Let’s discuss and give you a walkthrough of the new features of the SCCM 1906 (SCCM 1906 New Features) production version. I have explained and shown most of these new features in the video tutorial.
NOTE! – Many of you are interested to know whether MBAM was made to the production version of SCCM 1906 or not. And the news is “MBAM is NOT part of SCCM 1906 Production release.”
Subscribe to this Blog via Email
Upgrade SCCM to 1906?
I have discussed all the upgrade scenarios in the following blog post. I would recommend reading this post before proceeding with the SCCM 1906 upgrade.
Download SCCM 1906 and install that version using the following guide.
SCCM 1906 Upgrade Walkthrough Video Guide
Changes in Client Cache Settings
There are some noticeable changes in SCM Client cache setting policy options under the default client settings. Following are some of the highlighted changes:
- Minimum duration before cached content can be removed (minutes)
- Enable as peer cache source (renamed the old setting called Enable Configuration Manager client in full OS to share content)
Communication Security tab
There is one new Communication Security tab in SCCM 1906 Site Properties. No, it’s not a new tab with new options.
Instead, this is the Client Computer communication tab that got renamed to Communication Security Tab. I think this name change makes a lot of sense.
NTLM Detection
New SCCM Management insights rule for NTLM detection – A new inclusion rule detects if you enabled the less secure NTLM authentication fallback method for the site: NTLM fallback is enabled.
Microsoft’s message – “Kerberos is the latest, most secure, and recommended authentication method in a Windows Environment. Disable NTLM fallback (Client Push Scenario and WinPE using Network Access Account?) to increase the security of the Configuration Manager site.”
Azure Active Directory user group discovery
Azure AD user discovery was always available with SCCM 1902 version. But, SCCM 1906 comes with the next level of Azure AD Discovery feature called “Enable Azure Active Directory Group Discovery.”
Once you enable AAD Group discovery, users found in Azure AD groups that haven’t been previously discovered will be added as user records in SCCM. Click on the setting to schedule the Azure AD User Group discovery.
What about Azure AD Device Group Discovery? Would that work? I don’t know; I never tested it. But, it seems it’s not a supported scenario yet.
Synchronize collection membership results to Azure Active Directory groups
The SCCM Collection synchronization allows you to use your existing on-premises grouping rules in the cloud by creating Azure AD group memberships based on collection membership results.
Co-Management Improvements
Multiple pilot groups for co-management workloads – Each workload can be assigned to a pilot collection.
Group Multiple Applications
Deploy Application Groups to Collections – Create a group of applications that you can send to a user or device collection as a single deployment.
Third-Party Software Updates
I think a new partner catalog has been added to SCCM 1906 production version. Also, I assume there is support for Catalog version 3 for third-party software update feature.
Retry the installation of pre-approved applications
There is a new option in SCCM 1906 to Retry the installation of pre-approved applications. You can now retry the installation of an app you previously approved for a user or device.
Install an application for a device
This option will help to reduce the number of collections in the SCCM environment. Install an application for a device – From the SCCM console, you can now install applications to a device in real-time.
Task sequence Debug Option
The SCCM TS debugger option in SCCM 1906 helps troubleshoot the Task Sequence scenarios. This option is similar to Simulate Application option.
The Task sequence debugger – The task sequence debugger is a new troubleshooting tool.
Clear App Content from client cache during a task sequence
This clear cache option is handy for modern desktops with less SSD storage:) Clear app content from client cache during task sequence – In the Install Application task sequence step, you can now delete the app content from the client cache after the action runs.
Pre-cache driver packages and OS images
Pre-cache driver packages and OS images – Task sequence pre-cache now includes additional content types like
- OS images
- Driver Packages
- Packages.
OneTrace – New SCCM Log File Reader
OneTrace (CMPowerLogViewer.exe) is a new log viewer within the Support Center toolkit. The SCCM OneTrace log reader tool works similarly to CMTrace but much more fast and more powerful.
C:\Program Files (x86)\Configuration Manager Support Center\CMPowerLogViewer.exe
NOTE! OneTrace (CMPowerLogViewer.exe) might not work in WinPE because of the Windows Presentation Foundation (WPF) component dependency.
Many Improvements to Software Center
Many Improvements to Software Center – My favorite is direct links to the software center:page=CustomTab1.
Use the following URL format to open Software Center to a particular tab from Start Menu – RUN: software-center:page=Applications.
