Configuration Manager Current Branch 版本 2002 中的新增功能What's new in version 2002 of Configuration Manager current branch

适用范围:Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

Configuration Manager Current Branch 的更新 2002 作为控制台内更新提供。Update 2002 for Configuration Manager current branch is available as an in-console update. 将此更新应用于运行版本 1810 或更高版本的站点。Apply this update on sites that run version 1810 or later. 安装新站点时,它也可作为基准版本提供。When installing a new site, it's also available as a baseline version. 本文汇总了 Configuration Manager 版本 2002 中的更改和新增功能。This article summarizes the changes and new features in Configuration Manager, version 2002.

始终查看安装此更新的最新清单。Always review the latest checklist for installing this update. 有关详细信息,请参阅用于安装更新 2002 的清单For more information, see Checklist for installing update 2002. 更新站点后,还可以查看更新后清单After you update a site, also review the Post-update checklist.

若要利用 Configuration Manager 的新功能,更新站点后,还请将客户端更新到最新版本。To take full advantage of new Configuration Manager features, after you update the site, also update clients to the latest version. 尽管在更新站点和控制台时 Configuration Manager 控制台中会显示新功能,但只有在客户端版本也是最新版本之后,完整方案才能正常运行。While new functionality appears in the Configuration Manager console when you update the site and console, the complete scenario isn't functional until the client version is also the latest.


若要在此页面更新时收到通知,请将以下 URL 复制并粘贴到 RSS 源阅读器中: get notified when this page is updated, copy and paste the following URL into your RSS feed reader:

Microsoft Endpoint Manager 租户附加Microsoft Endpoint Manager tenant attach

设备同步和设备操作Device sync and device actions

Microsoft Endpoint Manager 是用于管理所有设备的集成解决方案。Microsoft Endpoint Manager is an integrated solution for managing all of your devices. Microsoft 将 Configuration Manager 和 Intune 组合为单个控制台,称为“Microsoft Endpoint Manager 管理中心”。Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center. 从此版本开始,可以从该管理中心的“设备”边栏选项卡中将 Configuration Manager 设备上传到云服务并执行操作。Starting in this release you can upload your Configuration Manager devices to the cloud service and take actions from the Devices blade in the admin center.

有关详细信息,请参阅 Microsoft Endpoint Manager 租户附加For more information, see Microsoft Endpoint Manager tenant attach.

站点基础结构Site infrastructure

删除管理中心站点Remove a central administration site

如果层次结构由管理中心站点 (CAS) 和单个子级主站点组成,则现在可以删除 CAS。If your hierarchy consists of a central administration site (CAS) and a single child primary site, you can now remove the CAS. 此操作可将 Configuration Manager 基础结构简化为单个独立主站点。This action simplifies your Configuration Manager infrastructure to a single, standalone primary site. 它可消除站点到站点复制的复杂性,并将管理任务集中到单个主站点。It removes the complexities of site-to-site replication, and focuses your management tasks to the single primary site.

有关详细信息,请参阅删除 CASFor more information, see Remove the CAS.

新管理见解规则New management insight rules

此版本包括以下管理见解规则:This release includes the following management insight rules:

  • 由 Microsoft 顶级支持现场工程部门提供的 Configuration Manager 评估组中的九个规则。Nine rules in the Configuration Manager Assessment group courtesy of Microsoft Premier Field Engineering. 这些规则只是 Microsoft 顶级支持在服务中心提供的众多检查中的一个例子。These rules are a sample of the many more checks that Microsoft Premier provides in the Services Hub.

    • Active Directory 安全组发现配置为过于频繁地运行Active Directory Security Group Discovery is configured to run too frequently
    • Active Directory 系统发现配置为过于频繁地运行Active Directory System Discovery is configured to run too frequently
    • Active Directory 用户发现配置为过于频繁地运行Active Directory User Discovery is configured to run too frequently
    • 集合仅限于“所有系统”或“所有用户”Collections limited to All Systems or All Users
    • 已禁用检测信号发现Heartbeat Discovery is disabled
    • 已启用长期运行的集合查询以实现增量更新Long running collection queries enabled for incremental updates
    • 减少分发点上的应用程序和包数量Reduce the number of applications and packages on distribution points
    • 辅助站点安装问题Secondary site installation issues
    • 将所有站点更新到同一版本Update all sites to the same version
  • 云服务组中的两个附加规则可帮助配置站点以便添加安全 HTTPS 通信:Two additional rules in the Cloud Services group to help you configure your site for adding secure HTTPS communication:

    • 没有正确 HTTPS 配置的站点Sites that don't have proper HTTPS configuration
    • 未上传到 Azure AD 的设备Devices not uploaded to Azure AD

有关详细信息,请参阅管理见解For more information, see Management insights.

