Features in Configuration Manager technical preview version 2205
Applies to: Configuration Manager (technical preview branch)
This article introduces the features that are available in the technical preview for Configuration Manager, version 2205. Install this version to update and add new features to your technical preview site.
Review the technical preview article before installing this update. That article familiarizes you with the general requirements and limitations for using a technical preview, how to update between versions, and how to provide feedback.
The following sections describe the new features to try out in this version:
Offset for reoccuring monthly maintenance window schedules
Based upon your feedback, you can now offset monthly maintenance window schedules to better align deployments with the release of monthly security updates. For example, using an offset of two days after the second Tuesday of the month, sets the maintenance window for Thursday.
Try it out!
Try to complete the tasks. Then send Feedback from the Home tab of the ribbon letting us know how it worked.
Create a custom schedule that sets maintenance window offset from a base day
- In the Device Collection workspace, create New Collection, and select Properties.
- Select on Maintenance Window and choose New Custom Schedule.
- For the custom schedule, select Monthly and put in a base day such as the second Tuesday.
- Verify the Offset (days) and the number of days for the offset then OK when finished.
- Complete the deployment as usual.
Before using this feature, upgrade the hierarchy to version 2205.
Improvements to cloud management gateway (CMG) workflow
You can now approve the application workflow through email. For the application approvals through email, manually add the CMG URL in the Azure Active Directory app as single page application redirect URI. For more information on how to change the URI, see Create an app registration in Azure AD for your App Service app.
Script execution timeout for compliance settings
You can now define a Script Execution Timeout (seconds) when configuring client settings for compliance settings. The timeout value can be set from a minimum of 60 seconds to a maximum of 600 seconds. This new setting allows you more flexibility for configuration items when you need to run scripts that may exceed the default of 60 seconds.
Microsoft Defender for Endpoint onboarding for Windows Server 2012 R2 and Windows Server 2016
Configuration Manager will now utilize the Windows Server 2012 R2 and Windows Server 2016 unified solution for anti-virus and endpoint detection and response. Starting with this technical preview, devices that are targeted with Microsoft Defender for Endpoint onboarding policy will use the unified agent versus the previous Microsoft Monitoring Agent based solution (where applicable).
This functionality will only apply to clients that are onboarding. Upgrade scenarios will be supported in a future release. If you'd like to test this new functionality, you can offboard and onboard an existing device.
PowerShell release notes preview
These release notes summarize changes to the Configuration Manager PowerShell cmdlets in this technical preview release.
For more information about PowerShell for Configuration Manager, see Get started with Configuration Manager cmdlets.
Use this cmdlet to approve an orchestration group script. For more information, see About orchestration groups in Configuration Manager.
$referenceOG = Get-CMOrchestrationGroup -Name "Orchestratrion group 1" $preScript = $referenceOG | Get-CMOrchestrationGroupScript -ScriptType Pre $preScript | Approve-CMOrchestrationGroupScript -Comment "Approve" Approve-CMOrchestrationGroupScript -ScriptGuid $PreScript.ScriptGuid
Use this cmdlet to deny an orchestration group script. For more information, see About orchestration groups in Configuration Manager.
$referenceOG = Get-CMOrchestrationGroup -Name "Orchestratrion group 1" $preScript = $referenceOG | Get-CMOrchestrationGroupScript -ScriptType Pre $preScript | Deny-CMOrchestrationGroupScript -Comment "Deny" Deny-CMOrchestrationGroupScript -ScriptGuid $PreScript.ScriptGuid -Comment "Deny"
Use this cmdlet to get a script from the specified orchestration group. For more information, see About orchestration groups in Configuration Manager.
$referenceOG = Get-CMOrchestrationGroup -Name "Orchestratrion group 1" $preScript = $referenceOG | Get-CMOrchestrationGroupScript -ScriptType Pre
Use this cmdlet to get the certificates for trusted root certification authorities from the site.
$ci =Get-CMTrustedRootCertificationAuthority $ci =Get-CMTrustedRootCertificationAuthority -ViewDetail
Use this cmdlet to create a client app registration in Azure Active Directory (Azure AD). When you run this cmdlet, it will prompt you to sign in to your tenant. For more information on this app registration, see Manually register Azure AD apps for the CMG.
$serverApp = New-CMAADServerApplication -AppName $appName New-CMAADClientApplication -AppName $name -InputObject $serverApp
Use this cmdlet to create a server app registration in Azure AD. When you run this cmdlet, it will prompt you to sign in to your tenant. For more information on this app registration, see Manually register Azure AD apps for the CMG.
New-CMAADServerApplication -AppName $appName
For more information, see Add-CMManagementPoint.
When you use this cmdlet to enable communication with the cloud management gateway, it now by default configures the management point to support both internet and intranet clients.
For more information, see Get-CMObjectSecurityScope.
You can now use this cmdlet to get the security scope of a specified folder object.
For more information, see New-CMCloudManagementGateway.
Added parameters VMSSVMSize and Version to support creating a cloud management gateway (CMG) using a virtual machine scale set.
For more information, see New-CMComplianceRuleRegistryKeyPermission.
Fixed an issue in OperandDataType property when creating a rule.
For more information, see Set-CMClientSettingComplianceSetting.
Added a new parameter ScriptExecutionTimeoutSecs to extend the script execution timeout value.
For more information, see Set-CMClientSettingComputerRestart.
- Extended the validation range of the parameters CountdownMins and RebootLogoffNotificationCountdownMins to align with the console.
- Added new parameters CountdownIntervalMins and ServerRebootLowRight to align with the console.
- Fixed a property name issue for the parameter NoRebootEnforcement.
The following folder-related cmdlets now support automatic deployment rules:
For more information about installing or updating the technical preview branch, see Technical preview.
For more information about the different branches of Configuration Manager, see Which branch of Configuration Manager should I use?.
Submit and view feedback for