New Features in SCCM

What’s New in SCCM

This guide is meant to summarize the latest features you can expect in the SCCM 1702, 1706 and 1710. Most of the information from these features was obtained by summarizing the information contained in Microsoft’s SCCM documentation. (What’s new in version 1710 of System Center Configuration Manager, What’s new in version 1706 of System Center Configuration Manager and What’s new in version 1702 of System Center Configuration Manager)

New Features in SCCM 1702

Operating System Deployment (OSD)

  • Expire stand-alone media (expire date)
  • Package ID displayed in Task Sequence Step
  • Try again when a task sequence fails
  • BIOS to UEFI (MBR2GPT /convert /disk:0 /AllowFullOS)

MDM (Intune Managed Devices)

  • Compliance settings for iOS to match Intune
  • deploy volume-purchased iOS apps
  • Don’t need to specify mobile OS version when creating new policies and profiles for Intune-managed devices
  • Android for Work support
  • New device compliance policy rule is available to help you block access to corporate resources that support conditional access.
  • Deploy Office 365 apps to clients: Use O365 Client Management dashboard

Software Updates

  • “Available for Install” and “Ready for Download” states added.
  • If more than one update applies to environment, only one is downloaded.
  • ‘EasySetupPayload’ folder on your site server is cleaned up automatically.
  • Software Update Point: Use boundary groups to find a new software update point, and can now fallback if theirs isn’t found.

Protect devices

  • Detect outdated antimalware client versions
  • Device health attestation service can now be managed
  • Windows 10 notification informs end users that they must take additional actions to complete Windows Hello for Business setup.

In Console Search

  • Object Path property added
  • search text is saved as you click different nodes


  • Feedback button available (send feedback to Microsoft)
  • Data Warehouse service point added. Holds historical SCCM data.(up to 2TB)
  • Peer Cache: Won’t request from peer if low battery, CPU >80%, Disk I/O exceeds 10
  • Content library cleanup tool cleans up unneeded content from DPs
  • Windows Store for Business Apps: Can deploy apps from the Windows Store for Business to Windows 10
  • Software Deployment: Check for running executable files before install.

New Features in SCCM 1706

MDM (Intune Managed Devices)

  • New Configuration items (Windows 10 Devices)

    • Password (Device Encryption)
    • Device (System time modification)
    • Store (Auto-update apps from store)
    • Microsoft Edge (Default search engine)
  • New device compliance policy rules (Android, iOS)

    • Required password type
    • Block USB debugging on device.
    • Block apps from unknown sources
    • Require threat scan on apps
  • New MAM Policy Settings

    • Block screen capture (Android devices only)
  • Enrollment Restrictions

    • Set users cannot enroll personal Android or iOS devices

Operating System Deployment (OSD)

  • Hardware inventory collects Secure Boot information
  • Collapsible-view task sequence groups
  • Reload boot images with current Windows PE version

Software Updates

  • After failing to reach that SUP for 2 hours, the client then checks its pool of available software update points
  • Manage Microsoft Surface driver updates

Azure AD integration

  • Azure Services Wizard – This Wizard provides a common configuration experience that replaces the individual workflows to set up certain Azure services
  • Use Azure AD to authenticate clients on the Internet to access sites. Azure AD replaces the need to configure and use client authentication certificates. This requires the cloud management gateway site system role.
  • Install and manage the client on Internet PCs. This requires the use of the cloud management gateway site system role.
  • Configure Azure AD User Discovery.

Site Infrastructure / Misc

  • Run PowerShell scripts from the Configuration Manager console (released)
  • Client Peer Cache supports express installation files for Win10 and O365
  • Data Warehouse is no longer a pre-release feature
  • In-Console Updates: CMUpdateReset.exe will reset failed updates.

New Features in SCCM 1710

MDM (Intune Managed Devices)

  • Co-management for Windows 10 1709 (Fall Creators Update) devices
    • Use SCCM and Intune. Provides a bridge from traditional to modern management.
  • New MAM Policy Settings

    • Disable printing
    • Disable contact sync
  • Actions for non-compliance

    • Configure a time-ordered sequence of actions that are applied to devices that fall out of compliance. For example, notify users of non-compliant devices via e-mail, then mark non-compliant
  • Windows 10 ARM64 device support

Operating system deployment (OSD)

  • Add child task sequences to a task sequence

Protect devices

  • Create and deploy Exploit Guard policies

    • Only for Windows 10 1709 Fall Creators Update
    • New set of host intrusion prevention capabilities for Windows 10,
  • Create and deploy Windows Defender Application Guard policy

    • Only for Windows 10 1709 Fall Creators Update
    • If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system.

Site Infrastructure / Misc

  • Restart computers from the console
  • Run PowerShell scripts from the Configuration Manager console (updated features – was released in 1702)
    • Use Security Scopes to define who can run them
    • Real-time monitoring of the scripts
  • Software Center customization: Add enterprise branding elements, specify the visibility of tabs, add company name, set a color theme, set a company logo, and set the visible tabs for client devices

Leave a Comment

Your email address will not be published.