What's new in version 1702 of Configuration Manager

Applies to: Configuration Manager (current branch)

Update 1702 for Configuration Manager current branch is available as an in-console update for previously installed sites that run version 1602, 1606, or 1610. It's also available as a baseline version you can use when installing a new deployment.

Tip

To install a new site, you must use a baseline version of Configuration Manager.

Learn more about:

The following sections provide details about changes and new capabilities introduced in version 1702 of Configuration Manager.

Deprecated features and operating systems

Learn about support changes before they're implemented in removed and deprecated items.

Version 1702 drops support for the following products:

  • SQL Server 2008 R2, for site database servers. Deprecation of support was first announced on July 10, 2015. This version of SQL Server remains supported when you use a Configuration Manager version prior to version 1702.
  • Windows Server 2008 R2, for site system servers and most site system roles. Deprecation of support was first announced on July 10, 2015. This version of Windows remains supported when you use a Configuration Manager version prior to version 1702.
  • Windows Server 2008, for site system servers and most site system roles. Deprecation of support was first announced on July 10, 2015.
  • Windows XP Embedded, as a client operating system. Deprecation was first announced on July 10, 2015. This version of Windows remains supported when you use a Configuration Manager version prior to version 1702.

Site infrastructure

The following are improvements to using search in the Configuration Manager console:

  • Object Path:
    Many objects now support a column named Object Path. When you search and include this column in your display results, you can view the path to each object. For example, if you run a search for apps in the Applications node and are also searching subnodes, the Object Path column in the results pane will show you the path to each object that is returned.

  • Preservation of search text:
    When you enter text into the search text box, and then switch between searching a subnode and the current node, the text that you typed will now persist and remain available for a new search without having to reenter it.

  • Preservation of your decision to search sub-nodes:
    The option that you choose for searching the current node or all subnodes now persists when you change the node you're working in. This new behavior means that you don't need to constantly reset this decision as you move around the console. By default, when you open the console the option is to search only the current node.

Send feedback from the Configuration Manager console

You can use the in-console feedback options to send feedback directly to the development team.

You can find the Feedback option:

  • In the ribbon, at the far left of the Home tab of each node.
    Ribbon

  • When you right-click on any object in the console.
    Right-click option

    Choosing Feedback opens your browser to the Configuration Manager feedback website.

Changes for Updates and Servicing

The following are changes for Updates and Servicing:

  • Node location
    After installing version 1702, the Updates and Servicing node appears as a top-level node under Administration. It's no longer a child node below Cloud Services.

  • New update states
    When you view available updates in the console, there are two new states:

    • Available for install - This is an update that has been downloaded and ready to install.
    • Ready for download - This update is available, but hasn't been downloaded. You can choose to download this update, but it has been superseded by a more recent update.
  • Simpler update choices
    The next time your infrastructure qualifies for two or more updates, only the latest update is downloaded. For example, if your current site version is two or more older than the most recent version that is available, only that most recent update version is downloaded automatically.

    You can choose to download and install the other available updates, even when they aren't the most current version. If you download an older update, you'll receive a warning that the update has been replaced by a newer one. To download an update that is Available to Download, select the update in the console and then click Download.

  • Improved cleanup of older updates
    We added an automatic clean-up function that deletes the unneeded downloads from the 'EasySetupPayload' folder on your site server. Because this is introduced with version 1702, cleanup begins to work after installing a subsequent update like an update rollup or future update version.

Data Warehouse service point

Use the Data Warehouse service point to store and report on long-term historical data for your Configuration Manager deployment.

The data warehouse supports up to 2 TB of data, with timestamps for change tracking. Storage of data is accomplished by automated synchronizations from the Configuration Manager site database to the data warehouse database. This information is then accessible from your Reporting Services point.

For more information, see The Data Warehouse service point.

Peer Cache improvements

Beginning with version 1702, a peer cache source computer will reject a request for content when the peer cache source computer meets any of the following conditions:

  • Is in low battery mode.
  • CPU load exceeds 80% at the time the content is requested.
  • Disk I/O has an AvgDiskQueueLength that exceeds 10.
  • There are no more available connections to the computer.
    For more information, see Limited access to a peer cache source in Peer Cache for Configuration Manager clients.

