7-Zip packages
Advanced tab properties, 512
Environment tab properties, 510
OpsMgr Maintenance Mode tab, 515
Requirements tab properties, 508
Windows Installer tab properties, 513
AADJ (Azure AD Domain Join), 128
accepting risk, defined, 935
access (conditional), 681, 723
ConfigMgr policies
compliance policies, 725, 726–731
conditional access policies, 725
ConfigMgr Current Branch version 1602, 57
corporate resources, 681
deploying, 735
email blocking intervals, 736
configuring conditional access policies, 734–735
evaluating conditional access policies, 733
modern authentication, 732–733
security groups, 733
supported platforms/applications, 732
configuring conditional access policies, 748–749
end-user experience, 750
evaluating conditional access policies, 748
Exchange Server connector, 746–747
supported platforms, 745
user collections, 748
modern authentication, 725
ADAL, 724
features of, 724
Office 365 services, 725
Office applications, 724
states of, 725
security, 938
SharePoint Online, 737
configuring conditional access policies, 739–740
default state, 738
end-user experience, 740
evaluating conditional access policies, 738–739
security groups, 739
Skype for Business Online, 741
configuring conditional access policies, 743–744
evaluating conditional access policies, 743
modern authentication, 742
security groups, 743
supported platforms, 742
accounts
access accounts, 581
install accounts, 581
security (ConfigMgr)
AD discovery/publishing, 967
assigning rights to machine accounts, 964
database connection accounts, 965
Exchange server accounts, 968
infrastructure support, 964–965
OSD, 966
proxy server accounts, 967–968
Remote Tools Permitted Viewer accounts, 968
SMTP server connection accounts, security, 968
software updates, 966
source site accounts, 968
Activation Lock Bypass, 701
activity status of client agents, monitoring, 345–347
AD (Active Directory)
AADJ, 128
Active Directory Forest Discovery, 42
client installations, 152
ConfigMgr configuration, 239
ConfigMgr 2012, 34
Active Directory Group Discovery
client discovery, 334, 335–336
client installations, 152
Active Directory System Discovery
client installations, 150–151, 153
Active Directory User Discovery
client installations, 152, 153
ADModify Tool, 660
architectural planning/design, 121
AD certificate services, 128–130
Azure AD authentication
client agent authentication, 322–323
ConfigMgr cloud connections, 242–243
Azure AD User Discovery, client discovery, 343
certificate services
architectural planning/design, 128–130
deployment profiles, 129
clean AD, need for, 333
client agents, assigning, 345
client installations
Active Directory Forest Discovery, 152
Active Directory System Discovery, 150–151
AD requirements and ConfigMgr installations, 221–222
changing schemas, 111
schema extensions, 110, 111–112
console (ConfigMgr), AD integration, 311–312
delta discovery, client installations, 152–153
domain accounts and SQL Server, 221
Heartbeat Discovery, client discovery, 339–340
Network Discovery, client discovery, 340–341
schema extensions, architectural planning/design, 122–124
security, 936
AD discovery, 967
AD publishing, 967
service location requests, 192
SMS 2.0, 30
SMS 2003, 31
System Discovery, 127
User Discovery, 127
ADAL (Active Directory Authentication Library), 724
Add Driver to Boot Images page (Import Driver Wizard), 882–883
Add Driver to Packages page (Import Driver Wizard), 881–882
Add Site System Roles Wizard, configuring software updates
Proxy and Account Settings page, 581
Proxy page, 579
Software Update Point page, 580–581
Supercedence Rules page, 584
Synchronization Schedule page, 583
Synchronization Source page, 582–583
System Role Selection page, 579–580
address bar (ConfigMgr console), 288
ADDS (Active Directory Domain Services), architectural planning/design, 122
client MP key exchange, 124
custom port configurations, 124
multi-forest considerations, 124–128
workgroup considerations, 124–128
ADM templates and Registry, 321
administration
Administration node (ConfigMgr Current Branch version 1606), 58
Administration workspace (ConfigMgr console), 293
Administrative Console
ConfigMgr 2012, 34
ConfigMgr Current Branch baseline version 1702, 61
applications, installing, 417
ConfigMgr installations, 226, 227–230
ConfigMgr 2012, 33
Config Admins groups, 86
ConfigMgr Current Branch version 1606, Administration node, 58
JEA, 951
packages, deploying with administrative rights, 509–510
ConfigMgr 2012, 34
ConfigMgr 2012 R2, 35
PowerShell and, 941
Remote Control client computer administration, 363–364
role-based administration
console (ConfigMgr), 297
software updates, 571
Schema Admins grouP, 113
security
administrative security reports, 947–948
auditing ConfigMgr actions, 951–953
ConfigMgr access, 949
database access, 951
JEA, 951
security roles, 942–943, 946–947
site system local administration, 950
workstations, 937
site systems, local administration, 950
ADModify Tool, 660
advanced queries, writing, 822–823
WQL
converting queries to SQL, 828
date/time functions in queries, 824–825
limitations in ConfigMgr, 823–824
advanced reporting concepts, 869
Advanced tab properties (programs), 511–512
agents (client)
activity status, monitoring, 345–347
installing
client agent authentication on Azure AD-joined Windows devices, 322–323
group policy installations on Windows devices, 320–321
keychain access, 319
limiting enrollment certificates, 319
logon script installations on Windows devices, 320
manual installations on LINUX computers, 320
manual installations on Mac computers, 318–319
manual installations on UNIX computers, 320
manual installations on Windows computers, 317–318
SUP installations on Windows devices, 321
troubleshooting installations, 330–332
manually pushing, 328
MAP and client agent deployments, 316
hardware requirements, 316
software requirements, 316–317
supported OS, 316
uninstalling, 332
AI (Asset Intelligence) synchronization points, network configuration, 182
AIK (Automated Installation Kit), ConfigMgr upgrades, 257
alerts
client communications, 179
configuring, 302
deleting, 301
managing, 301
viewing, 300
defined, 46
Alerts page
Deploy Software Updates Wizard, software updates, 607
Task Sequence Deploy Software Wizard, 912
Alerts tab properties (collections), 530
All Software Updates node, software updates, 594, 595–597
alternate login ID (Azure), 664
AMSI (Antimalware Scan Interface), 761–762
AMT (Active Management Technology), ConfigMgr Current Branch baseline version 1511, 54
analytics (cloud-based security), 801
Android CI (Configuration Items), 398
Android devices
sideloading application distributions, 478–479
temporary passwords, 700
antimalware
antimalware as a service, 756–757
antirootkits, 758
Application Control, 760
Application Guard, 760
capabilities of, 756
Device Guard, 760
diagnostic scanning, 758
Exploit Guard, 760
Measured Boot, 760
Microsoft’s approach to, 763
Windows 10 antimalware, 760–762
Windows antimalware, 759
Measured Boot, 760
Windows Server 2016 antimalware, 760–762
antirootkits, 758
app configuration policies, 444–445
App Details website, software packaging/deployment, 518
App-V (Application Virtualization)
applications, installing, 466–467
App-V 5/ConfigMgr integration, 465
ConfigMgr 2007, 32
App-V 4.6 DT, creating, 465
using, 468
Apple
App Store, deeplinking application distributions, 485
Apple Configurator tool, iOS device enrollments, 696
applications
sideloading distributions, 480–481
volume license purchases, 446
Enterprise Developer licenses, 480
iOS
Activation Lock Bypass, 701
Apple Configurator tool, enrolling devices, 696
duplicate device names, 688
enabling devices for management, 685–687
encryption, 729
end user experience, 491
enrolling devices, 687–688, 695–696
organization Apple ID, 685–686
iPad, sideloading application distributions, 480–481
iPhone, sideloading application distributions, 480–481
Mac OS
EP, 788
Mac OS X, CI, 384–387, 397–398
organization Apple ID, 685–686
Application Catalog
Application Catalog Web Service Point role (site systems), 39, 133
Application Catalog Website Point role (site systems), 39, 133
application/package deployments, 558–560
ConfigMgr 2012, 34
Applications, 409
App-V
App-V 5/ConfigMgr integration, 465
ConfigMgr 2007, 32
installing applications, 466–467
Application Control, 760
Application Guard, 760
Application Model Kit (SDK), 456
best practices
TS, 456
cloud applications, DSI, 18
ConfigMgr 2012, application management, 34
creating, 415
DSL, 416
PowerShell, 457
Windows Embedded write filters, 456–457
Windows Installer (.msi)-based applications, 416–417
custom detection scripts, 389
deeplinking distributions, 482
Apple App Store, 485
deleting, 453
deploying, 49–50, 415, 548–549, 709–710
ConfigMgr Current Branch version 1610, 61
high-risk deployments, 552–555
monitoring deployments, 565–566
simulating deployments, 555
software installations, 550–552
troubleshooting deployments, 565–566
uninstall applications, 549–550
detection methods
adding to applications, 429–431
creating, 427
creating for Windows Installer applications, 427–428
custom methods, 431
custom methods, creating with PowerShell, 432
custom methods, creating with VBScript, 432–433
App-V DT, App-V 4.6 DT, 465
deeplinking distributions, 482–485
detection methods, 413
Intune enrollment requirements, 412
mobile devices DT, 470
multiple DT, 411
requirement rules, 412–413, 459–460
Windows Installer-based DT, creating, 461–464
Exchange Online supported applications, 732
global conditions, 433
collections versus, 434
creating custom global conditions, 435–439
device global conditions, 434–435
user global conditions, 435
installing
administrator rights, 417
installation wrappers, 455
licenses, purchasing
Apple VPP, 446
Windows Store for Business, 447
manageable applications, 440
managing, 8
ConfigMgr Current Branch baseline version 1511, 55
ConfigMgr Current Branch baseline version 1702, 62
ConfigMgr Current Branch baseline version 1706, 65
ConfigMgr Current Branch version 1602, 57
ConfigMgr Current Branch version 1606, 59
ConfigMgr Current Branch version 1710, 66
modern authentication
ADAL, 724
Office applications, 724
monitoring, 458
Office applications, modern authentication, 724
pool memory and WSUS, 631
properties of, 418
Application Catalog tab, 419–420
Content Locations tab, 427
Distribution Settings tab, 421
General Information tab, 418–419
References tab, 420
Supersedence tab, 427
global conditions, 48–49, 433–439
global expressions, 49
uninstalling software, 411
retiring, 453
SDK, Application Model Kit, 456
sideloading distributions, 471–472
Silverlight-based applications for Windows phone devices, 477–478
Windows 8 applications, 472–477
Windows 8.1 applications, 472–477
Windows 10 applications, 472–477
superseding, 452
synchronizing from Windows Store for Business, 492
uninstalling applications
volume license purchases
Apple VPP, 446
Windows Store for Business, 447
VPN profiles, 482
web applications, creating, 490–491
Windows Installer applications, creating detection methods for, 427–428
Windows Installer (.msi)-based applications, creating, 416–417
Windows source management, 423–426
wrapping applications, 440, 712
APT (Advanced Persistent Threats), 934
architectural planning/design
AD certificate services, 128–130
ADDS, 122
client MP key exchange, 124
custom port configurations, 124
multi-forest considerations, 124–128
workgroup considerations, 124–128
availability, 145–146, 168–169
backups
unsupported backups, 170
boundaries/boundary groups, 135–136, 137–138
business requirements, 118–119
compliance/regulatory issues, 119
cost controls, 119
service availability/delivery, 119
user experience, 119
clients
discovery/installation, 148–152
planning settings, 153, 157–158
simple/full schedules, 157–158
cryptographic controls, 129
environmental assessments, 121, 122
AD, 121
cloud computing, 121
datacenters, 121
dependent IT teams, 121
device types, 121
enterprise storage, 122
IT service delivery process, 121
monitoring, 122
network topologies, 121
organizational structure, 121
OS, 121
server infrastructures, 121
server management, 122
SLA, 121
virtualization, 121
external device management, 159
hierarchical planning, 130–135
IT requirements, 120
cloud consumption/adoption, 120
desktop OS supportability, 120
IT security, 120
service availability, 120
meeting availability requirements, 145–146
recoverability management, 168–169
restorability management, 168–169
scope of delivery, 122
site capacity planning, 141–144
ConfigMgr scalability, 144
ConfigMgr servers in Azure, 142–143
updates, continuous updates, 164
ARP (Address Resolution Protocol) caches and WOL, 366–367
ASD (Australian Signals Directorate), 935
assessments
MAP, client agent deployments, 316
Vulnerability Assessments, 376
DISM, 876
WinPE, 875
WSIM, 875
Asset Intelligence Synchronization Point role (site systems), 40, 132
Assets and Compliance workspace (ConfigMgr console), 290
assigning
rights to machine accounts, 964
ATP (Advanced Threat Protection), Windows Defender, 801–802
capabilities of, 802
configuring, 803
attacks
eavesdropping (sniffer-based) attacks, 960
execution attacks, 954
fingerprinting attacks, 954
identity-based attacks, 954
misdirection attacks, 960
MITM attacks, 960
spoofing attacks, 960
surfaces, reducing (security), 955
auditing
clients, 279
Remote Control, 364
authentication
ADAL, 724
authentication required errors, 204
Azure AD authentication, ConfigMgr cloud connections, 242–243
client agents, authentication on Azure AD-joined Windows devices, 322–323
databases, accessing, 951
modern authentication, 725
ADAL, 724
features of, 724
Office 365 services, 725
Office applications, 724
Skype for Business Online, 742
states of, 725
turning on (order of), 742
Automatic Deployment Rule Wizard, deploying software updates, 609–610
Deployment Settings page, 611
Evaluation Schedule page, 612
General page, 610
automation
AIK, ConfigMgr upgrades, 257
automatic site-wide client pushing on Windows devices, 326–327
ConfigMgr client automation via WMI, 98–100
desktop deployments, 11
DSI, 18
lack of, 13
regulatory compliance, 11
resource provisioning, 13
security, 11
server deployments, 11
AutoPilot, client installations, 150
auto-remediation, Compliance Settings, 404
availability
CIA triad, defined, 934
architectural planning/design, 145–146, 168–169
site server/site system planning
ConfigMgr, 140
site servers, 139
site systems, 139
avoiding risk, defined, 935
Azure (MS)
Azure AD
authentication, cloud connections, 242–243
client agent authentication, 322–323
features of, 660
single identity across cloud services, 654
Windows 10 connections, 690–692
Azure AD Connect
dedicated servers and Azure AD installations, 662
minimum hardware requirements, 661–662
Windows Server and, 661
Azure AD User Discovery, 343
Azure Portal, Intune management, 654–655
CMG
deployments, ConfigMgr installations, 245
logs, 1012
authentication, cloud connections, 242–243
migration, online resources, 264
server site capacity planning, 142–143
domain names, 654
EMS, 653
ExpressRoute, 143
Intune management, Azure Portal, 654–655
user identities, 655
cloud identities, 655
federated identities, 656
login ID (alternate), 664
synchronized identities, 656
architectural planning/design
unsupported backups, 170
CD.Latest folders, 973–974, 975–976
choosing
backup location, 972
backup method, 971
customizing, ConfigMgr maintenance task backups, 974
overwriting, 973
source files, 981
SQL database backups, 970, 974–975
backup folder structure, 979–980
SQL Server backups, 171
SSRS, 981
unsupported backups, architectural planning/design, 170
WSUS, database backups, 989
bandwidth
BITS, 195
configuring for content distribution
file replication routes, 538
latency and, 181
network configuration, 181
secondary sites, 39
baselines
ConfigMgr
builds, 218
upgrades, 257
configuration baselines, 374, 375–376
definition updates, definition rebase process, 773
