A Friday is not just a Friday for a Configuration Manager Consultant or Administrator. At least once or twice a month it can be one where we get some gifts from the Configuration Manager Product Team. Yesterday was again a day that a nice gift “was released”; Update 1706 for System Center Configuration Manager! You know where the average Configuration Manager Consultant or Administrator is during such a weekend, yes upgrading their lab and/or production environments to the latest Current Branch! Already looking forward to the adoption statistics from Brad Anderson and David James 🙂
Also this release Microsoft made investments for some really cool and handy additions to Configuration Manager were released either in preview or production. In this blog I would like to highlight the new Hybrid (Configuration Manager connected with Microsoft Intune) additions that came with 1706, and yeah the new Hybrid features are just a small part of the complete list of new features in 1706!
As we know, when having Configuration Manager in place you can easily manage also your mobile devices / modern devices by connecting it to Microsoft Intune.
Check Conditional Access Compliance
Microsoft added the option to trigger conditional access compliance check on device collection level. Reviewing the compliance state can be done via the “List of devices by Conditional Access State” report which is already available for some time.
Checking the Conditional Access Compliance on demand from the console can help users to get compliant and get access to the services protected by conditional access earlier.
Entrust as certificate authority for PFX Certificates (hybrid only)
Until 1702 PFX Certificates could only be deployed via SCEP from the local Certificate Authority. Entrust is a commercial Certificate Authority. To be able to use this feature you need to configure the Certificate Registration point to support Entrust as the Certificate Authority.
Next you need to configure an Entrust MDM URL and an account name to make sure that you have an account at Entrust.
While creating the certificate profile you are able to choose Entrust and the Certificate Registration Point so that you are able to issue certificates via the Entrust CA.
Read more about the solution of Entrust here.
New Android for Work features
Android for Work, is that the future or do we stick with MAM without enrollment? Not sure but for now Microsoft added the ability to create and deploy app configuration policies for Android for Work. Also, apps can be deployed as available apps and installed from the Company Portal.
New Compliance Policy Settings
In Microsoft Intune stand alone the ability to check if USB Debugging or installation of unknown sources on Android devices could already be checked via compliance policies. As from now, Configuration Manager is up to par and is also able to check devices on those compliance rules.
Enrollment restrictions conditions
As from the start with Configuration Manager you were able to restrict access based on device platform level.
As from now we are also able to control is personally owned iOS and Android devices may be used to enroll into Configuration Manager Hybrid and therefor may be used to access company resources.
Support added for Cisco IPSec VPN on iOS
Configuration Manager Hybrid supports already a massive range on VPN vendors, way more than Intune standalone. To support even more solutions, Microsoft added support for Cisco IPSec VPN on iOS.
Windows 10 – device restrictions / configuration settings
Windows 10, managed the modern way, was already well managed through device configuration policies in earlier versions of Configuration Manager Current Branch. Besides what we already could do Microsoft added things like controlling Device Name Modification, System Time Modification and more. (besides everything we can already do via CSPs)
Besides device settings, also settings for the Store, Windows Information Protection and Microsoft Edge are added.
As you see the Configuration Manager Product Team has made major investments to add a lot of features to the Configuration Manager hybrid scenario, which is awesome!
See a complete list of the new features here.