? I have a post that explains the SCCM SSRS reporting service point setup.
There are three (3) main audit status message reports in SCCM CB. All these are default out-of-the-box reports, and you don’t create any of them manually.
56943 – All audit messages for a specific user
42036 – Remote Control – All computers are remote-controlled by a particular user
40238 – Remote Control – All remote control information
Examples of these reports are available at the bottom of the post, or else you can refer to the YouTube video tutorial here. Also, I have noted down the specific Audit Status message IDs for each category in the following section of this post.
Review Audit Status Messages with SQL Management Studio
I prefer this method for advanced troubleshooting scenarios of SCCM audit status messages. However, it is not very useful in typical situations.
The following are the two (2) SQL queries that will help you track down issues related to accidental deployment or deletion in your SCCM environment.
The first query will return all the SCCM status messages related to AUDIT. The second query will return the status messages of a specific scenario. For example, MessageID 30015 is related to Collections Created, Modified, or Deleted.
Select * from vStatusMessagesWithStrings where MessageType = ‘768’
select * from vStatusMessagesWithStrings where component = ‘Microsoft.ConfigurationManagement.exe’ and MessageID = 30015
Meaning of Audit Status MessageIDs
The following list shows all the SCCM audit status message ID details. It is the list as per the latest SCCM CB 1802 (preview version).
Boundaries Created, Modified, or Deleted - Audit status messages that track the creation, modification, and deletion of boundaries.
MessageID >= 40600 and MessageID <= 40602
Client Component Configuration Changes - Audit status messages that track changes to the client components'' configuration kept in the site control file.
MessageID >= 30042 and MessageID <= 30047
Collection Member Resources Manually Deleted - Audit status messages that track the manual deletion of collection member resources by an administrator.
MessageID >= 30066 and MessageID <= 30067
Collections Created, Modified, or Deleted - Audit status messages that track the creation, modification, and deletion of collections.
MessageType = 768 and MessageID >= 30015
Deployments Created, Modified, or Deleted - Audit status messages that track the creation, modification, and deletion of deployments.
MessageID >= 30006 and MessageID <= 30008
Packages Created, Modified, or Deleted - Audit status messages that track the creation, modification, and deletion of packages.
MessageID >= 30000 and MessageID <= 30002
Programs Created, Modified, or Deleted - Audit status messages that track the creation, modification, and deletion of package programs.
MessageID >= 30003 and MessageID <= 30005
Queries Created, Modified, or Deleted - Audit status messages that track the creation, modification, and deletion of queries, including status message queries.
MessageID >= 30063 and MessageID <= 30065
Remote Control Activity Initiated at a Specific Site - Audit status messages that track the use of the Remote Control.
MessageID >= 30069 and MessageID <= 30087
Security Roles / Scopes created, modified, or deleted - Audit status messages that track the creation, modification, and deletion of security rights.
(stat.MessageID >= 31200 and stat.MessageID <= 31202 OR stat.MessageID >= 31220 and stat.MessageID <= 31222 OR stat.MessageID = 31207)
Server Component Configuration Changes - Audit status messages that track changes to the server components'' configuration kept in the site control file.
(MessageID >= 30033 and MessageID <= 30035) or (MessageID >= 30039 and MessageID <= 30041)
Site Addresses Created, Modified, or Deleted - Audit status messages that track the creation, modification, and deletion of site addresses.
MessageID >= 30018 and MessageID <= 30020
Following are the examples of Audit Status Messages
Let’s discuss the examples of Audit Status Messages. The sections below will help you to provide more details.
Message ID Description
30000 User "INTUNE\anoop" created a package named " 1802 Upgrade TS " (TP100020).
30001 User "INTUNE\anoop" modified the Package Properties of a package named " Windows 10 CYOD " (TP10001B).
30003 User "INTUNE\anoop" created a program named "Create Folder" that belongs to a package with package ID TP100012.
30006 User "INTUNE\anoop" created a deployment named "Windows10CYOD_TP10001B_Win10Upgrade" (TP120005) deploying program "*".
30008 User "INTUNE\anoop" deleted a deployment named "Windows10EnterpriseUpgrade_TP10001C_Win10Upgrade" (TP120003) deploying program "*".
30011 User "INTUNE\anoop" removed a package with package ID TP100019 from a distribution point on \\SCCMTP1.Intune.com at site "TP1 - New TP Server 1".
30015 User "INTUNE\anoop" created a collection named "Win10 Upgrade" (TP100017).
30016 User "INTUNE\anoop" modified the Collection Properties for a collection named "Win10 Upgrade" (TP100017). This collection is currently assigned to the following ConfigMgr Administrators: .
30031 User "INTUNE\anoop" modified site definition information in the site control file for site "TP1 - New TP Server 1" (Parent Site Code="").