mobile devices, creating for, 701–705
BIOS-to-UEFI conversions, ConfigMgr Current Branch version 1610, 61
BITS (Background Intelligent Transfer Service), 193–194
bandwidth, 195
BITS 2.5, 194
BITS 3.0, 194
BITS 4.0, 194
BITS 5.0, 194
client settings, 349
ConfigMgr client settings, 196
conflicting settings, 196
content transfers, 52
GPO and, 350
IGD statistics, 195
online resources, 194
versions of, 194
blocking/unblocking clients, 328
blogs, online resources, 1043–1044
BM (Behavior Monitoring), 758–759
boot images
command-line support, 921
Import Driver Wizard, Add Driver to Boot Images page, 882–883
bootable media, OSD deployments, 915–917
boundaries/boundary groups
architectural planning/design, 135–136, 137–138
ConfigMgr 2012, 34
ConfigMgr Current Branch baseline version 1702, 62
ConfigMgr configuration, 239–241
ConfigMgr Current Branch version 1610, 60
IP address ranges and, 206
linking between new and default boundary groups, 208
network configuration, 205–208
online resources, 208
overlapping boundaries, 206
site assignment boundary groups, 240–241
BranchCache
client settings, 350
DP
content management, 146
network configuration, 197–200
WAN optimization, 53
bundle updates, 649
business requirements
architectural planning/design, 118–119
compliance/regulatory issues, 119
cost controls, 119
service availability/delivery, 119
user experience, 119
CA certificates (trusted), 714
capacity planning, software updates, 571
capture media, OSD deployments, 917
CAS (Central Administration Site), 37–38, 131
complexity of, 38
ConfigMgr 2012, 33
ConfigMgr installations, 226, 227–230
scalability, 38
cascading updates, collections, 529
ccmexec.exe (SMS Agent Host), 74
CD.Latest files/folders
ConfigMgr updates, 253
CDs, Stand-Alone CD/DVD page (Create Task Sequence Media Wizard), 914
central sites. See CAS
certificates
AD certificate services
architectural planning/design, 128–130
deployment profiles, 129
issuing, costs of, 130
PFX certificates, 714
profiles
security, 938
requests, manually reviewing, 130
self-signed certificates and WSUS, 635
trusted CA certificates, 714
CI (Configuration Items), 374–375
Android CI, 398
supported platforms, 395
mobile devices
Samsung Knox CI, 398
Windows 8.1 CI, 396
Windows desktop/server CI, 387, 388–391
Windows Phone CI, 397
CIA (Confidentiality, Integrity, Availability) triad, defined, 934
CIDR (Classless Interdomain Routing), architectural planning/design, 136–137
CIM (Common Information Model)
online resources, 83
CIS (Center for Internet Security), 935
classes, WMI object model, 81–82
Classifications page (Add Site System Roles Wizard), configuring software updates, 584–585
classifying upgrades, 585
Client Control Panel applet, obtaining on-demand results, 403
client experience, software updates, 623
client MP key exchange, ADDS and architectural planning/design, 124
clients, 315
agents, 317
activity status, monitoring, 345–347
client agent authentication on Azure AD-joined Windows devices, 322–323
group policy installations on Windows devices, 320–321
hardware requirements, 316
keychain access, 319
limiting enrollment certificates, 319
logon script installations on Windows devices, 320
manual installations on LINUX computers, 320
manual installations on Mac computers, 318–319
manual installations on UNIX computers, 320
manual installations on Windows computers, 317–318
manually pushing, 328
MAP and client agent deployments, 316
software requirements, 316–317
SUP installations on Windows devices, 321
supported OS, 316
troubleshooting installations, 330–332
uninstalling, 332
App-V clients, installing, 466–467
architectural planning/design
planning settings, 153, 157–158
simple/full schedules, 157–158
auditing, 279
BITS and ConfigMgr client settings, 196
blocking/unblocking clients, 328
CI
Android CI, 398
Samsung Knox CI, 398
Windows 8.1 CI, 396
Windows desktop/server CI, 387, 388–391
Windows Phone CI, 397
client-to-server communication security, 961
co-management (client-side), monitoring, 1021
communication (network configuration)
communication from clients, 178–179
communication security, 208
communication to clients, 177–178
designing client communications, 190–192
ports and client communications, 190–192
communication methods (ConfigMgr), 73
complex schedule, 373
Compliance Settings, client status messages, 406–407
ConfigMgr
databases, client settings, 104–105
deploying
architectural planning/design, 147–148
ConfigMgr Current Branch baseline version 1511, 54
Active Directory Forest Discovery, 333–334
Active Directory Group Discovery, 334, 335–336
Active Directory System Discovery, 337–338
Active Directory User Discovery, 336–337
architectural planning/design, 148–152
Azure AD User Discovery, 343
EP clients
FSP and client installations, 247
hiding software deployments, 508
IBCM
architectural planning/design, 159–163
client roaming behavior, 162
importing into ConfigMgr (manually), 341–343
installing
Active Directory Group Discovery, 152
Active Directory System Discovery, 150–151, 153
Active Directory User Discovery, 152, 153
architectural planning/design, 148–152
AutoPilot installations, 150
group policy installations, 149
Intune MDM-managed devices, 150
logon/startup script installations, 149–150
manual installations, 149
push installations, 148
upgrading installations, 150
client upgrades (automatic), 328–330
coexisting ConfigMgr solutions, 270
ConfigMgr configuration, 238
ConfigMgr Current Branch version 1602, 57
ConfigMgr Current Branch version 1610, 61
ConfigMgr Current Branch version 1710, 66
installing client agents, 317–323
MAP and client agent deployments, 316
Office 365 client management dashboard, 61
security, 937
uninstalling client agents, 332
network configuration
client locations, 174–175, 178
communication from clients, 178–179
communication security, 208
communication to clients, 177–178
designing client communications, 190–192
ports and client communications, 190–192
notifications, 154
Computer Agent settings, 154
Computer Restart settings, 154–155
Hardware Inventory settings, 155
Remote Tools settings, 155
Software Deployment settings, 156
Software Inventory settings, 156
policy signing, 129
on-premise MDM, client configuration, 720
pushing, 324
automatic site-wide client pushing on Windows devices, 326–327
blocking/unblocking clients, 328
enabling on Windows devices, 325–326
manually pushing client agents, 328
queries, defined, 46
Remote Control
client computer administration, 363–364
Remote Assistance, 364
Remote DesktoP, 364
Remote Tools device settings, 357–359
scanning, troubleshooting, 631–632
security, client-to-server communication security, 961
BITS, 349
client cache settings device settings, 350
client policy device settings, 350–351
cloud services device settings, 351
compliance settings device settings, 351
Computer Agent device settings, 351–354
Computer Restart device settings, 354
custom schedules, 348
Endpoint Protection device settings, clients, 354
enrollment device and user settings, 354
hardware inventory device settings, 355–357
Metered Internet Connection device settings, clients, 357
modifying, 349
Power Management device settings, 357
simple schedules, 348
Software Deployment device settings, 359
Software Inventory device settings, 359–360
Software Metering device settings, 360–361
Software Updates device settings, 361
state messaging device settings, 361–362
User and Device Affinity device settings, 362
Windows Analytics device settings, 362
signed client data, client communication security, 208
simple schedules, 373
Software Center device settings, 359
upgrading automatically, 328–330
WOL, 365
configuring, 366
magic packets, 365
prerequisites, 365
Wake-up proxies, 367
cloud computing
architectural planning/design, 120, 121
Azure AD
authentication, ConfigMgr cloud connections, 242–243
single identity across cloud services, 654
cloud identities, 655
cloud services device settings and clients, 351
cloud-based protection (Windows Defender), 759
CMG
ConfigMgr installations, 245
ConfigMgr Current Branch version 1610, 60
ConfigMgr installations
Azure AD authentication, 242–243
OMS Connectors, 244
Upgrade Readiness, 244
DSI and, 18
examples of, 10
security analytics, 801
systems management, 13
CMG (Cloud Management Gateway)
ConfigMgr installations, 245
ConfigMgr Current Branch version 1610, 60
logs, 1012
CMTrace Log File Reader, 227, 999–1000
CNAME records, Intune environment preparation, 658
co-management
choosing where to start, 1016–1017
configuring, 1017
defined, 1015
monitoring client-side co-management, 1021
moving workloads from ConfigMgr to Intune, 1020–1021
need for, 1016
collecting data
collection data classes (SQL views), 850
security, 932
Collection Variables tab properties (collections), 530
collections
ConfigMgr 2012, 34
device collections, creating, 404
direct (static) rules, 525–526
DP groups, associating collections with, 535–536
global conditions versus, 434
include/exclude rules, 527–528
mobile device collections, creating, 713–714
primary sites
collection membership delays, 526
replicating across primary sites, 524
prompted values (queries), 817–818
properties, modifying, 529–530
query results, creating collections based on query results, 837
security scopes, 943
updates, 528
cascading updates, 529
full updates, 528
manual updates, 528
user collections and Intune, 666
communication
client communications, 73
external communication, network configuration, 182
HTTPS, network communication, 182
intersite communication, network configuration, 182–183
intrasite communication, network configuration, 179
network configuration
AI, 182
alerts, 179
bandwidth, 181
client communication security, 208
communication from clients, 178–179
communication to clients, 177–178
designing client communications, 190–192
downloading software updates, 182
external communication, 182
HTTPS, 182
intersite communication, 182–183
intrasite communication, 179
latency, 181
messages, 179
ports and client communications, 190–192
SCP, 182
SMB communication, 181
SQL Server communication, 179–180
SUP, 182
RPC communication, network configuration, 180–181
client-to-server communication security, 961
server-to-server communication security, 962
site-to-site communication security, 962
SQL Server communication
network configuration, 179–180
security issues, 180
company devices, managing, 695
company logos, Intune subscriptions, 670–671
company resource access workspace, mobile devices and, 714
complex schedule, client settings, 373
architectural planning/design, 119
Assets and Compliance workspace (ConfigMgr console), 290
Android CI, 398
Samsung Knox CI, 398
Windows 8.1 CI, 396
Windows desktop/server CI, 387, 388–391
Windows Phone CI, 397
Client Control Panel applet, on-demand results, obtaining, 403
client status messages, 406–407
compliance strategies, developing, 402
ConfigMgr Current Branch baseline version 1511, 56
ConfigMgr Current Branch baseline version 1706, 65
ConfigMgr Current Branch version 1602, 57
ConfigMgr Current Branch version 1606, 59
ConfigMgr Current Branch version 1610, 60, 61
configuration baselines, 52, 374, 375–376
configuration drift, 372
configuration items, 52
custom detection scripts, 389
device settings, clients, 351
on-demand results, obtaining, 402
Client Control Panel applet, 403
scripting client evaluations, 403–404
logs, 406
policies (ConfigMgr), 725, 726
supported compliance settings, 726
pre/post-change validation, 372
regulatory compliance, 371–372
remediation, 404
Remote Connection Profiles, 374, 377–378
security, 938
software updates, 570
strategies, developing, 402
supported platforms, 395
time to resolution, 372
troubleshooting, settings management, 406–407
User Data and Profiles, 374, 377
Component Server role (site systems), 39
compressed.zip files, importing/exporting, 545
Computer Agent settings
client notifications, 154
device settings, clients, 351–354
Computer Restart settings
device settings, clients, 354
concurrent threads, defined, 40–41
ConfigMgr policies
compliance policies, 725, 726–731
conditional access policies, 725
ConfigMgr Current Branch version 1602, 57
deploying, 735
email blocking intervals, 736
configuring conditional access policies, 734–735
evaluating conditional access policies, 733
modern authentication, 732–733
security groups, 733
supported platforms/applications, 732
configuring conditional access policies, 748–749
end-user experience, 750
evaluating conditional access policies, 748
Exchange Server connector, 746–747
supported platforms, 745
user collections, 748
modern authentication, 725
ADAL, 724
features of, 724
Office 365 services, 725
Office applications, 724
states of, 725
security, 938
SharePoint Online, 737
configuring conditional access policies, 739–740
default state, 738
end-user experience, 740
evaluating conditional access policies, 738–739
security groups, 739
Skype for Business Online, 741
configuring conditional access policies, 743–744
evaluating conditional access policies, 743
modern authentication, 742
security groups, 743
supported platforms, 742
confidentiality (CIA triad), defined, 934
Config Admins groups, 86
ConfigMgr Current Branch
baseline builds, 218
co-management
configuring, 1017
defined, 1015
Current Branch baseline version 1511
AMT, 54
application management, 55
client deployments, 54
compliance settings, 56
in-console updates, 54
data protection, 56
Intune, 56
MDM, 56
online resources, 54
OS deployments, 55
SCP role (site systems), 54
site infrastructure protection, 56
software updates, 55
Usage Data Collection, 54
Windows Hello for Business, 56
Windows Installer, 55
Windows Store, 55
Current Branch baseline version 1702
Administrative Console, 61
application management, 62
boundaries/boundary groups, 62
console (ConfigMgr), 62
Content Library cleanup tool, 62
Data Warehouse Service Point role, 62
device protection, 64
Peer Cache, WAN optimization, 62
services, 62
updates, 62
Windows Hello for Business, 64
Current Branch baseline version 1706
application management, 65
compliance settings, 65
OS deployments, 65
site infrastructure changes, 64–65
software updates, 66
moving workloads from ConfigMgr to Intune, 1020–1021
deprecated features
ConfigMgr Current Branch baseline version 1702, 67–68
ConfigMgr Current Branch baseline version 1706, 67–68
ConfigMgr Current Branch version 1710, 67–68
online resources, 68
ConfigMgr 2012 R2, 35
SMS 1.x, 30
SMS 2.0, 30
adding Intune subscriptions, 666–672
adding service connection points, 672–673
configuring platforms, 672
licensing users, 664
user collections, 666
client management in coexisting solutions, 270
configuring active source sites, 271–272
configuring child sites for data gathering, 272–273
configuring ConfigMgr Migration User Accounts, 271
dependency configuration, 270
hierarchy installation/configuration, 267–268
migrating by features/dependencies, 270
migration reports, 278
object migration jobs, 273–275
objects modified after migration jobs, 273, 275–277
performing a migration, 270–278
premigration activities, 267–269
preparing old sites for migration, 268
shared DP, 277
shared infrastructures, 270
source/destination sites, 268–269
troubleshooting migrations, 280
upgrades versus migration, 263–264
validating old sites are supported, 268
virtual servers, 264
mobile devices
enabling devices for management, 682
enabling devices for management, Android devices, 682–683
enabling devices for management, iOS devices, 682–683
enabling devices for management, Windows Phone devices, 688–689
access, 949
AD discovery, 967
AD publishing, 967
auditing ConfigMgr actions, 951–953
certificate profiles, 938
conditional access, 938
database connection accounts, 965
EP, 938
Exchange server accounts, 968
infrastructures, 954
OSD, 966
patch management, 938
proxy server accounts, 967–968
Remote Tools Permitted Viewer accounts, 968
SMTP server connection accounts, 968
software updates, 966
