Configuration Manager 技术预览版 2005 中的功能Features in Configuration Manager technical preview version 2005

适用范围:Configuration Manager(技术预览版分支)Applies to: Configuration Manager (technical preview branch)

本文介绍 Configuration Manager 技术预览版 2005 中提供的功能。This article introduces the features that are available in the technical preview for Configuration Manager, version 2005. 安装此版本,以更新技术预览站点的功能并向其添加新功能。Install this version to update and add new features to your technical preview site.

安装此更新之前,请查看技术预览一文。Review the technical preview article before installing this update. 该文章将帮助你熟悉使用 Technical Preview 的常规要求和限制,如何在版本之间进行更新以及如何提供相关的反馈。That article familiarizes you with the general requirements and limitations for using a technical preview, how to update between versions, and how to provide feedback.

以下各部分介绍了此版本中要试用的新功能:The following sections describe the new features to try out in this version:

租户附加:管理中心内的设备时间线Tenant attach: Device timeline in the admin center

如果 Configuration Manager 通过租户附加将设备同步到 Microsoft Endpoint Manager,那么你现在可以看到一个事件时间线。When Configuration Manager synchronizes a device to Microsoft Endpoint Manager through tenant attach, you can now see a timeline of events. 此时间线显示设备上过去的活动,有助于排查问题。This timeline shows past activity on the device that can help you troubleshoot problems.

重要

这是预览体验。This is a preview experience. 最终位置将是 Microsoft Endpoint Manager 管理中心的“设备”边栏选项卡。The final location will be the devices blade in Microsoft Endpoint Manager admin center.

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

必备条件Prerequisites

需满足租户附加:ConfigMgr 客户端详细信息的所有先决条件:You'll need to meet all of the prerequisites for Tenant attach: ConfigMgr client details:

此外,还需要以下各项:Additionally, you'll need the following items:

  • 在 Configuration Manager 中启用终结点分析数据收集:Enable Endpoint analytics data collection in Configuration Manager:
    1. 在 Configuration Manager 控制台中,依次转到“管理” > “客户端设置” > “默认客户端设置”。In the Configuration Manager console, go to Administration > Client Settings > Default Client Settings.
    2. 右键单击并选择“属性”,然后选择“计算机代理”设置。Right-click and select Properties then select the Computer Agent settings.
    3. 将“启用终结点分析数据收集”设置为“是”。Set Enable Endpoint analytics data collection to Yes.
      • 只有在客户端收到此策略之后,收集的事件才会在管理中心预览内显示。Only events collected after the client receives this policy will be visible in the admin center preview. 接收策略之前的事件将不可访问。Events prior to receiving the policy won't be accessible.

权限Permissions

用户帐户需要下列权限:The user account needs the following permissions:

  • Configuration Manager 中设备集合的读取权限。 The Read permission for the device's Collection in Configuration Manager.
  • Configuration Manager 中“集合”下的“读取资源”权限。The Read Resource permission under Collection in Configuration Manager.
  • Azure AD 中 Configuration Manager 微服务应用程序的“管理员用户”角色。The Admin User role for the Configuration Manager Microservice application in Azure AD.
    • 从 Azure AD 的“企业应用程序” > “Configuration Manager 微服务” > “用户和组” > “添加用户”添加此角色。 Add the role in Azure AD from Enterprise applications > Configuration Manager Microservice > Users and groups > Add user. 若有 Azure AD Premium,则系统支持组。Groups are supported if you have Azure AD premium.

生成事件Generate events

设备每天向管理中心发送一次事件。Devices send events once a day to the admin center. 只有在客户端收到“启用终结点分析数据收集”策略之后,收集的事件才会在管理中心预览内显示。Only events collected after the client receives the Enable Endpoint analytics data collection policy are visible in the admin center preview. 因此,你可能希望生成要在时间线中查看的事件。Because of this, you may want to generate events to view in the timeline. 通过从 Configuration Manager 安装应用程序或更新,或重新启动设备,可以轻松生成测试事件。Generate test events easily by installing an application or an update from Configuration Manager, or restart the device. 收集 Configuration Manager 事件需要重启设备。Collecting Configuration Manager events requires a device restart. 事件保留 30 天。Events are retained for 30 days. 使用下图查看收集的事件:Use the bellow chart to view events that are collected:

收集的事件Collected events
事件名称Event name 提供程序名称Provider name 事件 IDEvent ID
应用程序错误Application Error 应用程序错误Application Error 10001000
应用程序挂起Application Hang 应用程序挂起Application Hang 10021002
内核崩溃Kernel Crash Microsoft-Windows-WER-SystemErrorReportingMicrosoft-Windows-WER-SystemErrorReporting 10011001
应用程序崩溃Application Crash Windows 错误报告Windows Error Reporting 10011001
Windows 更新代理 - 更新安装Windows Update Agent – Update Installation Microsoft-Windows-WindowsUpdateClientMicrosoft-Windows-WindowsUpdateClient 1919
未知关闭Unknown Shutdown 启动Boot 00
已开始关闭Initiated Shutdown 启动Boot 10741074
异常关闭Abnormal Shutdown 启动Boot 4141
边界组更改Boundary Group Change Microsoft-ConfigMgrMicrosoft-ConfigMgr 2000020000
应用程序部署Application Deployment Microsoft-ConfigMgrMicrosoft-ConfigMgr 2000120001
Configuration Manager -更新安装Configuration Manager – Update Installation Microsoft-ConfigMgrMicrosoft-ConfigMgr 2000220002
固件版本更改Firmware version change Microsoft-ConfigMgrMicrosoft-ConfigMgr 2000320003

查看时间线View the timeline

  1. 在 Configuration Manager 控制台中,转到“资产和符合性”工作区,并选择“设备”节点 。In the Configuration Manager console, go to the Assets and Compliance workspace and select the Devices node.
  2. 右键单击已上传到 Microsoft Endpoint Manager 的设备。Right-click on a device that's been uploaded to Microsoft Endpoint Manager.
  3. 右键单击菜单,选择“开始” > “管理中心预览”,在浏览器中打开此预览。In the right-click menu, select Start > Admin Center Preview to open the preview in your browser.
  4. 单击“时间线”。Click on Timeline. 默认情况下,将显示过去 24 小时的事件。By default, you're shown events from the last 24 hours.
    • 使用“筛选器”按钮可更改“时间范围”、“事件级别”和“提供程序名称”。Use the Filter button to change the Time range, Event levels, and Provider name.
    • 如果单击某个事件,则会看到该事件的详细消息。If you click on an event, you'll see the detailed message for it.
    • 设备每天向管理中心发送一次事件。The device sends events once a day to the admin center. 选择“刷新”重新加载页面,并让设备将新的未收集事件发送到管理中心预览。Select Refresh to reload the page and have the device send new uncollected events to the admin center preview. 需要在几分钟后再次“刷新”,以查看新收集的事件。You'll need to select Refresh again after a few minutes to see the newly collected events.

设备的事件时间线

租户附加:从管理中心安装应用程序Tenant attach: Install an application from the admin center

现在可以通过 Microsoft Endpoint Management 管理中心为租户附加的设备实时启动应用程序安装。You can now initiate an application install in real time for a tenant attached device from the Microsoft Endpoint Management admin center.

重要

这是预览体验。This is a preview experience. 最终位置将是 Microsoft Endpoint Manager 管理中心的“设备”边栏选项卡。The final location will be the devices blade in Microsoft Endpoint Manager admin center.