管理服务的改进Improvements to administration service

管理服务是 SMS 提供程序的 REST API。The administration service is a REST API for the SMS Provider. 以前,必须实现以下其中一个依赖项:Previously, you had to implement one of the following dependencies:

  • 为整个站点启用增强的 HTTPEnable Enhanced HTTP for the entire site
  • 将基于 PKI 的证书手动绑定到托管 SMS 提供程序角色的服务器上的 IISManually bind a PKI-based certificate to IIS on the server that hosts the SMS Provider role

从此版本开始,管理服务会自动使用该站点的自签名证书。Starting in this release, the administration service automatically uses the site's self-signed certificate. 此更改有助于减少摩擦,使管理服务更易于使用。This change helps reduce the friction for easier use of the administration service. 站点始终会生成此证书。The site always generates this certificate. 设置为“将 Configuration Manager 生成的证书用于 HTTP 站点系统”的增强 HTTP 站点仅控制站点系统是否使用该证书。The Enhanced HTTP site setting to Use Configuration Manager-generated certificates for HTTP site systems only controls whether site systems use it or not. 现在,管理服务会忽略此站点设置,因为它始终使用站点的证书,即使没有其他站点系统使用增强的 HTTP 也是如此。Now the administration service ignores this site setting, as it always uses the site's certificate even if no other site system is using Enhanced HTTP. 仍可以使用基于 PKI 的服务器身份验证证书。You can still use a PKI-based server authentication certificate.

有关详细信息,请参阅以下新文章:For more information, see the following new articles:

对 Azure Active Directory 发现和组同步的代理支持Proxy support for Azure Active Directory discovery and group sync

站点系统的代理设置(包括身份验证)现在由以下各项使用:The site system's proxy settings, including authentication, are now used by:

  • Azure Active Directory (Azure AD) 用户发现Azure Active Directory (Azure AD) user discovery
  • Azure AD 用户组发现Azure AD user group discovery
  • 将集合成员身份结果同步到 Azure Active Directory 组Synchronizing collection membership results to Azure Active Directory groups

有关详细信息,请参阅代理服务器支持For more information, see Proxy server support.

云附加管理Cloud-attached management

严重状态消息显示了所需终结点的服务器连接错误Critical status message shows server connection errors to required endpoints

如果 Configuration Manager 站点服务器无法连接到云服务所需的终结点,则会引发严重状态消息 ID 11488。If the Configuration Manager site server fails to connect to required endpoints for a cloud service, it raises a critical status message ID 11488. 站点服务器无法连接到服务时,SMS_SERVICE_CONNECTOR 组件状态将更改为严重。When the site server can't connect to the service, the SMS_SERVICE_CONNECTOR component status changes to critical. 在 Configuration Manager 控制台的“组件状态”节点中查看详细状态。View detailed status in the Component Status node of the Configuration Manager console.

为云管理网关进行基于令牌的身份验证Token-based authentication for cloud management gateway

云管理网关 (CMG) 支持许多类型的客户端,但是即使使用增强的 HTTP,这些客户端也需要客户端身份验证证书。The cloud management gateway (CMG) supports many types of clients, but even with Enhanced HTTP, these clients require a client authentication certificate. 如果客户端不经常连接到内部网络、无法加入 Azure Active Directory (Azure AD) 且无法安装 PKI 颁发的证书的基于 Internet,则在其上预配此证书要求可能非常困难。This certificate requirement can be challenging to provision on internet-based clients that don't often connect to the internal network, aren't able to join Azure Active Directory (Azure AD), and don't have a method to install a PKI-issued certificate.

Configuration Manager 通过以下方法扩展其设备支持:Configuration Manager extends its device support with the following methods:

  • 在内部网络上注册以获得唯一令牌Register on the internal network for a unique token
  • 为基于 Internet 的设备创建批量注册令牌Create a bulk registration token for internet-based devices

有关详细信息,请参阅基于令牌的 CMG 身份验证For more information, see Token-based authentication for CMG.

Microsoft Endpoint Configuration Manager 云功能Microsoft Endpoint Configuration Manager cloud features

如果可以在 Microsoft Endpoint Manager 管理中心或本地 Configuration Manager 安装的附加云服务中使用基于云的新功能,则现在可以在 Configuration Manager 控制台中选择加入这些新功能。When new cloud-based features are available in the Microsoft Endpoint Manager admin center, or other attached cloud services for your on-premises Configuration Manager installation, you can now opt in to these new features in the Configuration Manager console. 要详细了解如何在 Configuration Manager 控制台中启用这些功能,请参阅启用更新中的可选功能For more information on enabling features in the Configuration Manager console, see Enable optional features from updates.

