Sccm 1906 Manual Download

-->
  • Jul 28, 2019  Introduction Yesterday happened to be one of those #SCCM Fridays. And a big and awesome one indeed. So awesome I had to take a break from my vacation to catch up on the latest and greatest. 🙂 Configuration Manager Current Branch version 1906 was released and as with previous versions, I will walk you through the update process based on my own environment.
  • Microsoft Edge soft transition to private mode for blocked websites–Open in private if blocked.

A pre-release version of this new product was made available in Configuration Manager, version 1906 and has already been widely adopted. In fact, as I’m writing this blog, we have nearly 200,000 devices pulling updates from a cache server installed on their distribution point. If you are interested and willing to brave some manual steps.

Applies to: System Center Configuration Manager (Current Branch)

When you use the current branch of Configuration Manager, you can install the in-console update for version 1906 to update your hierarchy from a previous version.

To get the update for version 1906, you must use a service connection point at the top-level site of your hierarchy. This site system role can be in online or offline mode. After your hierarchy downloads the update package from Microsoft, find it in the console. In the Administration workspace, select the Updates and Servicing node.

  • When the update is listed as Available, the update is ready to install. Before installing version 1906, review the following information about installing update 1906 and the checklist for configurations to make before starting the update.

  • If the update displays as Downloading and doesn't change, review the hman.log and dmpdownloader.log for errors.

    • The dmpdownloader.log may indicate that the dmpdownloader process is waiting for an interval before checking for updates. To restart the download of the update's redistribution files, restart the SMS_Executive service on the site server.

    • Another common download issue occurs when proxy server settings prevent downloads from silverlight.dlservice.microsoft.com, download.microsoft.com, and go.microsoft.com.

For more information about installing updates, see In-console updates and servicing.

For more information about current branch versions, see Baseline and update versions.

About installing update 1906

Sites

Install update 1906 at the top-level site of your hierarchy. Start the installation from your central administration site (CAS) or from your stand-alone primary site. After the update is installed at the top-level site, child sites have the following update behavior:

  • Child primary sites install the update automatically after the CAS finishes the installation of the update. You can use service windows to control when a site installs the update. For more information, see Service windows for site servers.

  • Manually update each secondary site from within the Configuration Manager console after the primary parent site finishes the update installation. Automatic update of secondary site servers isn't supported.

Site system roles

When a site server installs the update, it automatically updates all of the site system roles. These roles are on the site server or installed on remote servers. Before installing the update, make sure that each site system server meets the current prerequisites for the new update version.

Configuration Manager consoles

The first time you use a Configuration Manager console after the update has finished, you're prompted to update that console. You can also run the Configuration Manager setup on the computer that hosts the console, and choose the option to update the console. Install the update to the console as soon as possible. For more information, see Install the Configuration Manager console.

Important

When you install an update at the CAS, be aware of the following limitations and delays that exist until all child primary sites also complete the update installation:

  • Client upgrades don't start. This includes automatic updates of clients and pre-production clients. Additionally, you can't promote pre-production clients to production until the last site completes the update installation. After the last site completes the update installation, client updates begin based on your configuration choices.
  • New features you enable with the update aren't available. This behavior is to prevent the CAS replicating data related to that feature to a site that hasn't yet installed support for that feature. After all primary sites install the update, the feature is available for use.
  • Replication links between the CAS and child primary sites display as not upgraded. This state displays in the update installation status as Completed with warning for monitoring replication initialization. In the Monitoring workspace of the console, this state displays as Link is being configured.

Early update ring

As of August 16, 2019, version 1906 is globally available for all customers to install. If you previously opted in to the early update ring, watch for an update to this current branch version.

Checklist

All sites run a supported version of Configuration Manager

Each site server in the hierarchy must run the same version of Configuration Manager before you can start the installation of update 1906. To update to 1906, you must use version 1802 or later.

Review the status of your product licensing

You must have an active Software Assurance (SA) agreement or equivalent subscription rights to install this update. When you update the site, the Licensing page presents the option to confirm your Software Assurance expiration date.

This value is optional. You can specify as a convenient reminder of your license expiration date. This date is visible when you install future updates. You might have previously specified this value during setup or installation of an update. You can also specify this value in the Configuration Manager console. In the Administration workspace, expand Site Configuration, and select Sites. Select Hierarchy Settings in the ribbon, and switch to the Licensing tab.

For more information, see Licensing and branches.