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

必备条件Prerequisites

需满足租户附加:ConfigMgr 客户端详细信息的所有先决条件:You'll need to meet all of the prerequisites for Tenant attach: ConfigMgr client details:

此外,还需要以下各项:Additionally, you'll need the following items:

  • 启用可选功能“审批每台设备的用户的应用程序请求”。Enable the optional feature Approve application requests for users per device. 有关详细信息,请参阅启用更新中的可选功能For more information, see Enable optional features from updates.
  • 至少将一个应用程序部署到设备集合中,且在部署上设置了“管理员必须在设备上批准对此应用程序的请求”选项。At least one application deployed to a device collection with the An administrator must approve a request for this application on the device option set on the deployment. 有关详细信息,请参阅批准应用程序For more information, see Approve applications.
    • 用户目标应用程序或不含批准选项的应用程序不会显示在应用程序列表中。User targeted applications or applications without the approval option set don't appear in the application list.

权限Permissions

用户帐户需要下列权限:The user account needs the following permissions:

  • Configuration Manager 中设备集合的读取权限。 The Read permission for the device's Collection in Configuration Manager.
  • Configuration Manager 中“应用程序”的“读取”权限 。The Read permission for Application in Configuration Manager.
  • Configuration Manager 中“应用程序”的“批准”权限 。The Approve permission for Application in Configuration Manager.
  • Azure AD 中 Configuration Manager 微服务应用程序的“管理员用户”角色。The Admin User role for the Configuration Manager Microservice application in Azure AD.
    • 从 Azure AD 的“企业应用程序” > “Configuration Manager 微服务” > “用户和组” > “添加用户”添加此角色。 Add the role in Azure AD from Enterprise applications > Configuration Manager Microservice > Users and groups > Add user. 若有 Azure AD Premium,则系统支持组。Groups are supported if you have Azure AD premium.

从管理中心部署应用程序Deploy an application from the admin center

  1. 在 Configuration Manager 控制台中,转到“资产和符合性”工作区,并选择“设备”节点 。In the Configuration Manager console, go to the Assets and Compliance workspace and select the Devices node.
  2. 右键单击已上传到 Microsoft Endpoint Manager 的设备。Right-click on a device that's been uploaded to Microsoft Endpoint Manager.
  3. 右键单击菜单,选择“开始” > “管理中心预览”,在浏览器中打开此预览。In the right-click menu, select Start > Admin Center Preview to open the preview in your browser.
  4. 转到管理中心预览中的“应用程序”。Go to Applications in the admin center preview.
  5. 选择应用程序并单击“安装”。Select the application and click Install.

已知问题Known issues

在此技术预览版中,仅可在搜索应用程序时使用字母数字字符。In this technical preview, you can only use alphanumeric characters when searching applications.

租户附加:管理中心的 CMPivotTenant attach: CMPivot from the admin center

将 CMPivot 的功能带入 Microsoft Endpoint Manager 管理中心。Bring the power of CMPivot to the Microsoft Endpoint Manager admin center. 允许其他人员(如支持人员)针对单个 ConfigMgr 托管设备从云启动实时查询,并将结果返回到管理中心。Allow additional personas, like Helpdesk, to be able to initiate real-time queries from the cloud against an individual ConfigMgr managed device and return the results back to the admin center. 它带来了 CMPivot 的所有传统优势,使 IT 管理员和其他指定的角色能够快速评估其环境中设备的状态并采取措施。This gives all the traditional benefits of CMPivot, which allows IT Admins and other designated personas the ability to quickly assess the state of devices in their environment and take action.

有关 CMPivot 的更多信息,请参阅:For more information about CMPivot, see:

重要

这是预览体验。This is a preview experience. 最终位置将是 Microsoft Endpoint Manager 管理中心的“设备”边栏选项卡。The final location will be the devices blade in Microsoft Endpoint Manager admin center.

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

必备条件Prerequisites

需满足租户附加:ConfigMgr 客户端详细信息的所有先决条件:You'll need to meet all of the prerequisites for Tenant attach: ConfigMgr client details:

此外,使用 CMPivot 需要以下各项:Additionally, the following items are required to use CMPivot:

  • 将目标设备升级到 Configuration Manager 客户端的最新版本。Upgrade the target devices to the latest version of the Configuration Manager client.
  • 目标客户端至少需要 PowerShell 版本 4。Target clients require a minimum of PowerShell version 4.
  • 若要收集有关以下实体的数据,目标客户端需要 PowerShell 5.0 版:To gather data for the following entities, target clients require PowerShell version 5.0:
    • AdministratorsAdministrators
    • 连接Connection
    • IPConfigIPConfig
    • SMBConfigSMBConfig

权限Permissions

用户帐户需要下列权限:The user account needs the following permissions:

  • Configuration Manager 中设备集合的读取权限。 The Read permission for the device's Collection in Configuration Manager.

  • Azure AD 中 Configuration Manager 微服务应用程序的“管理员用户”角色。The Admin User role for the Configuration Manager Microservice application in Azure AD.

    • 从 Azure AD 的“企业应用程序” > “Configuration Manager 微服务” > “用户和组” > “添加用户”添加此角色。 Add the role in Azure AD from Enterprise applications > Configuration Manager Microservice > Users and groups > Add user. 若有 Azure AD Premium,则系统支持组。Groups are supported if you have Azure AD premium.
  • 针对 CMPivot 的 Configuration Manager 权限:Configuration Manager permissions for CMPivot:

    • “SMS 脚本”对象上的“读取权限” Read permission on the SMS Scripts object
    • “集合”上的“运行脚本”权限 。Run Scripts permission on the Collection.
      • 或者,可以在“集合”上使用“运行 CMPivot”。Alternatively, you can use Run CMPivot on Collection.
      • “运行脚本”是“运行 CMPivot”权限的超集。Run Scripts is a super set of the Run CMPivot permission.
    • “清单报表”上的“读取”权限 Read permission on Inventory Reports
    • 默认范围。The default scope.

从管理中心预览使用 CMPivotUse CMPivot from the admin center preview

  1. 在 Configuration Manager 控制台中,转到“资产和符合性”工作区,并选择“设备”节点 。In the Configuration Manager console, go to the Assets and Compliance workspace and select the Devices node.
  2. 右键单击已上传到 Microsoft Endpoint Manager 的设备。Right-click on a device that's been uploaded to Microsoft Endpoint Manager.
  3. 右键单击菜单,选择“开始” > “管理中心预览”,在浏览器中打开此预览。In the right-click menu, select Start > Admin Center Preview to open the preview in your browser.
  4. 选择“CMPivot”,在脚本窗格中键入查询,然后单击“运行”。Select CMPivot, type your query in the script pane, then click Run.

租户附加:从管理中心运行脚本Tenant attach: Run Scripts from the admin center

将 Configuration Manager 本地运行脚本这一强大功能引入到 Microsoft Endpoint Manager 管理中心。Bring the power of the Configuration Manager on-premises Run Scripts feature to the Microsoft Endpoint Manager admin center. 允许其他角色(如支持人员)针对单个 Configuration Manager 托管设备从云中运行 PowerShell 脚本。Allow additional personas, like Helpdesk, to run PowerShell scripts from the cloud against an individual Configuration Manager managed device. 它提供了 PowerShell 脚本的所有传统优势,这些优势已由 Configuration Manager 管理员定义并批准进入了这个新环境中。This gives all the traditional benefits of PowerShell scripts that have already been defined and approved by the Configuration Manager admin to this new environment.

重要

这是预览体验。This is a preview experience. 最终位置将是 Microsoft Endpoint Manager 管理中心的“设备”边栏选项卡。The final location will be the devices blade in Microsoft Endpoint Manager admin center.

