Configuration Manager 技术预览版 2006 中的功能Features in Configuration Manager technical preview version 2006

适用范围:Configuration Manager(技术预览版分支)Applies to: Configuration Manager (technical preview branch)

本文介绍 Configuration Manager 技术预览版 2006 中提供的功能。This article introduces the features that are available in the technical preview for Configuration Manager, version 2006. 安装此版本,以更新技术预览站点的功能并向其添加新功能。Install this version to update and add new features to your technical preview site.

安装此更新之前,请查看技术预览一文。Review the technical preview article before installing this update. 该文章将帮助你熟悉使用 Technical Preview 的常规要求和限制,如何在版本之间进行更新以及如何提供相关的反馈。That article familiarizes you with the general requirements and limitations for using a technical preview, how to update between versions, and how to provide feedback.

以下各部分介绍了此版本中要试用的新功能:The following sections describe the new features to try out in this version:

在共同管理的设备上使用公司门户应用Use the Company Portal app on co-managed devices

公司门户现在是 Microsoft Endpoint Manager 的跨平台应用门户体验。The Company Portal is now the cross-platform app portal experience for Microsoft Endpoint Manager. 现在可以在共同管理的设备上使用公司门户的预览版本。You can now use a preview version of the Company Portal on co-managed devices. 通过将共同管理的设备配置为同时使用公司门户,你可以在所有设备上提供一致的用户体验。By configuring co-managed devices to also use the Company Portal, you can provide a consistent user experience on all devices.

此公司门户预览版本支持以下操作:This preview version of the Company Portal supports the following actions:

  • 在共同管理的设备上启动公司门户应用,并通过 Azure Active Directory (Azure AD) 单一登录 (SSO) 登录。Launch the Company Portal app on co-managed devices and sign in with Azure Active Directory (Azure AD) single sign-on (SSO).
  • 在公司门户中查看可用和已安装的 Configuration Manager 应用及 Intune 应用。View available and installed Configuration Manager apps in the Company Portal alongside Intune apps.
  • 从公司门户安装可用的 Configuration Manager 应用并接收安装状态信息。Install available Configuration Manager apps from the Company Portal and receive installation status information.

公司门户与来自 Configuration Manager 的应用

公司门户的行为取决于你的共同管理工作负载配置:The behavior of the Company Portal depends upon your co-management workload configuration:

工作负荷Workload 设置Setting 行为Behavior
客户端应用Client apps Configuration ManagerConfiguration Manager 只能看到 Configuration Manager 客户端应用You can see only Configuration Manager client apps
客户端应用Client apps 试点 Intune 或 IntunePilot Intune or Intune 可以看到 Configuration Manager 和 Intune 客户端应用You can see both Configuration Manager and Intune client apps
Office 即点即用应用Office Click-to-run apps Configuration ManagerConfiguration Manager 只能看到 Configuration Manager Office 即点即用应用You can see only Configuration Manager Office click-to-run apps
Office 即点即用应用Office Click-to-run apps 试点 Intune 或 IntunePilot Intune or Intune 只能看到 Intune Office 即点即用应用You can see only Intune Office click-to-run apps

有关详细信息,请参阅如何将 Configuration Manager 工作负载切换为 IntuneFor more information, see How to switch Configuration Manager workloads to Intune.

公司门户预览版的先决条件Prerequisites for Company Portal preview

  • 公司门户应用版本 11.0.8980.0 或更高版本Company Portal app version 11.0.8980.0 or later

  • Windows 10 版本 1803 或更高版本:Windows 10, version 1803 or later:

  • 登录到这些设备的用户帐户需要以下配置:The user accounts that sign in to these devices require the following configurations:

    • Azure AD 标识An Azure AD identity

    • 已分配 Intune 许可证Assigned an Intune license

通过 CMG 改进可用应用Improvements to available apps via CMG

未加入 Azure Active Directory (Azure AD) 并通过云管理网关 (CMG) 通信的基于 Internet 的加入域的设备,现在可以部署应用以供使用。An internet-based, domain-joined device that isn't joined to Azure Active Directory (Azure AD) and communicates via a cloud management gateway (CMG) can now get apps deployed as available. 设备的 Active Directory 域用户需要匹配的 Azure AD 标识。The Active Directory domain user of the device needs a matching Azure AD identity. 当用户启动软件中心时,Windows 会提示他们输入其 Azure AD 凭据。When the user starts Software Center, Windows prompts them to enter their Azure AD credentials. 他们随后可以看到任何可用的应用。They can then see any available apps.