Additionally, three new reports are added to your reporting point. You can use these reports to understand more details about rejected content requests, including which boundary group, computer, and content was involved. See Monitoring in the peer cache topic.

Content library cleanup tool

Use the content library cleanup tool to remove content from distribution points when that content is no longer associated with an application.

Use the OMS connector with the Azure Government cloud

You can use the OMS connector to connect to OMS Log Analytics in Microsoft Azure Government cloud. This requires you to modify a configuration file before you install the OMS connector so that the connector can work with the Government cloud. For more information, see Use the OMS connector with the Azure Government cloud.

Software update points are added to boundary groups

Beginning with version 1702, clients use boundary groups to find a new software update point, and to fall back and find a new software update point if their current one is no longer accessible. You can add individual software update points to different boundary groups to control which servers a client can find. For more information, see software update points in the configuring boundary groups topic.

Compliance settings

New compliance settings for iOS

We've added many new settings for iOS devices to match those available with Microsoft Intune.

Application Management

Improved support for Windows Store for Business apps

You can now deploy online licensed apps from the Windows Store for Business to Windows 10 PCs that you manage using the Configuration Manager client. For more information, see Manage apps from the Windows Store for Business.

Check for running executable files before installing an application

In the Properties dialog box of a deployment type, on the Install Behavior tab, you can now specify one of more executable files that, if running, will block the installation of the deployment type. The user must close the running executable file (or it can be closed automatically for deployments with a purpose of required) before the deployment type can be installed.

If the application was deployed as Available, and an end user tries to install an application, they'll be prompted to close any running executables you specified before they can proceed with the installation.

If the application was deployed as Required, and the option Automatically close any running executables you specified on the install behavior tab of the deployment type properties dialog box is selected, they'll see a dialog box which informs them that executables you specified will be automatically closed when the application installation deadline is reached.

App management improvements for hybrid MDM

Operating system deployment

Expire stand-alone media

When you create standalone media, there are new options to set optional start and expiration dates on the media. These settings are disabled by default. The dates are compared to the system time on the computer before the stand-alone media runs. When the system time is earlier than the start time or later than the expiration time, the stand-alone media is not started. These options are also available by using the New-CMStandaloneMedia PowerShell cmdlet. For details, see Create stand-alone media.

Package ID displayed in task sequence steps

Any task sequence step that references a package, driver package, operating system image, boot image, or operating system upgrade package will now display the package ID of the referenced object. When a task sequence step references an application, it will display the object ID.

Support for additional content in stand-alone media

Additional content is now supported in stand-alone media. You can select additional packages, driver packages, and applications to be staged on the media along with the other content referenced in the task sequence. Previously, only content referenced in the task sequence was staged on stand-alone media. For details, see Create stand-alone media.

Hardware inventory collects UEFI information

A new hardware inventory class (SMS_Firmware) and property (UEFI) are available to help you determine whether a computer starts in UEFI mode. When a computer is started in UEFI mode, the UEFI property is set to TRUE. This is enabled in hardware inventory by default. For more information about hardware inventory, see How to configure hardware inventory.

Improvements to Software Center warning messages for high-impact task sequences

This release includes the following improvements to Software Center warning messages for high-impact deployment task sequences:

  • In the properties for the task sequence, you can now configure any task sequence, including non-operating system task sequences, as a high-risk deployment. Any task sequence that meets certain conditions is automatically defined as high-impact. For details, see Manage high-risk deployments.
  • In the properties for the task sequence, you can choose to use the default notification message or create your own custom notification message for high-impact deployments.
  • In the properties for the task sequence, you can configure Software Center properties, which include make a restart required, the download size of the task sequence, and the estimated run time.
  • The default high-impact deployment message for in-place upgrades now states that your apps, data, and settings are automatically migrated. Previously, the default message for any operating system installation indicated that all apps, data, and settings would be lost, which wasn't true for an in-place upgrade.

For more information, see Set a task sequence as high-impact.