桌面分析Desktop Analytics

有关桌面分析云服务每月更改的详细信息,请参阅桌面分析中的新增功能For more information on the monthly changes to the Desktop Analytics cloud service, see What's new in Desktop Analytics.

连接运行状况仪表板显示了客户端连接问题Connection Health dashboard shows client connection issues

使用 Configuration Manager 中的桌面分析连接运行状况仪表板监视客户端的连接运行状况。Use the Desktop Analytics Connection Health dashboard in Configuration Manager to monitor the clients' connectivity health. 它现在可帮助你在两个领域更轻松地确定客户端代理配置问题:It now helps you to more easily identify client proxy configuration issues in two areas:

  • 终结点连接性检查:如果客户端无法访问所需的终结点,你会在仪表板中看到配置警报。Endpoint connectivity checks: If clients can't reach a required endpoint, you see a configuration alert in the dashboard. 向下钻取以查看客户端因代理配置问题而无法连接到的终结点。Drill down to see the endpoints to which clients can't connect because of proxy configuration issues.

  • 连接性状态:如果客户端使用代理服务器访问桌面分析云服务,Configuration Manager 现在会显示来自客户端的代理身份验证问题。Connectivity status: If your clients use a proxy server to access the Desktop Analytics cloud service, Configuration Manager now displays proxy authentication issues from clients. 向下钻取以查看由于代理身份验证而无法注册的客户端。Drill down to see clients that are unable to enroll because of proxy authentication.

有关详细信息,请参阅监视连接运行状况For more information, see Monitor connection health.

实时管理Real-time management

CMPivot 的改进Improvements to CMPivot

我们简化了 CMPivot 实体的导航。We've made it easier to navigate CMPivot entities. 现在可以搜索 CMPivot 实体。You can now search CMPivot entities. 还添加了新图标,以轻松地区分实体和实体对象类型。New icons have also been added to easily differentiate the entities and the entity object types.

有关详细信息,请参阅 CMPivotFor more information, see CMPivot.

内容管理Content management

为对等内容下载排除某些子网Exclude certain subnets for peer content download

边界组包括以下对等下载适用的选项:对等下载期间,只能使用同一子网内的对等设备。Boundary groups include the following option for peer downloads: During peer downloads, only use peers within the same subnet. 如果启用此选项,管理点中的内容位置列表只包含与客户端位于同一子网和边界组中的对等源。If you enable this option, the content location list from the management point only includes peer sources that are in the same subnet and boundary group as the client. 根据网络的配置,现在可以排除某些子网以进行匹配。Depending on the configuration of your network, you can now exclude certain subnets for matching. 例如,你想要包含边界,但要排除特定的 VPN 子网。For example, you want to include a boundary but exclude a specific VPN subnet.

有关详细信息,请参阅边界组选项For more information, see Boundary group options.

Microsoft 联网缓存的代理支持Proxy support for Microsoft Connected Cache

如果环境使用未经身份验证的代理服务器进行 Internet 访问,则现在为 Microsoft 联网缓存启用了 Configuration Manager 分发点时,它可以通过该代理进行通信。If your environment uses an unauthenticated proxy server for internet access, now when you enable a Configuration Manager distribution point for Microsoft Connected Cache, it can communicate through the proxy. 有关详细信息,请参阅 Microsoft Connected CacheFor more information, see Microsoft Connected Cache.

客户端管理Client management

客户端日志收集Client log collection

现可通过从 Configuration Manager 控制台发送客户端通知操作,触发客户端设备将其客户端日志上传到站点服务器。You can now trigger a client device to upload its client logs to the site server by sending a client notification action from the Configuration Manager console.

有关详细信息,请参阅客户端通知For more information, see Client notification.

从管理中心站点唤醒设备Wake up a device from the central administration site

在管理中心站点 (CAS) 的“设备”或“设备集合”节点中,你现在可以使用客户端通知操作唤醒设备。From the central administration site (CAS), in the Devices or Device Collections node, you can now use the client notification action to Wake Up devices. 此操作以前只能在主站点上执行。This action was previously only available from a primary site.

有关详细信息,请参阅如何配置 LAN 唤醒For more information, see How to configure Wake on LAN.