配置以下先决条件以启用此功能:Configure the following prerequisites to enable this functionality:

Intranet 客户端可以使用 CMG 软件更新点Intranet clients can use a CMG software update point

Intranet 客户端分配到边界组后,现在可以访问 CMG 软件更新点。Intranet clients can now access a CMG software update point when it's assigned to the boundary group. 在以下情况下,管理员可以允许 Intranet 设备针对 CMG 软件更新点进行扫描:Admins can allow intranet devices to scan against a CMG software update point in the following scenarios:

  • Internet 计算机连接到 VPN 时,将继续通过 Internet 对 CMG 软件更新点进行扫描。When an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.
  • 如果边界组的唯一软件更新点是 CMG 软件更新点,则所有 Intranet 和 Internet 设备将对其进行扫描。If the only software update point for the boundary group is the CMG software update point, then all intranet and internet devices will scan against it.

通过 CMG 改进任务序列Improvements to task sequences via CMG

此版本包含以下改进,可将任务序列部署到通过云管理网关 (CMG) 进行通信的设备:This release includes the following improvements to deploy task sequences to devices that communicate via a cloud management gateway (CMG):

  • 支持 OS 部署Support for OS deployment:对于使用启动映像来部署 OS 的任务序列,你可以将其部署到通过 CMG 进行通信的设备。: With a task sequence that uses a boot image to deploy an OS, you can deploy it to a device that communicates via CMG. 用户需要从软件中心启动任务序列。The user needs to start the task sequence from Software Center.

  • 此版本修复了 Configuration Manager 当前分支版本 2002 的两个已知问题This release fixes the two known issues from Configuration Manager current branch version 2002. 现在可以在以下情况下在通过 CMG 通信的设备上运行任务序列:You can now run a task sequence on a device that communicates via CMG in the following circumstances:

通过 CMG 进行的 OS 部署的已知问题Known issue with OS deployment via CMG

如果 OS 部署任务序列中有一个针对通过 CMG 进行通信的客户端的“安装应用程序”步骤,则无法下载应用策略。If there's an Install Application step in an OS deployment task sequence to a client via CMG, it fails to download the app policy. 若要解决此问题,请在任务序列中禁用此步骤。To work around this issue, disable this step in the task sequence. 将应用与任务序列分开部署。Deploy the app separately from the task sequence.

针对远程工作者进行优化的管理见解Management insights to optimize for remote workers

此版本添加了一组新的管理见解针对远程工作者进行优化This release adds a new group of management insights, Optimize for remote workers. 这些新见解可帮助你为远程工作者创造更好的体验并降低基础结构负载。These insights help you create better experiences for remote workers and reduce load on your infrastructure. 此版本中的见解主要侧重于 VPN:The insights in this release primarily focus on VPN:

  • 定义 VPN 边界组:创建 VPN 边界,并将其关联到边界组。Define VPN boundary groups: Create a VPN boundary and associate it to a boundary group. 将特定于 VPN 的站点系统关联到组,并配置环境设置。Associate VPN-specific site systems to the group, and configure the settings for your environment. 此见解检查至少一个边界组,其中至少有一个 VPN 边界。This insight checks for at least one boundary group with at least one VPN boundary in it. 从此见解的属性中,选择“审查操作”,以转到“边界组”节点。From the properties of this insight, select Review Actions to go to the Boundary Groups node. 有关详细信息,请参阅 VPN 边界类型For more information, see VPN boundary type.

