What’s new in version 1710 of System Center Configuration Manager
What’s new in version 1710 of System Center Configuration Manager
Applies to: System Center Configuration Manager (Current Branch)
Update 1710 for System Center Configuration Manager current branch is available as an in-console update for previously installed sites that run version 1610, 1702, or 1706.
Tip: To install a new site, you must use a baseline version of Configuration Manager.
Learn more about:
The following sections provide details about changes and new capabilities introduced in version 1710 of Configuration Manager.
Updates for Peer Cache
Beginning with this release, Peer Cache is no longer a pre-release feature. No other changes for Peer Cache are introduced with this release. For more information, seePeer Cache for Configuration Manager clients.
Cloud distribution point support for Azure Government Cloud
You can now use cloud-based distribution points in the Azure Government cloud.
Inventory default unit revision
As devices now include hard drives with sizes in the gigabyte (GB), terabyte (TB) and larger scales, this release changes the default unit (SMS_Units) used in many views from megabytes (MB) to GB. For example, the v_gs_LogicalDisk.FreeSpace value now reports GB units.
Co-management for Windows 10 devices
In the previous Windows 10 updates, you can already join a Windows 10 device to on-premises Active Directory (AD) and cloud-based Azure AD at the same time (hybrid Azure AD). Starting with Configuration Manager version 1710, co-management takes advantage of this improvement and enables you to concurrently manage Windows 10, version 1709 (also known as the Fall Creators Update) devices by using both Configuration Manager and Intune. It’s a solution that provides a bridge from traditional to modern management and gives you a path to make the transition using a phased approach. For details, see Co-management for Windows 10 devices.
Restart computers from the Configuration Manager console
Beginning with this release, you can use the Configuration Manager console to identify client devices that require a restart, and then use a client notification action to restart them.
Improvements for Run Scripts
This release brings several improvements to the Run Scripts feature, which lets you deploy PowerShell scripts to run on managed devices. This feature was first introduced in version 1706.
- Use Security Scopes to help control who can use Run Scripts
- Real-time monitoring of the scripts you run
- Parameters for the script display in Create Script Wizard, support validation, and are identified as mandatory or optional.
For more on using Run Scripts, see Create and run scripts.
New mobile application management policy settings
The following settings have been added to the mobile application management policy settings:
- Disable contact sync: Prevents the app from saving data to the native Contacts app on the device.
- Disable printing: Prevents the app from printing work or school data.
Software Center no longer distorts icons larger than 250×250
With this release, Software Center will no longer distort icons that are larger than 250×250. Software Center made such icons look blurry. You can now set an icon with a pixel dimensions of up to 512×512, and it displays without distortion.
To add an icon for your app in Software Center, see Create applications.
Operating system deployment
Beginning with the Windows 10, version 1709 (also known as the Fall Creators Update) release, Windows media includes multiple editions. When configuring a task sequence to use an operating system upgrade package or operating system image, be sure to select an edition that is supported for use by Configuration Manager.
Add child task sequences to a task sequence
You can add a new task sequence step that runs another task sequence, which creates a parent/child relationship between the task sequences. This allows you to create more modular task sequences that you can re-use.
To learn more about the child task sequence, see Child task sequence.
Software Center customization
You can add enterprise branding elements and specify the visibility of tabs on Software Center. You can add your Software Center specific company name, set a Software Center configuration color theme, set a company logo, and set the visible tabs for client devices.
For more information, see Plan for and configure application management in System Center Configuration Manager.
Surface driver updates
Beginning with this release, managing Surface driver updates is no longer a pre-release feature.
Limit Windows 10 Enhanced telemetry to only send data relevant to Windows Analytics Device Health
You can now set the Windows 10 telemetry data collection level to Enhanced (Limited). This setting enables you to gain actionable insight about devices in your environment without devices reporting all of the data in the Enhanced telemetry level with Windows 10 version 1709 or later.
For more information, see How to configure client settings in System Center Configuration Manager.
Mobile device management
Actions for non-compliance
You can now configure a time-ordered sequence of actions that are applied to devices that fall out of compliance. For example, you can notify users of non-compliant devices via e-mail or mark those devices non-compliant. For details, see Set up actions for non-compliance.
Windows 10 ARM64 device support
Hybrid mobile device management (MDM) scenarios will be supported on ARM64 devices running Windows 10 when these devices are available.
These scenarios include:
- Enroll devices
- Perform remote full and selective wipe actions
- Manage settings through configuration items and baselines
- Manage compliance policyand conditional access
- Manage access to company resources through:
- Configure Windows Hello for Business policy
- Manage applications
Deploying .appxbundle applications built for multiple architectures may not work on these devices, and this scenario is not supported at this time.
Improved VPN Profile Experience in Configuration Manager Console
With this release, we’ve updated the VPN profile wizard and properties pages to display settings appropriate for the selected platform:
- Each platform has its own workflow, meaning that new VPN profiles contain only the setting supported by the platform.
- The Supported Platformspage now appears after the General You now choose the platform before setting property values.
- When the platform is set to Android, Android for Work, or Windows Phone 8.1, the Supported platformspage is not needed and is not displayed.
- The Configuration Manager client-based workflow has been combined with the hybrid mobile device (MDM) client-based Windows 10 workflows; they support the same settings.
- Each platform workflow includes just the settings appropriate for that workflow. For example, the Android workflow contains settings appropriate for Android; settings appropriate for iOS or Windows 10 Mobile no longer appear in the Android workflow.
- The Automatic VPN page is obsolete and has been removed.
These changes apply to new VPN profiles.
To minimize compatibility risk, existing VPN profiles are unchanged. When you edit an existing profile, the settings appear as they did when the profile was created.
For more information, see VPN Profiles on mobile devices in System Center Configuration Manager.
Limited support for Cryptography: Next Generation (CNG) certificates
Configuration Manager has limited support for Cryptography: Next Generation (CNG) certificates. Configuration Manager clients can use PKI client authentication certificate with private key in CNG Key Storage Provider (KSP). With KSP support, Configuration Manager clients support hardware-based private key, such as TPM KSP for PKI client authentication certificates.
For more information, see CNG certificates overview.
Create and deploy Exploit Guard policies
You can create and deploy policies that manage all four components of Windows Defender Exploit Guard, including attack surface reduction, controlled folder access, exploit protection, and network protection.
Create and deploy Windows Defender Application Guard policy
You can create and deploy Windows Defender Application Guard policies by using the Configuration Manager endpoint protection.
Device Guard policy changes
The following three changes have been made in relation to Device Guard policies:
- Device Guard policies have been renamed to Windows Defender Application Control policies. So, for example, the Create Device Guard policy wizardis now named Create Windows Defender Application Control policy wizard.
- Devices using the Fall Creators Update for Windows version 1709 don’t require a restart to apply the Windows Defender Application Control policies. Restarting is still the default, but you can turn off restarts.
- You can set devices to automatically run softwaretrusted by the Intelligent Security Graph.