30034 User "INTUNE\anoop" modified component "SMS_DMP_DOWNLOADER" on SMS Dmp Connector in the site control file at site TP1.
30036 User "INTUNE\anoop" added the role of Reporting services point to the Windows NT Server "\\SCCMTP1.Intune.com" in the site control file at site TP1.
30037 User "INTUNE\anoop" modified the role of the Windows NT Server "\\SCCMTP1.Intune.com" as a Software update point in the site control file at site TP1.
30038 User "INTUNE\anoop" deleted the role of the Windows NT Server "\\SCCMTP1.Intune.com" as a Reporting services point in the site control file at site TP1.
30043 User "INTUNE\anoop" modified client component "Client Component" in the site control file at site TP1.
30068 User "NT AUTHORITY\SYSTEM" updated a package named " Boot image (x64) 10.0.15063.0 " (TP100005) to the site distribution points.
30104 User "INTUNE\anoop" requested that the membership be refreshed for collection "All Systems" (SMS00001).
30108 User "INTUNE\anoop" requested that the CCR be generated for Machine "WIN10-1709-TRY" (2097152003).
30125 User "INTUNE\anoop" added new distribution points to a package named " Win10 en-US" (TP100019).
30152 User "INTUNE\anoop" created configuration item "16785030" (CI_UniqueID=ScopeId_0F705575-4F94-46DA-A1C4-8869FB8C68AD/ConfigurationPolicy_a98d1e90-5949-41e9-abb9-08c8728e1e09, CIVersion=1). .
30160 User "INTUNE\anoop" modified a CategoryInstance "16777553" (LocalizedCategoryInstanceName=Office 365 Client (Product:30eb551c-6288-4716-9a78-f300ec36d72b), CategoryTypeName=Product). .
30186 User "INTUNE\anoop" created the SUM deployment template with TemplateUniqueID "{BEA96FA5-8A7E-455C-AFC5-D9B6839BC35A}" (Name = "New 1802 TS Deployment Template"). .
30196 User "INTUNE\anoop" created updates assignment 16778230 ({96BD5FC5-E4CE-4F89-A2DD-63BBF4134ED6}). .
30197 User "INTUNE\anoop" modified updates assignment 16777225 ({b91576af-7116-4fa5-b1a4-36a1bc9e4ded}). .
30198 User "INTUNE\anoop" deleted updates assignment 16777225 ({b91576af-7116-4fa5-b1a4-36a1bc9e4ded}). .
30209 User "INTUNE\anoop" requested to execute summary task (Calculate EP Antimalware Policy Summary). .
30210 User "INTUNE\anoop" created user account INTUNE\anoop. .
30214 User "INTUNE\anoop" submitted a registration record at site "SCCMTP1.Intune.com - TP1" (SMSID=1c2c6362-ccc4-4c1c-a8ee-d39168e0ada4).
30215 User "INTUNE\anoop" received policies for Task Sequence using Deployment "{55D8F97F-0D35-4FF0-8720-0CDC5AD1F158}".
30216 User "INTUNE\anoop" received client configuration policies.
30219 User "INTUNE\anoop" created authorization list "16783798" (CI_UniqueID=ScopeId_0F705575-4F94-46DA-A1C4-8869FB8C68AD/AuthList_DC06C5C2-4227-4FE9-80E5-12240CBD6B4A, CIVersion=1). .
30220 User "INTUNE\anoop" modified authorization list "16784011" (CI_UniqueID=ScopeId_0F705575-4F94-46DA-A1C4-8869FB8C68AD/AuthList_4fcf3f8f-9679-4aaf-b952-095c60d3896f, CIVersion=2). .
30226 User "INTUNE\anoop" created a deployment of application "Office 365 Client Install" to collection "All Desktop and Server Clients".
30228 User "INTUNE\anoop" deleted the deployment of application "64 Bit PS" to collection "All Desktop and Server Clients".
