Microsoft has just released update 1604 for Configuration Manager Technical Preview.
The update includes the following new features:
- Windows Store for Business integration – You can now manage and deploy applications purchased through the Windows Store for Business portal for both online and offline licensed apps.
- Passport for Work policies – You can now deploy Passport for Work policies to domain-joined Windows 10 PCs managed by the ConfigMgr client as well as mobile devices managed by Microsoft Intune.
- On-premises Health Attestation Service integration – You can now configure devices that cannot connect to the cloud-based Health Attestation Service to connect with the on-premises Health Attestation Service instead.
- VPN for Windows 10 – You can now deploy VPN profiles with 3rd-party providers to Windows 10 devices managed with ConfigMgr client.
- Software Updates Compliance dashboard – You can now use this dashboard to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.
And an additional feature for hybrid setups:
- New setting for Android devices – You now have an option to configure Smart Lock setting for Android 5.X devices in order to prevent users from bypassing the lock screen.
On the Technet evaluation center the baseline version for new installations has also been updated. The Technical Preview 5 available for download is actually based on build 1603.
More details on the release can be found on the Configuration Manager Team Blog.
For details on the upgrading experience please have a look at my previous blog post.
Quick sidenote: As I just upgraded a first lab environment with the 1604 TP build it seems the updates and servicing node gets cleaned up also. Previous builds (installed or not) are no longer listed after the upgrade.
Have fun in your labs!
Tomorrow I will be presenting at the ECM CDM Day, a full day event organized by the System Center User Group Belgium. I will be on stage early in the morning delivering a session with my fellow SCUG members Kim Oppalfens and Kenny Buntinx.
Our session will be an overview session with a few –very good- reasons to consider upgrading to Configuration Manager Current Branch.
After this session there is plenty of more deep dive content and a unique opportunity to see two Microsoft Product Group Members: Jason Githens and Aaron Czechowski. They will be presenting a few sessions during the day. Last but not least we have another SCUG MVP on stage: Nico Sienaert. He will wrap up the ECM track before the networking drink starts.
More details on the event can be found on the SCUG events page.
Important: Registration will close any time now so if you’d like to join us please act fast!
Hope to see you there!
Microsoft has released Configuration Manager Technical Preview 1601. This release includes the following new capabilities and improvements:
- Improvements to Microsoft Intune integration and conditional access.
- Client Online Status. This allows to see from the console whether a (Windows) client is online or not.
- Improvements to application management: manage volume-purchased apps for iOS devices and iOS app configuration support.
- Improvements to compliance settings: Edge browser settings, compliance settings for Windows 10 team and Kiosk Mode for Samsung KNOX Hybrid.
More details on this release are documented here.
If your service connection point is setup in online mode this new release will show up in the Updates and Servicing node in the Configuration Manager console.
The actual content is downloaded in the EasySetupPayLoad folder.
For more information on the actual upgrading experience please have a look at my previous blogpost.
Until next time!
Next week I will be speaking at the Midwest Management Summit – or MMS – in Minneapolis. After a very successful first edition of this event last year I am really proud to be part of this event again in 2015.
The formula of this event is pretty unique and very community driven. I am really looking forward to meeting up with a lot of you and have a lot of interesting (and challenging) conversations.
This year I will be delivering a session on combining the forces of Configuration Manager with Operations Manager. Co-speaker for this session will be Dieter Wijckmans – a Belgian CDM MVP and member of the System Center User Group.
Registrations for the event are still open. More details can be found on the event website.
Hope to see you there!
End of this week I will be heading to Las Vegas again for the 2015 edition of IT/Dev Connections. The event is taking place from the 14th to the 17th of September at the Aria Resort.
This year I will be delivering 2 sessions again with my regular co-speaker Kenny Buntinx. Both sessions are in the Enterprise Management and Mobility track:
# 1 – Securely Delivering Traditional Windows File Server Home Folders to BYOD Devices.
Discover the most hidden and underestimated Windows Server 2012 R2 feature, called Work Folders. Work Folders lets you leverage your file server investment while simultaneously providing end users with anywhere access to their data, from their work PCs to their personal devices. In this session you’ll learn about challenges for secure implementation and management not only with traditional home folders but also in the BYOD world. Discover how to deploy and manage Work Folders servers and clients, gain an understanding of how Work Folders operates end-to-end and integrates into your existing infrastructure, and learn how Work Folders takes advantage of capabilities such as multi-factor authentication, Workplace Join, and Selective Wipe to ensure that corporate data remains secure wherever it goes.
