Sites and Hierarchies
- Improvements to automatic client upgrade:
- You can now exclude servers from automatic client upgrade.
You can configure preferred management points for each primary site. Preferred management points are specified like content servers, associated to a boundary when you configure boundary groups. Clients identify preferred management points from their assigned site, and then when communicating with their site, use the management point associated with their network location before using other management points from the site. For more information, see Preferred Management points.
Application Management
- When you revise an application, the new revision now inherits all dependencies from the previous revision.
- Configuration Manager now lets you create supersedence relationships that can update dependent applications to a newer version. For more information, see How to Use Application Supersedence in Configuration Manager.
- Remote Differential Compression (RDC) is no longer used for every file during content distribution. As a best practice, it is now only used for files larger than 16KB.
- Pull-distribution points now have their own controls for concurrent distribution settings to multiple pull distribution points.
- When selecting source distribution points for a pull distribution point, you can now select source distribution points that are configured to only use HTTPS. The display does not identify if the source distribution point is HTTP or HTTPS capable, however, when you select one or more HTTPS source distribution points, you will receive a notice to ensure the pull distribution point supports your PKI infrastructure. Typically, this is accomplished by installing a PKI enabled client on the computer that hosts the pull distribution point.
- A new notification warns you when content is distributed to a pull distribution point, and no source distribution point has been configured.
- If a failure occurs when transferring content from a source distribution point to a pull distribution point, the pull distribution point downloads only the remaining content from the next distribution point in the source distribution point list. This saves time when transferring large packages and reduces the amount of network bandwidth used.
- If a failure occurs when transferring content from the site server to a distribution point, when the transfer resumes is begins at the point where the failure occurred. This reduces use of bandwidth and reduces time to complete the transfer of content you deploy.
For more information, see Content Management in Configuration Manager.
Operating System Deployment
- You can now deploy Windows 10 to compatible devices in your hierarchy.
- Configuration Manager SP2 uses the Windows Assessment and Deployment Kit (Windows ADK) to deploy an operating system. Before you run setup, you must download and install the Windows ADK on the site server and the provider computer. Whilst the prerequisite for setup is still the Windows 8.1 ADK, Configuration Manager now supports the Windows 10 ADK also.
- New filters and workflow when importing drivers and adding drivers to boot images to improve driver management.
- Configuration Manager notifies you before implementing you implement a task sequence OS deployment that could cause damage.
- You can now configure retry options for when a computer unexpectedly restarts during the Install Application or Install Software Updates task sequence steps. For details, see Install Application orInstall Software Updates.
- Role based authentication can now be used for standalone media.
- Enhanced audit messages for operating system deployment.
- OS Installer Package renamed to OS Upgrade Packages.
- Task sequence USB media now supports larger than 32GB.
For more information, see Operating System Deployment in Configuration Manager.
Reporting
- You can now specify a start and end date for the Distribution Point Usage Summary report.
- The following new reports have been added:
- List of noncompliant Apps and Devices for a specified user - Displays information about users and devices that have apps installed that are not compliant with a policy you specified.
- Summary of Users who have Noncompliant Apps - Displays information about users that have apps installed that are not compliant with a policy you specified.
- List of devices by Conditional Access State - Displays information about the current compliance and conditional access state of devices. You can use this report with conditional access policies.
- A new help topic List of Reports in Configuration Manager has been created to help you understand which reports are available.
For more information, see Reporting in Configuration Manager.
Configuration Manager Company Portal App
The Configuration Manager Company Portal app allows users of client Windows 8, Windows 8.1 and Windows 10 devices to view and install applications that you make available. The device must be managed by System Center 2012 R2 Configuration Manager or later, and have the client installed.
managed by System Center 2012 R2 Configuration Manager or later, and have the client installed.
Configuration Manager and Microsoft Intune
The following new functionality and changes have been added to help you manage devices that are enrolled with Microsoft Intune from the Configuration Manager console:
- You can now manage Windows 10 and Windows 10 mobile devices that are enrolled with Microsoft Intune. All existing Intune features for managing Windows 8.1 and Windows Phone 8.1 devices will work for Windows 10 and Windows 10 Mobile.
- For System Center 2012 R2 Configuration Manager only: The following Extensions for Microsoft Intune that were released for System Center 2012 R2 Configuration Manager have been integrated into System Center 2012 R2 Configuration Manager SP1. If you previously installed any of these extensions, they will no longer be displayed in the Extensions for Microsoft Intune node of the Configuration Manager console.