对 ARM64 设备的支持的改进Improvements to support for ARM64 devices

可在具有要求规则或适用性列表的对象上的受支持 OS 版本列表中找到“所有 Windows 10 (ARM64)”平台。The All Windows 10 (ARM64) platform is available in the list of supported OS versions on objects with requirement rules or applicability lists.


如果之前选择了顶层 Windows 10 平台,则此操作会自动选择“所有 Windows 10 (64 位)”和“所有 Windows 10 (32 位)” 。If you previously selected the top-level Windows 10 platform, this action automatically selected both All Windows 10 (64-bit) and All Windows 10 (32-bit). 不会自动选择此新平台。This new platform isn't automatically selected. 如果要添加“所有 Windows 10 (ARM64)”,请在列表中手动选择它。If you want to add All Windows 10 (ARM64), manually select it in the list.

要详细了解 Configuration Manager 对 ARM64 设备的支持,请参阅 ARM64 上的 Windows 10For more information on Configuration Manager's support for ARM64 devices, see Windows 10 on ARM64.

跟踪配置项目修正Track configuration item remediations

现在可在配置项目符合性规则上“跟踪修正历史记录(如支持)”。You can now Track remediation history when supported on your configuration item compliance rules. 启用此选项后,客户端上发生的配置项目的任何修正都会生成状态消息。When this option is enabled, any remediation that occurs on the client for the configuration item generates a state message. 历史记录存储在 Configuration Manager 数据库中。The history is stored in the Configuration Manager database.

有关详细信息,请参阅为使用 Configuration Manager 客户端管理的 Windows 台式机和服务器计算机创建自定义配置项目For more information on this setting, see Create custom configuration items for Windows desktop and server computers managed with the Configuration Manager client.

应用程序管理Application management

Microsoft Edge 管理仪表板Microsoft Edge management dashboard

Microsoft Edge 管理仪表板可让你深入了解 Microsoft Edge 和其他浏览器的使用情况。The Microsoft Edge management dashboard provides you insights on the usage of Microsoft Edge and other browsers. 在此仪表板中,你可以:In this dashboard, you can:

  • 查看已安装 Microsoft Edge 的设备数See how many of your devices have Microsoft Edge installed
  • 查看安装了不同 Microsoft Edge 版本的客户端数See how many clients have different versions of Microsoft Edge installed
  • 查看跨设备安装的浏览器Have a view of the installed browsers across devices
  • 查看设备的首选浏览器Have a view of preferred browser by device

在“软件库”工作区中,单击“Microsoft Edge 管理”以查看仪表板。From the Software Library workspace, click Microsoft Edge Management to see the dashboard. 单击“浏览”并选择其他集合,更改关系图数据的集合。Change the collection for the graph data by clicking Browse and choosing another collection. 下拉列表中默认包含五个最大的集合。By default your five largest collections are in the drop-down list. 如果选择的集合不在列表中,则新选择的集合将位于下拉列表中的底部位置。When you select a collection that isn't in the list, the newly selected collection takes the bottom spot on your drop-down list.

有关详细信息,请参阅 Microsoft Edge 管理For more information, see Microsoft Edge management.

对 Microsoft Edge 管理的改进Improvements to Microsoft Edge management

你现在可以创建一个设置为接收自动更新而不是禁用自动更新的 Microsoft Edge 应用程序。You can now create a Microsoft Edge application that's set up to receive automatic updates rather than having automatic updates disabled. 此更改允许你选择使用 Configuration Manager 管理 Microsoft Edge 更新或允许 Microsoft Edge 自动更新。This change allows you to choose to manage updates for Microsoft Edge with Configuration Manager or allow Microsoft Edge to automatically update. 创建应用程序时,选择“Microsoft Edge 设置”页上的“允许 Microsoft Edge 自动更新最终用户设备上的客户端版本”。When creating the application, select Allow Microsoft Edge to automatically update the version of the client on the end user's device on the Microsoft Edge Settings page.

有关详细信息,请参阅 Microsoft Edge 管理For more information, see Microsoft Edge management.

作为应用模型部署类型的任务序列Task sequence as an app model deployment type

现在可以通过应用程序模型使用任务序列安装复杂的应用程序。You can now install complex applications using task sequences via the application model. 将部署类型添加到作为任务序列的应用,以安装或卸载应用。Add a deployment type to an app that's a task sequence, either to install or uninstall the app. 此功能提供以下行为:This feature provides the following behaviors:

  • 在“软件中心”中使用图标显示应用任务序列。Display the app task sequence with an icon in Software Center. 通过图标,用户可以更轻松地查找和识别应用任务序列。An icon makes it easier for users to find and identify the app task sequence.

