In the updated 1802 TP, we now have an option to create Edge policies.
In Assets and Compliance, under Compliance Settings, there is an option for Microsoft Edge Browser Profiles
Highlight that and choose from the Menu (or right click) to Create Microsoft Edge profile
In the Create Microsoft Edge Browser Policy wizard, name your profile/policy just as an example below. You can create multiple profiles to target different collections like any other deployment.
In the next screen, choose the configuration needed based on your corporate policies.
Once done, select next and choose the OS which will always be Windows 10 but you can target between x32 and x64.
Once all done, from the menu bar or right click to deploy the policy to a collection.
New feature of Configuration Manager in 1802 Technical Preview.
In the Client settings, under Software Center, choose Customize. Now there is an option to Hide installed applications in Software Center. This is better sometimes than showing an application just to state it’s installed and clutter the list.
One of the new features of the CM 1802 TP is the ability to create deployment templates for Task Sequences and then use that to apply to existing task sequences to create new deployments.
To create a template, during the deployment of a TS, in the Summary screen, there is a new button in the upper righthand corner “Save As Template…”.
Once you select that, you have a new popup box to select what you want included in the template and name the template.
In this case, I chose all of it and named it Win 10 Deployment.
Now to apply the template in a new deployment, in the first dialog, you have the Select Deployment Template button (above the Comments area).
Once clicked, you can select the template of your choice.
Video showcasing the updated feature which allows the user interaction to happen while the installation is taking place as the SYSTEM
To be able to review Windows 10 endpoints (Anniversary Update or higher) into Windows Defender ATP, you will need to onboard first. There are several ways to do so including scripts, Group Policy, Intune, Configuration Manager 2012 through current branch 1602. With the release of Configuration Manager branch update 1606, it now includes integrated Windows Defender ATP to be able to monitor and deploy the policies.
- To get started, login to the Windows Defender ATP site to download the policies https://securitycenter.windows.com/download
Choose the drop down Select your deployment tool, and select the System Center Configuration Manager (current branch) version 1606
- This will download a ZIP file with the onboarding package. Unzip it to where you can access it with ConfigMgr.
- Under Assets and Compliance, expand Endpoint Protection where you will see Windows Defender ATP Policies. Select Windows Defender ATP Policies , and click Create Windows Defender ATP Policy from the toolbar or right click.
- Follow the wizard to import the onboarding file you downloaded from the site. (NOTE: SCREENSHOT SHOWS OFFBOARDING, BUT SHOULD BE ONBOARDING)
- Once done, you will see the policies in the console. Right client or from the toolbar, click Deploy.
- You can do this for off-boarding as well. From the same site, you can select to download the off-boarding package and then follow the steps above to import into ConfigMgr.
A new feature in technical preview 1607 is the connector to OMS to allow syncing of data such as collections from ConfigMgr to OMS.
ASSUMPTION: You have knowledge of Azure and OMS configuration outside of SCCM.
Click OMS Connector and click on Create connection to Operations Management Suite from the toolbar
You will see the first dialog of the Connection to the Operations Management Suite Wizard. Click Next
Enter the Tenant, Client ID, and Client secret key in the next dialog. All this information can be gathered from the Azure Portal. You may need to create a new Application (Under the Directory -> Applications) for the Client ID and key (second screen shot below).
Once entered, you will need to click Verify to continue.
Once the it’s properly verified, you will see the options to add your subscription, resource group, and Workspace name. Click Add to add the ConfigMgr collection(s) that OMS will collect the data from.
Final confirmation box will show your selections.
- After few minutes, logon to the OMS portal (mms.microsoft.com). Do a Log Search for * Type=ComputerGroup.
Now you will see all the computers in the selected Collection (in the above settings) display in OMS. You will see the GroupSource equal to SCCM for those machines. My OMS was configured only for this so other servers are not there yet in my lab.
If you have questions on how to create OMS Workspace, the Client ID, etc. Message me on Twitter https://twitter.com/jparekh_tech
In Microsoft System Center Configuration Manager 1606 (Currently in Technical Preview), you can create device categories. These can be used to automatically place devices in device collections when you are using it with Microsoft Intune (Integrated/Hybrid mode). Users are then required to choose a device category when they enroll a device in Intune. You can additionally change the category of a device from the Configuration Manager console.
You can also assign a category on a non-Intune enrolled device such as a traditional domain joined PC.
Create a set of device categories
- In the Assets and Compliance workspace of the Configuration Manager console, expand Overview, then click Device Collections.
- Right Click on Device Collections and click Manage Device Categories.
- In the Manage Device Categories dialog box, you can create, edit, or remove categories.
Change the category of a device
- In the Assets and Compliance workspace of the Configuration Manager console, expand Overview, then click Devices.
- Select a device from the Devices list and then, in the Home tab, in the Device group, click Change Category.
- In the Edit Device Category dialog box, choose the category to apply to this device, then click OK.
Associate a collection with a device category
When you associate a collection with a device category, all devices in the category you specify will be added to that collection.
- In the Properties dialog for a device collection, click Add Rule > Device Category Rule.
- In the Create Device Category Membership Rule dialog box, select the category that will be applied to all devices in the collection.
- Close the Create Device Category Membership Rule dialog box and the collection properties dialog box.
Now all devices in the chosen Category will be dynamically be part of this collection and its associated deployments