40300 User "INTUNE\anoop" created client settings object (ID=16777218).
40301 User "INTUNE\anoop" modified client settings object (ID=16777217).
40303 User "INTUNE\anoop" created client settings assignment (SettingsID=16777217, CollectionID=TP100017).
40501 User "INTUNE\anoop" modified Boundary Group "Test1".
40503 User "INTUNE\anoop" created Boundary Group Relationships "16777218" "16777217" .
40600 User "INTUNE\anoop" created Boundary "IPS".
40700 User "INTUNE\anoop" created configuration policy assignment 16778232 ({CF5E4157-A7AC-4E3A-BAEF-12D64109D7B3}). .
40701 User "INTUNE\anoop" modified configuration policy assignment 16778228 ({0D7BEB54-0873-4A8E-8A86-6654976633FB}). .
40800 User INTUNE\anoop initiated client operation 135 to collection INTUNE\anoop.
40801 User INTUNE\anoop initiated client operation 8 to 1 members of collection SMSDM003.
42031 User "INTUNE\anoop" created Auto Deployment Rule "Office 365 Updates New" (AutoDeploymentID = 3).
52200 User INTUNE\anoop updated the state of package A69042F2-64AA-4592-B77A-24FDE17058DF to state 2 with flag 2.
52203 User INTUNE\anoop requested download for package 51D629D3-C355-4B80-AD6F-BA44B27F84ED.
52500 User INTUNE\anoop created Script with Guid 9d85fb2f-2d2e-4cc1-a114-31e882958dae.
52501 User INTUNE\anoop approved script with Guid D7A08315-7731-49B5-9601-BF7268BA98C7.
53401 User INTUNE\anoop created Azure Cloud Service
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…
Let’s Set up and Configure the SCCM Reporting Services Point. SCCM has rich capabilities for collecting information from endpoints, which is stored in SCCM SQL DB. We can make beautiful reports with the data collected by SCCM.
SCCM has about 500 default reports that are available out of the box. To access these default SCCM reports, you must set up the Configure SCCM CB Reporting Services point.
I have uploaded a video tutorial to cover the following topics regarding SCCM CB Reporting Services.
This post provides all the details of the Setup Configure SCCM Reporting Services Point Configuration Manager ConfigMgr.
Table of Contents
Setup Configure SCCM Reporting Services Point – Video 1
Setup Configure SCCM Reporting Services Point Configuration Manager ConfigMgr
I have a previous blog post listing default SCCM 2012 reports, “List of SCCM 2012 Default Reports“. The table below will help you to see more details.
SQL Server Reporting Services (SSRS) is a SCCM CB reporting services point requirement. The SQL reporting service is part of the SQL Server installation. Ensure that the SSRS component is installed before going to the next step.
Architecture
The reporting services point in SCCM communicates with SSRS to copy SCCM reports to a specified report folder. SCCM will configure the Reporting Service’s general and security settings. Reporting Services connects to the SCCM site DB to retrieve returned data when you run reports.
SQL Server Reporting Services Configuration Checks
Login to the SQL server (or the primary server where the SQL management console is installed) and Launch SQL Server Reporting Services Configuration Manager from the Start menu. Click All Programs, and click Microsoft SQL Server 2014.
Setup Configure SCCM Reporting Services Point – Fig.1
Connect to the SQL Report Server Instance. Make sure the report service status is in the started stage. If not prompted, click on START.
SQL Server Instance: MSSQLServer
Instance ID: MSRS12.MSSQLSERVER
Edition: ENTERPRISE EDITION
Product Versions: 12.0.4100.1
Report Server Database Name: ReportServer
Report Server Mode: Native
Report Service Status: Started 3.
Make sure the reporting server service account is configured correctly and that all the following sections are precisely set up. The YouTube video provides more details.
Web Service URL
Database
Report Manager URL
E-mail Settings
Execution Account
Encryption Keys
Scale-out Deployment
SCCM CB Reporting Services Point Installation and Configuration
Launch the SCCM CB console and navigate via \Administration\Overview\Site Configuration \Servers and Site System Roles. Select the Site system – Add Site System role. In the Add new site system role wizard, select the “Reporting services point” role. Reporting Services Point page configurations
Site Database Server Name: SQL_Server_Name\SQL_Instance_Name
Database Name: CM_TP1
Folder Name: ConfigMgr_TP1
Reporting Services Server Instance: MSSQLSERVER (Default instance)
Reporting Services Point Account: Intune\anoop
The following is the main configuration page for the SCCM reporting services point. Click on the VERIFY button to confirm connectivity with the SQL server and access rights. Then click NEXT—NEXT to finish the wizard.
Setup Configure SCCM Reporting Services Point – Fig.2
Check SCCM CB Reporting Services Point Log Files
Once the SCCM CB reporting services point installation wizard is completed, you can check and confirm the success of the log file installation.
The first log I would prefer to look at is srsrpsetup.log, and make sure the following lines are present at the end of the log file.
Cannot delete old installation directory C:\Program Files\SMS_SRSRP. Error Code=5. The installation will continue. No versions of SMSSRSRP are installed. Installing new SMSSRSRP. No versions of SMSSRSRP are installed. Installing new SMSSRSRP. Enabling MSI logging. srsrp.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\srsrpMSI.log Installing C:\Program Files\Microsoft Configuration Manager\bin\x64\srsrp.msi SRSRPINSTALLDIR=”C:\Program Files\SMS_SRSRP” SRSRPLANGPACKFLAGS=0 srsrp.msi exited with return code: 0 Installation was successful. Installation was successful. ~RoleSetup().
The next stage in the SCCM CB reporting services point installation verification is with srsrp.log. This log will take 5 minutes to complete and create all the default reports in SCCM. It shows all the report and folder creation details.