Review Microsoft .NET versions

When a site installs this update, if the minimum requirement of .NET Framework 4.5 isn't installed, Configuration Manager automatically installs .NET Framework 4.5.2. When this prerequisite isn't already installed, the site installs it on each server that hosts one of the following site system roles:

  • Management point
  • Service connection point
  • Enrollment proxy point
  • Enrollment point

This installation can put the site system server into a reboot pending state and report errors to the Configuration Manager component status viewer. Additionally, .NET applications on the server might experience random failures until you restart the server.

For more information, see Site and site system prerequisites.

1906 Sccm Update

Review the version of the Windows ADK for Windows 10

The version of the Windows 10 Assessment and Deployment Kit (ADK) should be supported for Configuration Manager version 1906. For more information on supported Windows ADK versions, see Windows 10 ADK. If you need to update the Windows ADK, do so before you begin the update of Configuration Manager. This order makes sure the default boot images are automatically updated to the latest version of Windows PE. Manually update any custom boot images after updating the site.

If you update the site before you update the Windows ADK, see Update distribution points with the boot image.

Review SQL Server Native Client version

Install a minimum version of SQL Server 2012 Native Client, which includes support for TLS 1.2. For more information, see the List of prerequisite checks.

Review the site and hierarchy status for unresolved issues

A site update can fail because of existing operational problems. Before you update a site, resolve all operational issues for the following systems:

  • The site server
  • The site database server
  • Remote site system roles on other servers

For more information, see Use alerts and the status system.

Review file and data replication between sites

Make sure that file and database replication between sites is operational and current. Delays or backlogs in either can prevent a successful update.

Database replication

For database replication, to help resolve issues before you start the update, use the Replication Link Analyzer (RLA). For more information, see Monitor database replication.

Use RLA to answer the following questions:

  • Is replication per group in a good state?
  • Are any links degraded?
  • Are there any errors?

If there's a backlog, wait until it clears out. If the backlog is large, such as millions of records, then the link is in a bad state. Before updating the site, solve the replication issue. If you need further assistance, contact Microsoft Support.

File-based replication

For file-based replication, check all inboxes for a backlog on both sending and receiving sites. If there are lots of stuck or pending replication jobs, wait until they clear out.

  • On the sending site, review sender.log.
  • On the receiving site, review despooler log.

Install all applicable critical Windows updates

Before you install an update for Configuration Manager, install any critical OS updates for each applicable site system. These servers include the site server, site database server, and remote site system roles. If an update that you install requires a restart, restart the applicable servers before you start the upgrade.

Disable database replicas for management points at primary sites

Configuration Manager can't successfully update a primary site that has a database replica for management points enabled. Before you install an update for Configuration Manager, disable database replication.

For more information, see Database replicas for management points.

Set SQL Server AlwaysOn availability groups to manual failover

If you use an availability group, make sure that the availability group is set to manual failover before you start the update installation. After the site has updated, you can restore failover to be automatic. For more information, see SQL Server AlwaysOn for a site database.

Disable site maintenance tasks at each site

Before you install the update, disable any site maintenance task that might run during the time the update process is active. For example, but not limited to:

  • Backup Site Server
  • Delete Aged Client Operations
  • Delete Aged Discovery Data

When a site database maintenance task runs during the update installation, the update installation can fail. Before you disable a task, record the schedule of the task so you can restore its configuration after the update has been installed.

For more information, see Maintenance tasks and Reference for maintenance tasks.

Temporarily stop any antivirus software

Before you update a site, stop antivirus software on the Configuration Manager servers. The antivirus software can lock some files that need to be updated which causes our update to fail.

Create a backup of the site database

Before you update a site, back up the site database at the CAS and primary sites. This backup makes sure you have a successful backup to use for disaster recovery.

For more information, see Backup and recovery.

Back up customized files

If you or a third-party product customizes any Configuration Manager configuration files, save a copy of your customizations.

For example, you add custom entries to the osdinjection.xml file in the binX64 folder of your Configuration Manager installation directory. After you update Configuration Manager, these customizations don't persist. You need to reapply your customizations.

Plan for client piloting

When you install a site update that also updates the client, test that new client update in pre-production before you update all production clients. To use this option, configure your site to support automatic upgrades for pre-production before beginning installation of the update.

For more information, see Upgrade clients and How to test client upgrades in a pre-production collection.

Plan to use service windows

To define a period during which updates to a site server can be installed, use service windows. They can help you control when sites in your hierarchy install the update. For more information, see Service windows for site servers.

