Release notes for Configuration Manager

Applies to: Configuration Manager (current branch)

With Configuration Manager, product release notes are limited to urgent issues. These issues aren't yet fixed in the product, or detailed in a troubleshooting article.

Feature-specific documentation includes information about known issues that affect core scenarios.

This article contains release notes for the current branch of Configuration Manager. For information on the technical preview branch, see Technical Preview.

For information about the new features introduced with different versions, see the following articles:


You can use RSS to be notified when this page is updated. For more information, see How to use the docs.

Client management

Some policies may not apply to upgraded clients

Applies to version 2107 early update ring

When you upgrade the client from versions 2010 or 2103 to version 2107, the following policies may not apply on some devices:

  • Co-management policies on Windows 10 Enterprise multi-session devices such as Azure Virtual Desktop, and Windows 11 Insider Preview devices
  • Desktop Analytics on any Windows version
  • Windows Update for Business policies on Windows 10 x86 and ARM
  • Microsoft Edge browser profiles on Windows 10 x64 and x86


The timing of how clients apply and evaluate these policies is non-deterministic. Even if you have these policies and these supported platforms, they may not immediately experience this issue.

When you look at the Configurations tab of the Configuration Manager control panel on the client, it will be blank.

This issue is fixed in the build of version 2107 that's now generally available for all customers. If you previously opted in to the early update ring, install the Update for Microsoft Endpoint Configuration Manager version 2107, early update ring.

Client notification actions apply to entire collection

Applies to version 2010

When you use a client notification action on a device in a collection, the action applies to all devices in the collection.

For example:

  1. In the Configuration Manager console, go to the Assets and Compliance workspace, and select the Device Collections node.

  2. Select a collection, and then choose the Show Members action.

  3. Select a device in the collection. In the ribbon on the Home tab, select Client Notification, and choose an action such as Restart.

    Because of this issue, this action applies to all members of the collection, not just the selected client.


    This issue doesn't apply to the Start CMPivot or Run Script options.

To work around this issue, install the following hotfix: Client notifications sent to all collection members in Configuration Manager current branch, version 2010.

You can also use the Devices node. Find the device in the list and start the action from there.


This issue also applies to the Invoke-CMClientAction PowerShell cmdlet and other SDK methods, if you don't include a collection object or ID.

Set up and upgrade

Version 2107 update fails to download

Applies to: version 2107 and later

The update for Configuration Manager version 2107 is available to download, but it fails to download. The dmpdownloader.log on the service connection point has entries similar to the following:

Download large file with BITs
WARNING: EasySetupDownloadSinglePackage Failed with exception: The remote name could not be resolved: ''
WARNING: Retry in the next polling cycle

This failure happens because the service connection point can't communicate with the required internet endpoint, Confirm that the site system that hosts the service connection point role can communicate with this internet endpoint. It was already required, but its use is expanded in version 2107. The site system can't download version 2107 or later unless your network allows traffic to this URL.

For more information, see internet access requirements for the service connection point.

Management point installation or update fails because of later Visual C++ version

Applies to: version 2107 early update ring

If the site system server has a version of the Visual C++ redistributable later than 14.28.29914, Configuration Manager setup will fail to install or update the management point role.

To work around this issue, temporarily uninstall the later version of Visual C++ redistributable. When you install Configuration Manager version 2107, it will install version 14.28.29914.

OS deployment

Image servicing with Windows Server 2022

Applies to: version 2107

If you try to apply software updates to an image for Windows Server 2022, no updates display as available to install.

This issue is caused by a change to the Windows update category for Server 2022.

To resolve this issue, install the update rollup for Configuration Manager version 2107.

Task sequence and application policy issue

Applies to: version 2107 early update ring installed between August 2, 2021 and August 6, 2021

If you have all of the following conditions:

  • Task sequence A

    • Includes the Install Application step with app X
    • Deployed and made available to either type that includes Configuration Manager clients
  • Task sequence B

    • Includes the Install Application step with the same app X
    • Deployed and made available to either Only media and PXE option

After you update to version 2107, if you make any change to app X, then task sequence A will fail to run on clients that receive the deployment policy after the site update. The Configuration Manager client can't get all of the policies for the task sequence and referenced applications. For clients that already had the deployment policy for task sequence A before the site update, the task sequence will run, but clients won't have the revised application policy.

You can run the following SQL script on a primary site database to determine if your site has this issue:

select COUNT(*) from Policy where PolicyID like '%/VI%' 
  AND ((ISNULL(PolicyFlags, 0) & 4096 = 4096) 
  OR (ISNULL(PolicyFlags, 0) & 2048 = 2048))

If this query returns 0, there's currently no issue. If the query returns a non-zero value, the issue only exists given the above conditions.


