Microsoft Adding 'Real-Time' Device Querying to SCCM

Microsoft said that SCCM version 1806, the latest "semiannual channel" release of Microsoft's device and server management system, will be available in the coming weeks. The update would appear in the SCCM console's Updates and Servicing node once it is released. SCCM is normally released in three semiannual channel (or branch) releases per year by Microsoft. Microsoft launched a new commercial edition of the whole System Center suite of products earlier this month. Get an online sccm training course that will teach you how to operate a wide variety of Windows-based PCs. SCCM provides patch management, remote control, network security, operating system deployment, and other services. The System Center product suite's components are listed as being at version 1807.

CMPivot

The SCCM update 1806 release introduces "CMPivot," a new function for checking the status of devices in "real-time". It can be found on the Device Collections node of the SCCM console. While SCCM provides access to device data for broad reporting, CMPivot is designed to provide immediate access to data via queries with filterable results. It's probably more of a troubleshooting or regulatory compliance tool.

According to a Microsoft paper on CMPivot, it's feasible to use it to verify the firmware update status of devices vulnerable to speculative execution side-channel attacks. Because IT businesses must assure that operating system and firmware (or "microcode") upgrades for various client device processors were deployed, and new speculative execution variants appear every few months, such tracking has become a difficult undertaking for IT organizations. In addition to the CMPivot tool, Microsoft's Windows Analytics and PowerShell tools can be used to evaluate speculative execution side-channel patch compliance.

WSUS Help

Update management has been improved in SCCM Update 1806.

For example, it can assist with the patch management system WSUS. It now has a new WSUS cleanup wizard that would "reject updates that are expired according to the supersedence rules established on the software update point component characteristics," which should help Microsoft's monthly update confusion. The ability of SCCM to subscribe to "third-party" (non-Microsoft) software updates can now be pushed to WSUS.

Tooling and Dashboard Improvements

In the SCCM console, Microsoft has incorporated a new product lifecycle dashboard. It displays the status of the Microsoft Lifecycle Policy for device software, as well as support end dates. "Compliance 9 — Overall compliance and health," a new report on software update compliance, is also available.

A new Cloud Management dashboard has also been added by Microsoft. It displays the Cloud Management Gateway's usage statistics.

The CMTrace utility is now installed automatically with the SCCM client by Microsoft. CMTrace is a tool for analyzing log files. The CMTrace utility is now installed automatically with the SCCM client by Microsoft. CMTrace is a tool for analyzing log files.

This update now includes the Package Conversion Manager utility. According to Microsoft's "What's New" document, it allows IT experts to "transform legacy Configuration Manager 2007 packages into contemporary branch apps."

In addition, when Windows 10 in-place upgrades fail, Microsoft now displays the suggested actions to take. This functionality appears to be a complement to the diagnostic capabilities of the standalone Windows SetupDiag program.

Phased Deployments

With the release of the 1806 update, Microsoft touts the ability to carry out staggered application deployments.SCCM update 1802 introduced this feature as a preview, but it's now considered ready for production use. According to a document description, Microsoft defines phased deployment as automating "a coordinated, staggered release of software across various collections". As per the "What's New" page, these rollouts can be gradual: "Each phase of a phased deployment can now be implemented progressively. "This behavior reduces the burden on the network produced by content distribution to clients, reducing the chance of deployment issues”.

Bandwidth Enhancements

Some bandwidth improvements have been made. One of these is Windows Server 2019's LEDBAT functionality, which claims to only transfer updates when bandwidth is available and end-users are not using them.

Another improvement is the ability to partition peer-to-peer cache material into sections for client updates. The "partial download" feature is intended to reduce the quantity of data delivered over wide area networks.