  • 将 VPN 连接的客户端配置为首选云端内容源:若要减少 VPN 上的流量,请启用边界组选项“首选云端源而不是本地源”。Configure VPN connected clients to prefer cloud based content sources: To reduce traffic on the VPN, enable the boundary group option to Prefer cloud based sources over on-premises sources. 此选项允许客户端从 Internet 下载内容,而不是通过 VPN 从分发点下载内容。This option allows clients to download content from the internet instead of distribution points across the VPN. 有关详细信息,请参阅边界组选项For more information, see Boundary group options.

  • 对 VPN 连接的客户端禁用对等内容共享:若要防止可能对远程客户端不利的不必要的对等流量,请禁用边界组选项“允许此边界组中的对等下载”。Disable peer to peer content sharing for VPN connected clients: To prevent unnecessary peer-to-peer traffic that likely doesn't benefit the remote clients, disable the boundary group option to Allow peer downloads in this boundary group. 有关详细信息,请参阅边界组选项For more information, see Boundary group options.

对 VPN 边界类型的改进Improvements to VPN boundary type

此版本改进了在技术预览版 2005 中首次引入的新 VPN 边界类型。This release improves upon the new VPN boundary type first introduced in technical preview version 2005. 现在可创建多个 VPN 边界,并可通过 VPN 名称或描述检测连接。You can now create more than one VPN boundary, and can detect the connection by the VPN name or description. 打开“创建边界”页,并选择“VPN”类型时,请选择以下选项之一:When you open the Create Boundary page, and select the VPN type, choose one of the following options:

  • 自动检测 VPN:此选项与以前的行为相同。Auto detect VPN: This option is the same behavior as before. 控制台列表中的边界值将为 AUT:1The boundary value in the console list will be AUT:1. 它应检测任何使用点对点隧道协议 (PPTP) 的 VPN 解决方案。It should detect any VPN solution that uses the point-to-point tunneling protocol (PPTP). 如果它未检测到 VPN,请使用其他选项之一。If it doesn't detect your VPN, use one of the other options.

  • 连接名称:指定设备上 VPN 连接的名称。Connection name: Specify the name of the VPN connection on the device. 这是 Windows 中用于 VPN 连接的网络适配器的名称。It's the name of the network adapter in Windows for the VPN connection. Configuration Manager 匹配字符串的前 251 个字符,但不支持通配符或部分字符串。Configuration Manager matches the first 251 characters of the string, but doesn't support wildcard characters or partial strings. 控制台列表中的边界值将为 NAM:<name>,其中 <name> 是指定的连接名称。The boundary value in the console list will be NAM:<name>, where <name> is the connection name that you specify.

    例如,在设备上运行 ipconfig 命令,其中一个部分以 PPP adapter ContosoVPN: 开头。For example, you run the ipconfig command on the device, and one of the sections starts with: PPP adapter ContosoVPN:. 使用字符串 ContosoVPN 作为“连接名称”。Use the string ContosoVPN as the Connection name. 它在列表中显示为 NAM:ContosoVPNIt displays in the list as NAM:ContosoVPN.

  • 连接说明:指定 VPN 连接的说明。Connection description: Specify the description of the VPN connection. Configuration Manager 匹配字符串的前 251 个字符,但不支持通配符或部分字符串。Configuration Manager matches the first 251 characters of the string, but doesn't support wildcard characters or partial strings. 控制台列表中的边界值将为 DES:<description>,其中 <description> 是指定的连接说明。The boundary value in the console list will be DES:<description>, where <description> is the connection description that you specify.

    例如,在设备上运行 ipconfig /all 命令,其中一个连接包含以下行:Description . . . . . . . . . . . : ContosoMainVPNFor example, you run the ipconfig /all command on the device, and one of the connections includes the following line: Description . . . . . . . . . . . : ContosoMainVPN. 使用字符串 ContosoMainVPN 作为“连接说明”。Use the string ContosoMainVPN as the Connection description. 它在列表中显示为 DES:ContosoMainVPNIt displays in the list as DES:ContosoMainVPN.

