In-Depth
Microsoft's Configuration Manager Team Talks Service Models and Other Plans
Microsoft's System Center Configuration Manager (SCCM) team has been fielding questions, and even providing answers about service models and roadmap plans.
The Q&As came in the form of a recently published FAQ on the SCCM branch update model, as well as a Reddit Ask Me Anything session this week. In the Reddit session, the team was looking to get User Voice forum feedback from SCCM users to help prioritize the future product development.
Microsoft came closest to providing a full description of the new SCCM service-oriented update model in its FAQ. This model kicked off in December 2015 with the release of SCCM 1511 current branch. It was at this time that SCCM started getting frequent updates to align with the release models of Windows 10 and Microsoft Intune. This model has received an "overwhelmingly positive response" from SCCM users, according to the SCCM team.
SCCM Service Model
It turns out that the update lingo used for Microsoft's service-oriented products varies, depending on the Microsoft team. For instance, Windows 10 has current branch releases (CB or monthly releases), current branch for business releases (CBB or releases every four months) and long-term servicing branch releases (LTSB or annual releases).
SCCM, in contrast, just has current branch releases, which get released about three times per year. There is no SCCM CBB release.
To add to this potential confusion, "all Windows branches are supported on the ConfigMgr Current Branch, including CB, CBB and LTSB," Microsoft's FAQ explained. Moreover, each SCCM branch release is supported for 12 months from its release date.
What's not supported for 12 months, though, is critical nonsecurity updates to SCCM. Organizations must be using the latest SCCM branch to continue to receive critical nonsecurity fixes from Microsoft. In other words, skipping an SCCM branch release could have consequences.
SCCM also gets monthly test releases, which are called "technical preview" releases. They can only be used in a lab, though. You can't upgrade a technical preview version to a production version.
Like Windows 10 servicing, IT pros maintaining SCCM have to track and approve service updates. In the case of SCCM, these updates will show up in the Updates and Servicing node of the SCCM console. Neglectful IT pros could end up on a dead service branch, meaning no future updates will arrive. In such cases, their SCCM current branch might not support the latest Window 10 update release.
Microsoft will sometimes release an SCCM update that is a "full media" release, according to the FAQ. It's mostly a perk for new SCCM users and for SCCM upgraders, a Microsoft spokesperson explained, via e-mail. These full media releases are housed in Microsoft's Volume License Service Center, but SCCM users on a current branch don't need the full media version. Full media releases are just handy for those needing "clean installs" of SCCM.
Perhaps one of the important issues addressed by the FAQ is whether previous SCCM updates will support newer Windows 10 builds. Microsoft's answer here seems somewhat complex. There's support for something called "appcompat" and for "new Windows 10 features," but it depends on release timing. Here's how the spokesperson explained it:
Windows 10 support can be broken up into two phases: 1) appcompat and 2) mgmt of new Windows 10 features. As the FAQ notes, appcompat support covers normal mgmt features (e.g., hardware inventory, software inventory, etc.). A specific previously released ConfigMgr current branch build can offer appcompat for a new Windows 10 build. However, for the support of new Windows 10 features, a new ConfigMgr current branch build will be required. For clarity, we use the term "application compatibility" to indicate "everything that you could do before with SCCM to manage Windows."
During the Reddit Ask Me Anything session, I asked the SCCM team if there might be an easier way for IT pros to know which SCCM release would support which Windows 10 release. The team pointed me to the FAQ as well as a TechNet document, but it may be something that Microsoft will address in the future. Here's how "Brian" of the SCCM team characterized it:
We also have our supported configurations document [in addition to the FAQ], but it does not currently break out specific Win10 versions. We'll work on getting that revised but it would be great to see this on User Voice too.
Another Reddit participant asked about how updates work with Office 365 client apps. "If I deploy the 'Current Channel' updates to a collection with computers currently running 'Deferred Channel,' do they get the update, or is it skipped as non-applicable?" Here's how "Prasanna" of the SCCM team explained it:
The applicability checks for the Office 365 updates will look for the appropriate channel and only those updates will be applicable to that machine. For example, if you deploy a "current channel" update to a machine with "deferred channel," it should come back as not applicable.
Other Reddit Session Highlights
The questions and answers in the Reddit Ask Me Anything session were all over the map. Here are just a few highlights.
The team was asked if there's a log available to check when performing an in-place upgrades. "Mark" of the SCCM team said it exists:
Yes, there are logs you can view for in place upgrades. Take a look at the cmupdate.log and hman.log for details on the in-place upgrade.
An accusation was leveled by a Reddit reader that Windows 10 servicing for deploying Windows 10 doesn't work well and is "broken." However, "Vladimir" of the SCCM team denied it:
Windows 10 servicing mechanism is not broken. But Windows 10 upgrade task sequence is a great feature too. Try it out! And we are considering further improvements to both features. Currently offline servicing contains upgrade entries in the list of updates for Windows 10 images. This is bug we are fixing. Currently such items can be selected for servicing but they will be ignored during offline servicing -- so that they are not "toxic." We are improving this by filtering out such entries from the offline servicing entries in the wizard. To do upgrade, use Windows 10 Upgrade task sequence.
The team was asked why the latest Windows 10 Assessment and Deployment Kit (ADK) has to be manually patched with a hotfix. It's because of "internal challenges," but Microsoft is working to address the issue, according to "AaronCz" of the SCCM team:
The available hotfix was actually the quickest path to unblock customers. The next release of the ADK, aligned with the next release of Windows, will not require this hotfix. We also continue to iterate with the ADK team on ways we can better catch issues like these in the future to avoid this all together.
The team was asked if it will add a wake on LAN (WOL) proxy to get around network security requirements. SCCM team member "Djammer" suggested something is in the works:
While there were three ways built into SCCM 2012 for waking up clients -- none of them worked great 100% of time for 100% of customer scenarios. Too complex for customers to use the right one, and they had complex network or hardware dependencies. We are looking at removing the Mac Flapping behavior from the "SleepServer" method for waking up machines -- which I think will get many customers past the current security requirements barrier.
A reader wanted to know if the Microsoft BitLocker Administration and Monitoring (MBAM) tool could be integrated into SCCM and whether more management support was coming for Windows Trusted Platform Modules (TPMs). It's under consideration, according to "Brandon" of the SCCM team:
We've been working with the Windows team to support more TPM scenarios and features that leverage it in Windows 10, including Health Attestation and Windows Hello for Business. As for BitLocker administration, we've got it on our roadmap to consider for tighter integration.
The team was asked about Microsoft's road map for building "true" high availability (HA) support in Configuration Manager. It's part of the team's plans, according to "Djammer":
Yes, we will continue to improve HA for ConfigMgr in current branch. 1602 CB added SQL always on behavior. We are looking at this in the future, to add Siteserver (Primary & CAS) fault tolerance and failover (User Voice item) so that your siteserver can fail over when it goes down. Or use it to do a hardware swap, without using backup and recovery. Or even to move your siteserver up into Azure.
A reader asked if SCCM version 1606 would support SQL Server 2016 and if it might result in improved reporting. It should, according to team member "Rob":
For support of SQL 2016, we are currently testing and mostly looks good. Next release should support SQL 2016. For new functionality like reporting, that's a great request … feel free to upvote!
The Reddit Ask Me Anything had lots more Q&As of note, but it's a sprawling read.
About the Author
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.