Review supported extensions

If you extend Configuration Manager with other products from Microsoft or Microsoft partners, confirm that those products support version 1906. Check with the product vendor for this information. For example, see the Microsoft Deployment Toolkit release notes.

Run the setup prerequisite checker

When the console lists the update as Available, you can run the prerequisite checker before installing the update. (When you install the update on the site, prerequisite checker runs again.)

To run a prerequisite check from the console, go to the Administration workspace, and select Updates and Servicing. Select the Configuration Manager 1906 update package, and select Run prerequisite check in the ribbon.

For more information, see the section to Run the prerequisite checker before installing an update in Before you install an in-console update.

Important

When the prerequisite checker runs, the process updates some product source files that are used for site maintenance tasks. Therefore, after running the prerequisite checker but before installing the update, if you need to perform a site maintenance task, run Setupwpf.exe (Configuration Manager Setup) from the CD.Latest folder on the site server.

Update sites

You're now ready to start the update installation for your hierarchy. For more information about installing the update, see Install in-console updates.

You may plan to install the update outside of normal business hours. Determine when the process will have the least effect on your business operations. Installing the update and its actions reinstall site components and site system roles.

For more information, see Updates for Configuration Manager.

Post-update checklist

After the site updates, use the following checklist to complete common tasks and configurations.

Confirm version and restart (if necessary)

Make sure each site server and site system role is updated to version 1906. In the console, add the Version column to the Sites and Distribution Points nodes in the Administration workspace. When necessary, a site system role automatically reinstalls to update to the new version.

Consider restarting remote site systems that don't successfully update at first. Review your site infrastructure and make sure that applicable site servers and remote site system servers successfully restarted. Typically, site servers restart only when Configuration Manager installs .NET as a prerequisite for a site system role.

Confirm site-to-site replication is active

In the Configuration Manager console, go to the following locations to view the status, and make sure that replication is active:

  • Monitoring workspace, Site Hierarchy node

  • Monitoring workspace, Database Replication node

For more information, see the following articles:

Update Configuration Manager consoles

Update all remote Configuration Manager consoles to the same version. You're prompted to update the console when:

  • You open the console.

  • You go to a new node in the console.

Reconfigure database replicas for management points

After you update a primary site, reconfigure the database replica for management points that you uninstalled before you updated the site. For more information, see Database replicas for management points.

Reconfigure SQL Server AlwaysOn availability groups

If you use an availability group, reset the failover configuration to automatic. For more information, see SQL Server AlwaysOn for a site database.

Reconfigure any disabled maintenance tasks

If you disabled database maintenance tasks at a site before installing the update, reconfigure those tasks. Use the same settings that were in place before the update.

Update clients

Update clients per the plan you created, especially if you configured client piloting before installing the update. For more information, see How to upgrade clients for Windows computers.

Third-party extensions

If you use any extensions to Configuration Manager, update them to the latest version to support Configuration Manager version 1906.

Update custom boot images and media

Use the Update Distribution Points action for any boot image that you use, whether it's a default or custom boot image. This action makes sure that clients can use the latest version. Even if there isn't a new version of the Windows ADK, the Configuration Manager client components may change with an update. If you don't update boot images and media, task sequence deployments may fail on devices.

When you update the site, Configuration Manager automatically updates the default boot images. It doesn't automatically distribute the updated content to distribution points. Use the Update Distribution Points action on specific boot images when you're ready to distribute this content across your network.

After updating the site, manually update any custom boot images. This action updates the boot image with the latest client components if necessary, optionally reloads it with the current Windows PE version, and redistributes the content to the distribution points.

For more information, see Update distribution points with the boot image.

-->

Applies to: System Center Configuration Manager (Current Branch)

Update 1906 for Configuration Manager current branch is available as an in-console update. Apply this update on sites that run version 1802 or later. This article summarizes the changes and new features in Configuration Manager, version 1906.

Always review the latest checklist for installing this update. For more information, see Checklist for installing update 1906. After you update a site, also review the Post-update checklist.

To take full advantage of new Configuration Manager features, after you update the site, also update clients to the latest version. While new functionality appears in the Configuration Manager console when you update the site and console, the complete scenario isn't functional until the client version is also the latest.

Tip

To get notified when this page is updated, copy and paste the following URL into your RSS feed reader:https://docs.microsoft.com/api/search/rss?search=%22what%27s+new+in+version+1906+-+Configuration+Manager%22&locale=en-us

Requirement changes

Version 1906 client requires SHA-2 code signing support

Because of weaknesses in the SHA-1 algorithm and to align to industry standards, Microsoft now only signs Configuration Manager binaries using the more secure SHA-2 algorithm. The following Windows OS versions require an update for SHA-2 code signing support:

Sccm 1906 Requirements

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2008 SP2

For more information, see Prerequisites for Windows clients.