source site accounts, 968
terminology, renaming, 614–615
troubleshooting, online resources, 220
CD.Latest files, 253
online resources, 67
AIK, 257
baseline support, 257
finding supported overlaP, 257–258
migration versus upgrades, 263–264
performing an upgrade, 258–262
preparing for an upgrade, 257–258
SQL Server support, 257
SQL Server test upgrades, 258
Windows OS support, 257
version 1602
application management, 57
client management, 57
compliance settings, 57
conditional access, 57
software updates, 57
SQL Server AlwaysOn availability groups, 56
Windows 10 servicing, 57
version 1606
accessibility, 58
Administration node, 58
application management, 59
compliance settings, 59
device configuration/protection, 60
DP updates, 58
MDM, 58
OS deployments, 59
pre-release features, 58
remote control, 60
software updates, 59
Updates and Servicing node, 58
application deployments, 61
BIOS-to-UEFI conversions, 61
boundaries/boundary groups, 60
client management, 61
CMG, 60
Peer Cache, WAN optimization, 60
policy synchronization, Intune, 60
Software Center, 61
software updates, 61
Windows Defender, 60
version 1710
application management, 66
client management, 66
device protection, 67
MDM, 67
OSD, 67
site infrastructure changes, 66
Software Center, 67
Windows Telemetry, 67
WAN optimization, 53
Windows 10, support, 7
ConfigMgr 2007, 32
App-V, 32
CSR, 32
delta discovery, 33
dynamic collection updates, 33
Forefront Endpoint Protection 2010, 33
growing complexity of, 33
native mode (security), 32
OOB management, 32
OSD, 32
performance, 33
PKI, 32
prestaged media, 33
security, 32
SSRS, 32
ConfigMgr 2012, 33
Active Directory Forest Discovery, 34
administrative console, 34
Application Catalog, 34
application management, 34
boundaries/boundary groups, 34
CAS, 33
client assignments, 34
client settings, 34
collections, 34
discovery, 34
DP, 35
fallback sites for client assignments, 34
IBCM, 34
MP, 34
OSD, 35
RBA, 34
Software Center, 34
SSRS (SQL Server Reporting Services), 35
ConfigMgr 2012 R2, 35
ConfigMgr Current Branch, new capabilities, 7–8
content management, 35
OSD, 35
profile management, 35
RBA, 35
ConfigMgr Agents. See clients
ConfigMgr RP (Reporting Point), 843–845
configuration baselines
configuration items (compliance), 52
configuring
app configuration policies, 444–445
Apple Configurator tool, iOS device enrollments, 696
baselines
co-management, 1017
conditional access policies
Skype for Business Online, 743–744
ConfigMgr
Active Directory Forest Discovery, 239
boundaries/boundary groups, 239–241
client management, 238
initial configurations, 238–241
reporting functionality, 238
configuration drift, 372
in-console alerts, 302
DCM. See compliance settings
dependencies, ConfigMgr migration, 270
devices, ConfigMgr Current Branch version 1606, 60
DP, monitoring configuration status, 542
file replication
rate limit configuration, 186–187
route configuration, 185
hierarchies, ConfigMgr migration, 267–268
mobile devices, 701
networks
AI, 182
bandwidth, 181
boundaries/boundary groups, 205–208
client communication security, 208
client locations, 174–175, 178
communication from clients, 178–179
communication to clients, 177–178
data flows, 177
designing client communications, 190–192
downloading software updates, 182
enrollment proxy points, 175
external communication, 182
intersite communication, 182–183
intrasite communication, 179
latency, 181
ports and client communications, 190–192
SCP, 182
service location requests, 192–196
SMB communication, 181
SQL Server communication, 179–180
SQL Server replication, 187–190
SUP, 182
testing DNS resolution, 211–212
troubleshooting, 209
troubleshooting, basic network connectivity, 209–211
troubleshooting, congested/slow network links, 214
troubleshooting, firewall ports, 212–214
troubleshooting, routers, 212–214
Peer Cache, network configuration, 201–203
PowerShell scripts, 457
RCM, 74
software, complex software installations/configurations with TS, 448
software updates, 577
client-side components, 588–590, 591–594
server-side components, 577–588
Windows Defender ATP, 803
WOL, 366
congested/slow network links, troubleshooting, 214
consistency in reports/dashboards, creating, 854–855
address bar, 288
Administration workspace, 293
configuring, 302
deleting, 301
managing, 301
viewing, 300
Assets and Compliance workspace, 290
ConfigMgr Current Branch baseline version 1511, in-console updates, 54
ConfigMgr Current Branch baseline version 1702, 62
ConfigMgr Current Branch version 1610, in-console updates, 60
defined, 44
deploying, 294
console placement, 294
installation prerequisites, 295
installing with ConfigMgr Setup Wizard, 295–296
SMS Providers and console deployments, 294
supported platforms, 294
unattended installations, 296–297
Details pane, 287
displaying content, 297
List pane, 287
logs, 1001
monitoring scripts, 458
Navigation pane, 286, 287, 298–299
OSD and, 878
role-based administration, 297
search bar, 288
site connections, 298
validating ConfigMgr installations, 237–238
resetting, 299
permissions
SMS Provider permissions, 308
WMI permissions, 309–310, 312–313
troubleshooting, 311
common problems, 313
connectivity issues, 313
content distribution and OSD, 905–907
Content Library cleanup tool, ConfigMgr Current Branch baseline version 1702, 62
redistributing content, 980
Content Locations tab properties
applications, 427
packages, 503
content management
architectural planning/design, 146–147
ConfigMgr 2012 R2, 35
content libraries, 51
defined, 50
DP
defined, 50
DP groups, 50
SMSPKG folders, 51
content replication
configuring
routes, 185
DDR, 183
FSP, 183
network configuration, 183–187
Pulse Mode, 186
routes, distributing content, network bandwidth configuration, 538
Scheduler Thread, 183
secondary site data, 183
Content tab properties (DT), 422
content transfers via BITS, 52
continuous updates, architectural planning/design, 164
converting
BIOS-to-UEFI, ConfigMgr Current Branch version 1610, 61
WQL to SQL, 828
coordinating, software updates, 570
copying files
configuring
routes, 185
DDR, 183
FSP, 183
network configuration, 183–187
Pulse Mode, 186
routes, distributing content, network bandwidth configuration, 538
Scheduler Thread, 183
secondary site data, 183
corporate resources, conditional access, 681
costs
certificates, costs of issuing, 130
cost controls, architectural planning/design, 119
Create Task Sequence Media Wizard
Customization page, 915
Distribution Points page, 914–915
Security page, 914
Stand-Alone CD/DVD page, 914
CRL (Certificate Revocation List), checking, 959–960
cryptography
attacks, 933
cryptographic controls, 959, 960
architectural planning/design, 129
client policy signing, 129
custom update signing, 129
inventory signing, 129
online resources, 208
site-to-site communication, 129
CSR (Client Status Reporting), ConfigMgr 2007, 32
custom CI (Configuration Items)
OMA-URI (Custom CI example), 705, 706–707
custom domains, Intune environment preparation, 656–658
custom ports, client communications, 190–191
custom schedules, client settings, 348
custom updates, SCUP, 645–647, 649
Customization page (Create Task Sequence Media Wizard), 915
customizing
dashboards
adding tables to dashboards, 861–863
consistency in dashboards, 854–855
Toolbox menu (SSDT-BI), 860–861
Intune Service Dashboard, 678
previewing, 863
deploying entire projects, 868
manually adding dashboards to SSRS, 864–866
from SSDT to SSRS website, 866–868
software updates, ConfigMgr Current Branch version 1610, 61
Windows 10 servicing dashboard, 617–619
Data Access tab properties (packages), 500–501
data collection
ConfigMgr Current Branch baseline version 1511, 54
security, 932
data flows, network configuration, 177
data security, diagnostic usage data, 932
Data Source tab properties (packages), 499–500
data sources, creating for reports, 858–859
Data Warehouse Service Point role
ConfigMgr Current Branch baseline version 1702, 62
site systems, 133
databases
accessing, 951
authentication, 951
changing, 103
hardware inventories, 104
schema of, 102
site-to-site replication, 107–108
SQL Server Management Studio and, 102–103
status messages, 106
tables, 102
views, 102
connection account security, 965
security
connection accounts, 965
shared WSUS databases, 574
site capacity planning, architectural planning/design, 142
site database recovery options, 983
Site Database Server role (site systems), 39
Site Database tier (ConfigMgr), 70
site databases
meeting availability requirements, 145
SQL database backups, 970, 974–975
backup folder structure, 979–980
WSUS, 782
database backups, 989
re-indexing databases, 990–991
datacenters, architectural planning/design, 121
datasets, creating for reports, 859–860
date/time functions in WQL queries, 824–825
DCM (Desired Configuration Manager). See Compliance Settings
DCOM (Distributed COM), 77, 308–309
DDRs (Data Discovery Records), file replication, 183
dedicated servers and Azure AD installations, 662
deeplinking, application distribution, 482
Apple App Store, 485
defense in depth (layered security model), 936
definition files, 494–495, 495
definition updates, 765, 771–772
architecture of, 772
ConfigMgr software update management source, 773–780
definition rebase process, 773
file shares (UNC) source, 782–783
MMPC updates, 780
WSUS and Microsoft Update sources, 780–782
deleting
applications, 453
in-console alerts, 301
Intune
extensions, 674
subscriptions, 674
delivery, scope of (architectural planning/design), 122
delta discovery, 334
ConfigMgr 2007, 33
DEM (Device Enrollment Manager), 697
DEP (Device Enrollment Program), 695–696
dependencies
ConfigMgr migration, dependency configuration, 270
Dependencies tab properties (DT), 426
Deploy Software Updates Wizard, software updates
Alerts page, 607
Deployment Settings page, 604
Download Settings page, 608–609
Scheduling page, 605
User Experience page, 606
deploying
applications, 49–50, 415, 548–549, 709–710
ConfigMgr Current Branch version 1610, 61
high-risk deployments, 552–555
monitoring deployments, 565–566
simulating deployments, 555
software installations, 550–552
troubleshooting deployments, 565–566
uninstall applications, 549–550
clients
architectural planning/design, 147–148
ConfigMgr Current Branch baseline version 1511, 54
compliance policies (ConfigMgr), 730–731
conditional access, 735
deployment packages, software updates, 599–601
deployment rings, 614, 615, 622
desktop automation, 11
email profiles, 716
entire projects, 868
high-risk deployments, 621–622
deployment rings, 622
upgrades, 622
MAM policies, 712
Microsoft Office, 523
monitoring deployments, 565–566
OS
ConfigMgr Current Branch baseline version 1511, 55
ConfigMgr Current Branch baseline version 1702, 62–63
ConfigMgr Current Branch baseline version 1706, 65
ConfigMgr Current Branch version 1606, 59
OSD
capture media, 917
ConfigMgr Current Branch version 1710, 67
unattended deployments, 919
administrative rights, 509–510
high-risk deployments, 552–555
monitoring deployments, 565–566
simulating deployments, 555
troubleshooting deployments, 565–566
Peer Cache content to clients, 203–204
replicating deployments across primary sites, 524
servers, automation, 11
software
App Details website, 518
Software Deployment settings, client notifications, 156
software updates
SUG deployment limits, 598
troubleshooting deployments, 565–566
TS (Task Sequence)
high-risk deployments, 909
Task Sequence Deploy Software Wizard, 907–912
types of deployments, 604, 617
updates, troubleshooting, 631–632
WDS, PXE points, 899
DISM, 876
WinPE, 875
WSIM, 875
Deployment Settings page
Deploy Software Updates Wizard, software updates
creating deployments, 604
deploying, 611
Task Sequence Deploy Software Wizard, 909–910
Deployment Types tab, restarting computer, 426
Deployments tab properties (collections), 530
designing networks (configuring)
boundaries/boundary groups, 205–208
client locations, 174–175, 178
clients
communication from clients, 178–179
communication security, 208
communication to clients, 177–178
designing client communications, 190–192
ports and client communications, 190–192
data flows, 177
enrollment proxy points, 175
Peer Cache, 200
deploying content to clients, 203–204
service location requests, 193–196
troubleshooting networks, 209
basic network connectivity, 209–211
testing DNS resolution, 211–212
troubleshooting, congested/slow network links, 214
troubleshooting, firewall ports, 212–214
troubleshooting, routers, 212–214
desktops
deploying, automation, 11
Intune and desktop computer management, 665
OS supportability, architectural planning/design, 120
Remote DesktoP, 364
destination/source sites, ConfigMgr migration, 268–269
Details pane (ConfigMgr console), 287
Detection Method tab properties (DT), 423–424
detection methods
adding to applications, 429–431
built-in methods, adding to applications, 429–431
custom methods, 431
creating with PowerShell, 432
creating with VBScript, 432–433
Windows Installer methods, verifying, 487–488
device enrollment managers (Intune), 672
device global conditions, 434–435
Device Guard, 760
diagnostics
Hybrid Diagnostics tool, troubleshooting, 685
scanning, 758
usage data security, 932
digital signatures, malware and, 933
direct (static rules), collections, 525–526
Direct rule (collections), 45
directories, Intune hybrid directory synchronization, 678
disaster recovery, 969
backups
source files, 981
SSRS, 981
sites, 982
prerequisite download requirements, 985
recovering failed sites, 983–986
site database recovery options, 983
site server recovery options, 982–983
verifying recovery, 986
Active Directory Forest Discovery, 333–334
Active Directory Group Discovery, 334, 335–336
Active Directory System Discovery, 337–338
Active Directory User Discovery, 336–337
Azure AD User Discovery, 343
discovery
Active Directory discovery
Active Directory Forest Discovery, 42
LDAP paths, 43
polling schedules, 43
ConfigMgr 2012, 34
discovery classes (SQL views), 846
DDR, file replication, 183
Heartbeat Discovery, 43
Network Discovery
Discovery Data Manager, 74
DISM (Deployment Image Servicing and Management), 876
distributed enterprises
methodologies, 11
OS and software provisioning, 11
regulatory compliance, 11
software provisioning, 11
distributing
ConfigMgr policies, security, 962–963
ConfigMgr software, security, 962–963
distributing content
DP, 534
network bandwidth configuration, 537–538
preferred DP, 543
refreshing content, 536
removing content, 536
sending content to DP, 534
updating content, 537
validating content, 536
network bandwidth, configuring
file replication routes, 538
troubleshooting, 548
Distribution Group Points tab properties (collections), 530
Distribution Points page
Create Task Sequence Media Wizard, 914–915
Task Sequence Deploy Software Wizard, 912
Distribution Settings tab properties
applications, 421
DNS (Domain Name System)
client agent assignments, 345
records, Intune environment preparation, 658
service location requests, 193
testing DNS resolution, 211–212
documentation
migration reports, ConfigMgr migration, 278
domain accounts (AD), SQL Server and, 221
domains (custom), Intune environment preparation, 656–658
DoS (Denial of Service) attacks, 954, 960
Download Settings page (Deploy Software Updates Wizard), software updates, 608–609
downloading
content from peer content sources, authentication required errors, 204
files to excluded folders, 958
site download requirements, 985
software updates, 631
DP (Distribution Point), 531
architectural planning/design, content management, 146–147
BranchCache, content management, 146
ConfigMgr 2012, 35
defined, 50
distributing content, 534
network bandwidth configuration, 537–538
preferred DP, 543
refreshing content, 536
removing content, 536
sending content to DP, 534
updating content, 537
validating content, 536
Distribution Points page
Create Task Sequence Media Wizard, 914–915
Task Sequence Deploy Software Wizard, 912
associating collections with, 535–536
