What's New in System Center 2012 R2 Configuration Manager SP1
Updated: October 26, 2015
Applies To: System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager SP1
Note
The information in this topic applies only to System Center 2012 Configuration Manager SP2 and System Center 2012 R2 Configuration Manager SP1.
Use the following sections to review information about significant changes in System Center 2012 Configuration Manager SP2 and System Center 2012 R2 Configuration Manager SP1:
Important
System Center 2012 R2 Configuration Manager SP1 contains updates for features that were made available in System Center 2012 R2 Configuration Manager. Updates that are only applicable to System Center 2012 R2 Configuration Manager SP1 are indicated in the section Updates to R2 features.
Sites and Hierarchies
Application Management
Content Management
Operating System Deployment
Reporting
Configuration Manager Company Portal App
Configuration Manager and Microsoft Intune
Updates to R2 features
Sites and Hierarchies
Improvements to automatic client upgrade:
- You can now exclude servers from automatic client upgrade.
For more information about automatic client upgrades, see How to Automatically Upgrade the Configuration Manager Client for the Hierarchy.
You can configure preferred management points for each primary site. Preferred management points are specified like content servers, associated to a boundary when you configure boundary groups. Clients identify preferred management points from their assigned site, and then when communicating with their site, use the management point associated with their network location before using other management points from the site. For more information, see Preferred Management points.
Application Management
When you revise an application, the new revision now inherits all dependencies from the previous revision.
Configuration Manager now lets you create supersedence relationships that can update dependent applications to a newer version. For more information, see How to Use Application Supersedence in Configuration Manager.
Content Management
Remote Differential Compression (RDC) is no longer used for every file during content distribution. As a best practice, it is now only used for files larger than 16KB.
Pull-distribution points now have their own controls for concurrent distribution settings to multiple pull distribution points.
When selecting source distribution points for a pull distribution point, you can now select source distribution points that are configured to only use HTTPS. The display does not identify if the source distribution point is HTTP or HTTPS capable, however, when you select one or more HTTPS source distribution points, you will receive a notice to ensure the pull distribution point supports your PKI infrastructure. Typically, this is accomplished by installing a PKI enabled client on the computer that hosts the pull distribution point.
A new notification warns you when content is distributed to a pull distribution point, and no source distribution point has been configured.
If a failure occurs when transferring content from a source distribution point to a pull distribution point, the pull distribution point downloads only the remaining content from the next distribution point in the source distribution point list. This saves time when transferring large packages and reduces the amount of network bandwidth used.
If a failure occurs when transferring content from the site server to a distribution point, when the transfer resumes is begins at the point where the failure occurred. This reduces use of bandwidth and reduces time to complete the transfer of content you deploy.
For more information, see Content Management in Configuration Manager.
Operating System Deployment
You can now deploy Windows 10 to compatible devices in your hierarchy.
Configuration Manager SP2 uses the Windows Assessment and Deployment Kit (Windows ADK) to deploy an operating system. Before you run setup, you must download and install the Windows ADK on the site server and the provider computer. Whilst the prerequisite for setup is still the Windows 8.1 ADK, Configuration Manager now supports the Windows 10 ADK also.
New filters and workflow when importing drivers and adding drivers to boot images to improve driver management. For more information, see How to Manage the Driver Catalog in Configuration Manager.
Configuration Manager notifies you before you implement a task sequence OS deployment that could cause damage. For more information, see Configuring High-Risk Deployment Settings in Configuration Manager.
You can now configure retry options for when a computer unexpectedly restarts during the Install Application or Install Software Updates task sequence steps. For more information, see Install Application or Install Software Updates.
Role based authentication can now be used for standalone media.
Enhanced audit messages for operating system deployment.
OS Installer Package renamed to OS Upgrade Packages.
Task sequence USB media now supports larger than 32GB.
For more information, see Operating System Deployment in Configuration Manager.
Reporting
You can now specify a start and end date for the Distribution Point Usage Summary report.
The following new reports have been added:
List of noncompliant Apps and Devices for a specified user - Displays information about users and devices that have apps installed that are not compliant with a policy you specified.
Summary of Users who have Noncompliant Apps - Displays information about users that have apps installed that are not compliant with a policy you specified.
List of devices by Conditional Access State - Displays information about the current compliance and conditional access state of devices. You can use this report with conditional access policies.
A new help topic List of Reports in Configuration Manager has been created to help you understand which reports are available.
For more information, see Reporting in Configuration Manager.
Configuration Manager Company Portal App
The Configuration Manager Company Portal app allows users of client Windows 8, Windows 8.1 and Windows 10 devices to view and install applications that you make available. The device must be managed by System Center 2012 R2 Configuration Manager or later, and have the client installed.
Configuration Manager and Microsoft Intune
The following new functionality and changes have been added to help you manage devices that are enrolled with Microsoft Intune from the Configuration Manager console:
You can now manage Windows 10 and Windows 10 mobile devices that are enrolled with Microsoft Intune. All existing Intune features for managing Windows 8.1 and Windows Phone 8.1 devices will work for Windows 10 and Windows 10 Mobile.
You can deploy iOS apps that are free of charge from the app store. You can deploy this installer type as a required install to make it mandatory on managed devices, or deploy it as available to let users download it from the app store.