Site infrastructure

Site server maintenance task improvements

Site server maintenance tasks can now be viewed and edited from their own tab on the details view of a site server. The new Maintenance Tasks tab gives you information such as:

  • If the task is enabled
  • The task schedule
  • Last start time
  • Last completion time
  • If the task completed successfully

For more information, see Maintenance tasks.

Configuration Manager update database upgrade monitoring

When applying a Configuration Manager update, you can now see the state of the Upgrade ConfigMgr database task in the installation status window.

  • If the database upgrade is blocked, then you'll be given the warning, In progress, needs attention.

    • The cmupdate.log will log the program name and sessionid from SQL that is blocking the database upgrade.
  • When the database upgrade is no longer blocked, the status will be reset to In progress or Complete.

    • When the database upgrade is blocked, a check is done every 5 minutes to see if it's still blocked.

For more information, see Install in-console updates.

Management insights rule for NTLM fallback

Management insights includes a new rule that detects if you enabled the less secure NTLM authentication fallback method for the site: NTLM fallback is enabled.

For more information, see Management insights.

Improvements to support for SQL Always On

  • Add a new synchronous replica from setup: You can now add a new secondary replica node to an existing SQL Always On availability group. Instead of a manual process, use Configuration Manager setup to make this change. For more information, see Configure SQL Server Always On availability groups.

  • Multi-subnet failover: You can now enable the MultiSubnetFailover connection string keyword in SQL Server. You also need to manually configure the site server. For more information, see the Multi-subnet failover prerequisite.

  • Support for distributed views: The site database can be hosted on a SQL Server Always On availability group, and you can enable database replication links to use distributed views.

    Note

    This change doesn't apply to SQL Server clusters.

  • Site recovery can recreate the database on a SQL Always On group. This process works with both manual and automatic seeding.

  • New setup prerequisite checks:

    • SQL availability group replicas must all have the same seeding mode
    • SQL availability group replicas must be healthy

Cloud-attached management

Azure Active Directory user group discovery

You can now discover user groups and members of those groups from Azure Active Directory (Azure AD). Users found in Azure AD groups that the site hasn't previously discovered are added as user resources in Configuration Manager. A user group resource record is created when the group is a security group. This feature is a pre-release feature and needs to be enabled.

For more information, see Configure discovery methods.

Synchronize collection membership results to Azure Active Directory groups

You can now enable the synchronization of collection memberships to an Azure Active Directory (Azure AD) group. This synchronization is a pre-release feature. To enable it, see Pre-release features.

The synchronization allows you to use your existing on-premises grouping rules in the cloud by creating Azure AD group memberships based on collection membership results. Only devices with an Azure Active Directory record are reflected in the Azure AD Group. Both Hybrid Azure AD Joined and Azure Active Directory joined devices are supported.

For more information, see Create collections.

Desktop Analytics

Readiness insights for desktop apps

You can now get more detailed insights for your desktop applications including line-of-business apps. The former App Health Analyzer toolkit is now integrated with the Configuration Manager client. This integration simplifies deployment and manageability of app readiness insights in the Desktop Analytics portal.

For more information, see Compatibility assessment in Desktop Analytics.

DALogsCollector tool

Use the DesktopAnalyticsLogsCollector.ps1 tool from the Configuration Manager install directory to help troubleshoot Desktop Analytics. It runs some basic troubleshooting steps and collects the relevant logs into a single working directory.

For more information, see Logs collector.

Real-time management

Add joins, additional operators, and aggregators in CMPivot

For CMPivot, you now have additional arithmetic operators, aggregators, and the ability to add query joins such as using Registry and File together.

For more information, see CMPivot.

CMPivot standalone

You can now use CMPivot as a standalone app. CMPivot standalone is a pre-release feature and is only available in English. Run CMPivot outside of the Configuration Manager console to view the real-time state of devices in your environment. This change enables you to use CMPivot on a device without first installing the console.

You can share the power of CMPivot with other personas, such as helpdesk or security admins, who don’t have the console installed on their computer. These other personas can use CMPivot to query Configuration Manager alongside the other tools that they traditionally use. By sharing this rich management data, you can work together to proactively solve business problems that cross roles.

For more information, see CMPivot and Pre-release features.