Successfully created srsserver~ $<02-27-2018 12:11:41.899-330> Reporting Services URL from Registry [http://sccmtp1/ReportServer/ReportService2005.asmx]~ $<02-27-2018 12:11:42.049-330> Reporting Services is running $<02-27-2018 12:11:42.073-330> Retrieved datasource definition from the server. $<02-27-2018 12:11:42.120-330> Retrieved datasource definition from the server. $<02-27-2018 12:11:42.340-330> [SCCMTP1.Intune.com] [CM_TP1] [ConfigMgr_TP1] [SCCMTP1.INTUNE.COM]~ $<02-27-2018 12:11:42.358-330> [MSSQLSERVER] [1] [] [INTUNE\anoop]~ $<02-27-2018 12:11:42.480-330> [1] [0]~ $<02-27-2018 12:11:42.603-330> Confirmed version [12.0.4100.1] for the Sql Srs Instance. $<02-27-2018 12:11:43.024-330>
Check the Results – Launch SCCM CB SSRS Default Reports
Let’s wait for some time before launching the report server URL to check the availability of SCCM default reports. You can confirm whether the report creation process is completed from the above log file. There are two methods to access the SCCM SSRS reports.
Launch the reports from the web browser (http://sccmtp1/ReportServer/)
Launch reports from SCCM Console via \Monitoring\Overview\Reporting\Reports
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…
Let us learn about SCCM 1802 Preview CMG Supports Azure ARM – PXE without WDS. Microsoft SCCM product group released a new preview version 1802.
I believe SCCM 1802 is the feature-rich version preview version since TP 1706. SCCM TP 1706 had 20 new features, whereas TP 1802 had 21 new features or improvements.
First, this 1802 version is a technical preview (TP) of SCCM. I hope the production SCCM CB 1802 will be released in March. But I don’t expect all the features released in the 1802 TP version will be available in the production version.
The above video explains the new features of the SCCM CB 1802 preview version. You can subscribe to the YouTube channel to learn more about SCCM/Intune/Windows 10. The video tutorialexplains most of the features and improvements.
Table of Contents
SCCM 1802 Preview CMG Supports Azure ARM – PXE without WDS – Video 1
Delivery Optimization (DO) for Enterprises
SCCM integration with Windows 10 DO is one of the best ways to improve enterprises’ caching solutions. I think SCCM peer cache features will also be integrated with Windows DO in the future.
There is no need for two caching solutions, such as SCCM peer cache and Windows 10 DO. I know the SCCM peer cache would be useful for backward compatibility.
In this SCCM 1802 preview release, you have new client settings to configure and control DO with SCCM boundary group IDs. More details aboutDelivery Optimisation.
SCCM 1802 Preview CMG Supports Azure ARM – PXE without WDS – Fig.1
The SCCM 1802 (preview) release supports Azure ARM deployment. In previous versions of SCCM, CMG support was available only with cert-based authentication. The SCCM CMG Azure PaaS servers are deployed via Azure Classic Service Deployment.
Azure Resource Manager Deployment is better from a role segregation perspective. You don’t need to use certificate-based authentication for an ARM. Instead, we can use user-based authentication.
The SCCM Cloud Management Gateway wizard still provides a classic service deployment option using an Azure management certificate.
Microsoft recommends using the Azure Resource Manager deployment model for all new CMG instances to simplify resource implementation and management. If possible, redeploy existing CMG instances through Resource Manager.
SCCM 1802 Preview CMG Supports Azure ARM – PXE without WDS – Fig.2
21 Features and Improvements of SCCM 1802
SCCM is integrating more with Azure Active Directory and other Azure IaaS and PaaS solutions. I recommend that the SCCM admin have basic knowledge of these solutions.
21 Features and Improvements of SCCM 1802
Transition Endpoint Protection workload to Intune using CO-MGMT
Configure Windows Delivery Optimization (DO) to use SCCM boundary groups
Windows 10 in-place upgrade TS via CMG
Improvements to Windows 10 in-place upgrade TS
Improvements to PXE-enabled DP without WDS
Deployment Templates for TS
Product Lifecycle dashboard
Improvements to Reporting
Hide Installed apps in the Software Center
Jason supports Run Scripts
Boundary group Fallback periods in minutes for MPs
Improved support for CNG certificates
CMG support for Azure Resource Manager
Approve application requests for users per device
Use Software Center to browse & install user-available applications on AADJ devices.
Report on Windows AutoPilot device information
Improvements to SCCM Policies for Windows Device Exploit Guard
Microsoft Edge browser policies
Report for default browser counts
Support for Windows 10 ARM64 devices
Changes to Phased Deployments
SCCM 1802 Preview CMG Supports Azure ARM – PXE without WDS – Table 1
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP from 2015 onwards for consecutive 10 years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career etc…