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

必备条件Prerequisites

需满足租户附加:ConfigMgr 客户端详细信息的所有先决条件:You'll need to meet all of the prerequisites for Tenant attach: ConfigMgr client details:

此外,还需要以下各项:Additionally, you'll need the following items:

  • Configuration Manager 客户端计算机必须运行最新版本的客户端。Configuration Manager clients must be running the latest version client.
  • 要运行 PowerShell 脚本,客户端必须运行 PowerShell 3.0 或更高版本。To run PowerShell scripts, the client must be running PowerShell version 3.0 or later.
    • 如果运行的脚本包含 PowerShell 较高版本的功能,则运行该脚本的客户端必须运行该较高版本的 PowerShell。If a script you run contains functionality from a later version of PowerShell, the client on which you run the script must be running that later version of PowerShell.
  • 至少一个已在 Configuration Manager 中创建和批准的脚本。At least one script that is already created and approved in Configuration Manager.
    • 目前不支持具有参数的脚本,并且在 Microsoft Endpoint Manager 管理中心中将不可见。Scripts that have parameters aren't supported at this time and won't be visible in the Microsoft Endpoint Manager admin center.
    • 只有已创建并获得批准的脚本才会显示在管理中心。Only scripts that are already created and approved appear in the admin center. 有关批准脚本的详细信息,请参阅批准或拒绝脚本For more information on approving scripts, see Approve or deny a script.

权限Permissions

用户帐户需要下列权限:The user account needs the following permissions:

  • Configuration Manager 中设备集合的读取权限。 The Read permission for the device's Collection in Configuration Manager.
  • Azure AD 中 Configuration Manager 微服务应用程序的“管理员用户”角色。The Admin User role for the Configuration Manager Microservice application in Azure AD.
    • 从 Azure AD 的“企业应用程序” > “Configuration Manager 微服务” > “用户和组” > “添加用户”添加此角色。 Add the role in Azure AD from Enterprise applications > Configuration Manager Microservice > Users and groups > Add user. 若有 Azure AD Premium,则系统支持组。Groups are supported if you have Azure AD premium.
  • 要使用这些脚本,你必须是相应 Configuration Manager 安全角色的成员。To use scripts, you must be a member of the appropriate Configuration Manager security role. 有关详细信息,请参阅运行脚本的安全作用域For more information, see Security scopes for run scripts.
  • 要运行脚本,帐户必须对“集合”具有“运行脚本”权限。To run scripts, the account must have Run Script permissions for Collections.

运行脚本Run a script

  1. 在 Configuration Manager 控制台中,转到“资产和符合性”工作区,并选择“设备”节点 。In the Configuration Manager console, go to the Assets and Compliance workspace and select the Devices node.
  2. 右键单击已上传到 Microsoft Endpoint Manager 的设备。Right-click on a device that's been uploaded to Microsoft Endpoint Manager.
  3. 右键单击菜单,选择“开始” > “管理中心预览”,在浏览器中打开此预览。In the right-click menu, select Start > Admin Center Preview to open the preview in your browser.
  4. 选择“脚本”,然后选择一个脚本。Select Scripts, then select one of your scripts. 如果需要,可以按脚本名称进行搜索。If needed, you can search by script name.
  5. 在右侧显示的页面中,单击“运行脚本”。Click Run script from the page that appears on the right.
    • 你会收到脚本启动通知。You'll be notified your script has started. “运行脚本”按钮将被禁用,直到脚本完成。The Run script button will be disabled until it's complete.
    • 只有当你停留在页面上时,“状态”列才有效。The State column is only valid while you're on the page. 如果导航到其他页面,状态将重置为 ReadyThe state is reset to Ready if you navigate to another page.
  6. 脚本完成后,结果将显示在“输出”窗格中。When the script completes, the results will show in the Output pane. 脚本输出的文本可以复制。You can copy the text of the script output.

管理中心的脚本输出

VPN 边界类型VPN boundary type

为简化远程客户端管理,现在可以为 VPN 创建一个新的边界类型。To simplify managing remote clients, you can now create a new boundary type for VPNs.

过去,必须根据 IP 地址或子网为 VPN 客户端创建边界。Previously, you had to create boundaries for VPN clients based on the IP address or subnet. 由于子网配置或 VPN 设计方面的原因,此配置可能具有挑战性或不可能实现。This configuration could be challenging or not possible because of the subnet configuration or the VPN design.

现在,当客户端发送位置请求时,它会包含有关其网络配置的其他信息。Now when a client sends a location request, it includes additional information about its network configuration. 根据此信息,服务器将确定客户端是否在 VPN 上。Based upon this information, the server determines whether the client is on a VPN. 通过 VPN 连接的所有客户端将自动属于与此新边界类型关联的边界组。All clients that connect through a VPN automatically belong to the boundary group associated with this new boundary type.

有关边界的详细信息,请参阅定义站点边界和边界组For more information about boundaries, see Define site boundaries and boundary groups.

VPN 边界的先决条件Prerequisites for VPN boundary

若要充分利用此功能,更新站点后,还请将客户端更新到最新版本。To take full advantage of this feature, after you update the site, also update clients to the latest version. 更新站点和控制台后,将在 Configuration Manager 控制台中显示新功能。New functionality appears in the Configuration Manager console when you update the site and console. 只有当客户端版本也是最新版本时,完整的方案才起作用。The complete scenario isn't functional until the client version is also the latest.

要在操作系统部署过程中使用此 VPN 边界,请务必同时更新启动映像以包含最新的客户端二进制文件。To use this VPN boundary during an OS deployment, make sure to also update the boot image to include the latest client binaries.

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

  1. 在 Configuration Manager 控制台中,转到“管理”工作区。In the Configuration Manager console, go to the Administration workspace. 展开“层次结构配置”,然后选择“边界”节点。Expand Hierarchy Configuration, and then select the Boundaries node.

  2. 在功能区中,选择“创建边界”。In the ribbon, select Create Boundary.

  3. 指定“描述”,例如 VPN boundarySpecify a Description, for example VPN boundary.

  4. 对于“类型”,选择“VPN”。For the Type, select VPN. 此边界类型当前没有其他配置。There are currently no additional configurations for this boundary type. 选择“确定”以保存并关闭。Select OK to save and close.

  5. 创建包括此新 VPN 边界的边界组。Create a boundary group that includes this new VPN boundary. 有关详细信息,请参阅创建边界组For more information, see Create a boundary group.

VPN 边界的已知问题Known issues for VPN boundary

  • 只能创建一个 VPN 边界。You can only create one VPN boundary.
  • 控制台列表中的“边界”值始终为 AUT:1The Boundary value in the console list is always AUT:1.
  • VPN 检测逻辑可能因不同的 VPN 解决方案而异。The VPN detection logic may vary with different VPN solutions. 如果对你的 VPN 无效,请发送哭脸If it doesn't work with your VPN, file a frown. 共享实现的详细信息,以便改进检测逻辑。Share details of your implementation to help improve the detection logic.

软件中心中的 Azure AD 身份验证Azure AD authentication in Software Center

此版本修复了软件中心和 Azure Active Directory (Azure AD) 身份验证的问题。This release fixes an issue with Software Center and Azure Active Directory (Azure AD) authentication. 过去,对于在 intranet 上检测到但通过云管理网关 (CMG) 进行通信的客户端,软件中心使用 Windows 身份验证。For a client detected as on the intranet but communicating via the cloud management gateway (CMG), previously Software Center would use Windows authentication. 当它尝试获取用户可用应用的列表时会失败。When it tried to get the list of user available apps, it would fail. 现在,它为加入到 Azure AD 的设备使用了 Azure Active Directory (Azure AD) 标识。It now uses Azure Active Directory (Azure AD) identity for devices joined to Azure AD. 这些设备可以是云加入或混合加入。These devices can be cloud-joined or hybrid-joined.

