- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
MDOP 2015 does not contain any new products. Instead, the update includes four individual product service packs. These service packs are for the virtualization solutions Microsoft Application Virtualization (App-V) and User Experience Virtualization (UE-V). The management applications, Microsoft BitLocker Administration and Monitoring (MBAM) and Advanced Group Policy Management (AGPM), also received a service pack.
Windows 10 support was also included for five of the six products. This support includes Windows PE 10 in the Diagnostics and Recovery Toolkit (DaRT). Tools in DaRT now have full support for Windows 10 as well.
Building a Windows 10 DaRT recovery image
Only the Microsoft Enterprise Desktop Virtualization (MED-V) portion did not receive any updates. This is logical seeing how Client Hyper-V can substitute for backward OS compatibility with newer Windows OSs. With all of our acronyms out of the way, let us jump into the single best feature of MDOP 2015.
New management and PowerShell features in MDOP 2015 ^
AGPM 4.0 SP3 includes PowerShell support for advanced Group Policy tasks! The new AGPM PowerShell module currently has six cmdlets. After you install the AGPM client, you can see these cmdlets by running the following PowerShell command:
Get-Command –Module AGPM
With just six cmdlets, though, an IT administrator now can automate the entire editing process of a GPO. Get-ControlledGPO will allow you to grab GPOs that are checked in and deployed. These objects can then be piped to the Unlock-ControlledGPO cmdlet. Unlocking a GPO is the command-line equivalent of checking it out in the AGPM console. After a GPO is checked out, an administrator can edit it through the Group Policy PowerShell module and then check the GPO back in for deployment.
Installing the AGPM 4.0 SP3 Client
Along with support for the Windows 10 operating systems, AGPM 4.0 SP3 makes current and future upgrades easier with the newly introduced Smart Upgrade feature. Smart Upgrade allows an AGPM Server or Client installation be taken to the latest version without the need to provide previously required configuration parameters. Environments running AGPM 4.0 through AGPM 4.0 SP2 can upgrade to AGPM 4.0 SP3 using Smart Upgrade. An APGM environment can jump from 4.0 through 4.0 SP2 to 4.0 SP3 without the need for prerequisite updates.
MBAM 2.5 received SP1 in the MDOP 2015 release. Additional product support has been added to MBAM. Windows 10 support was added for both MBAM 2.5 and MBAM 2.5 SP1. SQL 2014 is now supported on MBAM 2.5 SP1.
Windows 10 devices managed by MBAM 2.5 SP1 gain access to custom pre-boot URLs and recovery notifications. When an OS drive is locked, these devices can see a tailored message on how to initiate the process for unlocking the drive. The message can also include a custom URL. For example, the custom URL could point to your organization’s helpdesk. This feature is made possible by the Configure pre-boot recovery message and URL Group Policy setting. This administrative setting becomes available after the MDOP ADMX templates are added to your Central Store or GPMC. This setting is located in Computer Configuration/Policies/Administrative Templates/Windows Components/MDOP MBAM/Operating System Drive.
New virtualization and roaming features in MDOP 2015 ^
App-V 5.1 and UE-V 2.1 SP1 make up the bulk of the virtualization section in MDOP 2015. To use the App-V client on a Windows 10 device, your App-V infrastructure should be updated from 5.0 to 5.1. Unlike some previous App-V updates, 5.1 is applicable for the client, RDS Client, and Sequencer.
Building a new App-V 5.1 package in the updated Application Sequencer
Of the virtualization updates, UE-V 2.1 SP1 may be the more exciting of the two (I don’t count MED-V). This service pack makes user/device transitions even more seamless. The following major items now natively sync:
- Network printers
- Taskbar settings
- Outlook signatures (without user intervention)
UE-V 2.1 SP1 is also aware of other syncing platforms, such as Office 365 and Azure. If an organization uses Office 365 to roam settings, UE-V 2.1 will be aware of this and will not roam the same data. This is also true for Windows apps that are synced to Azure. Configuring the Group Policy settings Do Not Synchronize Windows Apps and Sync Windows Settings will prevent UE-V 2.1 from conflicting with Windows app sync to Azure. Both changes make UE-V easier to manage and troubleshoot.
Evaluating MDOP and learning more ^
In past MDOP reviews, I always made a point to address some missing feature that I couldn’t believe the MDOP team didn’t include. AGPM PowerShell support was always at the top of that list. This release of MDOP nailed every top feature request though! A big thank you to the teams at Microsoft for listening to customer feedback.