Friday, 8 April 2016

Configuration Manager: in-console upgrade to latest Current Branch

System Center Configuration Manager landing page

As promised, Microsoft have really delivered with the new style in-console upgrade of Configuration Manager. It works seamlessly. I've carried out the upgrade numerous times (both in production and lab) and have only seen minor issues to resolve.

Remember that the first iteration of Configuration Manager was 1511 (released November 2015). Now we have 1602. We've been given many seriously cool new features with this release. For the full list, see What's new in version 1602 of Configuration Manager

The Configuration Manager Team Blog has already provided this summary of the new features.

  • Client Online Status: You can now view the online status of devices in Assets and Compliance. New icons indicate the status of a device as online or offline.
  • Support for SQL Server AlwaysOn Availability Groups: Configuration Manager now supports using SQL Server AlwaysOn Availability Groups to host the site database.
  • Windows 10 Device Health Attestation Reporting: You can now view the status of Windows 10 Device Health Attestation in the Configuration Manager console to ensure that the client computers have a trustworthy BIOS, TPM, and boot software.
  • Office 365 Update Management: You can now natively manage Office 365 desktop client updates using the Configuration Manager Software Update Management (SUM) workflow. You can manage Office 365 desktop client updates just like you manage any other Microsoft Update.
  • New Antimalware Policy Settings: New antimalware settings that can now be configured include protection against potentially unwanted applications, user control of automatic sample submission, and scanning of network drives during a full scan.
  • Windows 10 Servicing: New improvements were added based on your feedback such as filters in servicing plans for upgrades that meet specified criteria, integration with deployment verification and a dialog in Software Center when starting an upgrade.
For Configuration Manager with Intune:
  • Conditional Access for PCs Managed by Configuration Manager: You can now use conditional access capabilities to help secure access to Office 365 and other services on PCs managed with Configuration Manager agent. Conditions that can be used to control access include: Workplace Join, BitLocker, Antimalware, and Software Updates.
  • Windows 10 Conditional Access Enhancements: For Windows 10 devices that are managed through the Intune MDM channel, you can now set and deploy an updated Compliance Policy that includes additional compliance checks and integration with Health Attestation Service.
  • Microsoft Edge Configuration Settings: You can now set and deploy Microsoft Edge settings on Windows 10 devices.
  • Windows 10 Team Support: You can now set and deploy Windows 10 Team configuration settings.
  • Apple Volume Purchase Program (VPP) Support: You can now manage and deploy applications purchased through the Apple Volume Purchase Program for Business portal.
  • iOS App Configuration: You can now create and deploy iOS app configuration policies to dynamically change settings such as server name or port for iOS applications that support these configurations.
  • iOS Activation Lock Management: New capabilities include enabling iOS Activation Lock management, querying for the status, retrieving bypass codes, and performing an Activation Lock bypass on corporate-owned iOS devices.
  • Kiosk Mode for Samsung KNOX Devices: Kiosk mode allows you to lock a managed mobile device to only allow certain apps and features.
  • User Acceptance of Terms and Conditions: You can now see which users have or have not accepted the deployed terms and conditions.
How to Upgrade

Carry out the following tasks before you start (you'll know how to do this by now):
  1. Back up your site
  2. Snapshot the virtual machine
  3. Run TestDBUpgrade
  4. Back up Configuration.mof (it will be overwritten by the upgrade)

Now let's have a look at the upgrade process. Navigate to Administration > Cloud Services > Updates and Servicing.

1602 is available and ready for installation. All subsequent upgrades will also be available here. Note that the upgrades will be cumulative. In the future you will not have to install them all if you don't want to (if you don't need their new features). You can skip a few and install the latest if you wish.

Right click the upgrade and select "Run prerequisite check". This is important to verify that there are no issues before you actually start the upgrade.

The console verifies that Configuration Manager is checking the prerequisites.

Have a look at the CMUpdate.log file. See "Update package will not install as it is marked for prereq check only".

Brilliant. The prerequisite check has not found any issues. So far, in all the upgrades I've done, this has been the case.

Now let's do the upgrade. Choose "Install Update Pack" this time.

The Configuration Manager Updates Wizard is launched. You can see some general information. Click Next to continue.

Some new features are not enabled by default. You can choose to enable them now if you wish. If you don't you can enable them in the console later. I normally just select them all - why not? Make your choices and click Next.

Select your preference for overwriting the Configuration Manager client package. You can overwrite immediately or you can select to have a period of validation first. Continue through the wizard.

Read and accept the license terms.

You're almost there. Confirm the settings on the summary page and click Next to upgrade.

The wizard has completed successfully. This doesn't mean that the upgrade has finished. You've simply started the process.

Monitor the CMUpdate.log for progress.

You can see progress in the Updates and Servicing node.

You can also see progress in the Monitoring > Site Servicing Status node.

Right click the upgrade and select Show Status for more details.

You can see full details of the upgrade steps.

Soon you will see that the upgrade has completed successfully.

Verify that all the components are healthy.

Finally you will get notification that you need to upgrade your consoles. Click OK to install.

That's it. Upgrade has been completed and you can now enjoy the new features. Wasn't that seriously slick and seamless? Remember that this upgrade process will be the same for future in-console upgrades.

I hope this blog post was useful to you. Until next time.....

No comments:

Post a Comment