The string Applications is the first custom tab in order. For example, type this URL in the Windows Run window. You can also use this syntax to open default tabs in SCCM Software Center.
SCCM WSUS Maintenance – New Tasks
SCCM 1906 comes with more control over WSUS maintenance tasks. There are two new maintenance tasks got introduced with SCCM 1906.
- Decline expired updates in WSUS according to supersedence rules (available in SCCM 1902 as well)
- Add non-clustered indexes to the WSUS database (new one)
- Remove obsolete updates from the WSUS database (new one)
Configure the default maximum run time for software updates
Configure the default maximum run time for software updates – You will get different maximum run time options for Windows 10 upgrades and patches.
- Maximum runtime for Windows Feature updates (minutes) – 120
- Maximum runtime for Office 365 updates and non-feature updates for Windows (minutes) – 60
SCCM Folder RBAC
Role-based access for folders (SCCM Folder RBAC options)- You can now set security scopes on folders. If you have access to an object in the folder but don’t have access to the folder, you’ll be unable to see the thing.
Administration service support for security nodes
Administration service support for security nodes – You can now enable some nodes of the SCCM console to use the administration service.
New Site server maintenance task improvements
Site server maintenance task improvements – Site server maintenance tasks can now be viewed and edited from their tab on the details view of a site server.
- In the Administration node, expand Site Configuration, then click on Sites.
- Select a site from your list, then click on the Maintenance Tasks tab in the detail panel.
- Right-click one of the maintenance tasks and select one of the following options: Enable – Turn on the task.
- Disable – Turn off the task.
- Edit – Edit the task schedule or its properties.
Desktop Analytics
Desktop analytics is not new to SCCM 1906 version. It was available for SCCM 1902 with the latest KB. You can refer to the following blog posts to get more details about Desktop Analytics.
- Desktop Analytics Configuration Step by Step Guide – Device Mgmt Portal
- SCCM Desktop Analytics Integration step by step guide
CMPivot Standalone
You can run CMPivot outside of the Configuration Manager console to view the real-time state of devices in your environment.
This change in SCCM 1906 enables us to use CMPivot on a device without first installing the SCCM console.
You can install CMPivot.MSI from the following path C:\Program Files\Microsoft Configuration Manager\tools\CMPivot\CMPivot.MSI. The CMPivot would be a standalone tool for real-time analysis for your helpdesk and security teams.
SCCM 1906 WVD Support
Windows Virtual Desktop is the new multi-session (concurrent users on Windows 10 virtual machine). The WVD is similar to a terminal server running on Windows 10 machine from an SCCM perspective.
In SCCM 1906 version, Microsoft included the support for managing the Azure WVD virtual machines. The best option is to deploy applications to devices instead of users.
The previous post, ” SCCM/Intune VDI and WVD support,” explains more thoughts on SCCM Intune Support for VDI Devices Persistent Non-Persistent.”
SCCM 1906 PowerShell Cmdlet Changes
Let’s check out the PowerShell changes/updates/enhancements available with SCCM 1906 production release.
Cmdlet Library changes for version 1906. More details available https://docs.microsoft.com/en-us/powershell/sccm/1906-release-notes?view=sccm-ps
Get-CMTSStepRunTaskSequence |
New-CMSoftwareCenterTabItem |
New-CMTSStepRunTaskSequence |
Remove-CMTSStepRunTaskSequence |
Set-CMScript |
Set-CMTSStepRunTaskSequence |
Video SCCM 1906
Resources – SCCM 1906 New Features
- New Features of SCCM 1906 production version – Microsoft documentation
- Announcement Post of SCCM 1906 release
My SCCM v1810 database is hosted by SQL AlwaysOn availability group. My upgrade to v1906 is failing -even after running the prerequisites check with no issues- saying that the \ConfigMgr_DViewAccess user account already exists pointing to a different login. If I change this user settings pointing to the current SQL node and retry the upgrade, it fails again when the upgrade task fails over to the secondary cluster node with the same error message:
*** IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name=’\ConfigMgr_DViewAccess’) BEGIN CREATE USER [\ConfigMgr_DViewAccess] FROM LOGIN [\ConfigMgr_DViewAccess] END
*** [42000][15063][Microsoft][SQL Server Native Client 11.0][SQL Server]The login already has an account under a different user name.
Any clues?