Return to previous page when a task sequence fails

You can now return to a previous page when you run a task sequence and there's a failure. Prior to this release, you had to restart the task sequence when there was a failure. For example, you can use the Previous button in the following scenarios:

  • When a computer starts in Windows PE, the task sequence bootstrap dialog might display before the task sequence is available. When you click Next in this scenario, the final page of the task sequence displays with a message that there are no task sequences available. Now, you can click Previous to search again for available task sequences. You can repeat this process until the task sequence is available.
  • When you run a task sequence, but dependent content packages aren't yet available on distribution points, the task sequence fails. You can now distribute the missing content (if it wasn't distributed yet) or wait for the content to be available on distribution points, and then click Previous to have the task sequence search again for the content.

Pre-cache content for available deployments and task sequences

Beginning in version 1702, for available deployments of task sequences, you can choose to use pre-cache content. Pre-cache content gives you the option to allow the client to only download the applicable content as soon as it receives the deployment. Therefore, when the user clicks Install in Software Center, the content is ready and the installation starts quickly because the content is on the local hard drive. For details, see Configure pre-cache content.

Convert from BIOS to UEFI during an in-place upgrade

Windows 10 Creators Update introduces a simple conversion tool that automates the process to repartition the hard disk for UEFI-enabled hardware and integrates the conversion tool into the Windows 7 to Windows 10 in-place upgrade process. When you combine this tool with your operating system upgrade task sequence and the OEM tool that converts the firmware from BIOS to UEFI, you can convert your computers from BIOS to UEFI during an in-place upgrade to the Windows 10 Creators Update. For details, see Task sequence steps to manage BIOS to UEFI conversion.

Improvements to the Install Applications task sequence step

This version introduced the following improvements:

  • Increased the maximum number of applications that you can install to 99 in the Install Applications task sequence step. The previous maximum number was 9 applications.
  • When you add applications to the Install Applications task sequence step in the task sequence editor, you can now select multiple applications from the Select the application to install pane.

Improvements to the Auto Apply Driver task sequence

New task sequence variables are now available to configure the timeout value on the Auto Apply Driver task sequence step when making HTTP catalog requests. The following variables and default values (in seconds) are available:

  • SMSTSDriverRequestResolveTimeOut
    Default: 60
  • SMSTSDriverRequestConnectTimeOut
    Default: 60
  • SMSTSDriverRequestSendTimeOut
    Default: 60
  • SMSTSDriverRequestReceiveTimeOut
    Default: 480

Windows 10 ADK tracked by build version

The Windows 10 ADK is now tracked by build version to ensure a more supported experience when customizing Windows 10 boot images. For example, if the site uses the Windows ADK for Windows 10, version 1607, only boot images with version 10.0.14393 can be customized in the console. For details about customizing WinPE versions, see Customize boot images.

Default boot image source path can no longer be changed

Default boot images are managed by Configuration Manager and the default boot image source path can no longer be changed in the Configuration Manager console or by using the Configuration Manager SDK. You can continue to configure a custom source path for custom boot images.

Default boot images are regenerated after upgrading Configuration Manager to a new version

Beginning in this release, when you upgrade the Windows ADK version and then use updates and servicing to install the latest version of Configuration Manager, Configuration Manager regenerates the default boot images. This includes the new Window PE version from the updated Windows ADK, the new version of the Configuration Manager client, drivers, customizations, etc. Custom boot images aren't modified. For details, see Manage boot images.

Software updates

Deploy Microsoft 365 apps to clients

Beginning in version 1702, from the Office 365 Client Management dashboard, you can start the Office 365 Installer that lets you configure installation settings, download files from Office Content Delivery Networks (CDNs), and deploy the files as an application in Configuration Manager. For details, see Manage Microsoft 365 Apps updates.

Important

The Microsoft 365 app that you create and deploy by using the Office 365 Application Wizard in Configuration Manager is not automatically managed by Configuration Manager until you enable the Enable management of the Office 365 Client Again software updates client agent setting. For details, see About client settings.

