microsoft confidential what's new in configuration manager 2012 since beta 2

Microsoft Confidential

What's New in Configuration Manager 2012 Since Beta 2

Microsoft Confidential

RC Change Overview

• Key Features− Endpoint Protection integration− Application ‘Simulated Deployment’ (Pre-

Flight)− Improved Discovery processing

• DCRs, Bug Fixes, More…

2

Microsoft Confidential

Endpoint Protection (FEP) Integration

• Fully integrated setup and management

• Key Features− Expedited malware events:

client to admin within 5 minutes

− Built-in security admin role− Network-friendly definition

deployments− Improved scalability and

reliability − Simpler to setup and operate− Email subscriptions for alerts

3

Microsoft Confidential

Application Simulated Deployment (“Preflight”)• Goal: Provide confidence in moving to state based

dynamic applications− Did I do detection method right? − Did I get rules/relationships right? − What will my deployment type mix be?

• What it does: Runs application as required in “rules only” mode− No content download, no execution of deployment type− Results – what would the system have done?

− Processes detection method, requirement rules, dependencies and supersedence

− Does NOT simulate the install!

5

FEATURE AREASA quick overview

Microsoft Confidential

Hierarchy Updates

• FQDN throughout the product• All ConfigMgr global replication through

Data Replication Service (DRS)− No more SQL transactional replication

• Replication Link Analyzer (in RC)• Cross forest support - untrusted forests for

site system roles− Not site servers

• Secondary site content routing− One layer

• SQL Configuration Options: Ports, Instances• MP replica support6

Microsoft Confidential

SQL Server Support

• Beta 2 required:− SQL Server 2008 SP1 CU14

• RC1 requires:− SQL Server 2008 SP2 CU6 plus 2603910− SQL Server 2008 R2 will be supported later

− SQL Server 2008 R2 SP1 CU3 plus hotfix when ready

• Prerequisite check for SQL Server memory limitation− Recommended to not allow SQL Server to use

any more than ~70% of memory

7

Microsoft Confidential

Performance

• Scalability and performance improvements throughout the product:− General console operation− Replication− State and Status messages (alerting)− Discovery Data Processing− Application Catalog− Collection updates

− Incremental off by default for custom collections

8

Microsoft Confidential

Client Randomizations

• To help with our VDI integration, we now implement the following:− Hardware inventory− Software inventory− Software update scans− Software update deployment evaluations− Compliance settings (DCM) evaluation− Endpoint Protection scans− Application deployment evaluations

9

Microsoft Confidential

ConfigMgr Console

• Ability search via dates (e.g. last x days)• Added security scopes into the listview with

filter/sort/search• Only one admin console installer - 32 bit• Improved multi-lingual support, including

server setup• Reporting

− Reports are grouped by folders in the Reports node

− Report folder “Show-Me” - folders are now associated with security role permissions

• Assets and Compliance workspace switches place with Administration10

Microsoft Confidential

Applications

• Application Catalog:− Ability to change application catalog color scheme− Updated Application Catalog appearance− Catalog tables update on a schedule

− 3 minutes – 24 hours− "Run Now" action to force immediately

• Software Center− Ability to filter by type of deployment

(applications, operating systems, updates)− Ability to show or hide optional deployments

11

Microsoft ConfidentialMicrosoft NDA Confidential

12

Software Center

Microsoft ConfidentialMicrosoft NDA Confidential

13

Software Center

Microsoft Confidential

Software Center

Microsoft NDA Confidential

14

Microsoft Confidential

Application Catalog

Microsoft NDA Confidential

15

Microsoft Confidential

Monitoring and Discovery• Monitoring

− Alerts now have subscriptions with email− Added an "Endpoint Protection Status" node

• Discovery− IP subnets become IP address ranges− Remove System Group Discovery− Rename Security Group Discovery to Group

Discovery− Change the responsibility of

− Group discovery: Discover groups and membership of these groups

− System Discovery: Discover basic information of computers and OU of these computers

− User Discovery: It is responsible for discover basic information of users and OU of these users

16

Microsoft Confidential

Delta DiscoveryChanges in Active Directory

Beta 2

RCP

New ComputerNew User

Computer and user basic information changed

Computer added to a group

User added to a group

Computer removed from a group

User removed from a group

Group Discovery• Discover security

groups and distribution groups

• Discover membership of groups, including both user and computers

• Support specifying individual groups as the discovery scope (Recommended)

• Detect any changes of group membership

17

Microsoft Confidential

Stale Computer Filtering

• Based on two Active Directory attributes:−Lastlogontimestamp: Record the last

logon timestamp of the computer. It requires Domain function level >= Windows Server 2003

−Pwdlastset: Record the last time when the computer changes its password. By default Active Directory policy enforces each computer changing password every 30 days.

18

Microsoft Confidential

Client Settings and Compliance Settings• Compliance Settings Management:

− Baseline remediation can now be limited to maintenance windows (default)

− Baseline deployments can now generate Operations Manager alerts

− Ability to create dynamic collections from baseline compliance (RC)

• Client Settings− Custom Client Settings can now be

exported and imported (not just for default)

19

Microsoft Confidential

Client Health Updates• Client health:

− Rule checks expanded from 12 to 21 including:− WMI service WMI Repository Integrity− BITS service ConfigMgr client,

prerequisites install− SMS Agent Host serviceConfigMgr Remote Control

service− Antimalware service (EP) Network Inspection

(EP)− Windows Update Agent

− Client health state is now live data− Previously was summarized data

− Can disable automatic remediation of client health via Registry (e.g. Mission critical systems such as servers)

20

Microsoft Confidential

Additional Items

• Remote Control:− Agent is disabled by default− Ability to have agent create required Windows

firewall exemptions− Remote Control Viewer shortcut in the

ConfigMgr program group

• Platform Support:− Added platform support for

− Windows Embedded 7 SP1− POSReady 7− Windows 7 Thin PC− Windows Embedded Compact 7

21

Microsoft Confidential

Additional Items (2)

• Embedded Device Management− Ability to use task sequences to manage

write filter enabled systems

• Tools:− RBA modeling tool:

− Live modeling of security roles and assignments− Authoring and modeling of custom security

roles− Replication Link Analyzer (post RCP)

• OSD:− CMTrace.exe now included in default boot

images22

Microsoft Confidential

Additional Items (3)

• Setup prompts for Server and Client languages− Will download appropriate language

packs as needed

• Browsing for accounts − Most account browsing even allows for a

“Verify” on the credentials

• Tool for manual creation of CCRs− Uses text file for input

23

Microsoft Confidential

Documentation Updates• http://technet.microsoft.com/en-us/library/gg682129.aspx • You are seeing documentation “live” as it is produced

− Some is forward looking, some needs to be updated, some is yet to be written

• What you can do:− Please use the feedback buttons! “Like” (5 stars) for sections

you find useful− If information is incorrect or confusing, please create a connect

item (preferred)Alternative: “Click the Rate and Give Feedback” with your observations and email for follow-up

− If pages are empty, it is yet to be written - please be patient.

• Create a Connect Feedback item if:− You cannot locate your topic in the document (not even a blank

page)− Missing or incomplete topics are blocking your TAP program

(Help us Prioritize)− You have observations about the design or arrangement of the

documentation (e.g. combining of “About” and “How To” sections.

− You have contenders for the FAQ list?24