  • 为应用任务序列定义其他元数据,包括本地化信息Define additional metadata for the app task sequence, including localized information

有关详细信息,请参阅创建 Windows 应用程序For more information, see Create Windows applications.

OS 部署OS deployment

在客户端注册后立即启动任务序列Bootstrap a task sequence immediately after client registration

安装并注册新的 Configuration Manager 客户端,并向其部署任务序列时,很难确定它将在注册后多长时间运行该任务序列。When you install and register a new Configuration Manager client, and also deploy a task sequence to it, it's difficult to determine how soon after registration it will run the task sequence. 此版本引入了一个新的客户端安装属性,可使用它在客户端成功注册到站点后在该客户端上启动任务序列。This release introduces a new client setup property that you can use to start a task sequence on a client after it successfully registers with the site.

有关详细信息,请参阅关于客户端安装属性 - 预配For more information, see About client installation properties - PROVISIONTS.

准备情况检查任务序列步骤的改进Improvements to Check Readiness task sequence step

现在可以在“准备情况检查”任务序列步骤中验证更多设备属性。You can now verify more device properties in the Check Readiness task sequence step. 在任务序列中使用此步骤来验证目标计算机是否满足前提条件。Use this step in a task sequence to verify the target computer meets your prerequisite conditions.

  • 当前操作系统的体系结构Architecture of current OS
  • 最低操作系统版本Minimum OS version
  • 最高操作系统版本Maximum OS version
  • 最低客户端版本Minimum client version
  • 当前操作系统的语言Language of current OS
  • 交流电源已接通AC power plugged in
  • 网络适配器已连接且不是无线Network adapter is connected and not wireless

有关详细信息,请参阅任务序列步骤 - 准备情况检查For more information, see Task sequence steps - Check Readiness.

任务序列进度的改进Improvements to task sequence progress

任务序列进度窗口现在包括以下改进:The task sequence progress window now includes the following improvements:

  • 可以启用它以显示当前步骤编号、步骤总数和完成百分比You can enable it to show the current step number, total number of steps, and percent completion
  • 增加了窗口的宽度,为你提供更多空间,以便更好地在单个行中显示组织名称Increased the width of the window to give you more space to better show the organization name in a single line

有关详细信息,请参阅操作系统部署的用户体验For more information, see User experiences for OS deployment.

对 OS 部署的改进Improvements to OS deployment

此版本包括对 OS 部署的以下改进:This release includes the following improvements to OS deployment:

  • 任务序列环境包含了新的只读变量 _TSSecureBootThe task sequence environment includes a new read-only variable, _TSSecureBoot. 使用此变量可确定启用了 UEFI 的设备上安全启动的状态。Use this variable to determine the state of secure boot on a UEFI-enabled device. 有关详细信息,请参阅 _TSSecureBootFor more information, see _TSSecureBoot.

  • 设置任务序列变量来配置“运行命令行”和“运行 PowerShell 脚本”步骤的用户上下文。Set task sequence variables to configure the user context for the Run Command Line and Run PowerShell Script steps. 有关详细信息,请参阅 SMSTSRunCommandLineAsUserSMSTSRunPowerShellAsUserFor more information, see SMSTSRunCommandLineAsUser and SMSTSRunPowerShellAsUser.

  • 在“运行 PowerShell 脚本”步骤中,现在可以将“参数”属性设置为变量。On the Run PowerShell Script step, you can now set the Parameters property to a variable. 有关详细信息,请参阅运行 PowerShell 脚本For more information, see Run PowerShell Script.

  • Configuration Manager PXE 响应程序现在可向站点服务器发送状态消息。The Configuration Manager PXE responder now sends status messages to the site server. 此更改使你可以更轻松地对使用此服务的 OS 部署进行故障排除。This change makes it easier to troubleshoot OS deployments that use this service.

软件更新Software updates

业务流程组Orchestration groups

创建一个业务流程组,以便更好地控制设备上软件更新的部署。Create an orchestration group to better control the deployment of software updates to devices. 许多服务器管理员需要认真管理特定工作负载的更新,并在这些工作负载之间实现行为自动化。Many server administrators need to carefully manage updates for specific workloads, and automate behaviors in between.

业务流程组使你可以灵活地根据百分比、特定数量或显式顺序更新设备。An orchestration group gives you the flexibility to update devices based on a percentage, a specific number, or an explicit order. 你还可以在设备运行更新部署之前和之后运行 PowerShell 脚本。You can also run a PowerShell script before and after the devices run the update deployment.