Manage Express installation files for Windows 10 updates

Beginning in version 1702, Configuration Manager supports express installation files for Windows 10 updates. When you use a supported version of Windows 10, you can use Configuration Manager settings to download only the changes between the current month's Windows 10 Cumulative Update and the previous month's update. Without express installation files, Configuration Manager downloads the full Windows 10 Cumulative Update (including all updates from previous months) each month. Using express installation files provides for smaller downloads and faster installation times on clients. For details, see Manage express installation files for Windows 10 updates.

Mobile device management

Android and iOS versions are no longer targetable in creation wizards for hybrid MDM

Beginning in version 1702 for hybrid mobile device management (MDM), you no longer need to target specific versions of Android and iOS when creating new policies and profiles for Intune-managed devices. Instead, you choose one of the following device types:

  • Android
  • Samsung KNOX Standard 4.0 and higher
  • iPhone
  • iPad

This change affects the wizards for creating the following items:

  • Configuration items
  • Compliance policies
  • Certificate profiles
  • Email profiles
  • VPN profiles
  • Wi-Fi profiles

With this change, hybrid deployments can provide support more quickly for new Android and iOS versions without needing a new Configuration Manager release or extension. Once a new version is supported in Intune standalone, users will be able to upgrade their mobile devices to that version.

To prevent issues when upgrading from prior versions of Configuration Manager, mobile operating system versions are still available in the properties pages for these items. If you still need to target a specific version, you can create the new item, and then specify the targeted version on the properties page of the newly created item.

Note

The last mobile operating system version available in the properties pages applies to that version and all subsequent versions. Properties pages provide the following choices for targeting operating systems later than Android 7 and iOS 10:

  • Android 7 and higher
  • All iOS 10 and higher iPhone or iPod touch devices
  • All iOS 10 and higher iPad devices

Android for Work support

Starting with 1702, Hybrid mobile device management with Microsoft Intune now supports Android for Work device enrollment and management.

Deploy volume-purchased iOS apps to device collections

You can now deploy licensed apps to devices and users. Depending on the apps ability to support device licensing, an appropriate license will be claimed when you deploy it, as follows:

Configuration Manager version App supports device licensing? Deployment collection type Claimed license
Earlier than 1702 Yes User User license
Earlier than 1702 No User User license
Earlier than 1702 Yes Device User license
Earlier than 1702 No Device User license
1702 and later Yes User User license
1702 and later No User User license
1702 and later Yes Device Device license
1702 and later No Device User license

Support for iOS Volume Purchase Program for Education

You can now also deploy and track apps you purchased from the iOS Volume Purchase Program for Education.

Support for multiple volume-purchase program tokens

You can now associate multiple Apple volume-purchase program tokens with Configuration Manager.

Support for line of business apps in Windows Store for Business

You can now sync custom line of business apps from the Windows Store for Business.

Conditional access device compliance policy improvements

A new device compliance policy rule is available to help you block access to corporate resources that support conditional access, when users are using apps that are part of a noncompliant list of apps. The noncompliant list of apps can be defined by the admin when adding the new compliant rule Apps that cannot be installed. This rule requires the admin to enter the App Name, the App ID, and the App Publisher (optional) when adding an app to the noncompliant list. This setting only applies to iOS and Android devices.

Additionally, this helps organizations to mitigate data leakage through unsecured apps, and prevent excessive data consumption through certain apps.

New Mobile Threat Defense monitoring tools

Beginning in version 1702, you have new ways to monitor the compliance status with your Mobile Threat Defense service provider.

Protect devices

Detect outdated antimalware client versions

Beginning with version 1702, you can configure an alert to ensure Endpoint Protection clients aren't outdated. For more information, see Alert for outdated malware client.

Device health attestation updates

Device health attestation service for on-premises clients can now be configured and managed from the management point. For more information, see Health Attestation.

Certificate profiles for Windows Hello for Business

If you intend to store certificate profiles in the Windows Hello for Business key container, and the certificate profile uses the Smart Card Logon EKU, you must configure permissions for key registration to ensure the certificate is validated correctly. For more information, see Windows Hello for Business settings.

New Windows Hello for Business notification for end users

A new Windows 10 notification informs end users that they must take more actions to complete Windows Hello for Business setup (for example, setting up a PIN).