monitoring status of, 541
DP role (site systems), 40
DPG, content management, 147
DT and, 459
meeting availability requirements, 145
configuration status, 542
DP group status, 541
network configuration, DP, 176–177
OSD site system roles, 897–898
Peer Cache, content management, 146–147
preferred DP, distributing content, 543
prestaged site content, content management, 147
properties of, 538
redundancy, content management, 146
refreshing content, 536
removing content, 536
revision histories and relatable DP content, 450
secondary sites versus, 176–177
shared DP
accessing, 277
ConfigMgr migration, 277
sharing packages, duplicating content on DP, 501
site capacity planning, architectural planning/design, 141
site systems, 538
testing, troubleshooting network configurations, 214–215
updates, ConfigMgr Current Branch version 1606, 58
updating content, 537
validating content, 536
DPG (Distribution Point Group), DP, content management, 147
Driver Details page (Import Driver Wizard), 880–881
drivers/driver packages (OSD), 878–879
identifying packages, 882
Import Driver Wizard
Add Driver to Boot Images page, 882–883
Add Driver to Packages page, 881–882
DRS (Data Replication Service), 72–73, 188
site active mode, 190
site initialization mode, 189, 190
DSI (Dynamic Systems Initiative), 16–17
automation, 18
cloud applications, 18
ConfigMgr and, 17
Microsoft product integration, 17–18
operational awareness, 18
systems management, 18
Visual Studio and, 17
WSUS and, 17
DSL (Definitive Software Library), creating applications, 416
DSS (Dynamic Signatures Service), 758–759
DTs (Deployment Types), 409, 410–411, 459–460
App-V 4.6 DT, creating, 465
deeplinking application distributions, 482
Apple App Store, 485
detection methods, 413
global conditions, 433
collections versus, 434
creating custom global conditions, 435–439
device global conditions, 434–435
user global conditions, 435
Intune enrollment requirements, 412
mobile devices, 470
multiple DT in applications, 411
properties of, 421
Content tab, 422
Dependencies tab, 426
Programs tab, 423
Requirements tab, 426
Return Codes tab, 426
requirement rules, 412–413, 459–460
Windows Installer-based DT, creating, 461–464
DVDs, Stand-Alone CD/DVD page (Create Task Sequence Media Wizard), 914
dynamic collection updates, ConfigMgr 2007, 33
dynamic MAC addresses, manually importing clients into ConfigMgr, 342–343
eavesdropping (sniffer-based) attacks, 960
editing, compliance policies (ConfigMgr), 729–730
ELAM (Early Launch Antimalware), 759–760, 803
blocking intervals (conditional access), 736
profiles
deploying, 716
embedded systems, Windows Embedded write filters, 456–457
EMS (Enterprise Mobility and Security), 653
encryption
bypassing security controls, 961
client communication security, 208
iOS devices, 729
end-user experience, application/package deployments, 555–556
enrolling, Mobile Device Enrollment Proxy Point role (site systems), 40
enrollment certificates, client agents, 319
enrollment device and user settings, clients, 354
enrollment proxy points, network configuration, 175
Enterprise Developer licenses (Apple), 480
Enterprise edition (SQL Server), 220–221
enterprise storage, architectural planning/design, 122
Environment tab properties (programs), 508–510
environmental assessments, architectural planning/design, 121, 122
AD, 121
cloud computing, 121
datacenters, 121
dependent IT teams, 121
device types, 121
enterprise storage, 122
IT service delivery process, 121
monitoring, 122
network topologies, 121
organizational structure, 121
OS, 121
servers
infrastructures, 121
managing, 122
SLA, 121
virtualization, 121
EP (Endpoint Protection)
device settings, 354
ConfigMgr capabilities, 765
definition updates, 765
Endpoint Protection Point role (site systems), 132
EPP
SCEP agent and, 767
Forefront Endpoint Protection 2010, ConfigMgr 2007, 33
LINUX, 788
Mac, 788
monitoring, 788
planning, 764
ConfigMgr capabilities, 765
definition updates, 765
prerequisites, 763
reports
integrating data with other systems, 793–794
SCEP
SCEP agent and EPP, 767
security, 938
views, 794
EPP (Endpoint Protection Point)
SCEP agent and, 767
error messages, sync failed error messages, 588
Evaluation Schedule page (Deploy Software Updates Wizard), software updates, 612
Exchange Online, 731
conditional access, 733
configuring conditional access policies, 734–735
evaluating conditional access policies, 733
security groups, 733
modern authentication, 732–733
supported platforms/applications, 732
Exchange On-Premises
configuring conditional access policies, 748–749
end-user experience, 750
evaluating conditional access policies, 748
supported platforms, 745
Exchange Server connector, 746–747
user collections, 748
Exchange servers
account security (ConfigMgr), 968
Exchange Server connector, 746–747
Exclude rule (collections), 45
exclude/include rules, collections, 527–528
excluded folders, downloading files to, 958
execution attacks, 954
experience (end-user), application/package deployments, 555–556
expiring updates, 645
Exploit Guard, 760
exporting/importing
metadata, 582
to text files, 834
.zip files (compressed), 545
ExpressRoute (Azure), 143
Extended WQL (WMI Query Language), limitations in ConfigMgr, 823–824
external communication, network configuration, 182
external devices, managing (architectural planning/design), 159
failovers
scan failures, 572
fallback sites, ConfigMgr 2012 client assignments, 34
feature updates (Windows 10 servicing), 613
federated identities, 656
files
downloading to excluded folders, 958
Prerequisite Files Downloader Tool, ConfigMgr installations, 225
replication
DDR, 183
FSP, 183
network configuration, 183–187
Pulse Mode, 186
Scheduler Thread, 183
secondary site data, 183
shares (UNC) source, definition updates, 782–783
finding
Active Directory Forest Discovery, 333–334
Active Directory Group Discovery, 334, 335–336
Active Directory System Discovery, 337–338
Active Directory User Discovery, 336–337
Azure AD User Discovery, 343
views, ConfigMgr databases, 105–106
fingerprinting attacks, 954
firewall ports, troubleshooting, network configuration, 212–214
firewalls
online resources, 214
troubleshooting, online resources, 214
Windows Firewall, policies, 785
folders, SMSPKG folders, 51
Forefront Endpoint Protection 2010, ConfigMgr 2007, 33
forests
Active Directory Forest Discovery
client installations, 152
ConfigMgr configuration, 239
architectural planning/design, multi-forest considerations, 124–128
Forrester Research, systems management, 10
FROM statements, SQL/T-SQL queries, 852
forums (public), online resources, 1044–1045
FSP (Fallback Status Point)
client installations, 247
ConfigMgr installations, 245–247
file replication, 183
full updates, collections, 528
full/simple schedules, architectural planning/design, 157–158
gateways, CMG and ConfigMgr Current Branch version 1610, 60
General Information tab properties (applications), 418–419
General page
Add Site System Roles Wizard, software updates, 578–579
Deploy Software Updates Wizard, software updates, 603–604, 610
Task Sequence Deploy Software Wizard, 908
General tab properties
global conditions (requirement rules), 48–49, 433
collections versus, 434
custom global conditions, 435–439
device global conditions, 434–435
user global conditions, 435
global expressions (requirement rules), 49
global roaming, SMS 2003, 31
Google Play Store, deeplinking application distributions, 483–484
GPO (Group Policy Object)
BITS and, 350
overriding ConfigMgr settings, 377
Windows 10, 380
group policy
ADM templates, 321
client agent installations on Windows devices, 320–321
client installations, 149
online resources, 195
grouping queries, 808
GUID
manually determining product GUID, 388–389
ORCA MSI editing tool, 388
hardening (security)
servers, 955
hardware
client agent requirements, 316
ConfigMgr installations, hardware requirements, 218–220
security, 955
selecting, 955
hardware inventories
client notifications, 155
ConfigMgr databases, 104
device settings, clients, 355–357
health
client agents, monitoring, 345–347
Heartbeat Discovery, 43, 339–340
hiding software deployments, 508
hierarchical planning (architectural planning/design), 130–135
ConfigMgr
installations, 225–226, 247–248
Hierarchy Manager, 74
hierarchy of sites, 36
complexity of hierarchies, 37
ConfigMgr installations, configuring hierarchy settings, 247–248
Odyssey hierarchy of sites, 36, 41–42
secondary sites, 37
high-assurance PKI (Public Key Infrastructure), 129
high-risk deployments, 552–555, 621–622
deployment rings, 622
upgrades, 622
HOSTS files, testing DNS resolution, 212
HTTPS (Hypertext Transfer Protocol Secure)
client communications, 129
network communication, 182
PKI certificates, client communication security, 208
Hybrid Diagnostics tool (ConfigMgr), troubleshooting, 679, 685
extensions, removing, 674
Hybrid Diagnostics tool, troubleshooting, 685
licensing users, 664
MDM, 165
ConfigMgr Current Branch baseline version 1702, 63–64
mobile devices
enabling devices for management, 682
enrolling devices, Android devices, 683–684
enrolling devices, DEM, 697
enrolling devices, iOS devices, 687–688, 695–696
enrolling devices, Windows Phone devices, 689–692
platforms, configuring, 672
service connection points, adding, 672–673
stand-alone Intune versus, 652–653
subscriptions
removing, 674
troubleshooting, 674
directory synchronization, 678
Hybrid Diagnostics tool (ConfigMgr), 679, 685
Microsoft TechNet Forum, 679
viewing Intune status, 677
viewing site/component status, 675–676
user collections, 666
Windows 10 computers, enrolling devices, 693–694
hybrid MDM (Mobile Device Management), 165
ConfigMgr Current Branch baseline version 1702, 63–64
IAD (Information Assurance Directorate), 935
IBCM (Internet-Based Client Management)
architectural planning/design, 159–161
client roaming behavior, 162
ConfigMgr 2012, 34
identity
identity-based attacks, 954
organization Apple ID, 685–686
IGD (Internet Gateway Device), BITS and, 195
IIS (Internet Information Services)
role in ConfigMgr, 71
imaging
DISM, 876
imaging systems without wire-based NIC, 917
OS images
building/capturing reference OS images, 891
default OS images, 883
OSD and, 883
OSD imaging
building/capturing reference OS images, 891
installing existing image packages, 889–891
installing existing image packages to VHD, 892
Sysprep and, 875
WSIM, 875
Import Driver Wizard
Add Driver to Boot Images page, 882–883
Add Driver to Packages page, 881–882
importing/exporting
clients into ConfigMgr (manually), 341–343
metadata, 582
query results
to text files, 834
.zip files (compressed), 545
Include rule (collections), 45
include/exclude rules, collections, 527–528
incremental updates, collections, 528–529
install accounts versus access accounts, 581
Installer files, repackaging, 453
installing
AIK, ConfigMgr upgrades, 257
applications
administrator rights, 417
installation wrappers, 455
uninstalling from Software Center, 487–488
App-V
Azure AD Connect, 661, 662–664
client agents
authentication on Azure AD-joined Windows devices, 322–323
group policy installations on Windows devices, 320–321
keychain access, 319
limiting enrollment certificates, 319
logon script installations on Windows devices, 320
manual installations on LINUX computers, 320
manual installations on Mac computers, 318–319
manual installations on UNIX computers, 320
manual installations on Windows computers, 317–318
SUP installations on Windows devices, 321
troubleshooting installations, 330–332
uninstalling client agents, 332
clients
Active Directory Group Discovery, 152
Active Directory System Discovery, 150–151, 153
Active Directory User Discovery, 152, 153
AutoPilot installations, 150
group policy installations, 149
Intune MDM-managed devices, 150
logon/startup script installations, 149–150
manual installations, 149
push installations, 148
upgrading installations, 150
ConfigMgr, 217
cloud service connections, 242–245
ConfigMgr installations, 227
hardware requirements, 218–220
hierarchy installations, 225–226
initial configurations, 238–241
optional site installations, 245–248
preinstallation tasks, 218
Prerequisite Files Downloader Tool, 225
prerequisites, 219
primary site installations, 230–233
secondary site installations, 234–236
SQL Server requirements, 220–221
stand-alone site installations, 225–226
troubleshooting site installations, 248–249
validating installations, 237–238
WSUS installations, 222
console (ConfigMgr)
installation prerequisites, 295
installing with ConfigMgr Setup Wizard, 295–296
unattended installations, 296–297
hierarchies, ConfigMgr migration, 267–268
image packages (existing)
to VHD, 892
server installation logs, 1009–1010
software
application deployments, 550–552
complex software installations/ configurations with TS, 448
installation wrappers, 455
unattended installations, 454
PowerShell installations, 576
synchronizing updates, 577
integrity (CIA triad), defined, 934
Internet access, SUP without Internet access, 573
Internet resources, 1023
BITS, 194
boundaries/boundary groups, 208
CIM, 83
ConfigMgr, 27
deprecated features, 68
updates, 67
version 1511, 54
cryptographic controls, 208
firewalls, 214
group policy, 195
I&O Maturity Model, 26
Intune support, 679
live links, 1050
MOF, 24
SML, 19
WMI, 89
intersite communication, network configuration, 182–183
intrasite communication, network configuration, 179
admin portal, 654
applications, wrapping, 712
Azure, domain names, 654
co-management
defined, 1015
moving workloads from ConfigMgr to Intune, 1020–1021
ConfigMgr integration, 664–665
adding Intune subscriptions, 666–672
adding service connection points, 672–673
configuring platforms, 672
licensing users, 664
user collections, 666
desktop computer management, 665
device enrollment managers, 672
DT enrollment requirements, 412
EMS, 653
environment preparation, 656
CNAME records, 658
DNS records, 658
extensions, removing, 674
features of, 652
hybrid Intune. See Intune hybrid
Intune Service Dashboard, 678
MDM
ConfigMgr Current Branch baseline version 1511, 56
MDM-managed devices, client installations, 150
mobile devices
enabling devices for management, 682
enrolling devices, Android devices, 683–684
enrolling devices, DEM, 697
enrolling devices, iOS devices, 687–688, 695–696
enrolling devices, Windows Phone devices, 689–692
policy synchronization, ConfigMgr Current Branch version 1610, 60
purchasing, 653
server browsers, troubleshooting, 666–667
stand-alone Intune, hybrid Intune versus, 652–653
storage, 655
subscriptions
removing, 674
support
Microsoft TechNet Forum, 679
troubleshooting
Hybrid Diagnostics tool (ConfigMgr), 679, 685
Microsoft TechNet Forum, 679
user identities, 655
cloud identities, 655
federated identities, 656
synchronized identities, 656
Windows 10 computers, enrolling devices, 693–694
extensions, removing, 674
Hybrid Diagnostics tool, troubleshooting, 685
licensing users, 664
MDM, 165
ConfigMgr Current Branch baseline version 1702, 63–64
mobile devices
enabling devices for management, 682
enrolling devices, Android devices, 683–684
enrolling devices, DEM, 697
enrolling devices, iOS devices, 687–688, 695–696
enrolling devices, Windows Phone devices, 689–692
platforms, configuring, 672
service connection points, adding, 672–673
stand-alone Intune versus, 652–653
subscriptions
removing, 674
troubleshooting, 674
directory synchronization, 678
Hybrid Diagnostics tool (ConfigMgr), 679, 685
Microsoft TechNet Forum, 679
viewing Intune status, 677
viewing site/component status, 675–676
user collections, 666
Windows 10 computers, enrolling devices, 693–694
inventories
client communications, 178
hardware inventories
client device settings, 355–357
client notifications, 155
Inventory Data Loader, 74
signing, 129
software inventories
client device settings, 359–360
client notifications, 156
iOS
devices
Activation Lock Bypass, 701
Apple Configurator tool, enrolling devices, 696
duplicate device names, 688