业务流程组的成员可以是任何 Configuration Manager 客户端,而不仅仅是服务器。Members of an orchestration group can be any Configuration Manager client, not just servers. 业务流程组规则适用于所有软件更新部署到包含业务流程组成员的任何集合的设备。The orchestration group rules apply to the devices for all software update deployments to any collection that contains an orchestration group member. 其他部署行为仍适用。Other deployment behaviors still apply. 例如,维护时段和部署计划。For example, maintenance windows and deployment schedules.

有关详细信息,请参阅业务流程组For more information, see Orchestration groups.

在服务堆栈更新后评估软件更新Evaluate software updates after a servicing stack update

Configuration Manager 现在可检测服务堆栈更新 (SSU) 是否为多个更新安装的一部分。Configuration Manager now detects if a servicing stack update (SSU) is part of an installation for multiple updates. 检测到 SSU 后,系统会先安装它。When an SSU is detected, it's installed first. 安装 SSU 后,将运行软件更新评估周期以安装剩余更新。After install of the SSU, a software update evaluation cycle runs to install the remaining updates. 此更改允许在服务堆栈更新后安装相关累积更新。This change allows a dependent cumulative update to be installed after the servicing stack update. 设备不需要在安装之间重启,你也不需要创建其他维护时段。The device doesn't need to restart between installs, and you don't need to create an additional maintenance window. 仅对非用户启动的安装先安装 SSU。SSUs are installed first only for non-user initiated installs. 例如,如果用户从软件中心启动多个更新安装,则可能不会先安装 SSU。For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first.

有关详细信息,请参阅规划软件更新For more information, see Plan for software updates.

用于断开连接的软件更新点的 Microsoft 365 更新Microsoft 365 updates for disconnected software update points

可使用新工具将 Microsoft 365 更新从连接了 Internet 的 WSUS 服务器导入到已断开连接的 Configuration Manager 环境中。You can use a new tool to import Microsoft 365 updates from an internet-connected WSUS server into a disconnected Configuration Manager environment. 以前,当你在已断开连接的环境中导出和导入更新的软件的元数据时,无法部署 Microsoft 365 更新。Previously when you exported and imported metadata for software updated in disconnected environments, you were unable to deploy Microsoft 365 updates. Microsoft 365 更新需要从 Office API 和 Office CDN 下载的其他元数据,这对于已断开连接的环境是不可能的。Microsoft 365 updates require additional metadata downloaded from an Office API and the Office CDN, which isn't possible for disconnected environments.

有关详细信息,请参阅从断开连接的软件更新点同步 Microsoft 365 更新For more information, see Synchronize Microsoft 365 updates from a disconnected software update point.


扩展 Microsoft Defender 高级威胁防护(ATP) 加入支持Expand Microsoft Defender Advanced Threat Protection (ATP) onboarding

Configuration Manager 扩展了对将设备加入 Microsoft Defender ATP 的支持。Configuration Manager has expanded its support for onboarding devices to Microsoft Defender ATP. 有关详细信息,请参阅 Microsoft Defender 高级威胁防护For more information, see Microsoft Defender Advanced Threat Protection.

通过 Microsoft Endpoint Manager 管理中心将 Configuration Manager 客户端加入 Microsoft Defender ATPOnboard Configuration Manager clients to Microsoft Defender ATP via the Microsoft Endpoint Manager admin center

现在可以将 Microsoft Defender ATP 终结点检测和响应 (EDR) 加入策略部署到 Configuration Manager 托管客户端。You can now deploy Microsoft Defender ATP Endpoint Detection and Response (EDR) onboarding policies to Configuration Manager managed clients. 这些客户端不需要 Azure AD 或 MDM 注册,并且策略是针对 ConfigMgr 集合而不是 Azure AD 组。These clients don't require Azure AD or MDM enrollment, and the policy is targeted at ConfigMgr collections rather than Azure AD Groups.

此功能使客户可以通过单一管理体验(Microsoft Endpoint Manager 管理中心)来管理 Intune MDM 和 Configuration Manager 客户端 EDR/ATP 加入。This capability allows customers to manage both Intune MDM and Configuration Manager client EDR/ATP onboarding from a single management experience - the Microsoft Endpoint Manager admin center. 有关详细信息,请参阅 Intune 中关于终结点安全的终结点检测和响应策略For more information, see Endpoint detection and response policy for endpoint security in Intune.


必须在环境中安装修补程序汇总 KB4563473,才能使用此功能。You'll need the hotfix rollup, KB4563473, installed in your environment for this feature.