在每种情况下,设备都需要连接到 VPN,Configuration Manager 才能将该边界中的客户端关联起来。In every case, the device needs to be connected to the VPN for Configuration Manager to associate the client in that boundary.

租户附加:对 Microsoft Endpoint Manager 管理中心中 Configuration Manager 操作的改进Tenant Attach: Improvements to Configuration Manager actions in Microsoft Endpoint Manager admin center

此版本在 Microsoft Endpoint Manager 管理中心对 Configuration Manager 设备的管理进行了一些改进。This release introduces some improvements to the administration of Configuration Manager devices in Microsoft Endpoint Manager admin center. 改进包括:Improvements include:

  • 配置错误现在包括指向文档的链接,以帮助你进行故障排除。Configuration errors now include links to documentation to help you troubleshoot.

  • 用户可用的应用程序现在显示在 ConfigMgr 设备的“应用程序”节点中。User available applications now appear in the Applications node for a ConfigMgr device.

    • 应用程序列表包括部署到当前登录到设备的用户的应用程序。The application list includes applications deployed to a user currently logged on to the device.
    • 不支持多用户会话方案。Multi-user session scenarios aren't supported.
    • 当前不支持加入 Azure AD 的设备,仅支持加入 AD 的设备。Azure AD joined devices aren't currently supported, only AD joined devices.

若要将应用程序部署到用户,请安装最新版本的 Configuration Manager 客户端,然后按照租户附加:从管理中心安装应用程序中的说明进行操作。To deploy an application to a user, install the latest version of the Configuration Manager client, then follow the instructions in Tenant attach: Install an application from the admin center.

对终结点保护策略的 CMG 支持CMG support for endpoint protection policies

在云管理网关 (CMG) 具有受支持的终结点保护策略时,设备需要访问本地域控制器。While the cloud management gateway (CMG) has supported endpoint protection policies, devices required access to on-premises domain controllers. 从此版本开始,通过 CMG 进行通信的客户端可以立即应用终结点保护策略,而无需与 Active Directory 建立活动连接。Starting in this release, clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.

在租户附加加入期间导入以前创建的 Azure AD 应用程序Import previously created Azure AD application during tenant attach onboarding

在新加入期间,管理员可以在加入租户附加的过程中指定以前创建的应用程序。During a new onboarding, an administrator can specify a previously created application during onboarding to tenant attach. 从“共同管理配置向导”的“正在加入租户”页面中,选择“(可选)导入单独的 Web 应用,将 Configuration Manager 客户端数据同步到 Microsoft Endpoint Manager 管理中心”。 From the Tenant onboarding page in the Co-management Configuration Wizard, select Optionally import a separate web app to synchronize Configuration Manager client data to Microsoft Endpoint Manager admin center. 此选项将提示你指定 Azure AD 应用的以下信息:This option will prompt you to specify the following information for your Azure AD app:

  • Azure AD 租户名称Azure AD tenant name
  • Azure AD 租户 IDAzure AD tenant ID
  • 应用程序名称Application name
  • 客户端 IDClient ID
  • 密钥Secret key
  • 密钥到期日期Secret key expiry
  • 应用 ID URIApp ID URI

通过按流量计费的连接对客户端升级进行的改进Improvements to client upgrade on a metered connection

从 Configuration Manager 技术预览版 2005 开始,可以在允许客户端通过按流量计费的连接进行通信时安装和升级客户端。Starting in Configuration Manager technical preview version 2005, you could install and upgrade the client when you allowed client communication on a metered connection. 现在可以将客户端设置“客户端通过按流量计费的 Internet 连接进行的通信”配置为“限制”。 You can now also configure the client setting Client communication on metered internet connections to Limit. 此选项可减少客户端通过按流量计费的网络进行的通信,但现在仍允许客户端保持最新。This option reduces the client communication on a metered network, but now still allows the client to stay current.

