Windows 11 23H2 Cumulative Updates not shown in WSUS/SCCM
Hi everyone, I want to start rolling out devices in my company with Windows 11 23H2 via SCCM. However, I first need to update the existing 23H2 image with the November 24 cumulative update (KB5046633). In SCCM and WSUS, I can't find the 23H2 product categories for synchronization, but 24H2 is showing up. What could be the reason for this?Update 2309 for Microsoft Configuration Manager current branch is now available.
Site infrastructure Introducing SQL ODBC driver support for Configuration Manager Starting with Configuration Manager 2309 release, Configuration Manager requires the installation of the ODBC driver for SQL server 18.1.0 or later as a prerequisite, SQL ODBC Download. This prerequisite is required when you create a new site or update an existing one and on all remote roles. Important Microsoft ODBC Driver for SQL Server 18.1.0 or later needs to be installed on Site Servers and site system roles before upgrading to 2309 version. Do not uninstall SQL native client 11 until we call out in further communications. Configuration Manager doesn't manage the updates for the ODBC driver, ensure that this component is up to date. For more information, see SQL ODBC driver for the site server Option to schedule Scripts execution time Starting in Configuration Manager current branch version 2309, you can now schedule scripts' runtime in UTC. The run Script Wizard now offers a scheduling option that enables administrators to schedule the execution of scripts. It provides a convenient way to automate the running of scripts on managed devices according to specified schedules. For more information, see Schedule scripts' runtime External service notification Run details from Azure Logic application. Starting in Configuration Manager current branch version 2309, when Azure Logic App generates notifications related to specific events, CM can now capture and display these notifications. This integration enables the monitoring of Azure Logic App notifications directly within the MCM console, providing a centralized location for tracking critical events, taking appropriate actions and maintains a high level of operational efficiency. For more information, see External service notification. New Site Maintenance task “Delete Aged Task Execution Status Messages” is now available on primary servers to clean up data older than 30 days or configured number of days Starting in Configuration Manager current branch version 2309, you can now enable this feature by utilizing the Site Maintenance Window or using PowerShell Commandlet. By default, it has been set to run on Saturday and delete the data older than 30 days. It does so by cleaning up [dbo].TaskExecutionStatus Table Example : PowerShell Commandlet: Set-CMSiteMaintenanceTask -Sitecode "XXX" -MaintenanceTaskName "Delete Aged Task Execution Status Messages" -DaysOfWeek Friday For more information, see Delete Aged Task Execution Status Messages. Software updates Update Orchestrator Service (USO) for Windows 11 22H2 or later with windows native reboot experience In Configuration Manager current branch version 2309, when installing software updates from Configuration Manager, administrators can now choose to use the native Windows Update restart experience. To use this feature, client devices must be running Windows build 22H2 or later. From the Computer Restart client device settings, ensure that Windows is selected as the restart experience. Branding information is included in the Windows restart notification for updates that require restart. For more information, see Device restart notifications Maintenance window creation using PS cmdlet We've extended the Offset parameter for Maintenance windows. The cmdlet New-CMMaintenanceWindow is used to create a maintenance window for a collection. Earlier the Offset parameter could be set only between 0 and 4. Now it has been extended between 0 to 7. Example : PowerShell Commandlet: New-CMSchedule -Start (Get-Date) -DayOfWeek Monday -WeekOrder Second -RecurCount 1 -OffSetDay 6 OS deployment OSD preferred MP option for PXE boot scenario Starting in Configuration Manager current branch version 2309, Preferred Management Point (MP) option will now allow PXE clients to communicate to an initial lookup MP and receive the list of MP(s) to be used for further communication. When the option is enabled, it allows an MP to redirect the PXE client to another MP, based on the client location in the site boundaries. For more information, see Install-and-configure-distribution-points Enable Bitlocker through ProvisionTS In Configuration Manager current branch version 2309, Escrowing recovery key to Config Manager Database is now supported using ProvisionTS. ProvisionTS is the task sequence that is executed at the time of provisioning. As a result, device can escrow the key to Config Manager Database instantly. For more information, see Preprovision-BitLocker-in-Windows-PE Windows 11 Edition Upgrade using CM Policy settings Starting in Configuration Manager current branch version 2309, administrator can now create a policy using edition upgrade in Configuration Manager to update the Windows 11 edition. For more information, see Upgrade Windows devices to a new edition Windows 11 Upgrade Readiness Dashboard Starting in Configuration Manager current branch version 2309, administrators can use this dashboard to devise their windows 11 upgrade strategy and discover the devices in the organization, which are ready for Windows 11 Upgrade. This Dashboard also provides a count by installed Feature update version and a view of all Windows devices inside the organization. Administrators can create a collection of Windows 11 ready for upgrading devices and roll out feature updates to them. For more information, see Manage Windows 11 readiness dashboard , For Co-managed devices, see Use Windows compatibility reports for Windows 10 and Windows 11 updates in Intune Cloud-attached management New Cloud Management Gateway (CMG) creation via Console Starting in Configuration Manager current branch version 2309, We have enhanced security of web (server) app for the creation of CMG. For new CMG creation, users can select tenant and the app name using the Azure AD tenant name. After selecting tenant and app name the sign-in button appears, follow rest of the process as per the setup CMG. Note