Added permissions to the Security Administrator role

The following permissions have been added to Configuration Manager's built-in Security Administrator role:

  • Read on SMS Script
  • Run CMPivot on Collection
  • Read on Inventory Report

For more information, see CMPivot.

Content management

Delivery Optimization download data in client data sources dashboard

The client data sources dashboard now includes Delivery Optimization data. This dashboard helps you understand from where clients are getting content in your environment.

For more information, see Client Data Sources dashboard.

Sccm 1906 Upgrade Checklist

Use your distribution point as an in-network cache server for Delivery Optimization

You can now install Delivery Optimization In-Network Cache (DOINC) server on your distribution points. By caching this content on-premises, your clients can benefit from the Delivery Optimization feature, but you can help to protect WAN links.

This cache server acts as an on-demand transparent cache for content downloaded by Delivery Optimization. Use client settings to make sure this server is offered only to the members of the local Configuration Manager boundary group.

For more information, see Delivery Optimization In-Network Cache in Configuration Manager.

Client management

Support for Windows Virtual Desktop

Windows Virtual Desktop is a preview feature of Microsoft Azure and Microsoft 365. You can now use Configuration Manager to manage these virtual devices running Windows in Azure.

Similar to a terminal server, these virtual devices allow multiple concurrent active user sessions. To help with client performance, Configuration Manager now disables user policies on any device that allows these multiple user sessions. Even if you enable user policies, the client disables them by default on these devices, which include Windows Virtual Desktop and terminal servers.

For more information, see Supported OS versions for clients and devices.

Support Center OneTrace (Preview)

OneTrace is a new log viewer with Support Center. It works similarly to CMTrace, with the following improvements:

  • A tabbed view
  • Dockable windows
  • Improved search capabilities
  • Ability to enable filters without leaving the log view
  • Scrollbar hints to quickly identify clusters of errors
  • Fast log opening for large files

For more information, see Support Center OneTrace.

Configure client cache minimum retention period

You can now specify the minimum time for the Configuration Manager client to keep cached content. This client setting defines the minimum amount of time Configuration Manager agent should wait before it can remove content from the cache in case more space is needed. In the Client cache settings group of client settings, configure the following setting: Minimum duration before cached content can be removed (minutes).

Note

In the same client setting group, the existing setting to Enable Configuration Manager client in full OS to share content is now renamed to Enable as peer cache source. The behavior of the setting doesn't change.

For more information, see Client cache settings.

Co-management

Improvements to co-management auto-enrollment

  • A new co-managed device now automatically enrolls to the Microsoft Intune service based on its Azure Active Directory (Azure AD) device token. It doesn't need to wait for a user to sign in to the device for auto-enrollment to start. This change helps to reduce the number of devices with the enrollment statusPending user sign in.

  • For customers that already have devices enrolled to co-management, new devices now enroll immediately once they meet the prerequisites. For example, once the device is joined to Azure AD and the Configuration Manager client is installed.

For more information, see Enable co-management.

Multiple pilot groups for co-management workloads

You can now configure different pilot collections for each of the co-management workloads. Using different pilot collections allows you to take a more granular approach when shifting workloads.

  • In the Enablement tab, you can now specify an Intune Auto Enrollment collection.

    • The Intune Auto Enrollment collection should contain all of the clients you want to onboard into co-management. It's essentially a superset of all the other staging collections.
  • In the Staging tab, instead of using one pilot collection for all workloads, you can now choose an individual collection for each workload.

These options are also available when you first enable co-management.

For more information, see Enable co-management.

Co-management support for government cloud

U.S. government customers can now use co-management with the Azure U.S. Government Cloud (portal.azure.us). For more information, see Enable co-management.

Application management

Filter applications deployed to devices

User categories for device-targeted application deployments now show as filters in Software Center. Specify a user category for an application on the Software Center page of its properties. Then open the app in Software Center and look at the available filters.

For more information, see Manually specify application information.

The NX Autofocus System III with 205 phase-detect points of which 153 are cross-type for extremely fast, accurate focusing.The NX500 offers 4K at up to 24 fps or UHD at up to 30 fps, as well as in full HD up to 60fps video recording with HEVC (H.265) compression for saving space without sacrificing quality.The NX500 is built-in Wi-Fi and NFC allows the high quality images to be transferred to a smartphone or tablet with one tap.Camera User Guide October 22, 2017. Samsung NX500 equipped with a 28.2MP APS-C CMOS sensor, which works with the DRIMe V Image Signal Processor delivers crisp and clear images with life-like colors in all light conditions. Samsung s85 digital camera user manual

Application groups

Create a group of applications that you can send to a user or device collection as a single deployment. The metadata you specify about the app group is seen in Software Center as a single entity. You can order the apps in the group so that the client installs them in a specific order.