enabling devices for management, 685–687
encryption, 729
enrolling devices, 687–688, 695–696
organization Apple ID, 685–686
end user experience, 491
IP addresses
address ranges and boundaries/boundary groups, 206
multiple IP addresses, viewing, 210–211
performance and, 206
iPad, sideloading application distributions, 480–481
iPhone, sideloading application distributions, 480–481
ISO 20000, 25
IT (Information Technology)
consumerization, architectural planning/design, 119–120
dependent teams, architectural planning/design, 121
organizations, maturity of, 25–26
requirements (architectural planning/design), 120
cloud consumption/adoption, 120
desktop OS supportability, 120
security, 120
service availability, 120
service delivery process, 121
ITIL (Information Technology Infrastructure Library), 19
ISO 20000, 25
ITIL v2, 20
ITIL v3, 20
MOF and, 24
ITSM (Internet Technology Service Management), 19–20, 21
JEA (Just Enough Administration), 951
keychain access, client agents, 319
Knox (Samsung), CI, 398
LAN (Local Area Network), WOL, 365
configuring, 366
magic packets, 365
prerequisites, 365
Wake-up proxies, 367
languages, modifying configuration (site maintenance), 992
Languages page (Add Site System Roles Wizard), software updates, 586–587
LAN Sender, 74
latency
bandwidth and, 181
network configuration, 181
layered security model (defense in depth), 936
LDAP paths, Active Directory discovery, 43
libraries
ADAL, 724
redistributing content, 980
Content Library cleanup tool, ConfigMgr Current Branch baseline version 1702, 62
DSL, creating applications, 416
ITIL, 19
ISO 20000, 25
ITIL v2, 20
ITIL v3, 20
MOF and, 24
Software Libraries, creating applications, 457–458
licensing
application volume license purchases
Apple VPP, 446
Windows Store for Business, 447
Enterprise Developer licenses (Apple), 480
Intune users, 664
software, asset data management, 12–13
links (live), online resources, 1050
LINUX
EP, 788
List pane
ConfigMgr console, 287
Queries node, organizing, 807–808
lists (SUP), 572
live links, online resources, 1050
local context (Windows Defender), 761
Local System accounts, 498
Locate Driver page (Import Driver Wizard), 879–880
locks
Activation Lock Bypass, 701
remotely locking mobile devices, 700
logical operators (queries), 819, 820–821
logins
login ID (alternate), Azure, 664
scripts, client agent installations on Windows devices, 320
logos (company), Intune subscriptions, 670–671
console logs, 1001
CMG logs, 1012
CMTrace Log File Reader, ConfigMgr installations, 227
MP logs, 1001
Compliance Settings logs, 406
server logs, 1005
server-side logging levels, 1000–1001
troubleshooting
validating ConfigMgr installations, 238
Mac OS
client agents
keychain access, 319
limiting enrollment certificates, 319
manual installations on LINUX computers, 320
manual installations on Mac computers, 318–319
EP, 788
Mac OS X, CI, 384–387, 397–398
machine accounts, assigning rights to, 964
magic packets, 365
maintenance
modes, 190
configuring built-in tasks, 986
Modify SQL Server configuration, 992
modifying language configuration, 992
optimizing SQL Server, 986–987, 988–989
resetting sites with no configuration changes, 992
SMS provider configuration, 992
malware
antimalware
antimalware as a service, 756–757
antirootkits, 758
Application Control, 760
Application Guard, 760
capabilities of, 756
Device Guard, 760
diagnostic scanning, 758
Exploit Guard, 760
Measured Boot, 760
Microsoft’s approach to, 763
Windows 10 antimalware, 760–762
Windows Server 2016 antimalware, 760–762
digital signatures and, 933
slack space, 762
MAM (Mobile Application Management). See also Intune
managing
AMT, ConfigMgr Current Branch baseline version 1511, 54
ConfigMgr Current Branch baseline version 1511, 55
ConfigMgr Current Branch baseline version 1702, 62
ConfigMgr Current Branch baseline version 1706, 65
ConfigMgr Current Branch version 1602, 57
ConfigMgr Current Branch version 1606, 59
ConfigMgr Current Branch version 1710, 66
clients
client upgrades (automatic), 328–330
coexisting ConfigMgr solutions, 270
ConfigMgr configuration, 238
ConfigMgr Current Branch version 1602, 57
ConfigMgr Current Branch version 1610, 61
ConfigMgr Current Branch version 1710, 66
installing client agents, 317–323
MAP and client agent deployments, 316
Office 365 client management dashboard, 61
security, 937
uninstalling client agents, 332
cloud/ConfigMgr connections, 243–244
co-management
choosing where to start, 1016–1017
configuring, 1017
defined, 1015
monitoring client-side co-management, 1021
moving workloads from ConfigMgr to Intune, 1020–1021
need for, 1016
company devices, 695
ConfigMgr cloud connections, 243–244
in-console alerts, 301
content
ConfigMgr 2012 R2, 35
content libraries, 51
defined, 50
DP, 50
DP groups, 50
SMSPKG folders, 51
desktop computer management with Intune, 665
external devices, architectural planning/design, 159
Intune, management portals, 654–655
MDM, ConfigMgr 2012 R2, 35
MP
ConfigMgr 2012, 34
site systems, 40
Office 365, 8
OOB management, ConfigMgr 2007, 32
patches
Patch Tuesday, 583
security, 938
SUP, 578
profile management, ConfigMgr 2012 R2, 35
remote management
WinRM, 77
WMI, 84
servers, architectural planning/design, 122
site servers, site server/site system planning, 139
site systems, site server/site system planning, 139
software updates, 51
SQL Server Management Studio, ConfigMgr databases, 102–103
systems, 14
cloud computing, 13
ConfigMgr, 26
distributed enterprises and, 10–11
DSI, 18
Forrester Research, 10
methodologies, 14
Microsoft strategies for, 16
model-based management, 16
security, 12
shift and drift (configuration), 11–12
web services standards, 16
TQM, 24
Windows source management, 423–426
WMI, 83
remote management, 84
manual client installations, 149
manual updates, collections, 528
MAP (Microsoft Assessment and Planning) toolkit, client agent deployments, 316
maturity of IT organizations, 25–26
MDM (Mobile Device Management), 8. See also Intune
AD certificate services, 128
architectural planning/design, 163–164
ConfigMgr 2012 R2, 35
ConfigMgr Current Branch baseline version 1511, 56
ConfigMgr Current Branch baseline version 1702, 63–64
ConfigMgr Current Branch version 1606, 58
ConfigMgr Current Branch version 1710, 67
hybrid MDM, 165
ConfigMgr Current Branch baseline version 1702, 63–64
Intune and
client installations, 150
ConfigMgr Current Branch baseline version 1511, 56
MSI files, 55
on-premise MDM, 718
advantages/disadvantages of, 718
capabilities of, 718
client configuration, 720
Windows Installer and, 55, 463–464
Measured Boot, 760
media (prestaged), ConfigMgr 2007, 33
Media Type page (Create Task Sequence Media Wizard), 913–914
meeting availability requirements
architectural planning/design, 145–146
DP, 145
MP, 145
site databases, 145
SUP, 145
membership delays (collections), primary sites, 526
Membership Rules tab properties (collections), 530
memory (application pool) and WSUS, 631
messages
client communications, 179
state messaging device settings, 361–362
metadata, importing/exporting, 582
Metered Internet Connection device settings, 357
metering software, 53, 156, 360–361
methodologies
defined, 14
distributed enterprises, 11
Microsoft TechNet Forum, Intune support, 679
Microsoft terminology, renaming, 614–615
migrating to
coexisting solutions, 269, 270
dependency configuration, 270
hierarchy installation/configuration, 267–268
migrating by features/dependencies, 270
migration reports, 278
object migration jobs, 273–275
objects modified after migration jobs, 273, 275–277
performing a migration, 270–278
premigration activities, 267–269
shared DP, 277
site preparation/validation, 268–269
troubleshooting migrations, 280
upgrades versus migration, 263–264
virtual servers, 264
State Migration Point role (site systems), 40
USMT, 876
misdirection attacks, 960
MITM (Man-In-The-Middle) attacks, 960
MMPC (Microsoft Malware Protection Center), updates, 780. See also WDSI
Mobile Device Enrollment Proxy Point role (site systems), 40
mobile devices
Android devices
enabling devices for management, 682–683
temporary passwords, 700
applications
collections, creating, 713–714
company devices, managing, 695
company resource access workspace, 714
ConfigMgr, supported platforms, 681–682
configuring, 701
DT, 470
EMS, 653
enabling devices, 682
Windows Phone devices, 688–689
enrolling devices
DEM, 697
Windows Phone devices, 689–692
Intune, supported platforms, 681–682
Intune hybrid, supported platforms, 681–682
iOS devices
Activation Lock Bypass, 701
duplicate device names, 688
enabling devices for management, 682–683
enrolling devices, 687–688, 695–696
organization Apple ID, 685–686
locks
Activation Lock Bypass, 701
remotely locking mobile devices, 700
mobile devices, policy refresh intervals, 707
on-premise MDM, 718
advantages/disadvantages of, 718
capabilities of, 718
client configuration, 720
resetting passcodes, 700
security, 697
enabling devices for management, 688–689
model-based systems management, 16
modern authentication, 725
ADAL, 724
features of, 724
Office 365 services, 725
Office applications, 724
Skype for Business Online, 742
states of, 725
turning on (order of), 742
MOF (Microsoft Operations Framework), 19, 22–23
defined, 21
ISO 20000, 25
ITIL and, 24
online resources, 24
TQM, 24
applications, 458
architectural planning/design, 122
clients
automatic upgrades, 330
client-side co-management, 1021
configuration status, 542
DP group status, 541
EP, 788
software update process, 629–630
Monitoring workspace (ConfigMgr console)
MP (Management Point) role (site systems), 40
MP (Management Point)
ConfigMgr 2012, 34
logs, 1001
meeting availability requirements, 145
MP lists, 193
network traffic, 193
site capacity planning, architectural planning/design, 141
testing, troubleshooting network configurations, 214–215
MSI (Microsoft Installer) files
ORCA MSI editing tool, 388
repackaging, 453
Windows Installer and MDM, 55
multicasting, OSD site system roles, 901–903
names
UNC, file shares and definition updates, 782–783
vendor names, 648
namespaces
ConfigMgr client namespaces, 93–94
ConfigMgr client namespaces, 93–94
WMI object model, 82
NAP (Network Access Protection), 40, 939
native mode (security), ConfigMgr 2007, 32
Navigation pane (ConfigMgr console), 286, 287, 298–299
Network Discovery
networks
bandwidth, configuring for content distribution, 537–538
communication security, 960–961
client-to-server communication security, 961
server-to-server communication security, 962
site-to-site communication security, 962
ConfigMgr configuration
AI, 182
bandwidth, 181
boundaries/boundary groups, 205–208
client communication security, 208
client locations, 174–175, 178
communication from clients, 178–179
communication to clients, 177–178
data flows, 177
designing client communications, 190–192
downloading software updates, 182
enrollment proxy points, 175
external communication, 182
intersite communication, 182–183
intrasite communication, 179
latency, 181
ports and client communications, 190–192
SCP, 182
service location requests, 192–196
SMB communication, 181
SQL Server communication, 179–180
SQL Server replication, 187–190
SUP, 182
testing DNS resolution, 211–212
troubleshooting, 209
troubleshooting, basic network connectivity, 209–211
troubleshooting, congested/slow network links, 214
troubleshooting, firewall ports, 212–214
troubleshooting, routers, 212–214
ConfigMgr utilization, 173
congested/slow network links, troubleshooting, 214
latency, 181
NLB, SUP, 572
projects, storing, 858
topologies
architectural planning/design, 121
site server/site system planning, 138
VPN profiles
applications, 482
Peer Cache and, 53, 60, 62, 200–204
new computer scenarios (OSD), 873–874
new Software Center, 410, 560–562
NIC (Network Interface Card), imaging systems without wire-based NIC, 917
NLB (Network Load Balancing), SUP, 572
notifications
clients
Hardware Inventory settings, 155
Remote Tools settings, 155
Software Deployment settings, 156
Software Inventory settings, 156
software updates, 570, 624–626
null values (queries), 817
Odyssey hierarchy of sites, 36, 41–42
OEM (Original Equipment Manufacturer) images, OSD deployment scenarios, 874
Office (MS)
applications, modern authentication, 724
deploying, 523
Office 365
client management dashboard, ConfigMgr Current Branch version 1610, 61
Intune management, 654
managing, 8
services, modern authentication, 725
old Software Center, 410, 556–557
OMA-URI (Custom CI example), 705, 706–707
OMS Connectors, ConfigMgr cloud connections, 244
on-demand actions (EP), 798–800
on-premise MDM (Mobile Device Management), 718
advantages/disadvantages of, 718
capabilities of, 718
client configuration, 720
online resources, 1023
App Details website, software packaging/deployment, 518
BITS, 194
boundaries/boundary groups, 208
CIM, 83
ConfigMgr, 27
Azure and ConfigMgr migration, 264
deprecated features, 68
troubleshooting, 249
updates, 67
version 1511, 54
cryptographic controls, 208
firewalls, 214
group policy, 195
I&O Maturity Model, 26
Intune support, 679
live links, 1050
MOF, 24
prerequisite information, ConfigMgr installations, 219
SML (Service Modeling Language), 19
WMI, 89
OOB (Out-Of-Band) management, ConfigMgr 2007, 32
queries
logical operators, 819, 820–821
precedence order, 821
OpsMgr (Operations Manager), 970, 995–996
OpsMgr Maintenance Mode tab (programs), 514–515
optimization (WAN), 53
ORCA MSI editing tool, 388
ORDER BY statements, SQL/T-SQL queries, 852
organization Apple ID, 685–686
organizational structure (architectural planning/design), 121
OS (Operating System)
architectural planning/design, 121
client agent support, 316
ConfigMgr installations, OS requirements, 218–220
deploying
ConfigMgr Current Branch baseline version 1511, 55
ConfigMgr Current Branch baseline version 1702, 62–63
ConfigMgr Current Branch baseline version 1706, 65
ConfigMgr Current Branch version 1606, 59
images
default OS images, 883
OSD and, 883
Operating System Upgrade Task Sequence, 55
software provisioning, 11
upgrade packages, OSD and, 884–885
upgrading from upgrade packages, 892–893
OSD (Operating System Deployment), 871
ConfigMgr 2007, 32
ConfigMgr 2012, 35
ConfigMgr 2012 R2, 35
ConfigMgr Current Branch version 1710, 67
console (ConfigMgr) and, 878
deploying
capture media, 917
unattended deployments, 919
deployment scenarios, 873
new computer scenarios, 873–874
OEM images, 874
refresh scenarios, 874
replace scenarios, 874
drivers/driver packages, 878–879
identifying packages, 882
Import Driver Wizard, Add Driver to Boot Images page, 882–883
Import Driver Wizard, Add Driver to Packages page, 881–882
Import Driver Wizard, Driver Details page, 880–881
Import Driver Wizard, Locate Driver page, 879–880
site system roles, 897
State Migration points, 40, 903–905
Sysprep imaging, 875
testing, 877
troubleshooting, 919
boot image command-line support, 921
building/capturing reference OS images, 891
capturing reference systems, 891
creating new TS, 893
high-risk deployments, 909
installing existing image packages, 889–891
installing existing image packages to VHD, 892
upgrading OS from upgrade packages, 892–893
USMT, 876
WnPE Peer Cache, 55
overlapping
boundaries, 206
maintenance windows, 531
overriding ConfigMgr settings with GPO, 377
overwriting backups, 973
packages
7-Zip packages
Advanced tab properties, 512
Environment tab properties, 510
OpsMgr Maintenance Mode tab, 515
Requirements tab properties, 508
Windows Installer tab properties, 513
App Details website, 518
creating, 515
automatically lading content to stores, 498
from definition files, 495
with Package and Program Wizard, 515–518
administrative rights, 509–510
high-risk deployments, 552–555
monitoring deployments, 565–566
simulating deployments, 555
troubleshooting deployments, 565–566
deployment packages, software updates, 599–601
MSI files, creating packages, 498, 499
properties of, 499
Content Locations tab properties, 503