使用按流量计费的连接来安装和升级客户端Install and upgrade the client on a metered connection

以前,如果设备连接到按流量计费的网络,则不会安装新客户端。Previously, if the device was connected to a metered network, new clients wouldn't install. 仅在允许所有客户端通信时才会升级现有客户端。Existing clients only upgraded if you allowed all client communication. 对于经常在按流量计费的网络上漫游的设备,它们将不受管理或使用较旧的客户端版本。For devices that are frequently roaming on a metered network, they would be unmanaged or on an older client version. 从这一版本开始,当将客户端设置“客户端通过计费的 Internet 连接进行通信”设置为“允许”时,将可以安装和升级客户端。Starting in this release, client install and upgrade both work when you set the client setting Client communication on metered internet connections to Allow.

若要为新客户端安装定义行为,有一个新的 ccmsetup 参数“/AllowMetered”。To define the behavior for a new client installation, there's a new ccmsetup parameter /AllowMetered. 如果针对 ccmsetup 允许客户端在按流量计费的网络上进行通信,该客户端将下载内容、向站点注册并下载初始策略。When you allow client communication on a metered network for ccmsetup, it downloads the content, registers with the site, and downloads the initial policy. 其他客户端通信都将遵循该策略中的客户端设置配置。Any further client communication follows the configuration of the client setting from that policy.

如果你在现有设备上重新安装客户端,它会使用以下优先级来确定其配置:If you reinstall the client on an existing device, it uses the following priority to determine its configuration:

  1. 现有本地客户端策略Existing local client policy
  2. 存储在 Windows 注册表中的最后一个命令行The last command line stored in the Windows registry
  3. ccmsetup 命令行上的参数Parameters on the ccmsetup command line

有关详细信息,请参阅下列文章:For more information, see the following articles:

使用按流量计费的连接进行安装和升级的已知问题Known issue with install and upgrade on metered connections

如果将客户端设置配置为“限制”,则不会安装或升级客户端。If you configure the client setting to Limit, the client won't install or upgrade. 若要解决此问题,请将客户端设置配置为“允许”。To work around this issue, configure the client setting to Allow.

任务序列媒体对基于云的内容的支持Task sequence media support for cloud-based content

任务序列媒体现在可以下载基于云的内容。Task sequence media can now download cloud-based content. 例如,你向远程办公用户发送一个 USB 密钥来重置其设备映像。For example, you send a USB key to a user at a remote office to reimage their device. 或者是一个安装了本地 PXE 服务器,但你希望设备尽量优先使用云服务的办公室。Or an office that has a local PXE server, but you want devices to prioritize cloud services as much as possible. 启动媒体和 PXE 部署现在可以从基于云的源获取大型 OS 部署内容,而不必再费力地通过 WAN 下载。Instead of further taxing the WAN to download large OS deployment content, boot media and PXE deployments can now get content from cloud-based sources. 例如,允许共享内容的云管理网关 (CMG)。For example, a cloud management gateway (CMG) that you enable to share content.

备注

设备仍需要与管理点建立 Intranet 连接。The device still needs an intranet connection to the management point.

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

  1. 在“云服务”组中启用以下客户端设置:“允许访问云分发点”。Enable the following client setting in the Cloud Services group: Allow access to cloud distribution point. 请确保将客户端设置部署到目标客户端。Make sure the client setting is deployed to the target clients. 有关详细信息,请参阅下列文章:For more information, see the following articles:

  2. 对于客户端所在的边界组,请将启用了内容的 CMG 或云分发点站点系统关联起来。For the boundary group that the client is in, associate the content-enabled CMG or cloud distribution point site systems. 有关详细信息,请参阅配置边界组For more information, see Configure a boundary group.

  3. 在同一边界组上,启用以下选项:“首选基于云的源而非本地源”。On the same boundary group, enable the following option: Prefer cloud based sources over on-premise sources. 有关详细信息,请参阅对等下载适用的边界组选项For more information, see Boundary group options for peer downloads.

  4. 将任务序列引用的内容分发到启用了内容的 CMG 或云分发点。Distribute the content referenced by the task sequence to the content-enabled CMG or cloud distribution point.

  5. 在客户端上从启动媒体或 PXE 启动任务序列。Start the task sequence from boot media or PXE on the client.

当任务序列运行时,它将从基于云的源下载内容。When the task sequence runs, it will download content from the cloud-based sources. 在客户端上查看“smsts.log”。Review smsts.log on the client.

云管理网关 cmdlet 的改进Improvements to cloud management gateway cmdlets

随着现在越来越多的客户开始管理远程设备,此版本为云管理网关 (CMG) 提供了多个新增和改进的 Windows PowerShell cmdlet。With more customers managing remote devices now, this release includes several new and improved Windows PowerShell cmdlets for the cloud management gateway (CMG). 你可以使用这些 cmdlet 来自动创建、配置和管理 CMG 服务与 Azure Active Directory (Azure AD) 要求。You can use these cmdlets to automate the creation, configuration, and management of the CMG service and Azure Active Directory (Azure AD) requirements.

备注

尽管某些新 cmdlet 可能适用于其他 Azure 服务,但它们仅使用云管理连接进行测试,以支持 CMG。While some of the new cmdlets might work with other Azure services, they're only tested with the Cloud management connection to support the CMG.

例如,Azure 管理员首先在 Azure Active Directory (Azure AD) 中创建两个所需的应用。For example, an Azure administrator first creates the two required apps in Azure Active Directory (Azure AD). 然后你编写一个脚本,该脚本使用以下 cmdlet 来部署 CMG:Then you write a script that uses the following cmdlets to deploy a CMG:

  1. Import-CMAADServerApplication:在 Configuration Manager 中创建 Azure AD 服务器应用定义。Import-CMAADServerApplication: Create the Azure AD server app definition in Configuration Manager.
  2. Import-CMAADClientApplication:在 Configuration Manager 中创建 Azure AD 客户端应用定义。Import-CMAADClientApplication: Create the Azure AD client app definition in Configuration Manager.
  3. 使用 Get-CMAADApplication 获取应用对象,然后传递到 New-CMCloudManagementAzureService,以便在 Configuration Manager 中创建 Azure 服务连接。Use Get-CMAADApplication to get the app objects, and then pass to New-CMCloudManagementAzureService to create the Azure service connection in Configuration Manager.
  4. New-CMCloudManagementGateway:在 Azure 中创建 CMG 服务。New-CMCloudManagementGateway: Create the CMG service in Azure.
  5. Add-CMCloudManagementGatewayConnectionPoint:创建 CMG 连接点站点系统。Add-CMCloudManagementGatewayConnectionPoint: Create the CMG connection point site system.

有关详细信息,请参阅云管理网关概述For more information, see Overview of cloud management gateway.

有关将 PowerShell 用于 Configuration Manager 的详细信息,请参阅 Configuration Manager cmdlet 入门For more information on using PowerShell with Configuration Manager, see Get started with Configuration Manager cmdlets.

你可以继续使用以下现有的 CMG cmdlet:You can continue to use the following existing CMG cmdlets:

以下现有 cmdlet 有重大改进。The following existing cmdlets have significant improvements. 有关详细信息,请参阅以下各节:For more information, see the sections below:

Get-CMAzureServiceGet-CMAzureService

使用此 cmdlet 可获取 Azure 服务。Use this cmdlet to get the Azure service. 有关详细信息,请参阅配置 Azure 服务For more information, see Configure Azure services.