Pre existing CMG customers must update their web server app by navigating to Azure Active Directory Tenants node --> select the tenant --> select the server app --> click on "update application settings". For more information, see Configure Azure Active Directory for CMG New Cloud Management Gateway (CMG) creation via PowerShell You can now create CMG Server app via PowerShell cmdlet, you need to specify TenantID in the argument: PowerShell Commandlet: Set-UpdateServerApplication – 'TenantID' If you try to create the CMG before updating RedirectUrl, you get an error "Your server Application needs to be updated". PowerShell command: Set-UpdateServerApplication to update your App, and then try again to create CMG. Note For new customers, before creating CMG, create Azure AD web server app and execute the new PowerShell commandlet script. Deprecated features Configured resource access policies will block Configuration Manager 2403 upgrade, remove existing policies and move the slider to Intune. Please action before January 2024, read the FAQ. For more information, see Removed and deprecated features for Configuration Manager. For more details and to view the full list of new features in this update, check out our What’s new in version 2309 of Microsoft Configuration Manager documentation. Other updates Patching guidance for MCM customers migrating to Azure Migrating to Azure? Managing your on-prem infrastructure through Microsoft Configuration Manager (MCM) ? Have you figured out how you would patch your infrastructure on Azure? This article provides steps that you can follow to patch your migrated virtual machines on Azure. Note: MCM manages both devices and servers. This blog provides guidance for servers migrating to Azure. For devices, please refer to Microsoft Intune. Azure Migration tool has been helping you to programmatically create Azure virtual machines (VMs) for Configuration Manager and install the different site roles with default settings. Validation of the new roles, followed by removal of the on-premises site system role enables MCM in Azure, provides you all the on-premises capabilities and experiences in Azure. Additionally, you can leverage native Azure Update Manager to manage and govern update compliance for Windows and Linux machines across your deployments in Azure, on-premises, and on the other cloud platforms from a single dashboard, with no operational cost for managing the patching infrastructure. Azure Update Manager shares similarities with the update management component of MCM, designed as a standalone Azure service to provide SaaS experience on Azure to manage hybrid environments. Both MCM in Azure and Azure Update Manager can fulfil your patching requirements and the ultimate choice depends on your specific needs and preferences. MCM in Azure would allow you to continue using existing investments in Microsoft Configuration Manager and familiar processes for maintaining the patch update management cycle for Windows virtual machines. On the other hand, through Azure Update Manager, you can achieve consistent management of VMs and operating system updates across your cloud and hybrid environment. Moreover, you would not need to maintain Azure virtual machines for hosting the different Configuration Manager roles and would not need a MCM license, hence reducing the total cost for maintaining the patch update management cycle for all machines in your environment. For more details, please refer the actual CM on Azure FAQ For assistance with the upgrade process, please post your questions in the Site and Client Deployment forum. Send us your Configuration Manager feedback through Feedback in the Configuration Manager console. Continue to share and vote on ideas about new features in Configuration Manager. Thank you, The Configuration Manager team Additional resources: What’s New in Configuration Manager Documentation for Configuration Manager Microsoft Configuration Manager announcement Microsoft Configuration Manager vision statement Evaluate Configuration Manager in a lab Upgrade to Configuration Manager Configuration Manager Forums Configuration Manager Support Report an issue Provide suggestions
Use Intune RBAC for tenant attach with Configuration Manager Technical Preview 2106
Update 2106 for the Technical Preview Branch of Microsoft Endpoint Configuration Manager has been released. You can now use Intune role-based access control (RBAC) when displaying the Client details page for tenant attached devices in the Microsoft Endpoint Manager admin center.
Issue setting up the cmg connection point role
Hi! I deployed the cmg connection point role (only) to a new site server (MECM 1910 (5.0.8913.1000)), but the connection point just stayed disconnected from a functioning cmg. The log file sms_cloud_proxyconnector.log showed: "missing role certificate. reload in next cycle" every 60s. I ended up installing the mp role as well on the same server, and the cmg cp started working as intended. The certificate store on the site server has now a "cloud proxy connector" certificate under SMS\Certificates, which wasn't there before I installed the mp role. I've removed the mp role and its prerequisites and the cmg cp is still working. We're using "enhanced http" mode for client communication. Anybody else seen this behavior? Is it not supported to install the cmg cp role independently? Thanks!
CreateProcessAsUser Error 5 - ServiceUI.exe
Hi All I've recently updated my SCCM Site version to v1910, since performing this update i've been having issues with my Upgrade Task Sequence. Previously i've had a command line step in the upgrade task sequence to run a manually built "Windows 10 Splash Screen" using ServiceUI.exe to allow the user to install or postpone the upgrade. This has been issue free until the update to SCCM 1910, since then when i try to run the task sequence the following step fails with this error. Has anyone got any idea how i can resolve this? Been racking my brain for days now...Preview Query Results with Configuration Manager Technical Preview 2008
Update 2008 for the Technical Preview Branch of Microsoft Endpoint Configuration Manager has been released. You can now preview the query results when you're creating or editing a query for collection membership. Preview the query results from the query statement properties dialog to validate collection membership.