有关详细信息,请参阅下列文章:For more information, see the following articles:

对管理设备重启的改进Improvements to managing device restarts

Configuration Manager 提供了许多选项来管理设备重启通知Configuration Manager provides many options to manage device restart notifications. 根据 UserVoice 反馈,现在可以配置客户端设置,以防止设备在部署需要时自动重启。Based on your UserVoice feedback, you can now configure client settings to prevent devices from automatically restarting when a deployment requires it. 默认情况下,Configuration Manager 仍可强制设备重启。By default, Configuration Manager can still force devices to restart.

重要

此新的客户端设置适用于设备上的所有应用程序、软件更新和包部署。This new client setting applies to all application, software update, and package deployments to the device. 在用户手动重启设备之前:Until a user manually restarts the device:

  • 软件更新和应用修订版本可能未完全安装Software updates and app revisions may not be fully installed
  • 可能不会安装其他软件Additional software installs may not happen

试试看!Try it out!

尝试完成任务。Try to complete the tasks. 然后发送反馈,并随附你对该功能的想法。Then send Feedback with your thoughts on the feature.

  1. 在客户端设置的“计算机重启”组中,禁用以下新选项:Configuration Manager 可强制设备重启。In the Computer Restart group of client settings, disable the following new option: Configuration Manager can force a device to restart. 如果禁用此设置,则无法指定设备重启或向用户显示最后倒计时通知的截止时间之后的时间量。When you disable this setting, you can't specify the amounts of time after the deadline that the device is restarted or the user is presented a final countdown notification.

  2. 为了测试行为,请将以下设置的频率更改为 2 分钟:在截止时间后,指定向用户发出的重启提醒通知的频率(分钟)。For the purposes of testing the behavior, change the frequency of the following setting to 2 minutes: After the deadline, specify the frequency of restart reminder notifications to the user (minutes).

  3. 部署需要重启的应用Deploy an app that requires a restart. 使部署需要一个即时截止时间。Make the deployment required with an immediate deadline.

    提示

    出于测试目的,请在应用部署类型属性上,转到“返回代码”选项卡。对于返回代码值 0,请将“代码类型”更改为“硬重启”。For the purposes of testing, on the app deployment type properties, go to the Return Codes tab. For return code value 0, change the Code Type to Hard Reboot.

等待或强制客户端接收更新的客户端设置和应用部署策略。Wait or force the client to receive the updated client settings and app deployment policies. 应用安装成功后,会看到以下通知:After the app installs successfully, you'll see the following notification:

重启计算机的软件中心通知

如果推迟此通知,它将根据你配置重启提醒通知的频率再次显示。If you Snooze this notification, it will show again based on how you configure the frequency of restart reminder notifications. 在选择“重启”或手动重启 Windows 之前,设备不会重新启动。The device won't restart until you select Restart or manually restart Windows.

要帮助排除故障,请使用 rebootcoordinator.log 和 SCNotify.log 文件。To help troubleshoot, use the rebootcoordinator.log and SCNotify.log files.

改进了对 Windows 虚拟桌面的支持Improved support for Windows Virtual Desktop

可在具有要求规则或适用性列表的对象上的受支持 OS 版本列表中找到“Windows 10 企业版多会话”平台。The Windows 10 Enterprise multi-session platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.

有关 Configuration Manager 对 Windows 虚拟桌面的支持的详细信息,请参阅客户端和设备支持的 OS 版本For more information on Configuration Manager's support for Windows Virtual Desktop, see Supported OS versions for clients and devices.

备注

如果之前选择了顶层 Windows 10 平台,则此操作会自动选择所有子平台。If you previously selected the top-level Windows 10 platform, this action automatically selected all child platforms. 不会自动选择此新平台。This new platform isn't automatically selected. 如果要添加“Windows 10 企业版多会话”,请在列表中手动将其选中。If you want to add Windows 10 Enterprise multi-session, manually select it in the list.