This feature is pre-release. To enable it, see Pre-release features.

For more information, see Create application groups.

Retry the install of pre-approved applications

You can now retry the installation of an app that you previously approved for a user or device. The approval option is only for available deployments. If the user uninstalls the app, or if the initial install process fails, Configuration Manager doesn't reevaluate its state and reinstall it. This feature allows a support technician to quickly retry the app install for a user that calls for help.

For more information, see Approve applications.

Install an application for a device

From the Configuration Manager console, you can now install applications to a device in real time. This feature can help reduce the need for separate collections for every application.

For more information, see Install applications for a device.

Improvements to app approvals

This release includes the following improvements to app approvals:

  • If you approve an app request in the console, and then deny it, you can now approve it again. The app is reinstalled on the client after you approve it.

  • In the Configuration Manager console, Software Library workspace, under Application Management, the Approval Requests node is renamed Application Requests.

  • There's a new WMI method, DeleteInstance to remove an app approval request. This action doesn't uninstall the app on the device. If it's not already installed, the user can't install the app from Software Center.

  • Call the CreateApprovedRequest API to create a pre-approved request for an app on a device. To prevent automatically installing the app on the client, set the AutoInstall parameter to FALSE. The user sees the app in Software Center, but it's not automatically installed.

For more information, see Approve applications.

OS deployment

Task sequence debugger

The task sequence debugger is a new troubleshooting tool. You deploy a task sequence in debug mode to a collection of one device. It lets you step through the task sequence in a controlled manner to aid troubleshooting and investigation.

This feature is pre-release. To enable it, see Pre-release features.

For more information, see Debug a task sequence.

Clear app content from client cache during task sequence

In the Install Application task sequence step, you can now delete the app content from the client cache after the step runs.

For more information, see About task sequence steps.

Important

Update the target client to the latest version to support this new feature.

Reclaim SEDO lock for task sequences

If the Configuration Manager console stops responding, you can be locked out of making further changes to a task sequence. Now when you attempt to access a locked task sequence, you can now Discard Changes, and continue editing the object.

For more information, see Use the task sequence editor.

Pre-cache driver packages and OS images

Task sequence pre-cache now includes additional content types. Pre-cache content previously only applied to OS upgrade packages. Now you can use pre-caching to reduce bandwidth consumption of:

  • OS images
  • Driver packages
  • Packages

For more information, see Configure pre-cache content.

Improvements to OS deployment

This release includes the following improvements to OS deployment:

  • Use the following two PowerShell cmdlets to create and edit the Run Task Sequence step:

    • New-CMTSStepRunTaskSequence

    • Set-CMTSStepRunTaskSequence

  • It's now easier to edit variables when you run a task sequence. After you select a task sequence in the Task Sequence Wizard window, the page to edit task sequence variables includes an Edit button. For more information, see How to use task sequence variables.

  • The Disable BitLocker task sequence step has a new restart counter. Use this option to specify the number of restarts to keep BitLocker disabled. This change helps you simplify your task sequence. You can use a single step, instead of adding multiple instances of this step. For more information, see Disable BitLocker.

  • Use the new task sequence variable SMSTSRebootDelayNext with the existing SMSTSRebootDelay variable. If you want any later reboots to happen with a different timeout than the first, set this new variable to a different value in seconds. For more information, see SMSTSRebootDelayNext.

  • The task sequence sets a new read-only variable _SMSTSLastContentDownloadLocation. This variable contains the last location where the task sequence downloaded or attempted to download content. Inspect this variable instead of parsing the client logs.

  • When you create task sequence media, Configuration Manager doesn't add an autorun.inf file. This file is commonly blocked by antimalware products. You can still include the file if necessary for your scenario.

Software Center

Improvements to Software Center tab customizations

You can now add up to five custom tabs in Software Center. You can also edit the order in which these tabs appear in Software Center.

For more information, see Software Center client settings.

Software Center infrastructure improvements

This release includes the following infrastructure improvements to Software Center:

  • Software Center now communicates with a management point for apps targeted to users as available. It doesn't use the application catalog anymore. This change makes it easier for you to remove the application catalog from the site.

  • Previously, Software Center picked the first management point from the list of available servers. Starting in this release, it uses the same management point that the client uses. This change allows Software Center to use the same management point from the assigned primary site as the client.