示例 1:按名称获取 Azure 服务Example 1: Get the Azure service by name

下面的示例按名称从站点获取 Azure 服务。The following example gets the Azure service from the site by its name. “名称”与控制台中“Azure 服务”节点的值相同。 The Name is the same value as in the Azure Services node in the console.

Get-CMAzureService -Name "Contoso"

示例 2:按 ID 获取 Azure 服务Example 2: Get the Azure service by ID

下面的示例按 ID 从站点获取 Azure 服务。The following example gets the Azure services from the site by its ID. ID 是服务的站点数据库中存储的整数值。The Id is the integer value stored in the site database for the service. 例如,运行以下 SQL 查询,并查看“ID”列:select * from Azure_CloudServiceFor example, run the following SQL query, and look at the ID column: select * from Azure_CloudService.

Get-CMAzureService -Id 2

Remove-CMAzureServiceRemove-CMAzureService

使用此 cmdlet 可删除 Azure 服务。Use this cmdlet to remove the Azure service. 其行为和参数与 Get-CMAzureService cmdlet 类似。Its behavior and parameters are similar to the Get-CMAzureService cmdlet.

示例 1:按名称删除 Azure 服务Example 1: Remove the Azure service by name

Remove-CMAzureService -Name "Contoso"

示例 2:强制按其 ID 删除 Azure 服务Example 2: Force remove the Azure service by its ID

Remove-CMAzureService -Id 2 -Force

示例 3:按名称获取 Azure 服务,然后将其删除Example 3: Get the Azure service by name and then remove it

Get-CMAzureService -Name "Contoso" | Remove-CMAzureService

Get-CMAADApplicationGet-CMAADApplication

使用此 cmdlet 获取站点中的 Azure AD 应用对象。Use this cmdlet to get the Azure AD app object from the site. 它通常与 New-CMCloudManagementAzureService cmdlet 一起使用。It's commonly used with the New-CMCloudManagementAzureService cmdlet.

示例 1:按租户名称获取 Azure AD 客户端应用Example 1: Get Azure AD client apps by tenant name

此示例返回指定租户中的所有客户端应用。This example returns all client apps in the specified tenant.

Get-CMAADApplication -TenantName "Contoso" -AppType ClientApplication

示例 2:按租户 ID 获取 Azure AD 服务器应用Example 2: Get Azure AD server apps by tenant ID

此示例返回指定租户中的所有服务器应用。This example returns all server apps in the specified tenant.

Get-CMAADApplication -TenantId "05a349fa-298a-4427-8771-9efcdb73431e" -AppType ServerApplication

示例 3:按名称获取 Azure AD 应用Example 3: Get an Azure AD app by its name

Get-CMAADApplication -AppName "CmgServerApp"

Import-CMAADServerApplicationImport-CMAADServerApplication

使用此 cmdlet 可从 Azure AD 导入 Web/服务器应用,并为 Configuration Manager 站点定义该应用。Use this cmdlet to import the web/server app from Azure AD, and define it for the Configuration Manager site. 它假定 Azure 管理员已在 Azure AD 中创建应用。It assumes that an Azure administrator already created the app in Azure AD.

$date =(Get-Date).Date.AddDays(3)

Import-CMAADServerApplication -TenantName "Contoso" -TenantId "05a349fa-298a-4427-8771-9efcdb73431e" -AppName "CmgServerApp" -ClientId "7078946d-fc1c-43b7-8dee-dd6e6b00d783" -SecretKey "1uXGR^!0@Cjas6qI*J02ZeS&&zY19^hC*9" -SecretKeyExpiry $date

Import-CMAADClientApplicationImport-CMAADClientApplication

使用此 cmdlet 可从 Azure AD 导入客户端应用,并为 Configuration Manager 站点定义该应用。Use this cmdlet to import the client app from Azure AD, and define it for the Configuration Manager site. 它假定 Azure 管理员已在 Azure AD 中创建应用。It assumes that an Azure administrator already created the app in Azure AD.

提示

ClientId 值是 Azure AD 中应用的“应用程序(客户端)ID”。The ClientId value is the Application (client) ID of the app in Azure AD.

示例 1:基于租户 ID 导入客户端应用Example 1: Import the client app based on the tenant ID

Import-CMAADClientApplication -TenantId "05a349fa-298a-4427-8771-9efcdb73431e" -AppName "CmgClientApp" -ClientId "cf114f48-88db-4829-ac45-0c186e86dbf6"

示例 2:基于服务器应用导入客户端应用Example 2: Import the client app based on the server app

$serverApp = Get-CMAADApplication -TenantName "Contoso" -AppType ServerApplication -AppName "CmgServerApp"

Import-CMAADClientApplication -ServerApp $serverApp -AppName "CmgClientApp" -ClientId "cf114f48-88db-4829-ac45-0c186e86dbf6"

New-CMCloudManagementAzureServiceNew-CMCloudManagementAzureService

使用此 cmdlet 可在 Configuration Manager 中为云管理创建 Azure 服务。Use this cmdlet to create the Azure service in Configuration Manager for Cloud Management.

$serverApp = Get-CMAADApplication -TenantName "Contoso" -AppType ServerApplication -AppName "CmgServerApp"

$clientApp = Get-CMAADApplication -TenantName "Contoso" -AppType ClientApplication -AppName "CmgClientApp"

New-CMCloudManagementAzureService -Name "Contoso" -Description "Azure Service" -ServerApp $serverApp -ClientApp $clientApp -AzureEnvironmentOption AzurePublicCloud

Set-CMCloudManagementAzureServiceSet-CMCloudManagementAzureService

使用此 cmdlet 可在 Configuration Manager 中为云管理修改 Azure 服务的设置。Use this cmdlet to modify the settings of the Azure service in Configuration Manager for Cloud Management.

Get-CMAzureService -Name "Contoso" | Set-CMCloudManagementAzureService -NewName "CMG service" -Description "ConfigMgr connection to Contoso tenant for CMG"

New-CMCloudManagementGatewayNew-CMCloudManagementGateway

此现有 cmdlet 包含以下新参数:This existing cmdlet includes the following new parameters:

  • EnvironmentSetting:指定 Azure 环境,例如 AzurePublicCloudEnvironmentSetting: Specify the Azure environment, for example AzurePublicCloud

  • ServerAppClientID:指定 Azure AD 服务器应用的客户端 ID。ServerAppClientID: Specify the client ID of the Azure AD server app. 将此参数用于非用户交互模式。Use this parameter for non-user interaction mode. 在 CMG 属性中,此值是 Azure AD 应用名称。In the CMG properties, this value is the Azure AD app name.

  • ServiceCertPath:指定 CMG 服务器身份验证证书ServiceCertPath: Specify the CMG server authentication certificate.

  • ServiceCertPassword:指定服务证书的密码。ServiceCertPassword: Specify the password for the service certificate.

  • ServiceName:指定 Azure 服务名称。ServiceName: Specify the Azure service name. 如果未指定此参数,Configuration Manager 将使用服务证书的第一个 DNS 名称。If you don't specify this parameter, Configuration Manager uses the service certificate's first DNS name. 如果证书有多个 DNS 名称,请使用此参数指定要使用的 DNS 名称。If the certificate has more than one DNS name, use this parameter to specify which one to use.

  • 区域:指定 Azure 服务区域,例如:...Region: Specify the Azure service region, for example: ...

  • IsUsingExistingGroup:指定 Azure 资源组是否已存在。IsUsingExistingGroup: Specify if the Azure resource group already exists.

  • GroupName:指定 Azure 资源组的名称。GroupName: Specify the name of the Azure resource group.