新 OS 平台的已知问题Known issue with new OS platform

在任务序列或包上,当你选择“Windows 10 企业版多会话”平台时,在将其保存后,会恢复到“所有 Windows 10 x64”。 On a task sequence or package, when you select the Windows 10 Enterprise multi-session platform, after you save it reverts to All Windows 10 x64.

若要解决此问题,请在站点数据库上运行以下 SQL 脚本:To work around this issue, run the following SQL script on the site database:

Update SupportedPlatforms
Set OSMaxVersion = '10.00.99999.9997'
Where DisplayText like '%multi%'

你现在可以使用直接链接轻松导航到 Configuration Manager 控制台社区中心节点并引用其中的项。You can now easily navigate to and reference items in the Configuration Manager console Community hub node with a direct link. 此功能的目的是为了更轻松地进行协作,并且能够与同事共享指向社区中心项的链接。The intention for this feature is for easier collaboration and being able to share links to Community hub items with your colleagues. 目前,你会看到 Configuration Manager 团队和文档中共享的这些链接。Currently, you'll see these links shared by the Configuration Manager team and in the documentation.

例如,使用此链接共享配置边缘自动更新脚本 (https://communityhub.microsoft.com/item/7200)。For example, use this link to share the Configure Edge Auto Update script (https://communityhub.microsoft.com/item/7200). 如果已安装技术预览版分支版本 2006 控制台,请单击该链接,然后选择“启动社区中心”。If you have the technical preview branch version 2006 console installed, follow that link, and then select Launch the Community hub. 控制台将直接打开到社区中心中的脚本。The console opens directly to the script in the Community hub.

备注

这些深层链接当前仅用于控制台的社区中心节点中的项。These deep links are currently only for items in the Community hub node of the console.

一般已知问题General known issues

Azure AD 身份验证不起作用Azure AD authentication doesn't work

Configuration Manager 无法正常使用 Azure Active Directory (Azure AD) 安全令牌服务。Configuration Manager's use of the Azure Active Directory (Azure AD) security token service doesn't work. 管理点上的 CCM_STS.log 包含类似于以下错误的条目:ProcessRequest - Exception: System.IO.FileLoadException: Could not load file or assembly 'System.IdentityModel.Tokens.JWT.它还包括 HRESULT 0x80131040。The CCM_STS.log on the management point contains an entry similar to the following error: ProcessRequest - Exception: System.IO.FileLoadException: Could not load file or assembly 'System.IdentityModel.Tokens.JWT. It also includes the HRESULT 0x80131040.

另一个症状是云管理网关 (CMG) 出现问题。Another symptom is issues with a cloud management gateway (CMG). 如果运行 CMG 连接分析器,它将无法测试管理点的 CMG 通道,并出现以下错误:Failed to get ConfigMgr token with Azure AD token. Status code is '500' and status description is 'CMGConnector_InternalServerError'.If you run the CMG connection analyzer, it fails testing the CMG channel for management point with the following error: Failed to get ConfigMgr token with Azure AD token. Status code is '500' and status description is 'CMGConnector_InternalServerError'.

此问题是由支持库的版本差异导致的。This issue is because of a version discrepancy with a supporting library.

要解决此问题,请将 System.IdentityModel.Tokens.JWT.dll 从站点服务器安装目录的 \bin\X64 文件夹中复制到管理点上的 SMS_CCM\CCM_STS\bin 文件夹。To work around the issue, copy System.IdentityModel.Tokens.JWT.dll from the \bin\X64 folder of the installation directory on the site server to the SMS_CCM\CCM_STS\bin folder on the management point.

后续步骤Next steps

有关安装和更新技术预览分支的详细信息,请参阅技术预览For more information about installing or updating the technical preview branch, see Technical preview.

有关 Configuration Manager 不同分支版本的详细信息,请参阅应使用 Configuration Manager 的哪一个分支版本?For more information about the different branches of Configuration Manager, see Which branch of Configuration Manager should I use?.