- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
Microsoft has publically released a couple of technical previews for System Center Configuration Manager (SCCM) 2016, and we now have a pretty good idea of how the final product will shape up. Your first question is probably “When will SCCM 2016 be released?” Microsoft is promising a release date during the fourth quarter of this year. Many expect a release early in that timeframe because Windows 10 will have been released for a couple of months at that point. Immediate support for Windows 10 comes in the form of service packs for SCCM 2012.
No surprise: Windows 10 support and feature targeting ranked high on the product schedule. However, this release is not a simple “make it work with Windows 10” update. Many other improvements were made to client management and to site setup.
Windows 10 support in SCCM 2016 ^
Microsoft’s big selling point for Windows 10 is that it is the OS for any device, from mobile devices to 100" screens. As expected, SCCM 2016 can support and manage these different device classes.
The variety of devices and UIs running Windows 10
With previous editions of Windows, most machines received the latest client OS through a wipe-and-load process (refresh or replace task sequences). User data was usually handled through User State Migration Toolkit, and applications were deployed through collections. This release of Configuration Manager supports this traditional method of OS deployment for Windows 10.
SCCM 2016 also supports Windows 10 upgrades through standard OS deployment task sequences. Some might know this technology as “in-place upgrades,” and many of us have had bad experiences in the past with it. It is time to use OS upgrades again!
Microsoft made a huge investment in OS upgrade technology with this release, and it appears extremely promising. Though anecdotal, my personal computer migrated nearly perfectly to Windows 10. Only three of my many applications required a reinstall/update. I am very excited to update corporate machines this way.
Mobile Windows 10 devices can also be managed with SCCM 2016 through the mobile device management roles. This integrates with a hybrid deployment of Microsoft Intune and allows for an onsite MDM. Your organization must have access to SCCM and a subscription to Intune to use these features. Though many organizations won’t take advantage of it, MDM support is also available for Windows 10 PCs, Windows IoT, and Windows Embedded devices.
SCCM 2016 in Azure ^
The release of SCCM 2016 marks Microsoft’s official support for running Configuration Manager in the cloud—specifically on Azure VMs. The complexity of SCCM has always kept it a bit behind in terms of infrastructure support (physical-to-virtual transition and onsite-to-cloud transition). Azure support removes that legacy tie.
Installing SCCM 2016 in an onsite infrastructure
Microsoft supports three scenarios for Azure deployment:
- SCCM 2016 in Azure managing VMs in Azure
- SCCM 2016 in Azure managing clients outside of Azure
- SCCM 2016 site roles in Azure with additional roles on premises
These scenarios can be combined into various hybrid deployments. Each setup must still conform to the software and hardware requirements for traditional Configuration Manager deployments.
Mobile management in SCCM 2016 ^
SCCM 2016 includes additional mobile device management capabilities as well. These can be used in deployments of SCCM when combined with Intune. Microsoft highlights two particular features: Application Management policies and Enhanced Data Protection.
With Application Management policies, administrators can change the default behavior of apps to provide better security. These policies behave similarly to administrative templates in Group Policy. For Android support, the device must run Android 4+. For Apple devices, iOS 7 or later is required.
Enhanced data protection is not so much about preventing loss of data as it is about preventing stolen data. The first added function is password reset. This allows for the removal of a mobile device passcode (or the setting of a secure temporary passcode). Either method can be done by selecting the device in the Configuration Manager console, choosing Remote Device Actions, and then choosing Reset Passcode. The device will report back after the action has completed.
Remote lock allows a device to be locked remotely. If a user loses a mobile device (and actually reports it to the IT department), the device can be locked through the Remote Device Actions menu. As with the passcode reset feature, the device will report back its locked state.
Additional features in SCCM 2016 ^
The Configuration Manager team made many other improvements to client activity, reporting, and deployments. SCCM 2016 introduces Preferred Management Points. Physical sites may have multiple management points assigned in a network boundary. Preferred Management Points allow for a specific server to be specified for clients in a location.
Client deployment reporting also received a bit of attention. As the SCCM client is being deployed, client status will appear in Monitoring – Client Status – Production client deployment. Reporting includes details in client upgrades and allows drilling down to individual devices.
The Client Status node in the Configuration Manager console
One final feature that excites me is multiple deployment with Automatic Deployment Rules (ADRs). ADRs control how updates are automatically distributed to clients. Before SCCM 2016, one rule was needed for each collection. For complex environments (or staged update rollouts), multiple rules were needed for the same update. With SCCM 2016, a single ADR can be deployed to multiple collections. As expected, each deployment can have individual deployment properties specified (such as a deadline or UI setting).
As you can see, SCCM 2016 is shaping up to be a worthy upgrade that will keep System Center at the top of the client management sphere. Microsoft addressed many of the issues seen in previous versions, adapted its product for the ever-changing world, and has still made the system management tool easier to manage. You can find out more information and download an evaluation copy from TechNet.