#2 – Arming Your Mobile Workforce Warriors for the 21st Century
In today’s world, your mobile workforce will most likely have expanded significantly. Managing your ever-expanding legion of mobile warriors and their arsenal of devices can be a challenging task. During this session we’ll show how Configuration Manager and the Intune extensions can help you manage your troops and arm them with the correct tools for battle. Learn how Intune and System Center Configuration Manager make it easy to manage all your Windows, Windows Phone 8, iOS, and Android devices with a single pane of glass. We’ll walk through how to easily configure devices for your users by pushing Wi-Fi, VPN, certificate, and email profiles as soon as they’re enrolled. We’ll cover configuration and management of device settings; provisioning profiles for email, VPN, and Wi-Fi; and other native features that come through the standard Intune extensions.
Next to Kenny and myself there is a third SCUG.be member presenting at IT/Dev Connections: Dieter Wijckmans is going to rock and roll in the Cloud & Datacenter track. Have a look at his sessions here.
Similar to last year the three of us will be using the #meetthebelgians hash tag during the event. Will you help us get this hash tag listed into the Twitter analytics again for this edition? Make sure to do so, and most of all: reach out if you see us hanging around – we are looking forward to meeting you!
Registrations for the event are still open!
Hope to see you there.
A quick overview of the new cloud only –or standalone- features that are part of this release:
- Management of Office mobile apps (Word, Excel, and PowerPoint) for Android tablets.
- Ability to restrict access to Exchange on-premises for Exchange ActiveSync clients on Android devices.
- Ability to create WiFi profiles with pre-shared keys (PSK) for Android devices.
- Ability to resolve certificate chains on Android devices without the need to deploy each intermediate certificate individually.
- Deployment of .appx bundles to Windows Phone 8.1 devices.
- Managed Browser app for iOS devices that controls actions that users can perform, including allow/deny access to specific websites.
- Management of Work Folders app for iOS devices.
- Updated Endpoint Protection agent for managing Windows PCs.
- Ability to manage Windows Defender on Windows 10 PCs running Windows 10 Technical Preview without need for separate Microsoft Intune Endpoint Protection agent to be installed.
- Combined Microsoft Intune Company Portal websites for PCs and mobile devices to provide a more consistent user experience across platforms.
- Added Windows and Windows Phone Company Portal apps to the Microsoft Download Center to provide an additional option for accessing these app downloads.
- Enhanced user interface for overview pages within Intune admin console.
Details on when the updates are taking place per service instance can be found here.
Until next time.
A few days ago we have been working on extending our hybrid demo environment. We made some changes required to demonstrate conditional access with Exchange online. Details on how we set things up will follow shortly in another post.
Once the basics were in place we implemented a policy that would block a user to access their mailbox when using an unmanaged device.
The policy was properly deployed to a collection which included my demo user, however I noticed my demo user could still sync his mail on an iPhone 5 which was not enrolled. Even after an hour or two this condition remained unchanged so something was wrong.
Initial investigation did not show anything out of the ordinary in the Configuration Manager console. However in the Intune console I noticed an entry in the Alerts node:
Saving of Access Rules to Exchange has failed
Microsoft Intune was unable to set the requested mobile device access rules or related settings in Exchange due to the following error: A2CE0100
Unfortunately the “View Troubleshooting Information” link is broken. So is the one on the top right in the console and the right-click one. As such it was hard to find any further details on this specific error.
I made a few attempts to get things working, including the following:
– Modifying the compliance policy (increasing the revision number)
– Removing and adding the user from and to the target collection
– Removing and recreating the deployment of the compliance policy
I can confirm none of the above resolves the issue. The policy still did not get applied.
In the end to get things working again what I had to do was to delete the compliance policy, recreate it from scratch, and deploy it again.
When synching mail on the iPhone 5 a few minutes later, the policy kicked in.
Although the problem was solved and we now have a working demo scenario; in the end I have no idea what went wrong initially and how I could have been troubleshooting this in a more optimized way. Whatever it was it does not seem to resolve itself. Also the repeat count of the alert not increasing indicates the system itself does not do any retries.
I definitely see a few areas for improvement here:
- Fixing the link to the troubleshooting information so the admin can troubleshoot properly and in a most optimized way.
- Exposing Intune alerts to the Configuration Manager Console so the admin does not have to look in multiple locations.
- Having the system retry the action “Saving of Access Rules” at least a few times. In case the alert repeat counter increases the admin can further look into a blocking issue. Otherwise there may have just been a glitch and the issue would have resolved itself.
If you are ever facing the same issue, I hope this article will save you some troubleshooting time!