Data Access tab properties, 500–501
Data Source tab properties, 499–500
Distribution Settings tab properties, 501–502
Reporting tab properties, 502–503
provisioning packages, Windows 10, 695
sharing, duplicating content on DP, 501
types of, 495
passwords
resetting, 700
synchronization, 656
temporary passwords, Android devices, 700
patch management
Patch Tuesday, 583
security, 938
SUP, 578
testing patches, software updates, 570
Peer Cache
client settings, 350
DP, content management, 146–147
DP content distribution, 542–543
network configuration, 200
deploying content to clients, 203–204
WAN optimization, 53
ConfigMgr Current Branch baseline version 1702, 62
ConfigMgr Current Branch version 1610, 60
peer content sources, downloading contents from, 204
performance
ConfigMgr
bandwidth, 181
latency, 181
ConfigMgr 2007, 33
IP address ranges and, 206
site servers, site server/site system planning, 139–140
site systems, site server/site system planning, 139–140
permissions, console (ConfigMgr)
SMS Provider permissions, 308
WMI permissions, 309–310, 312–313
personalizing console (ConfigMgr), 298–299
PFX (Personal Information Exchange) certificates, 714
physical security, 955
pinging, IP addresses, 211–212
PKI (Public Key Infrastructure)
AD certificate services, architectural planning/design, 128–130
certificates
costs of issuing, 130
HTTPS, client communication security, 208
ConfigMgr 2007, 32
high-assurance PKI, 129
low-assurance, issuing certificates, 130
requests, manually reviewing, 130
scalability, 130
planning
ConfigMgr migration, 264
MAP, client agent deployments, 316
security
hierarchy of security, 936–937
software updates
capacity planning, 571
Exchange On-Premises supported platforms, 745
Exchange Online supported platforms, 732
SharePoint Online supported platforms, 737–738
policies
client policy device settings, 350–351
viewing, 178
compliance policies (ConfigMgr), 725, 726
supported compliance settings, 726
conditional access policies (ConfigMgr), 725
ConfigMgr policies
compliance policies, 725, 726–731
conditional access policies, 725
distribution, security, 962–963
MAM policies, deploying, 712
policy refresh intervals, mobile devices, 707
software updates, 570
Windows Firewall policies, 785
polling schedules, Active Directory discovery, 43
PortQry, troubleshooting ports, 214
ports
changing on site system roles, 192
client communications, 190–192
custom ports
architectural planning/design, 124
client communications, 190–191
firewall ports, troubleshooting, 212–214
troubleshooting
PortQry, 214
Power Management device settings, clients, 357
Power Management tab properties (collections), 530
PowerShell
applications, creating, 457
as a weapon, 933
custom detection methods, creating, 432
EP alerts, automating, 796
RBA and, 941
scripts
configuring, 457
deploying, 457
prerequisites, 457
smart quotes, 433
WSUS installations, 576
preinstallation tasks, ConfigMgr installations, 218
on-premise MDM (Mobile Device Management), 718
advantages/disadvantages of, 718
capabilities of, 718
client configuration, 720
pre-release features
ConfigMgr Current Branch, 200
ConfigMgr Current Branch version 1606, 58
prerequisites
Azure AD Connect prerequisites, 660–661
ConfigMgr
console (ConfigMgr) installations, 295
EP, 763
PowerShell scripts, 457
Prerequisite Checker
ConfigMgr installations, 222–225
invoking in setup routines, 223
stand-alone Prerequisite Checker, 223–225
Prerequisite Files Downloader Tool, ConfigMgr installations, 225
SCEP certificates, 715
sites, download requirements, 985
WOL, 365
pre-shared keys, Wi-Fi profiles, 718
prestaged content, 147, 545–548
prestaged media
ConfigMgr 2007, 33
previewing, reports/dashboards, 863
primary keys, defined, 987–988
primary sites, 38
collections
collection membership delays, 526
replicating across primary sites, 524
complexity of, 38
ConfigMgr installations, 132, 230–233
deployments, replicating across primary sites, 524
scalability, 38
primary users, defined, 460
Products page (Add Site System Roles Wizard), software updates, 585–586
profile management, ConfigMgr 2012 R2, 35
programs
defined, 494
properties of
Advanced tab properties, 511–512
Environment tab properties, 508–510
General tab properties, 504–506
OpsMgr Maintenance Mode tab, 514–515
Requirements tab properties, 506–508
Windows Installer tab properties, 513
Programs tab properties (DT), 423
projects
deploying entire projects, 868
storing, recommended location, 858
prompted values (queries), 817–818
provisioning
packages, Windows 10, 695
resources, automation, 13
Proxy and Account Settings page (Add Site System Roles Wizard), software updates, 581
Proxy page (Add Site System Roles Wizard), software updates, 579
proxy points (enrollment), network configuration, 175
proxy server account security, 967–968
public forums (online resources), 1044–1045
publishing reports/dashboards, 863–864
deploying entire projects, 868
manually adding reports/dashboards to SSRS, 864–866
from SSDT to SSRS website, 866–868
Pulse Mode, file replication, 186
push installations (clients), 148
pushing clients, 324
blocking/unblocking clients, 328
manually pushing client agents, 328
Windows devices
automatic site-wide client pushing on Windows devices, 326–327
enabling client pushing, 325–326
PXE (Preboot Execution Environment)
boot process, OSD and, 925–927
OSD, PXE boot process, 925–927
PXE points
excluding systems from PXE booting, 900
OSD site system roles, 898–901
WDS and, 899
quality
TQM, 24
updates (Windows 10 servicing), 613
converting WQL to SQL, 828
date/time functions in WQL queries, 824–825
Extended WQL limitations in ConfigMgr, 823–824
attributes, creating queries, 811–812
collections
creating, 805
creating based on query results, 837
ConfigMgr Query Builder, creating queries, 813–814
ConfigMgr tables, 828
ConfigMgr Query Builder, 813–814
WMI queries, 816
with WQL, 810
criterion types, filtering queries with, 817
defined, 46
discovery data queries, 831–832
duplicate named queries, 836
filtering with criterion types, 817
grouping, 808
inventory data queries, 832–834
logical operators, 819, 820–821
null values, 817
object types, creating queries, 810–811
operators
logical operators, 819, 820–821
precedence order, 821
query results, creating collections based on query results, 837
query rules, collections, 45, 526–527
results, 834
exporting to text files, 834
importing/exporting between sites, 834–836
simple values, 817
SQL queries, 851
ORDER BY statements, 852
SELECT statements, 851
FROM statements, 852
WHERE statements, 852
status message queries
in-depth analysis with, 837–838
subselect queries, 818
support for, 846
ORDER BY statements, 852
SELECT statements, 851
FROM statements, 852
WHERE statements, 852
values
manually entering, 838
null values, 817
simple values, 817
subselect queries, 818
WHERE clauses, 817
WMI queries, creating, 816
quotes (smart), 433
ransomware, 933
RBA (Role-Based Administration), 939, 949
ConfigMgr 2012, 34
ConfigMgr 2012 R2, 35
PowerShell and, 941
RCM (Replication Configuration Monitor), 188–189
recoverability management, architectural planning/design, 168, 169
recovery, 969
backups
source files, 981
SSRS, 981
sites, 982
prerequisite download requirements, 985
recovering failed sites, 983–986
site database recovery options, 983
site server recovery options, 982–983
verifying recovery, 986
redistributing content in content libraries, 980
redundancy, DP and content management, 146
reference OS images, building/capturing in OSD, 891
reference systems, capturing, 891
References tab properties (applications), 420
refresh scenarios (OSD), 874
refreshing, DP content, 536
regional roaming, SMS 2003, 31
Registry, ADM templates, 321
regulatory compliance, 371–372
architectural planning/design, 119
automation, 11
distributed enterprises, 11
relational operators (queries), 819–820
relationships (queries), 829–831
release management, Current Branch, 166–168
remediation, Compliance Settings, 404
Remote Assistance, 364
Remote Connection Profiles (Compliance Settings), 374, 377–378
Remote Control
auditing, 364
client computer administration, 363–364
ConfigMgr Current Branch version 1606, 60
Remote Assistance, 364
Remote DesktoP, 364
Remote DesktoP, 364
remote management
WinRM, 77
WMI, 84
Remote Tools
client device settings, 155, 357–359
Permitted Viewer accounts, security, 968
remotely locking mobile devices, 700
removing
DP content, 536
Intune
extensions, 674
subscriptions, 674
repackaging, Microsoft Installer files, 453
replace scenarios (OSD), 874
replication
ConfigMgr
content, 110
site active mode, 190
site initialization mode, 189, 190
file replication
DDR, 183
FSP, 183
network configuration, 183–187
Pulse Mode, 186
rate limit configuration, 186–187
route configuration, 185
routes, distributing content, 538
Scheduler Thread, 183
secondary site data, 183
replication groups, 189
replication patterns, 189
SQL Server replication
global data, 187
network configuration, 187–190
replication groups, 189
replication patterns, 189
SSB, 188
SUG, 598
Reporting Services Point role (site systems), 40
Reporting tab properties (packages), 502–503
reports, 843
administrative security reports, 947–948
advanced reporting concepts, 869
best practices, 870
ConfigMgr data, 846
ConfigMgr data, SQL views
collection data classes, 850
discovery classes, 846
software metering inventory classes, 848–849
software update inventory classes, 848
state message classes, 849
status message classes, 849
adding tables to reports, 861–863
consistency in reports, 854–855
creating data sources, 858–859
Toolbox menu (SSDT-BI), 860–861
CSR, ConfigMgr 2007, 32
EP reports
integrating data with other systems, 793–794
functionality, ConfigMgr, 238
migration reports, ConfigMgr migration, 278
previewing, 863
deploying entire projects, 868
manually adding reports to SSRS, 864–866
from SSDT to SSRS website, 866–868
RBA reporting, ConfigMgr 2012 R2, 35
ConfigMgr 2007, 32
ConfigMgr 2012, 35
ORDER BY statements, 852
SELECT statements, 851
FROM statements, 852
WHERE statements, 852
requirement rules (applications), 48, 411
collections versus, 434
creating custom global conditions, 435–439
device global conditions, 434–435
user global conditions, 435
global expressions, 49
software, uninstalling, 411
Requirements tab properties
DT, 426
resetting
passwords, 700
workspaces (ConfigMgr console), 299
resolution, time to, 372
resource provisioning, automation, 13
restarting
Computer Restart settings, client notifications, 154–155, 354, 426
restorability management, architectural planning/design, 168, 169
retiring
applications, 453
Return Codes tab properties (DT), 426
revision histories
relatable DP content, 450
ribbon bar (ConfigMgr console), 287, 288–289
risk
acceptance, defined, 935
avoidance, defined, 935
defined, 934
roaming
IBCM client roaming behavior, 162
SMS 2003, 31
console (ConfigMgr), 297
software updates, 571
rootkits, antirootkits, 758
routers, troubleshooting network configurations, 212–214
RPC communication, network configuration, 180–181
RPO (Recovery Point Objective), 169–170
RSP (Reporting Services Point) role (site systems), 134
RTO (Recovery Time Objective), architectural planning/design, 169–170
rules
applications, requirement rules, 48, 411, 412–413, 459–460
global conditions, 48–49, 433–439
global expressions, 49
uninstalling, 411
Automatic Deployment Rule Wizard, deploying software updates, 609–610
Deployment Settings page, 611
Evaluation Schedule page, 612
General page, 610
direct (static rules), 525–526
Direct rule, 45
Membership Rules tab properties, 530
DT requirement rules, 412–413, 459–460
global conditions (requirement rules), 48–49, 433
collections versus, 434
custom global conditions, 435–439
device global conditions, 434–435
user global conditions, 435
global expressions (requirement rules), 49
requirement rules (applications), 48, 411
global conditions, 48–49, 433–439
global expressions, 49
software, uninstalling, 411
SCUP rules, 649
software
automatic deployment rules, 609–612
requirement rules, 412–413, 459–460
uninstalling, 411
SUP, uninstalling, requirement rules, 411
Supercedence Rules page (Add Site System Roles Wizard), software updates, configuring, 584
Samsung Knox CIs (Configuration Items), 398
SANS institute, security threats, 10–11
scalability
PKI, 130
primary sites, 38
site servers, planning, 139
site systems, planning, 139
scanning
clients, troubleshooting, 631–632
diagnostic scanning, 758
failures and failovers, 572
SCEP (System Center Endpoint Protection), 755, 760–761
capabilities of, 756
antirootkits, 758
definition updates, 765, 771–772
architecture of, 772
ConfigMgr software update management source, 772
definition rebase process, 773
file shares (UNC) source, 782–783
MMPC updates, 780
WSUS and Microsoft Update sources, 780–782
diagnostic scanning, 758
EP, alerts
EPP and, 767
WDO, 762
Windows 10, 766
Scheduler Thread, file replication, 183
scheduling
software updates, 570
Scheduling page
Deploy Software Updates Wizard, software updates, 605
Task Sequence Deploy Software Wizard, 910–911
schemas
ConfigMgr and AD
changing schemas, 111
Schema Admins grouP, 113
scope
scope of delivery, architectural planning/design, 122
software updates, 570
SCP (Service Connection Point)
network configuration, 182
SCP role (site systems), 40, 133, 54
scripts
startup scripts, client installations, 149–150
SCUP (System Center Update Publisher), 633
rules, 649
SDK (Software Development Kit), Application Model Kit, 456
SDM (System Definition Model) versus SML, 18
search bar (ConfigMgr console), 288
ConfigMgr installations, 234–236
file replication, 183
hierarchy of sites, 37
network configuration, secondary sites, 176–177
security, 931
account security (ConfigMgr)
database connection accounts, 965
infrastructure support, 964–965
machine accounts, 964
OSD, 966
software updates, 966
AD, 936
AD discovery, 967
AD publishing, 967
administration
administrative security reports, 947–948
auditing ConfigMgr actions, 951–953
ConfigMgr access, 949
database access, 951
JEA, 951
security roles, 942–943, 946–947
site system local administration, 950
workstations, 937
analytics (cloud-based), 801
APT, 934
ASD, 935
attack surfaces, reducing, 955
automation, 11
certificates
profiles, 938
CIA triad, defined, 934
CIS, 935
clients
communications, client-to-server security, 961
communications, network configuration, 208
management, 937
compliance settings, 938
conditional access, 938
access, 949
AD discovery, 967
AD publishing, 967
auditing ConfigMgr actions, 951–953
certificate profiles, 938
compliance settings, 938
conditional access, 938
cryptographic controls, 959, 960
EP, 938
infrastructures, 954
NAP, 939
patch management, 938
software distributions, 962–963
systems management, 26
console (ConfigMgr)
SMS provider permissions, 308
WMI permissions, 309–310, 312–313
controls, bypassing with encryption, 961
cryptography
attacks, 933
data collection, 932
databases
accessing, 951
connection accounts, 965
defense in depth (layered security model), 936
digital signatures and malware, 933
diagnostic usage data, 932
distributed enterprises, 10–11
eavesdropping (sniffer-based) attacks, 960
encryption, bypassing security controls, 961
EP, 938
execution attacks, 954
fingerprinting attacks, 954
groups
Exchange Online, 733
SharePoint Online, 739
Skype for Business Online, 743
hardware, selecting, 955
IAD, 935
identity-based attacks, 954
IT security, architectural planning/design, 120
layered security model (defense in depth), 936
malware and digital signatures, 933
misdirection attacks, 960
MITM attacks, 960
mobile devices, 697
Activation Lock Bypass, 701
remotely locking mobile devices, 700
resetting passcodes, 700
NAP, 939
native mode (security), ConfigMgr 2007, 32
network communication, 960–961
client-to-server communication security, 961
server-to-server communication security, 962
site-to-site communication security, 962
patch management, 938