对 BitLocker 管理的改进Improvements to BitLocker management

  • BitLocker 管理策略现在包含其他设置,包括固定驱动器和可移动驱动器的策略。The BitLocker management policy now includes additional settings, including policies for fixed and removable drives. 有关详细信息,请参阅 BitLocker 设置参考For more information, see BitLocker settings reference.

  • 在 Configuration Manager 当前分支版本 1910 中,要集成 BitLocker 恢复服务,需要使用 HTTPS 启用管理点。In Configuration Manager current branch version 1910, to integrate the BitLocker recovery service you had to HTTPS-enable a management point. 需要 HTTPS 连接才能加密网络中从 Configuration Manager 客户端到管理点的恢复密钥。The HTTPS connection is necessary to encrypt the recovery keys across the network from the Configuration Manager client to the management point. 对于许多客户而言,为 HTTPS 配置管理点和所有客户端可能比较困难。Configuring the management point and all clients for HTTPS can be challenging for many customers.

    从此版本开始,只有托管恢复服务的 IIS 网站才需要满足 HTTPS 要求,而不是整个管理点角色都需要满足。Starting in this version, the HTTPS requirement is for the IIS website that hosts the recovery service, not the entire management point role. 此更改放宽了证书要求,并且仍会加密传输中的恢复密钥。This change relaxes the certificate requirements, and still encrypts the recovery keys in transit. 有关详细信息,请参阅加密恢复数据For more information, see Encrypt recovery data.


与 Power BI 报表服务器集成Integrate with Power BI Report Server

你现在可以将 Power BI 报表服务器与 Configuration Manager 报告集成。You can now integrate Power BI Report Server with Configuration Manager reporting. 这种集成提供了现代可视化效果和更好的性能。This integration gives you modern visualization and better performance. 它为 Power BI 报表添加了控制台支持,这与 SQL Server Reporting Services 中已存在的报表类似。It adds console support for Power BI reports similar to what already exists with SQL Server Reporting Services.

有关详细信息,请参阅与 Power BI 报表服务器集成For more information, see Integrate with Power BI Report Server.

Configuration Manager 控制台Configuration Manager console

显示设备的边界组Show boundary groups for devices

为了帮助你通过边界组更好地对设备行为进行故障排除,现在可以查看特定设备的边界组。To help you better troubleshoot device behaviors with boundary groups, you can now view the boundary groups for specific devices. 在“设备”节点中,或在显示某个“设备集合”的成员时,将新的“边界组”列添加到列表视图中 。In the Devices node or when you show the members of a Device Collection, add the new Boundary Group(s) column to the list view.

有关详细信息,请参阅边界组For more information, see Boundary groups.

发送笑脸改进Send a smile improvements

使用“发送笑脸”或“发送哭脸”时,提交反馈后将创建一条状态消息。When you Send a smile or Send a frown, a status message is created when the feedback is submitted. 此改进将记录以下内容:This improvement provides a record of:

  • 提交反馈的时间When the feedback was submitted
  • 提交反馈的人员Who submitted the feedback
  • 反馈 IDThe feedback ID
  • 反馈是否提交成功If the feedback submission was successful or not

ID 为 53900 的状态消息表示提交成功,而 53901 表示提交失败。A status message with an ID of 53900 is a successful submission and 53901 is a failed submission.

有关详细信息,请参阅产品反馈For more information, see Product feedback.

搜索配置项目和配置基线的所有子文件夹Search all subfolders for configuration items and configuration baselines

与以前的版本中的改进类似,可以从“配置项目”和“配置基线”节点使用“所有子文件夹”搜索选项 。Similar to improvements in previous releases, you can now use the All Subfolders search option from the Configuration Items and Configuration Baselines nodes.

社区中心Community hub

(2020 年 6 月首次引入)(First introduced in June 2020)

多年来,IT 管理员社区积累了丰富的知识。The IT admin community has developed a wealth of knowledge over the years. 我们打造了 Configuration Manager 社区中心,以方便彼此共享,而不必从头开始重新创建脚本和报告等项目。Rather than reinventing items like scripts and reports from scratch, we've built a Configuration Manager Community hub where you can share with each other. 通过借鉴其他人的工作,你可以节省工作小时数。By leveraging the work of others, you can save hours of work. 社区中心支持你和其他人在相互借鉴各自工作的基础上生成内容,从而发展创造力。The Community hub fosters creativity by building on others' work and having other people build on yours. GitHub 已构建面向全行业的共享流程和工具。GitHub already has industry-wide processes and tools built for sharing. 现在,社区中心将直接在 Configuration Manager 控制台中利用这些工具,作为推动新社区发展的基础组件。Now, the Community hub will leverage those tools directly in the Configuration Manager console as foundational pieces for driving this new community. 在初始版本中,社区中心内提供的内容将仅由 Microsoft 上传。For the initial release, the content made available in the Community hub will be uploaded only by Microsoft.