  • VMInstanceCount:指定虚拟机的实例计数。VMInstanceCount: Specify the instance count of virtual machines.

  • CheckClientCertRevocation:启用或禁用“验证客户端证书吊销”的选项。CheckClientCertRevocation: Enable or disable the option to Verify client certificate revocation.

  • EnforceProtocol:启用或禁用“强制执行 TLS 1.2”的选项。EnforceProtocol: Enable or disable the option to Enforce TLS 1.2.

  • EnableCloudDPFunction:启用或禁用“允许 CMG 充当云分发点,并提供 Azure 存储中的内容”的选项。EnableCloudDPFunction: Enable or disable the option to Allow CMG to function as a cloud distribution point and serve content from Azure storage.

  • EnableTrafficOut:启用或禁用“开启监视出站数据传输的 14 天阈值和警报”的选项。EnableTrafficOut: Enable or disable the option to Turn on 14-day threshold and alerts for monitoring outbound data transfer.

  • TrafficOutStopService:启用或禁用“超过临界阈值时停止此服务”的选项。TrafficOutStopService: Enable or disable the option to Stop this service when the critical threshold is exceeded.

    提示

    使用以下现有参数配置特定阈值金额和警报百分比:TrafficOutGB、TrafficWarningPct、TrafficCriticalPct。 Use the following existing parameters to configure the specific threshold amount and alert percentages: TrafficOutGB, TrafficWarningPct, TrafficCriticalPct.

  • EnableStorageQuota:启用或禁用“指定存储警报阈值”的选项。EnableStorageQuota: Enable or disable the option to Specify storage alert threshold.

  • StorageQuotaGB:为“存储警报阈值 (GB)”指定整数值。StorageQuotaGB: Specify an integer value for the Storage alert threshold (GB). 例如,2For example, 2.

  • StorageWarningPct:为“生成警告警报(存储警报阈值的百分比)”指定整数值。StorageWarningPct: Specify an integer value for the Generate Warning alert (% of storage alert threshold). 例如,50For example, 50.

  • StorageCriticalPct:为“生成关键警报(存储警报阈值的百分比)”指定整数值。StorageCriticalPct: Specify an integer value for the Generate Critical alert (% of storage alert threshold). 例如,90For example, 90.

  • CARootCert:将根证书添加到云服务。CARootCert: Add root certificates to the cloud service.

  • Force:如果服务证书包含多个 DNS 名称,请使用此参数来避免来自 cmdlet 的警告。Force: If the service certificate contains multiple DNS names, use this parameter to avoid warnings from the cmdlet.

示例 1Example 1

$Path = "c:\TestPath\RootCA.cer"
$Type = [Microsoft.ConfigurationManagement.AdminConsole.AzureServices.CertificateStore]::RootCA
$Cert =@{$Path = $Type}

$Password = "0HNy*c@63kAe" | ConvertTo-SecureString -AsPlainText -Force

New-CMCloudManagementGateway -ServiceCertPath "c:\TestPath\ServiceCert.pfx" -EnvironmentSetting AzurePublicCloud -SubscriptionId "e517b8cb-a969-4d1e-b2ea-ae1e6c052020" -ServiceCertPassword $Password -ServiceName "GraniteFalls.CloudApp.Net" -Description "EastUS CMG for Contoso" -Region EastUS -VMInstanceCount 2 -CARootCert $Cert -CheckClientCertRevocation $False -EnforceProtocol $True -IsUsingExistingGroup $true -GroupName "Resource group 1"

示例 2Example 2

New-CMCloudManagementGateway -ServiceCertPath "c:\TestPath\ServiceCert.pfx" -EnvironmentSetting AzurePublicCloud -SubscriptionId "e517b8cb-a969-4d1e-b2ea-ae1e6c052020" -ServiceCertPassword $Password -ServiceName "GraniteFalls.CloudApp.Net" -Description "EastUS CMG for Contoso" -Region EastUS -VMInstanceCount 2 -CARootCert $Cert -CheckClientCertRevocation $False -EnforceProtocol $True -GroupName "Resource group 1" -EnableCloudDPFunction $true -EnableTrafficOut $true -TrafficOutStopService $true -TrafficOutGB 10000 -TrafficWarningPct 50 -TrafficCriticalPct 90 -EnableStorageQuota $true -StorageQuotaGB 2000 -StorageWarningPct 50 -StorageCriticalPct 90 -Force

Set-CMCloudManagementGatewaySet-CMCloudManagementGateway

此现有 cmdlet 包含以下新参数。This existing cmdlet includes the following new parameters. 有关这些参数的详细信息,请参阅 New-CMCloudManagementGateway 部分中的说明。For more information on these parameters, see the descriptions in the section for New-CMCloudManagementGateway.

  • EnableTrafficOutEnableTrafficOut
  • TrafficOutStopServiceTrafficOutStopService
  • EnableStorageQuotaEnableStorageQuota
  • StorageQuotaGBStorageQuotaGB
  • StorageWarningPctStorageWarningPct
  • StorageCriticalPctStorageCriticalPct
  • EnforceProtocolEnforceProtocol
  • CARootCertCARootCert
  • RemoveCertThumbprintsRemoveCertThumbprints
  • EnableCloudDPFunctionEnableCloudDPFunction

示例 1:更改 CMG 警报配置Example 1: Change the CMG alerts configuration

Set-CMCloudManagementGateway -Name "GraniteFalls" -EnableTrafficOut $true -TrafficOutGB 10000 -TrafficWarningPct 50 –TrafficCriticalPct 90 -EnableStorageQuota $true -StorageQuotaGB 2000 -StorageWarningPct 50 -StorageCriticalPct 90

示例 2:更改 CMG 服务的虚拟机数量Example 2: Change the number of virtual machines for the CMG service

Set-CMCloudManagementGateway -Name "GraniteFalls" -VMInstancesCount 4

示例 3:启用 CMG 以提供 Azure 存储中的内容Example 3: Enable the CMG to serve content from Azure storage

Set-CMCloudManagementGateway -Name "GraniteFalls" -EnableCloudDPFunction $true

示例 4:添加两个新证书颁发机构Example 4: Add two new certificate authorities

$path1 = "folder\root.cer"
$type1 = [Microsoft.ConfigurationManagement.AdminConsole.AzureServices.CertificateStore]::RootCA

$path2 = "folder\intermediate.cer"
$type2 = [Microsoft.ConfigurationManagement.AdminConsole.AzureServices.CertificateStore]::IntermediateCA

$cert = @{$path1 = $type1; $path2 = $type2}

Set-CMCloudManagementGateway -Name "GraniteFalls" -CARootCert $cert

示例 5:更新 CMG 服务器身份验证证书Example 5: Update the CMG server authentication certificate

Set-CMCloudManagementGateway -Name "GraniteFalls" -ServiceCertPath "c:\TestPath\NewServiceCert.pfx" -ServiceCertPassword (ConvertTo-SecureString -String "tX*xJ11Nuo^B" -AsPlainText -Force)

示例 6:从 CMG 中删除根证书Example 6: Remove a root certificate from a CMG

Set-CMCloudManagementGateway -Name "GraniteFalls" -RemoveCertThumbprints "A7CBA0014DEF847593569D05003D5B96A1D6A627"

备注

证书指纹当前不能包含任何小写字符。The certificate thumbprint currently can't include any lowercase characters.