For more information, see How to Create Applications in Configuration Manager.
Conditional access to Exchange On-premises for mobile devices. Only devices that are enrolled with Intune and compliant with device policy are allowed to access Exchange email. For more information, see Conditional Access for Exchange Email in Configuration Manager.
Conditional access to Exchange Online and SharePoint Online for mobile devices. Only devices that are enrolled with Intune and compliant with device policy are allowed to access Exchange email, or access SharePoint Online files from OneDrive for Business. This feature also introduces new reports that help you identify devices that will be blocked. For more information, see Conditional Access for Exchange Email in Configuration Manager and Conditional Access for SharePoint Online in Configuration Manager.
You can now manage iOS devices purchased through Apple’s Device Enrollment program. This allows for over-the-air management of corporate-owned iOS mobile devices. For more information, see Enroll Corporate-owned iOS Devices Using the Apple Device Enrollment Program (DEP) in Configuration Manager.
You can now remote lock, or reset the passcode on iOS, Android, or Windows Phone 8 and later devices from the Configuration Manager console. For more information, see Help protect your data with remote wipe, remote lock, or passcode reset using Configuration Manager.
Mobile application management (MAM) policies let you modify the functionality of compatible apps that you deploy to help bring them into line with your company compliance and security policies. For example, you can restrict cut, copy and paste operations within a managed app, or configure an app to open all web links inside a managed browser. For more information, see How to Control Apps Using Mobile Application Management Policies in Configuration Manager
Windows Phone 8.1 devices can be enrolled and managed without first uploading a Symantec certificate and a signed Company Portal app. You still have to have a Symantec certificate to side load your own software, but you can send applications that are a link to a store, or a web app to Windows Phone devices using the Company Portal.
Custom settings are used in a mobile device configuration item and let you deploy settings to iOS devices that are not selectable from the Configuration Manager console. You create settings in the Apple Configurator Tool, import these settings into the configuration item, then deploy these to the required devices.
For more information, see Custom Settings for Mobile Devices in Configuration Manager.
Kiosk mode allows you to lock a managed iOS mobile device to only allow certain features to work. For example, you can allow a device to only run one managed app that you specify, or you can disable the volume buttons on a device. These settings might be used for a demonstration model of a device, or a device that is dedicated to performing only one function, such as a point of sale device.
For more information, see Kiosk Mode Settings for Mobile Devices in Configuration Manager.
You can provision personal information exchange (.pfx) files to user’s devices including Windows 10, iOS, and Android devices. Devices can use PFX files to support encrypted data exchange.
For more information, see How to Create PFX Certificate Profiles in Configuration Manager.
System Center Endpoint Protection can be used to manage endpoint protection on Windows 10 technical preview devices with Windows Defender. The endpoint protection agent is included in Windows 10 and does not need to be deployed. Be sure to include malware definitions for Windows Defender in updates for managed devices.
For more information, see Introduction to Endpoint Protection in Configuration Manager.
For System Center 2012 R2 Configuration Manager only: App compliance policies let you create a list of compliant or noncompliant apps in your organization. For Windows Phone 8.1 devices, apps can be blocked from being installed or launched.
For iOS and Android apps, you can use reports to find users and devices with noncompliant apps.
For more information, see App Compliance for Mobile Devices in Configuration Manager
For System Center 2012 R2 Configuration Manager only: Configuration Manager email profiles now support Android Samsung KNOX 4.0 and later.
For more information, see Email Profiles in Configuration Manager.
Updates to R2 features
Important
The information in this section applies only to System Center 2012 R2 Configuration Manager SP1.
System Center 2012 R2 Configuration Manager SP1 includes the following features that were first made available in System Center 2012 R2 Configuration Manager, and which are not available in System Center 2012 Configuration Manager SP2:
Company Resource Access:
Certificate Profiles
Email Profiles
VPN Profiles
Wi-Fi Profiles
Operating System Deployment enhancements:
Run PowerShell Script
Set Dynamic Variables
Check Readiness
Support for Virtual Hard Disks
Client Reassignment between primary sites
View Resultant Client Settings
The following updates are available in System Center 2012 R2 Configuration Manager SP1. and are not available in Microsoft System Center 2012 Configuration Manager SP2.
Configuration Manager email profiles now support Android Samsung KNOX 4.0 and later.
For more information, see Email Profiles in Configuration Manager.
The following Extensions for Microsoft Intune that were released for System Center 2012 R2 Configuration Manager have been integrated into System Center 2012 R2 Configuration Manager SP1. If you previously installed any of these extensions, they will no longer be displayed in the Extensions for Microsoft Intune node of the Configuration Manager console.
iOS 7 and iOS 8 Security Settings Extension
Enterprise Mode Internet Explorer Extension
Windows Phone 8.1 Extension
Conditional Access Extension
Email Profiles Extension
For more information about extensions, see Planning to Use Extensions in Configuration Manager.
You can now associate apps to a VPN connection on devices that run iOS 7 and later. These apps will open the VPN connection when they are launched.
Additionally, VPN profiles now support Android 4.0 and later versions.
For more information, see VPN Profiles in Configuration Manager.