- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
Microsoft has publically released a couple of technical previews for System Center Configuration Manager (SCCM) 2016, and we now have a pretty good idea of how the final product will shape up. Your first question is probably “When will SCCM 2016 be released?” Microsoft is promising a release date during the fourth quarter of this year. Many expect a release early in that timeframe because Windows 10 will have been released for a couple of months at that point. Immediate support for Windows 10 comes in the form of service packs for SCCM 2012.
No surprise: Windows 10 support and feature targeting ranked high on the product schedule. However, this release is not a simple “make it work with Windows 10” update. Many other improvements were made to client management and to site setup.
Windows 10 support in SCCM 2016
Microsoft’s big selling point for Windows 10 is that it is the OS for any device, from mobile devices to 100" screens. As expected, SCCM 2016 can support and manage these different device classes.
The variety of devices and UIs running Windows 10
With previous editions of Windows, most machines received the latest client OS through a wipe-and-load process (refresh or replace task sequences). User data was usually handled through User State Migration Toolkit, and applications were deployed through collections. This release of Configuration Manager supports this traditional method of OS deployment for Windows 10.
SCCM 2016 also supports Windows 10 upgrades through standard OS deployment task sequences. Some might know this technology as “in-place upgrades,” and many of us have had bad experiences in the past with it. It is time to use OS upgrades again!
Microsoft made a huge investment in OS upgrade technology with this release, and it appears extremely promising. Though anecdotal, my personal computer migrated nearly perfectly to Windows 10. Only three of my many applications required a reinstall/update. I am very excited to update corporate machines this way.
Mobile Windows 10 devices can also be managed with SCCM 2016 through the mobile device management roles. This integrates with a hybrid deployment of Microsoft Intune and allows for an onsite MDM. Your organization must have access to SCCM and a subscription to Intune to use these features. Though many organizations won’t take advantage of it, MDM support is also available for Windows 10 PCs, Windows IoT, and Windows Embedded devices.
SCCM 2016 in Azure
The release of SCCM 2016 marks Microsoft’s official support for running Configuration Manager in the cloud—specifically on Azure VMs. The complexity of SCCM has always kept it a bit behind in terms of infrastructure support (physical-to-virtual transition and onsite-to-cloud transition). Azure support removes that legacy tie.
Installing SCCM 2016 in an onsite infrastructure
Microsoft supports three scenarios for Azure deployment:
- SCCM 2016 in Azure managing VMs in Azure
- SCCM 2016 in Azure managing clients outside of Azure
- SCCM 2016 site roles in Azure with additional roles on premises
These scenarios can be combined into various hybrid deployments. Each setup must still conform to the software and hardware requirements for traditional Configuration Manager deployments.
Mobile management in SCCM 2016
SCCM 2016 includes additional mobile device management capabilities as well. These can be used in deployments of SCCM when combined with Intune. Microsoft highlights two particular features: Application Management policies and Enhanced Data Protection.
With Application Management policies, administrators can change the default behavior of apps to provide better security. These policies behave similarly to administrative templates in Group Policy. For Android support, the device must run Android 4+. For Apple devices, iOS 7 or later is required.
Enhanced data protection is not so much about preventing loss of data as it is about preventing stolen data. The first added function is password reset. This allows for the removal of a mobile device passcode (or the setting of a secure temporary passcode). Either method can be done by selecting the device in the Configuration Manager console, choosing Remote Device Actions, and then choosing Reset Passcode. The device will report back after the action has completed.
Remote lock allows a device to be locked remotely. If a user loses a mobile device (and actually reports it to the IT department), the device can be locked through the Remote Device Actions menu. As with the passcode reset feature, the device will report back its locked state.
Additional features in SCCM 2016
The Configuration Manager team made many other improvements to client activity, reporting, and deployments. SCCM 2016 introduces Preferred Management Points. Physical sites may have multiple management points assigned in a network boundary. Preferred Management Points allow for a specific server to be specified for clients in a location.
Client deployment reporting also received a bit of attention. As the SCCM client is being deployed, client status will appear in Monitoring – Client Status – Production client deployment. Reporting includes details in client upgrades and allows drilling down to individual devices.
The Client Status node in the Configuration Manager console
One final feature that excites me is multiple deployment with Automatic Deployment Rules (ADRs). ADRs control how updates are automatically distributed to clients. Before SCCM 2016, one rule was needed for each collection. For complex environments (or staged update rollouts), multiple rules were needed for the same update. With SCCM 2016, a single ADR can be deployed to multiple collections. As expected, each deployment can have individual deployment properties specified (such as a deadline or UI setting).
As you can see, SCCM 2016 is shaping up to be a worthy upgrade that will keep System Center at the top of the client management sphere. Microsoft addressed many of the issues seen in previous versions, adapted its product for the ever-changing world, and has still made the system management tool easier to manage. You can find out more information and download an evaluation copy from TechNet.
Want to write for 4sysops? We are looking for new authors.
“Though anecdotal, my personal computer migrated nearly perfectly to Windows 10. Only three of my many applications required a reinstall/update”
Err, multiply that by 1000 computers and possibly it being different applications on each computer…why on earth would I do that?
I probably should have explained the apps a bit more. The three that didn’t work: RSAT for Windows 8.1, DisplayLink Video Driver for Windows 8.1, and vSphere 4.1 Client (used for an old testing domain).
Fair enough then I suppose. However, we almost exclusively store data on network drives (or memory sticks if users choose) and keep almost all the computers easily wipeable, I’ll stick with wipe and install
I have to echo Kris’s concerns. in-place upgrades may work most of the time, but “most of the time” doesn’t really cut it compared to the reliability of a clean install. Why hope everything upgraded correctly versus the much higher probability of a successful clean install.
Anecdotally, my Windows 10 upgrade worked great for the most part, but the taskbar and desktop froze up immediately and didn’t clear itself up until a few reboots later. Nothing I clicked on would register. My computer was unusable until that was fixed. I’ll give kudos to Windows self-repair ability for that one.
Like anything, it will have its place. Personally, I will do a clean install on any shared used machine. Depending on the user, I may or may not do an upgrade. Just nice to see so much effort being put into the upgrade process.
I am trying to understand if MICROSOFT have intergrated Powershell DSC and SCCM 2016? I spoke to both product teams last year and they agreed that they needed to intergrate both services but they were not 100% sure how this was going to work. Microsoft did point out the difference between use cases via the pets and cattle metaphor ie SCCM is for managing Pets and powershell DSC / Oneget is for managing Cattle. (This metaphor is a used a lot with DevOps, Infrastucture as code,chef etc)To my mind 90% of desktops fall into the Cattle camp. I was hoping to be able to use SCCM to dynamically create and distribute the device DSC MOF file and then be able to report / audit on any device config drift. Microsoft did also confirm DSC was the future of device management hence If SCCM has little or no integration with DSC then is it RIP SCCM?
I would imagine that we will see this integration in one of the upcoming quarterly releases for SCCM. My guess is shortly after 2016 is fully released.
Is it possible that MS decides to orphan SCCM and push all into DSC or some new integrated product name anytime within the next 3-5 years?? Is there a concern out there…?
I don’t see that occurring at in that time frame. I do think you will continue to see a push into Intune but learning SCCM also gives you experience with Intune.