社区中心和 GitHubCommunity hub and GitHub

多年来,IT 管理员社区积累了丰富的知识。The IT Admin community has developed a wealth of knowledge over the years. 我们打造了 Configuration Manager 社区中心,以方便 IT 管理员彼此共享,而不必从头开始重新创建脚本和报告等项目。Rather than reinventing items like Scripts and Reports from scratch, we've built a Configuration Manager Community hub where IT Admins can share with each other. 通过借鉴其他人的工作,你可以节省工作小时数。By leveraging the work of others, you can save hours of work. 社区中心支持你和其他人在相互借鉴各自工作的基础上生成内容,从而发展创造力。The Community hub fosters creativity by building on others' work and having other people build on yours. GitHub 已构建面向全行业的共享流程和工具。GitHub already has industry-wide processes and tools built for sharing. 现在,社区中心将直接在 Configuration Manager 控制台中利用这些工具,作为推动新社区发展的基础组件。Now, the Community hub will leverage those tools directly in the Configuration Manager Console as foundational pieces for driving this new community. 在初始版本中,社区中心内提供的内容将仅由 Microsoft 上传。For the initial release, the content made available in the Community hub will be uploaded only by Microsoft. 目前,你不能将自己的内容上传到 GitHub 以供社区中心使用。Currently, you can't upload your own content to GitHub for use by Community hub.

社区中心支持以下对象:Community hub supports the following objects:

  • PowerShell 脚本PowerShell Scripts
  • 报表Reports
  • 任务序列Task sequences
  • 应用程序Applications
  • 配置项目Configuration items

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

必备条件Prerequisites

  • 用于访问此中心且运行 Configuration Manager 控制台的设备必须安装以下各项:The device running the Configuration Manager console used to access the hub needs the following items:

    • Windows 10 版本 17110 或更高版本Windows 10 build 17110 or higher
    • .NET Framework 版本 4.6 或更高版本.NET Framework version 4.6 or higher
  • 若要下载报告,必须在要将报告导入到的站点上启用“将 Configuration Manager 生成的证书用于 HTTP 站点系统”选项。To download reports, you need to turn on the option Use Configuration Manager-generated certificates for HTTP site systems at the site you're importing into. 有关详细信息,请参阅增强型 HTTPFor more information, see enhanced HTTP.

    1. 转到“管理” > “站点配置” > “站点”。Go to Administration > Site Configuration > Sites.
    2. 选择一个站点,然后选择功能区中的“属性”。Select the site and choose Properties in the ribbon.
    3. 在“通信安全”选项卡上,选择“将 Configuration Manager 生成的证书用于 HTTP 站点系统”选项。On the Communication Security tab, select the option to Use Configuration Manager-generated certificates for HTTP site systems.

权限Permissions

  • 若要导入脚本:需要 SMS_Scripts 类的“创建”权限。To import a script: Create permission for SMS_Scripts class.
  • 若要导入报告:需要完全权限管理员安全角色。To import a report: Full Administrator security role.

使用社区中心Use the Community hub

  1. 转到“社区”工作区中的“社区中心”节点。Go to the Community hub node in the Community workspace.
  2. 选择要下载的项。Select an item to download.
  3. 必须在 Configuration Manager 站点中拥有适当权限,才能从此中心下载对象并将它们导入站点。You'll need appropriate permissions in your Configuration Manager site to download objects from the hub and import them into the site.
    • 若要导入脚本:需要 SMS_Scripts 类的“创建”权限。To import a script: Create permission for SMS_Scripts class.
    • 若要导入报告:需要完全权限管理员安全角色。To import a report: Full Administrator security role.
  4. 下载的报告部署到 Reporting Services 点上名为“中心”的报告文件夹中。Downloaded reports are deployed to a report folder called hub on the reporting services point. 可转到“运行脚本”节点来查看下载的脚本。Downloaded scripts can be seen in the Run Scripts node.
  5. 单击“社区中心”节点中的“你的下载”,查看组织从中心下载的所有项目 。View all items downloaded from the hub by your organization by clicking on Your downloads from the Community hub node.

从社区中心下载的所有项目All items downloaded from the community hub

Microsoft 365 企业应用版Microsoft 365 Apps for enterprise

Office 365 专业增强版已于 2020 年 4 月 21 日更名为 Microsoft 365 企业应用版。Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise on April 21, 2020. 从这一技术预览版开始,有以下更改:Starting in this technical preview the following changes have been made:

  • Configuration Manager 控制台已更新,使用了新名称。The Configuration Manager console has been updated to use the new name.
    • Microsoft 365 应用版的更新通道名称也已更改。This change also includes update channel names for Microsoft 365 Apps.
  • 向控制台添加了横幅通知,以便在一个或多个自动部署规则在 Microsoft 365 应用版更新的标题条件中引用过时的通道名称时发送通知。A banner notification was added to the console to notify you if one or more automatic deployment rules reference obsolete channel names in the Title criteria for Microsoft 365 Apps updates.

如果使用标题作为自动部署规则中 Microsoft 365 应用版更新的条件,请使用下一部分来帮助修改它们。If you use Title as criteria for Microsoft 365 Apps updates in your automatic deployment rules, use the next section to help modify them.

Microsoft 365 应用版的更新通道信息Update channel information for Microsoft 365 Apps

将 Office 365 专业增强版重命名为 Microsoft 365 企业应用版时,也重命名了更新通道。When Office 365 ProPlus was renamed to Microsoft 365 Apps for enterprise, the update channels were also renamed. 如果使用自动部署规则部署更新,且这些规则依赖于“Title”属性,则需要对规则进行更改。If you use an automatic deployment rule to deploy updates, you'll need to make changes to your rules if they rely on the Title property. 这是因为 Microsoft 更新目录中更新包的名称会发生变化。That's because the name of update packages in the Microsoft Update Catalog is changing.

目前,Office 365 专业增强版的更新包的标题以“Office 365 客户端更新”开头,如以下示例中所示:Currently, the title of an update package for Office 365 ProPlus begins with "Office 365 Client Update" as seen in the following example:

    Office 365 客户端更新 - 适用于基于 x64 版本的半年频道版本 1908(内部版本 11929.20648)    Office 365 Client Update - Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.20648)

对于在 6 月 9 日及之后发布的更新包,标题将以“Microsoft 365 应用更新”开头,如以下示例所示:For update packages released on and after June 9, the title will begin with "Microsoft 365 Apps Update" as seen in the following example:

    Microsoft 365 应用更新 - 适用于基于 x64 版本的半年频道版本 1908(内部版本 11929.50000)    Microsoft 365 Apps Update - Semi-annual Channel Version 1908 for x64 based Edition (Build 11929.50000)

新频道名称New Channel name 以前的频道名称Previous Channel name
半年企业频道Semi-Annual Enterprise Channel 半年频道Semi-Annual Channel
半年企业频道(预览)Semi-Annual Enterprise Channel (Preview) 半年频道(定向)Semi-Annual Channel (Targeted)
每月企业频道Monthly Enterprise Channel NANA
当前频道Current Channel 每月频道Monthly Channel
当前频道(预览)Current Channel (Preview) 每月频道(定向)Monthly Channel (Targeted)
Beta 版本频道Beta Channel 预览体验成员Insider

若要详细了解如何修改自动部署规则,请参阅自动部署软件更新For more information about how to modify your automatic deployment rules, see Automatically deploy software updates. 有关名称变更的详细信息,请参阅 Office 365 专业增强版的名称变更For more information about the name change, see Name change for Office 365 ProPlus.

向 Microsoft 报告安装和升级失败Report setup and upgrade failures to Microsoft

如果安装或更新过程未成功完成,现在可以直接向 Microsoft 报告错误。If the setup or update process fails to complete successfully, you can now report the error directly to Microsoft. 如果失败,则启用“向 Microsoft 报告更新错误”按钮。If a failure occurs, the Report update error to Microsoft button is enabled. 使用此按钮时,将打开一个交互式向导,以便你向我们提供更多信息。When you use the button, an interactive wizard opens allowing you to provide more information to us. 在技术预览版中,即使安装成功完成,此按钮也始终处于启用状态。In technical previews, this button is always enabled even when the setup completes successfully.