- iOS 7 and iOS 8 Security Settings Extension
- Enterprise Mode Internet Explorer Extension
- Windows Phone 8.1 Extension
- Conditional Access Extension
- Email Profiles Extension
- You can deploy iOS apps that are free of charge from the app store. You can deploy this installer type as a required install to make it mandatory on managed devices, or deploy it as available to let users download it from the app store.
For more information, see How to Create Applications in Configuration Manager. - New mobile device configuration item settings for Samsung KNOX devices. This adds the same capabilities for Samsung KNOX device to Configuration Manager that exist in Intune, with the exception of kiosk mode. For details, see How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager.
- Conditional access to Exchange On-premises for mobile devices. Only devices that are enrolled with Intune and compliant with device policy are allowed to access Exchange email. For details, seeConditional Access for Exchange Email in Configuration Manager.
- Conditional access to Exchange Online and SharePoint Online for mobile devices. Only devices that are enrolled with Intune and compliant with device policy are allowed to access Exchange email, or access SharePoint Online files from OneDrive for Business. This feature also introduces new reports that help you identify devices that will be blocked. For details, see Conditional Access for Exchange Email in Configuration Manager and Conditional Access for SharePoint Online in Configuration Manager.
- You can now manage iOS devices purchased through Apple’s Device Enrollment program. This allows for over-the-air management of corporate-owned iOS mobile devices.
- You can now remote lock, or reset the passcode on iOS, Android, or Windows Phone 8 and later devices from the Configuration Manager console. For details, see Help protect your data with remote wipe, remote lock, or passcode reset using Configuration Manager.
- Mobile application management (MAM) policies let you modify the functionality of compatible apps that you deploy to help bring them into line with your company compliance and security policies. For example, you can restrict cut, copy and paste operations within a managed app, or configure an app to open all web links inside a managed browser. For details, see How to Control Apps Using Mobile Application Management Policies in Configuration Manager
- For System Center 2012 R2 Configuration Manager only: You can now associate apps to a VPN connection on devices that run iOS 7 and later. These apps will open the VPN connection when they are launched.
Additionally, VPN profiles now support Android 4.0 and later versions.
For more information, see VPN Profiles in Configuration Manager. - Windows Phone 8.1 devices can be enrolled and managed without first uploading a Symantec certificate and a signed Company Portal app. You still have to have a Symantec certificate to side load your own software, but you can send applications that are a link to a store, or a web app to Windows Phone devices using the Company Portal.
- Custom settings are used in a mobile device configuration item and let you deploy settings to iOS devices that are not selectable from the cmshort console. You create settings in the Apple Configurator Tool, import these settings into the configuration item, then deploy these to the required devices.
For more information, see Custom Settings for Mobile Devices in Configuration Manager. - Kiosk mode allows you to lock a managed iOS mobile device to only allow certain features to work. For example, you can allow a device to only run one managed app that you specify, or you can disable the volume buttons on a device. These settings might be used for a demonstration model of a device, or a device that is dedicated to performing only one function, such as a point of sale device.
For more information, see Kiosk Mode Settings for Mobile Devices in Configuration Manager. - You can provision personal information exchange (.pfx) files to user’s devices including Windows 10, iOS, and Android devices. Devices can use PFX files to support encrypted data exchange.
For more information, see How to Create PFX Certificate Profiles in Configuration Manager. - System Center Endpoint Protection can be used to manage endpoint protection on Windows 10 technical preview devices with Windows Defender. The endpoint protection agent is included in Windows 10 and does not need to be deployed. Be sure to include malware definitions for Windows Defender in updates for managed devices.
For more information, see Introduction to Endpoint Protection in Configuration Manager. - For System Center 2012 R2 Configuration Manager only: App compliance policies let you create a list of compliant or noncompliant apps in your organization. For Windows Phone 8.1 devices, apps can be blocked from being installed or launched.
For iOS and Android apps, you can use reports to find users and devices with noncompliant apps.
For more information, see App Compliance for Mobile Devices in Configuration Manager - For System Center 2012 R2 Configuration Manager only: Configuration Manager email profiles now support Android Samsung KNOX 4.0 and later.
For more information, see Email Profiles in Configuration Manager.