有关详细信息,请参阅社区中心和 GitHubFor more information, see Community hub and GitHub.


OneTrace 日志组OneTrace log groups

OneTrace 现在支持可自定义的日志组,与支持中心的功能类似。OneTrace now supports customizable log groups, similar to the feature in Support Center. 日志组允许打开单个方案的所有日志文件。Log groups allow you to open all log files for a single scenario. OneTrace 当前包括以下方案的组:OneTrace currently includes groups for the following scenarios:

  • 应用程序管理Application management
  • 合规性设置(也称为所需的配置管理)Compliance settings (also referred to as Desired Configuration Management)
  • 软件更新Software updates

有关详细信息,请参阅支持中心 OneTraceFor more information, see Support Center OneTrace.

对扩展本地站点并将其迁移到 Microsoft Azure 的改进Improvements to extend and migrate on-premises site to Microsoft Azure

用于扩展本地站点并将其迁移到 Microsoft Azure 的工具现在支持在单个 Azure 虚拟机上预配多个站点系统角色。The tool to extend and migrate on-premises site to Microsoft Azure now supports provisioning multiple site system roles on a single Azure virtual machine. 初始 Azure 虚拟机部署完成后,可以添加站点系统角色。You can add site system roles after the initial Azure virtual machine deployment has completed.

有关详细信息,请参阅将本地站点扩展并迁移到 Microsoft AzureFor more information, see Extend and migrate on-premises site to Microsoft Azure.

其他更新Other updates

从此版本开始,以下功能不再是预发行版Starting with this version, the following features are no longer pre-release:

有关 Configuration Manager 的 Windows PowerShell cmdlet 更改的详细信息,请参阅 PowerShell 版本 2002 发行说明For more information on changes to the Windows PowerShell cmdlets for Configuration Manager, see PowerShell version 2002 release notes.

有关对管理服务 REST API 的更改的详细信息,请参阅管理服务发行说明For more information on changes to the administration service REST API, see Administration service release notes.

除了新增功能外,这一版还有其他变化(如缺陷修复)。Aside from new features, this release also includes additional changes such as bug fixes. 有关详细信息,请参阅 Configuration Manager Current Branch(版本 2002)的更改摘要For more information, see Summary of changes in Configuration Manager current branch, version 2002.

从 2020 年 7 月 15 日开始,以下更新汇总 (4560496) 在控制台中可用:Microsoft Endpoint Configuration Manager 版本 2002 的更新汇总The following update rollup (4560496) is available in the console starting on July 15, 2020: Update rollup for Microsoft Endpoint Configuration Manager version 2002.


以下附加修补程序可用于解决特定问题:The following additional hotfixes are available to address specific issues:

IDID 标题Title 日期Date 控制台内部In-console
45753394575339 设备在 Microsoft Endpoint Configuration Manager 管理中心出现两次Devices appear twice in Microsoft Endpoint Configuration Manager admin center 2020 年 7 月 23 日July 23, 2020 No
45757744575774 New-CMTSStepPrestartCheck cmdlet 在 Configuration Manager 版本 2002 中失败New-CMTSStepPrestartCheck cmdlet fails in Configuration Manager, version 2002 2020 年 7 月 24 日July 24, 2020 No
45767824576782 在 Microsoft Endpoint Manager 管理中心内,“应用程序”边栏选项卡超时Application blade times out in Microsoft Endpoint Manager admin center 2020 年 8 月 11 日August 11, 2020 No
45781234578123 CMPivot 查询在 Configuration Manager 版本 2002 中返回意外结果CMPivot queries return unexpected results in Configuration Manager, version 2002 2020 年 8 月 24 日August 24, 2020 No

后续步骤Next steps

自 2020 年 5 月 11 日起,版本 2002 公开发布,可供所有用户安装。As of May 11, 2020, version 2002 is globally available for all customers to install.

准备好安装此版本时,请参阅安装 Configuration Manager 的更新用于安装更新 2002 的清单When you're ready to install this version, see Installing updates for Configuration Manager and Checklist for installing update 2002.


若要安装新站点,请使用 Configuration Manager 的基准版本。To install a new site, use a baseline version of Configuration Manager.

了解详细信息:Learn more about:

关于已知的重要问题,请参阅发行说明For known significant issues, see the Release notes.

更新站点后,还可以查看更新后清单After you update a site, also review the Post-update checklist.