在从媒体而非控制台运行安装程序时,如果安装失败,也会为你提供“向 Microsoft 报告更新错误”选项。When running setup from the media rather than the console, you'll also be given the Report update error to Microsoft option if setup fails.

功能区中的“向 Microsoft 报告更新错误”按钮

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

  1. 在 Configuration Manager 控制台中,转到“管理” > “概述” > “更新与维护服务”。In the Configuration Manager console, go to Administration > Overview > Updates and Servicing.
  2. 选择一个更新,然后单击功能区中的“向 Microsoft 报告更新错误”。Select an update then click Report update error to Microsoft in the ribbon.
  3. 提交反馈之前,你还会看到以下选项:Before you submit the feedback, you'll be given options to:
    • 附加其他文件Attach additional files
    • 如果希望收到有关错误的信息,请提供你的电子邮件地址。Provide your email address if you're willing to be contacted about the error.
  4. 提交反馈时,你将获得反馈的事务 ID。When you submit feedback, you'll be given a transaction ID for the feedback. 基于此信息还会生成一个状态消息。A status message is also generated with this information.
    • ID 为 53900 的消息表示提交成功。Message ID 53900 is a successful submission.
    • ID 为 53901 的消息表示提交失败。Message ID 53901 is a failed submission.

Azure AD 应用密钥过期通知Notification for Azure AD app secret key expiration

根据 UserVoice 反馈,如果配置 Azure 服务到云附加站点,则 Configuration Manager 控制台现在会在以下情况下显示通知:Based on your UserVoice feedback, if you Configure Azure services to cloud-attach your site, the Configuration Manager console now displays notifications for the following circumstances:

  • 一个或多个 Azure AD 应用密钥即将过期时One or more Azure AD app secret keys will expire soon
  • 一个或多个 Azure AD 应用密钥已过期时One or more Azure AD app secret keys have expired

若要同时减少这两种情况的发生,请使用控制台内操作以续订密钥To mitigate both cases, use the in-console action to Renew secret the key.

已知问题:控制台可能意外关闭Known issue: Console may unexpectedly close

如果将站点配置为连接到云管理 Azure 服务,此通知可能会导致控制台意外关闭。If you configure your site with a connection to the Cloud Management Azure service, this notification can cause the console to unexpectedly close. 此 Azure 服务用于多种功能,包括云管理网关 (CMG) 和 Azure AD 发现。You use this Azure service for a variety of features, including the cloud management gateway (CMG) and Azure AD discovery. 有关详细信息,请参阅配置用于 Configuration Manager 的 Azure 服务For more information, see Configure Azure services for use with Configuration Manager.

默认情况下,站点每小时评估此警报状态一次。By default, the site evaluates the state of this alert once per hour. 若要解决此问题,请重启控制台。To work around this issue, restart the console.

BitLocker 任务序列步骤的改进Improvements to BitLocker task sequence steps

根据 UserVoice 反馈,现在可以在启用 BitLocker预设置 BitLocker 任务序列步骤上指定“磁盘加密模式”。Based on your UserVoice feedback, you can now specify the Disk encryption mode on the Enable BitLocker and Pre-provision BitLocker task sequence steps. 默认情况下,这些步骤将继续使用 OS 版本的默认加密方法。By default, the steps continue to use the default encryption method for the OS version. 使用新设置选择以下加密算法之一:AES_128、AES_256、XTS_AES256 或 XTS_AES128。Use the new setting to select one of the following encryption algorithms: AES_128, AES_256, XTS_AES256, or XTS_AES128.

如果步骤在不支持指定算法的 Windows 版本上运行,则会回退到 OS 默认值。If the step runs on a version of Windows that doesn't support the specified algorithm, it falls back to the OS default. 在这种情况下,任务序列引擎将发送状态消息 11911。In this circumstance, the task sequence engine sends status message 11911.

如果使用以下 PowerShell cmdlet 来配置这些任务序列步骤,请使用新的 EncryptionMethod 参数:If you use the following PowerShell cmdlets to configure these task sequence steps, use the new EncryptionMethod parameter:

“启用 BitLocker”步骤现在还包括“对于没有 TPM 或未启用 TPM 的计算机跳过此步骤”设置。The Enable BitLocker step also now includes the setting to Skip this step for computers that do not have a TPM or when TPM is not enabled. 默认情况下,此设置处于禁用状态。By default, this setting is disabled. 该步骤将在没有 TPM 或未初始化 TPM 的设备上失败。The step fails on a device without a TPM or a TPM that doesn't initialize. 如果启用此设置,且设备没有功能性 TPM,则任务序列引擎会将一条警告记录到 smsts.log,并发送状态消息 11912。If you enable this setting, and the device doesn't have a functional TPM, the task sequence engine logs a warning to smsts.log and sends status message 11912.

提示

“预设置 BitLocker”步骤中已存在此设置。This setting already exists on the Pre-provision BitLocker step. 现在,它还可以在必要时生成状态消息 11912。It can now also generate status message 11912 when necessary.

内容库清理工具的改进Improvements to the content library cleanup tool

如果在站点系统处于脱机状态时从分发点中删除内容,则 WMI 中会存在孤立记录。If you remove content from a distribution point while the site system is offline, an orphaned record can exist in WMI. 随着时间的推移,此行为最终可能导致分发点上出现警告状态。Over time, this behavior can eventually lead to a warning status on the distribution point. 过去,要缓解这一问题,必须从 WMI 中手动删除孤立条目。To mitigate the issue in the past, you had to manually remove the orphaned entries from WMI. 但在此过程中出错可能会为服务器带来更严重的问题。Making a mistake during this process could cause more severe issues with the server.

内容库清理工具在删除模式下可从内容库中删除孤立文件。The content library cleanup tool in delete mode could remove orphaned files from the content library. 现在,它还可从分发点上的 WMI 提供程序中删除孤立的内容记录。It can now also remove orphaned content records from the WMI provider on a distribution point. 对于这两个用例,都可以使用 /delete 参数运行该工具。Run the tool with the /delete parameter for both use cases.

有关详细信息,请参阅内容库清理工具For more information, see the Content library cleanup tool.

Windows 10 就地升级期间删除命令提示符Remove command prompt during Windows 10 in-place upgrade

在将设备升级到 Windows 10 的任务序列中,在最后某个 Windows 配置阶段,将打开一个命令提示符窗口。During a task sequence to upgrade a device to Windows 10, during one of the final Windows configuration phases a command prompt window opens. 该窗口位于 Windows 全新体验 (OOBE) 之上,用户可与之交互以中断升级过程。The window is on top of the Windows out-of-box experience (OOBE), and users can interact with it to disrupt the upgrade process.

从此版本开始,Configuration Manager 中的 SetupCompleteTemplate.cmd 和 SetupRollbackTemplate.cmd 脚本将包含一个隐藏命令提示符窗口的更改。Starting in this release, the SetupCompleteTemplate.cmd and SetupRollbackTemplate.cmd scripts from Configuration Manager include a change to hide the command prompt window.

后续步骤Next steps

有关安装和更新技术预览分支的详细信息,请参阅技术预览For more information about installing or updating the technical preview branch, see Technical preview.

有关 Configuration Manager 不同分支版本的详细信息,请参阅应使用 Configuration Manager 的哪一个分支版本?For more information about the different branches of Configuration Manager, see Which branch of Configuration Manager should I use?.