physical security, 955
planning
hierarchy of security, 936–937
PowerShell
as a weapon, 933
proxy server accounts, 967–968
ransomware, 933
regulatory compliance, 11
risk
acceptance, 935
avoidance, 935
defined, 934
roles
associating with security scopes, 946–947
SANS institute, security threats, 10–11
associating with security roles, 946–947
collections, 943
servers
client-to-server communication security, 961
hardening servers, 955
placement of, 937
planning site servers, 138–139
server-to-server communication security, 962
planning site systems, 138–139
sites
selecting, 936
site-to-site communication security, 962
slash and burn attacks, 933
system software security, 955
updates, 966
spoofing attacks, 960
SQL Server, SQL Server communication, 180
Symantec, 2016 Internet Security Threat Report, 10–11
system software security, 955
systems management, ConfigMgr, 26
updates
automation, 11
WSUS, 967
vulnerabilities, defined, 934
WSUS, 967
Security page (Create Task Sequence Media Wizard), 914
Security tab properties (collections), 530
SEDO (Serialized Editing of Distributed Objects), 90–91
SELECT statements, SQL/T-SQL queries, 851
self-signed certificates and WSUS, 635
Sender Thread, file replication, 183–185
senders
concurrent threads, defined, 40–41
defined, 40
server browsers (Intune), troubleshooting, 666–667
servers
architectural planning/design, server infrastructures, 121
client-to-server communication security, 961
Component Server role (site systems), 39
dedicated servers and Azure AD installations, 662
deploying, automation, 11
DNS
client agent assignments, 345
records, Intune environment preparation, 658
service location requests, 193
testing DNS resolution, 211–212
Exchange servers, account security (ConfigMgr), 968
hardening (security), 955
managing, architectural planning/design, 122
network configuration
enrollment proxy points, 175
placement, security, 937
security
client-to-server communication security, 961
hardening servers, 955
server-to-server communication security, 962
Server Cleanup Wizard (WSUS), 989–990
server logs, 1005
server-to-server communication security, 962
Site Database Server role (site systems), 39
Site Database tier (ConfigMgr), 70
Site Server role (site systems), 39
Site Server tier (ConfigMgr), 70
site servers
SMSExec (SMS Executive), 73
Windows Server 2016 as site server, 634
site system servers, 39
SMB, 72
SMTP server connection accounts, security, 968
SQL Server, role in ConfigMgr Current Branch, 71
virtual servers, ConfigMgr migration, 264
Web Server tier (ConfigMgr), 70
Windows Server 2016 as site server, 634
service connection point, ConfigMgr/Intune integration, 672–673
service packs
SMS 2.0, 30
services
antimalware as a service, 756–757
availability/delivery, architectural planning/design, 119, 120
bandwidth, 195
BITS 2.5, 194
BITS 3.0, 194
BITS 4.0, 194
content transfers, 52
IGD statistics, 195
online resources, 194
versions of, 194
ConfigMgr Current Branch baseline version 1702, 62
ConfigMgr service location, 174
DRS, database replication, 108–110
IIS, role in ConfigMgr Current Branch, 71
IT service delivery process, architectural planning/design, 121
modern authentication, Office 365 services, 725
Office 365 services, modern authentication, 725
SCP, network communication, 182
service location requests
AD, 192
DNS, 193
network configuration, 192–193
WINS, 193
SMS Agent Host (ccmexec.exe), 74
SPN, troubleshooting network configurations, 215–216
Updates and Servicing node, ConfigMgr Current Branch version 1606, 58
Windows as a Service, 55
WINS, service location requests, 193
WMI services, accessing, 77
servicing
Current Branch, architectural planning/design, 164–166
servicing models, 7
servicing plans, 620–621, 622–623
Windows 10 servicing, 164–165, 620–621, 622–623
Setup Wizard (ConfigMgr), console (ConfigMgr) installations, 295–296
shared DP (Distribution Point)
accessing, 277
ConfigMgr migration, 277
shared infrastructures, ConfigMgr migration, 270
shared WSUS databases, 574
SharePoint Online, conditional access, 737
configuring conditional access policies, 739–740
default state, 738
end-user experience, 740
evaluating conditional access policies, 738–739
security groups, 739
sharing packages, duplicating content on DP, 501
shift and drift (configuration), 11–12
sideloading, application distribution, 471–472
Silverlight-based applications for Windows phone devices, 477–478
Windows 8 applications, 472–477
Windows 8.1 applications, 472–477
Windows 10 applications, 472–477
signed client data, client communication security, 208
Silverlight (MS)
sideloading distributions for Windows phone distributions, 477–478
queries for devices without Silverlight installed, 826–827
Simple Certificate Enrollment Protocol, 129, 714
simple schedules, client settings, 348, 373
simple values (queries), 817
simple/full schedules, architectural planning/design, 157–158
simulating deployments, 555
Site Component Manager, 75
Site Database Server role (site systems), 39
Site Database tier (ConfigMgr), 70
site databases, site capacity planning (architectural planning/design), 142
Site Server role (site systems), 39
Site Server tier (ConfigMgr), 70
site servers
architectural planning/design, 138–141
availability, 139
managing, 139
scalability, 139
site capacity planning, 141
SMSExec (SMS Executive), 73
Windows Server 2016 as site server, 634
site systems
administration (local), 950
Application Catalog Web Service Point role, 133
Application Catalog Website Point role, 133
architectural planning/design, 138–141
availability, 139
managing, 139
scalability, 139
Asset Intelligence Synchronization Point role, 132
Data Warehouse Service Point role, 133
Endpoint Protection Point role, 132
FSP role, 133
OSD site system roles, 897
State Migration points, 903–905
RSP role, 134
SCP role, 133
servers, 39
Site System role, 39
SUP, 133
System Health Validator Point role, 133
sites
active source sites, ConfigMgr migration, 271–272
automatic site-wide client pushing on Windows devices, 326–327
capacity planning, architectural planning/design, 141–142
complexity of, 38
scalability, 38
child sites, ConfigMgr migration, 272–273
ConfigMgr installations, 245–247
troubleshooting site installations, 248–249
ConfigMgr migration
preparing old sites for migration, 268
source/destination sites, 268–269
validating old sites are supported, 268
ConfigMgr sites, 131
primary sites, 132
reusing site codes, 131
secondary sites, 132
console (ConfigMgr), site connections, 298
databases
meeting availability requirements, 145
defined, 36
disaster recovery, 982
prerequisite download requirements, 985
recovering failed sites, 983–986
site database recovery options, 983
site server recovery options, 982–983
verifying recovery, 986
DP properties on site systems, 538
failed sites, recovering, 983–986
FSP
client installations, 247
ConfigMgr installations, 245–247
hierarchy of, 36
complexity of hierarchies, 37
ConfigMgr installations, 247–248
Odyssey hierarchy of sites, 36
secondary sites, 37
importing/exporting query results between sites, 834–836
Intune hybrid, viewing site/component status, 675–676
configuring built-in tasks, 986
maintenance modes, 190
Modify SQL Server configuration, 992
modifying language configuration, 992
optimizing SQL Server, 986–987, 988–989
resetting sites with no configuration changes, 992
SMS provider configuration, 992
prestaged site content, DP, content management, 147
primary sites, 38
collection membership delays, 526
complexity of, 38
ConfigMgr installations, 230–233
replicating collections across primary sites, 524
replicating deployments across primary sites, 524
scalability, 38
replication
collections across primary sites, 524
deployments across primary sites, 524
ConfigMgr installations, 234–236
file replication, 183
hierarchy of sites, 37
network configuration, 176–177
security
site selection, 936
system role assignments, 936–937
selecting, security, 936
site assignment boundary groups, 240–241
site-to-site communication, 129, 962
source site accounts, security, 968
source/destination sites, ConfigMgr migration, 268–269
system role assignments, 936–937
troubleshooting site installations, ConfigMgr installations, 248–249
Six Sigma
ISO 20000, 25
Skype for Business Online, conditional access, 741
modern authentication, 742
policies
evaluating, 743
security groups, 743
supported platforms, 742
SLAs (Service Level Agreements), architectural planning/design, 121
slack space, 762
slash and burn attacks, 933
slow/congested network links, troubleshooting, 214
smart quotes, 433
SMB (Server Message Block), 72, 181
SML (Service Modeling Language)
IT operations and, 19
online resources, 19
SDM versus, 18
SMS (Systems Management Server). See also ConfigMgr 2007
SMS 1.x, 30
SMS 2.0, 30
site maintenance, SMS provider configuration, 992
SMS 1.x, ConfigMgr development, 30
SMS 2.0
ConfigMgr development, 30
service packs, 30
updates, 30
SMS 2003
AD (Active Directory), 31
global roaming, 31
regional roaming, 31
SMS Admins grouP, 308
SMS servers, site server/site system planning, 140–141
SMS Agent Host (ccmexec.exe), 74
SMS Provider role (site systems), 39
SMS providers, 89
console (ConfigMgr) deployments, 294
meeting availability requirements, 145–146
permissions, console (ConfigMgr), 308
SMS writer, ConfigMgr maintenance task backups, 974
SMSExec (SMS Executive), 73
ConfigMgr Update, 74
Discovery Data Manager, 74
Hierarchy Manager, 74
Inventory Data Loader, 74
LAN Sender, 74
RCM, 74
Site Component Manager, 75
SMSPKG folders, 51
SMTP (Simple Mail Transfer Protocol), server connection account security, 968
sniffer-based (eavesdropping) attacks, 960
SOAP (Simple Object Access Protocol), 16
client agent requirements, 316–317
ConfigMgr, software distribution security, 962–963
configuring, complex software installations/configurations with TS, 448
deploying
App Details website, 518
hiding software deployments, 508
Task Sequence Deploy Software Wizard, 907–912
DSL, creating applications, 416
installing
application deployments, 550–552
complex software installations/ configurations with TS, 448
installation wrappers, 455
unattended installations, 454
inventories
licensing, asset data management, 12–13
network configuration, downloading software updates, 182
OS and software provisioning, 11
packages
App Details website, 518
defined, 494
provisioning and OS, 11
SDK, Application Model Kit, 456
Software Deployment settings, client notifications, 156, 359
Software Inventory settings, client notifications, 156, 359–360
Software Libraries, creating applications, 457–458
Software Metering device settings, clients, 360–361
SUG
replication, 598
SUP, 40
client agent installations on Windows devices, 321
IIS configuration, 142
lists, 572
meeting availability requirements, 145
network configuration, 182
NLB, 572
patch management, 578
site capacity planning, architectural planning/design, 142
Software Update Point page (Add Site System Roles Wizard), 580–581
software updates, 571, 630–631
untrusted forests, 573
verifying installations, 587–588
without Internet access, 573
system software security, 955
uninstalling, requirement rules, 411
updates, 156–157, 567, 626–627
account security (ConfigMgr), 967
client device settings, 361
client experience, 623
ConfigMgr Current Branch baseline version 1511, 55
ConfigMgr Current Branch baseline version 1702, 62–63
ConfigMgr Current Branch baseline version 1706, 66
ConfigMgr Current Branch new features, 567–569
ConfigMgr software update management source, 772
ConfigMgr Current Branch version 1602, 57
ConfigMgr Current Branch version 1606, 59
ConfigMgr Current Branch version 1610, 61
coordinating updates, 570
downloading, 631
managing, 51
monitoring update process, 629–630
network communication, 182
patch testing, 570
policies, 570
role-based administration, 571
scheduling updates, 570
scope, 570
software update inventory classes, 848
Software Update page (Deploy Software Updates Wizard), 611–612
Software Update Point page (Add Site System Roles Wizard), 580–581
support, 570
Windows Embedded systems, 607
WUfB, 55
Software Center
ConfigMgr 2012, 34
ConfigMgr Current Branch baseline version 1511, 55
ConfigMgr Current Branch version 1610, 61
ConfigMgr Current Branch version 1710, 67
device settings, 359
new Software Center, 410, 560–562
old Software Center, 410, 556–557
uninstalling applications, 487–488
Software Library (ConfigMgr console), 290–291
source files, backups, 981
source/destination sites
account security, 968
SPN (Service Principal Name), troubleshooting network configurations, 215–216
spoofing attacks, 960
SQL (Structured Query Language)
ConfigMgr data views
collection data classes, 850
discovery classes, 846
software metering inventory classes, 848–849
software update inventory classes, 848
state message classes, 849
status message classes, 849
converting WQL to, 828
database backups, 970, 974–975
backup folder structure, 979–980
queries, 851
ORDER BY statements, 852
SELECT statements, 851
FROM statements, 852
WHERE statements, 852
ORDER BY statements, 852
SELECT statements, 851
FROM statements, 852
WHERE statements, 852
SQL Server
backups, 171
communication
network configuration, 179–180
security issues, 180
ConfigMgr installations, SQL Server requirements, 220–221
ConfigMgr upgrades
SQL Server support, 257
SQL Server test upgrades, 258
domain accounts (AD), 221
optimizing for site maintenance, 986–987, 988–989
replication
global data, 187
network configuration, 187–190
replication groups, 189
replication patterns, 189
SSB, 188
role in ConfigMgr Current Branch, 71
security, SQL Server communication, 180
site maintenance, Modify SQL Server configuration, 992
SQL Server Management Studio, 850, 851–852
SSB, 188
SSDT-BI, creating reports/dashboards, 855–858
SSRS, backups, 981
SQL Server Agent node, CD.Latest folder backups, 975–976
SQL Server AlwaysOn availability groups, ConfigMgr Current Branch version 1602, 56
SQL Server Management Studio, ConfigMgr databases, 102–103
SSB (SQL Server Service Broker), 188
SSDT-BI (SQL Server Data Tools-Business Intelligence)
reports/dashboards, creating, 855–858
adding tables to reports/dashboards, 861–863
creating data sources, 858–859
previewing reports/dashboards, 863
publishing to SSRS website, 866–868
SSRS (SQL Server Reporting Services), 53, 843–844
backups, 981
ConfigMgr 2007, 32
ConfigMgr 2012, 35
Reporting Services Point role (site systems), 40
reports/dashboards
deploying entire projects, 868
manually adding to SSRS, 864–866
from SSDT to SSRS website, 866–868
Stand-Alone CD/DVD page (Create Task Sequence Media Wizard), 914
stand-alone Intune, hybrid Intune versus, 652–653
stand-alone media, OSD deployments, 913–915
stand-alone Prerequisite Checker, 223–225
startup scripts, client installations, 149–150
state messages, 623
classes (SQL views), 849
client device settings, 361–362
State Migration points
OSD site system roles, 903–905
State Migration Point role (site systems), 40
USMT, 905
static (direct) rules, collections, 525–526
status messages
classes (SQL views), 849
ConfigMgr databases, 106
queries
in-depth analysis with, 837–838
storage
enterprise storage, architectural planning/design, 122
Intune, 655
project storage, recommended locations, 858
subnets, architectural planning/design, 136–137
subscribing to
removing subscriptions, 674
subselect queries, 818
SUG (Software Update Group)
replication, 598
software updates
deploying, 598
SUP (Software Update Point), 133
client agent installations on Windows devices, 321
IIS configuration, 142
lists, 572
meeting availability requirements, 145
network configuration, 182
NLB, 572
patch management, 578
site capacity planning, architectural planning/design, 142
Software Update Point page (Add Site System Roles Wizard), 580–581
software updates, 571, 630–631
untrusted forests, 573
verifying installations, 587–588
without Internet access, 573