If there are many media and PXE task sequences that reference an application that you revise, the site will take longer to update these task sequence policies. During this time, some media and PXE task sequence deployments may fail. There's no workaround for this timing issue.

Workaround for task sequence and application policy issue in version 2107 early update ring

This issue is fixed in the build of version 2107 that's now generally available for all customers. If you previously opted in to the early update ring, install the Update for Microsoft Endpoint Configuration Manager version 2107, early update ring.

For OS deployment task sequences to existing clients not with PXE, you may see entries similar to the following strings in the ExecMgr.log on the client:

cannot load compressed XML policy
Failed to load policy from XML ''
Could not find the policy in WMI for Application ScopeId_88A86770-F44E-47C8-BF8D-3C1B8A5DF3AA/Application_b711f24c-f766-41e0-9c41-02313b2c8be3
Unable to find application policy for [advertisement: PR220005 appid: ScopeId_88A86770-F44E-47C8-BF8D-3C1B8A5DF3AA/Application_b711f24c-f766-41e0-9c41-02313b2c8be3]
Fail to initialize TS member info, error 0x87d02004

For this issue, after you install the update for version 2107 early update ring, run the following SQL query on the primary site to which the client is assigned:

select distinct ci.CI_ID from vSMS_ConfigurationItems ci
join CI_ConfigurationItemRelations_Flat cir on cir.ToCI_ID = ci.CI_ID and cir.RelationType = 11
join vSMS_ConfigurationItems intent_ci on intent_ci.CI_ID = cir.FromCI_ID
join policy p on p.PolicyID = intent_ci.ModelName+'/VI' and ((p.PolicyFlags & 0x800) > 0 or (p.PolicyFlags & 0x1000) > 0)
where ci.CIType_ID = 10 and ci.IsLatest = 1 and ci.IsTombstoned = 0

For each CI_ID that this query returns, create a 0-KB file named <ci_id>.cit. For example, 16777225.cit. Move the file to the directory on the primary site server. For example, \\\SMS_PR1\inboxes\\.

Software updates

Security roles are missing for phased deployments

The OS Deployment Manager built-in security role has permissions to phased deployments. The following roles are missing these permissions:

  • Application Administrator
  • Application Deployment Manager
  • Software Update Manager

The App Author role may appear to have some permissions to phased deployments, but can't create deployments.

A user with one these roles can start the Create Phased Deployment wizard, and can see phased deployments for an application or software update. They can't complete the wizard, or make any changes to an existing deployment.

To work around this issue, create a custom security role. Copy an existing security role, and add the following permissions on the Phased Deployment object class:

  • Create
  • Delete
  • Modify
  • Read

For more information, see Create custom security roles

Configuration Manager console

Supported platform conditions don't update for some objects

Applies to version 2107

You can select supported platforms on many objects such as applications, task sequences, and configuration items. Starting in version 2107, these lists are updated to include categories for Windows 11. After you update the primary site to version 2107, there are different behaviors depending upon the type of object:

  • Within 24 hours of updating the site, the supported platforms for the following objects will automatically update:

    • Packages and programs
    • Task sequences
    • Compliance settings, for example, endpoint protection

    In that initial 24-hour period, existing policies with Windows 10 conditions also apply to Windows 11. After the site updates the objects, they only apply to Windows 10. You can select Windows 11 as a supported platform at any time.

  • You need to manually review and update the supported platforms for the following objects:

    • Applications
    • Configuration items
    • Objects referenced in a task sequence

    For these objects, existing policies with Windows 10 conditions also apply to Windows 11. You need to manually revise the supported platform list.

Configuration Manager console settings aren't saved

Applies to version 2107

When you install the 2107 version of the Configuration Manager console, settings such as column changes, window size, and searches aren't saved. When you first open the upgraded console, it will appear as if it was never previously installed on the device. Any console settings made after installing the 2107 version of the Configuration Manager console will persist when you reopen it.

Console extensions

Applies to version 2103

There's a new hierarchy setting that allows for only using the new style of console extensions. If this setting is enabled, you can't use any old style extensions that aren't approved through the Console Extensions node. The setting, Only allow console extensions that are approved for the hierarchy, is enabled by default if you installed from the 2103 baseline build. If you update the site from version 2010 or earlier, it's disabled by default.

If the setting was enabled in error, disabling the setting allows the old style extensions to be used again.


Favorite queries lose line breaks or are truncated

Applies to: version 2107 early update ring

After you update the site to version 2107, there are two issues with CMPivot queries that you saved as a favorite:

  • When you edit the query, you may see unexpected characters like \r or \t.

  • The query after the last comma (,) is removed.

This issue is fixed in the build of version 2107 that's now generally available for all customers. If you previously opted in to the early update ring, install the Update for Microsoft Endpoint Configuration Manager version 2107, early update ring.