Important

These iterative improvements to Software Center and the management point are to retire the application catalog roles.

  • The Silverlight user experience isn't supported as of current branch version 1806.
  • Starting in version 1906, updated clients automatically use the management point for user-available application deployments. You also can't install new application catalog roles.
  • Support ends for the application catalog roles with version 1910.

For more information, see Remove the application catalog and Plan for Software Center.

Redesigned notification for newly available software

The New Software is Available notification will only show once for a user for a given application and revision. The user will no longer see the notification each time they sign in. They'll only see another notification for an application if it has changed or was redeployed.

For more information, see Create and deploy an application.

More frequent countdown notifications for restarts

End users will now be reminded more frequently of a pending restart with intermittent countdown notifications. You can define the interval for the intermittent notifications in Client Settings on the Computer Restart page. Change the value for Specify the snooze duration for computer restart countdown notifications (minutes) to configure how often a user is reminded about a pending restart until the final countdown notification occurs.

Additionally, the maximum value for Display a temporary notification to the user that indicates the interval before the user is logged off or the computer restarts (minutes) increased from 1440 minutes (24 hours) to 20160 minutes (two weeks).

For more information, see Device restart notifications and About client settings.

Direct link to custom tabs in Software Center

You can now provide users with a direct link to a custom tab in Software Center.

Use the following URL format to open Software Center to a particular tab:

softwarecenter:page=CustomTab1

The string CustomTab1 is the first custom tab in order.

For example, type this URL in the Windows Run window.

You can also use this syntax to open default tabs in Software Center:

Command lineTab
AvailableSoftwareApplications
UpdatesUpdates
OSDOperating Systems
InstallationStatusInstallation status
ComplianceDevice compliance
OptionsOptions

For more information, see Software Center tab visibility.

Software updates

Additional options for WSUS maintenance

You now have additional WSUS maintenance tasks that Configuration Manager can run to maintain healthy software update points. The WSUS maintenance occurs after every synchronization. In addition to declining expired updates in WSUS, Configuration Manager can now:

  • Remove obsolete updates from the WSUS database.
  • Add non-clustered indexes to the WSUS database to improve WSUS cleanup performance.

For more information, see Software updates maintenance.

Configure the default maximum run time for software updates

You can now specify the maximum amount of time a software update installation has to complete. You can specify the following items in the Maximum Run Time tab on the Software Update Point:

  • Maximum run time for Windows feature updates (minutes)
  • Maximum run time for Office 365 updates and non-feature updates for Windows (minutes)

For more information, see Plan for software updates.

Configure dynamic update during feature updates

Use a new client setting to configure Dynamic Update during Windows 10 feature update installs. Dynamic Update installs language packs, features on demand, drivers, and cumulative updates during Windows setup by directing the client to download these updates from the internet.

For more information, see Software update client settings and Manage Windows as a service.

New Windows 10, version 1903 and later product category

Windows 10, version 1903 and later was added to Microsoft Update as its own product rather than being part of the Windows 10 product like earlier versions. This change caused you to do a number of manual steps to ensure that your clients see these updates. We've helped reduce the number of manual steps you have to take for the new product.

When you update to Configuration Manager version 1906 and have the Windows 10 product selected for synchronization, the following actions occur automatically:

  • The Windows 10, version 1903 and later product is added for synchronization.
  • Automatic Deployment Rules containing the Windows 10 product will be updated to include Windows 10, version 1903 and later.
  • Servicing plans are updated to include the Windows 10, version 1903 and later product.

For more information, see Configure classifications and products to synchronize, Servicing plans, and Automatic deployment rules.

Drill through required updates

You can now drill through compliance statistics to see which devices require a specific software update. To view the device list, you need permission to view updates and the collections the devices belong to. To drill down into the device list, select the View Required hyperlink next to the pie chart in the Summary tab for an update. Clicking the hyperlink takes you to a temporary node under Devices where you can see the devices requiring the update.

The View Required hyperlink is available in the following locations:

  • Software Library > Software Updates > All Software Updates
  • Software Library > Windows 10 Servicing > All Windows 10 Updates
  • Software Library > Office 365 Client Management > Office 365 Updates

For more information, see Monitor software updates, Manage Windows as a service, and Manage Office 365 ProPlus updates.

Office management

Office 365 ProPlus upgrade readiness dashboard

To help you determine which devices are ready to upgrade to Office 365 ProPlus, there's a new readiness dashboard. It includes the Office 365 ProPlus upgrade readiness tile that released in Configuration Manager current branch version 1902. In the Configuration Manager console, go to the Software Library workspace, expand Office 365 Client Management, and select the Office 365 ProPlus Upgrade Readiness node.

For more information on the dashboard, prerequisites, and using this data, see Integration for Office 365 ProPlus readiness.

Protection

Windows Defender Application Guard file trust criteria

There's a new policy setting that enables users to trust files that normally open in Windows Defender Application Guard (WDAG). Upon successful completion, the files will open on the host device instead of in WDAG.

For more information, see Create and deploy Windows Defender Application Guard policy.

Configuration Manager console

Role-based access for folders

You can now set security scopes on folders. If you have access to an object in the folder but don't have access to the folder, you'll be unable to see the object. Similarly, if you have access to a folder but not an object within it, you won't see that object. Right-click a folder, choose Set Security Scopes, then choose the security scopes you want to apply.

For more information, see Using the Configuration Manager console and Configure role-based administration.

Add SMBIOS GUID column to device and device collection nodes

In both the Devices and Device Collections nodes, you can now add a new column for SMBIOS GUID. This value is the same as the BIOS GUID property of the System Resource class. It's a unique identifier for the device hardware.

Administration service support for security nodes

You can now enable some nodes of the Configuration Manager console to use the administration service. This change allows the console to communicate with the SMS Provider over HTTPS instead of via WMI.

For more information, see Administration service.

Note

Starting in version 1906, the Client Computer Communication tab on the site properties is now called Communication Security.

Collections tab in devices node

In the Assets and Compliance workspace, go to the Devices node, and select a device. In the details pane, switch to the new Collections tab. This tab lists the collections that include this device.

Note

  • This tab currently isn't available from a devices subnode under the Device Collections node. For example, when you select the option to Show Members on a collection.
  • This tab may not populate as expected for some users. To see the complete list of collections a device belongs to, you must have the Full Administrator security role. This is a known issue.

Task sequences tab in applications node

In the Software Library workspace, expand Application Management, go to the Applications node, and select an application. In the details pane, switch to the new Task sequences tab. This tab lists the task sequences that reference this application.

Show collection name for scripts

In the Monitoring workspace, select the Script Status node. It now lists the Collection Name in addition to the ID.

Real-time actions from device lists

There are various ways to display a list of devices under the Devices node in the Assets and Compliance workspace.

  • In the Assets and Compliance workspace, select the Device Collections node. Select a device collection, and choose the action to Show members. This action opens a subnode of the Devices node with a device list for that collection.

    • When you select the collection subnode, you can now start CMPivot from the Collection group of the ribbon.
  • In the Monitoring workspace, select the Deployments node. Select a deployment, and choose the View Status action in the ribbon. In the deployment status pane, double-click the total assets to drill-through to a device list.

    • When you select a device in this list, you can now start CMPivot and Run Scripts from the Device group of the ribbon.

Order by program name in task sequence

In the Software Library workspace, expand Operating Systems, and select the Task Sequences node. Edit a task sequence, and select or add the Install Package step. If a package has more than one program, the drop-down list now sorts the programs alphabetically.

Correct names for client operations

In the Monitoring workspace, select Client Operations. The operation to Switch to next Software Update Point is now properly named.

Deprecated features and operating systems

Learn about support changes before they're implemented in removed and deprecated items.

Version 1906 drops support for the following features:

  • You can't install new application catalog roles. Updated clients automatically use the management point for user-available application deployments. For more information, see Plan for Software Center.

Version 1906 deprecates support for the following products:

  • Windows CE 7.0
  • Windows 10 Mobile
  • Windows 10 Mobile Enterprise

Other updates

As of this version, the following features are no longer pre-release:

Aside from new features, this release also includes additional changes such as bug fixes. For more information, see Summary of changes in Configuration Manager current branch, version 1906.

For more information on changes to the Windows PowerShell cmdlets for Configuration Manager, see PowerShell version 1906 release notes.

The following update rollup (4517869) is available in the console starting on October 1, 2019: Update rollup for Configuration Manager current branch, version 1906.

Next steps

As of August 16, 2019, version 1906 is globally available for all customers to install.

When you're ready to install this version, see Installing updates for Configuration Manager and Checklist for installing update 1906.

Tip

To install a new site, use a baseline version of Configuration Manager.

Learn more about:

For known, significant issues, see the Release notes.

After you update a site, also review the Post-update checklist.