Supercedence Rules page (Add Site System Roles Wizard), software updates, 584
Supercedence tab properties (applications), 427
superceding applications, 452
supernets, architectural planning/design, 136–137
support
ConfigMgr console connection support, site server/site system planning, 140
software updates, 570
Windows 10, 7
Symantec, 2016 Internet Security Threat Report, 10–11
sync failed error messages, 588
synchronization
AI, network communication, 182
applications from Windows Store for Business, 492
Asset Intelligence Synchronization Point role (site systems), 40
defined, 582
identities, 656
Intune hybrid directories, 678
passwords, 656
policy synchronization, Intune, ConfigMgr Current Branch version 1610, 60
Synchronization Schedule page (Add Site System Roles Wizard), software updates, 583
Synchronization Source page (Add Site System Roles Wizard), software updates, 582–583
updates, WSUS installations, 577
SyspreP, OSD imaging, 875
System Center Operations Manager. See OpsMgr
System Discovery (AD), 127
System Health Validator Point role (site systems), 40, 133
System Role Selection page (Add Site System Roles Wizard), software updates, 579–580
system roles, security, 936–937
systems management, 14
cloud computing, 13
ConfigMgr, 26
distributed enterprises and, 10–11
DSI, 18
Forrester Research, 10
methodologies, 14
Microsoft strategies for, 16
model-based management, 16
security, lack of security/control, 12
shift and drift (configuration), 11–12
web services standards, 16
tables
adding to reports/dashboards, 861–863
ConfigMgr
databases, 102
queries and, 828
TargetServerURL value, publishing reports from SSDT to SSRS website, 867–868
temporary passwords, Android devices, 700
testing
Current Branch, architectural planning/design, 166–168
DP, troubleshooting network configurations, 214–215
MP, troubleshooting network configurations, 214–215
OSD testing, 877
patch testing, software updates, 570
text files, exporting query results to, 834
threads (concurrent), defined, 40–41
threats
defined, 934
threat intelligence, 801
time to resolution, 372
Toolbox menu (SSDT-BI), creating reports, 860–861
topologies (network), site server/site system planning, 138
TQM (Total Quality Management), 24
transfer rates, file replication, 186–187
transferring content via BITS, 52
trial offers, Intune, 653, 655
troubleshooting
authentication required errors, downloading contents from peer content sources, 204
client agent installations, 330–332
Compliance Settings, settings management, 406–407
conditional access, 750, 752–753
ConfigMgr
migrations, 280
online resources, 249
console (ConfigMgr), 311
common problems, 313
connectivity issues, 313
content distribution, 548
firewall ports, network configuration, 212–214
firewalls, online resources, 214
Hybrid Diagnostics tool, 685
Intune, server browsers, 666–667
Intune hybrid, 674
directory synchronization, 678
Hybrid Diagnostics tool (ConfigMgr), 679, 685
Microsoft TechNet Forum, 679
viewing Intune status, 677
viewing site/component status, 675–676
network configurations, 209
basic network connectivity, 209–211
congested/slow network links, 214
testing DNS resolution, 211–212
OSD, 919
boot image command-line support, 921
peer content sources, downloading contents from, 204
ports
PortQry, 214
routers, network configuration, 212–214
server browsers (Intune), 666–667
software updates, 629, 632–633
sync failed error messages, 588
WMI, troubleshooting client agent installations, 331
trusted CA certificates, 714
trusted root keys, 129
TS (Task Sequence)
application best practices, 456
complex software installations/ configurations, 448
Create Task Sequence Media Wizard
Customization page, 915
Distribution Points page, 914–915
Security page, 914
Stand-Alone CD/DVD page, 914
creating, 893
deploying
high-risk deployments, 909
bootable media deployments, 915–917
building/capturing reference OS images, 891
capture media deployments, 917
creating new TS, 893
installing existing image packages, 889–891
installing existing image packages to VHD, 892
prestaged media deployments, 918–919
stand-alone media deployments, 913–915
upgrading OS from upgrade packages, 892–893
reference systems, capturing, 891
Task Sequence Deploy Software Wizard, 907–908
Alerts page, 912
Deployment Settings page, 909–910
Distribution Points page, 912
General page, 908
User Experience page, 911
T-SQL (Transact-SQL) queries, 850–851
EP alerts, automating, 797
ORDER BY statements, 852
SELECT statements, 851
FROM statements, 852
WHERE statements, 852
UEFI (Unified Extensible Firmware Interface), BIOS-to-UEFI conversions, 61
unattended installations, console (ConfigMgr), 296–297
unattended OSD deployments, 919
unattended software installations, 454
UNC (Universal Naming Convention) file shares, definition updates, 782–783
unicast WOL (Wake on LAN), 366–367
uninstalling
applications
deploying uninstall applications, 549–550
client agents, 332
software, requirement rules, 411
UNIX
client agents, manual installations on UNIX computers, 320
untrusted forests, SUP, 573
updates
architectural planning/design
continuous updates, 164
bundle updates, 649
collections, 528
cascading updates, 529
full updates, 528
manual updates, 528
CD.Latest files, 253
online resources, 67
ConfigMgr Current Branch baseline version 1702, 62
ConfigMgr Update, 74
in-console updates
ConfigMgr Current Branch baseline version 1511, 54
ConfigMgr Current Branch version 1610, 60
continuous updates, architectural planning/design, 164
Current Branch, architectural planning/design, 164–166
custom update signing, 129
definition updates, 765, 771–772
architecture of, 772
file shares (UNC) source, 782–783
MMPC updates, 780
WSUS and Microsoft Update sources, 780–782
deploying, troubleshooting, 631–632
downloading, 631
DP
ConfigMgr Current Branch version 1606, 58
content, 537
dynamic collection updates, ConfigMgr 2007, 33
expiring updates, 645
feature updates (Windows 10 servicing), 613
Microsoft Update sources and WSUS, 780–782
MMPC updates, 780
quality updates (Windows 10 servicing), 613
SCUP, 633
rules, 649
security, automation, 11
SMS 2.0, 30
software, 156–157, 567, 626–627
account security (ConfigMgr), 967
client device settings, 361
client experience, 623
ConfigMgr Current Branch baseline version 1511, 55
ConfigMgr Current Branch baseline version 1702, 62–63
ConfigMgr Current Branch baseline version 1706, 66
ConfigMgr Current Branch new features, 567–569
ConfigMgr software update management source, 772
ConfigMgr Current Branch version 1602, 57
ConfigMgr Current Branch version 1606, 59
ConfigMgr Current Branch version 1610, 61
coordinating updates, 570
downloading, 631
managing, 51
monitoring update process, 629–630
network communication, 182
patch testing, 570
policies, 570
role-based administration, 571
scheduling updates, 570
scope, 570
software update inventory classes, 848
Software Update page (Deploy Software Updates Wizard), 611–612
Software Update Point page (Add Site System Roles Wizard), 580–581
support, 570
Windows Embedded systems, 607
WUfB, 55
SUP, 133
client agent installations on Windows devices, 321
IIS configuration, 142
lists, 572
meeting availability requirements, 145
network configuration, 182
NLB, 572
patch management, 578
site capacity planning, architectural planning/design, 142
Software Update Point page (Add Site System Roles Wizard), 580–581
software updates, 571, 630–631
untrusted forests, 573
verifying installations, 587–588
without Internet access, 573
synchronizing, WSUS installations, 577
Updates and Servicing node, ConfigMgr Current Branch version 1606, 58
database backups, 989
DSI and, 17
re-indexing databases, 990–991
Server Cleanup Wizard, 989–990
Software Update Point role (site systems), 40
WUfB, ConfigMgr Current Branch baseline version 1511, 55
upgrades
classifying, 585
clients
client installations, 150
AIK, 257
baseline support, 257
finding supported overlaP, 257–258
migration versus upgrades, 263–264
performing an upgrade, 258–262
preparing for an upgrade, 257–258
SQL Server support, 257
SQL Server test upgrades, 258
Windows OS support, 257
high-risk deployments, 622
Operating System Upgrade Task Sequence, 55
OS upgrade packages, and OSD, 884–885, 892–893
OSD upgrades
OS upgrade packages, 884–885, 892
Upgrade Readiness, ConfigMgr cloud connections, 244
UPN (User Principal Name)
ADModify Tool, 660
Intune environment preparation, 658–659, 666
verifying, 666
URL (Uniform Resource Locator), 1023
ConfigMgr resources, 1030–1043
live links, 1050
TargetServerURL value, publishing reports from SSDT to SSRS website, 867–868
Usage Data Collection, ConfigMgr Current Branch baseline version 1511, 54
user accounts (ConfigMgr Migration), 271
user collections, Exchange On-Premises, 748
User Data and Profiles (Compliance Settings), 374, 377
User Discovery (AD), 127
user experience, architectural planning/design, 119
User Experience page
Deploy Software Updates Wizard, software updates, 606
Task Sequence Deploy Software Wizard, 911
users
Active Directory User Discovery
client installations, 152, 153
administrative security, 940–941
Android end user experience, 490–491
architectural planning/design, defining user experience, 158–159
Azure user identities, 655
cloud identities, 655
federated identities, 656
login ID (alternate), 664
synchronized identities, 656
end-user experience, application/package deployments, 555–556
global conditions, 435
Intune
user collections, 666
iOS end user experience, 490–491
primary users, defined, 460
uninstalling applications from Software Center, 487–488
User and Device Affinity device settings, clients, 362
USMT (User State Migration Tool), 876, 905
utilities, online resources, 1045–1047
UWP (Universal Windows Platform), 55
validation
ConfigMgr
migration, validating old sites are supported, 268
DP content, 536
pre/post-change validation, Compliance Settings, 372
custom detection methods, creating, 432–433
smart quotes, 433
VDM (Virus Definition Module), definition updates
architecture of, 772
definition rebase process, 773
vendor names, 648
verifying
custom domains, Intune environment preparation, 656–658
prestaged content, 547
site recovery, 986
UPN, 666
Windows Installer detection methods, 487–488
VHD (Virtual Hard Disk), installing existing image packages to VHD, 892
viewing
in-console alerts, 300
Intune hybrid site/component status, 675–676
Intune status, 677
multiple IP addresses, 210–211
policies (client communication), 178
status message queries, 838–839
WMI, 94
views (ConfigMgr databases), 102, 105–106
virtual servers, ConfigMgr migration, 264
virtualization, 121
App-V
ConfigMgr 2007, 32
installing applications, 466–467
App-V 4.6 DT, creating, 465
viruses, VDM definition updates
architecture of, 772
definition rebase process, 773
Visual Studio and DSI, 17
VPN (Virtual Private Network) profiles
applications, 482
vulnerabilities
defined, 934
Vulnerability Assessments, 376
Wake-up proxies (WOL), 367
WAN (Wide Area Network)
BranchCache
network configuration, 197–200
optimization, 53
Peer Cache
network configuration, 200–204
WDO (Windows Defender Offline), 762–763
WDS (Windows Deployment Services), PXE points, 899
WDSI (Windows Defender Security Intelligence), 763–764
web applications, creating, 490–491
web resources, 1023
App Details website, software packaging/deployment, 518
BITS, 194
boundaries/boundary groups, 208
CIM, 83
ConfigMgr, 27
Azure and ConfigMgr migration, 264
deprecated features, 68
troubleshooting, 249
updates, 67
version 1511, 54
cryptographic controls, 208
firewalls, 214
group policy, 195
I&O Maturity Model, 26
Intune support, 679
live links, 1050
MOF, 24
prerequisite information, ConfigMgr installations, 219
SML (Service Modeling Language), 19
WMI, 89
Web Server tier (ConfigMgr), 70
web services standards, systems management, 16
websites, role of IIS in ConfigMgr, 71
WHERE clauses (queries), 817
WHERE statements, SQL/T-SQL queries, 852
Wi-Fi profiles
pre-shared keys, 718
Windows 8, sideloading application distributions, 472–477
Windows 8.1
CI, 396
sideloading application distributions, 472–477
Windows 10
client agents
authentication on Azure AD-joined Windows devices, 322–323
group policy installations on Windows devices, 320–321
keychain access, 319
limiting enrollment certificates, 319
logon script installations on Windows devices, 320
manual installations on Windows computers, 317–318
SUP installations on Windows devices, 321
co-management, enabling devices, 1018–1019
ConfigMgr
installations, Windows requirements, 218–220
upgrades, 257
ConfigMgr Current Branch version 1710, client management, 66
GPO, 380
provisioning packages, 695
SCEP, 766
ConfigMgr Current Branch version 1602, 57
servicing plans, 620–621, 622–623
updates, 613- 613
Windows 10 Servicing Model, 164–165
sideloading application distributions, 472–477
support, ConfigMgr, 7
UWP, 55
Windows as a Service, 55
Windows ADK (Assessment and Deployment Kit), 875, 876
DISM, 876
WinPE, 875
WSIM, 875
Windows Analytics, client device settings, 362
Windows Defender, 755, 771–772
capabilities of, 756
antirootkits, 758
capabilities of, 802
configuring, 803
cloud-based protection, 759
ConfigMgr Current Branch version 1610, 60
definition updates, 765
architecture of, 772
ConfigMgr software update management source, 772
definition rebase process, 773
file shares (UNC) source, 782–783
MMPC updates, 780
WSUS and Microsoft Update sources, 780–782
diagnostic scanning, 758
ELAM, Windows Defender ELAM Driver, 803
EP alerts
local context, 761
SCEP and, 766
Windows Defender ELAM Driver, 803
Windows desktop/server CI, 387, 388–391
Windows Embedded systems
software updates, 607
write filters, creating applications, 456–457
Windows Firewall policies, 785
Windows Hello for Business
ConfigMgr Current Branch baseline version 1511, 56
ConfigMgr Current Branch baseline version 1702, 64
Windows Insider Program, 615
Windows Installer
applications
creating detection methods for, 427–428
(.msi)-based applications, creating, 416–417
ConfigMgr Current Branch baseline version 1511, 55
detection methods, verifying, 487–488
MDM and, 55
MSI files, 55
Windows Installer tab properties (programs), 513
Windows OS
antimalware, 759
Measured Boot, 760
enabling devices for management, 692–693
Windows Phone devices
CI, 397
deeplinking application distributions, 482–483
enabling devices for management, 688–689
enrolling devices
automatic Intune enrollment, 689–690
Windows 10 mobile devices, 690–692
Windows Server, Azure AD Connect installations, 661
Windows Server 2016
as site server, 634
Windows Store
ConfigMgr Current Branch baseline version 1511, 55
deeplinking application distributions, 482–483
Windows Store for Business, applications
synchronizing, 492
volume license purchases, 447
Windows Telemetry, ConfigMgr Current Branch version 1710, 67
WinPE (Windows Preinstallation Environment), 55, 875
WinRM (Windows Remote Management), 77
WINS (Windows Internet Name Service)
client agent assignments, 345
service location requests, 193
wiping mobile devices, 698–699
wire-based NIC (Network Interface Card), imaging systems without, 917
WMI (Windows Management Instrumentation), 76
client agent installations, troubleshooting, 331
ConfigMgr
console (ConfigMgr), WMI permissions, 309–310, 312–313
data flow, 78
DCOM, 77
EP alerts, automating, 797
hardware inventories, 94–98, 102
managing, 83
remote management, 84
online resources, 89
queries, creating, 816
services, accessing, 77
SMS providers, 89
troubleshooting client agent installations, 331
usage examples, 77
viewing, 94
WinRM, 77
WQL, 78
WOL (Wake on LAN), 365
configuring, 366
magic packets, 365
prerequisites, 365
Wake-up proxies, 367
workgroups, architectural planning/design, 124–128
workstations, administration workstations, security, 937
WQL (WMI Query Language), 46, 78
converting queries to SQL, 828
creating queries, 810
date/time functions in queries, 824–825
Extended WQL, limitations in ConfigMgr, 823–824
wrappers, 487
wrapping applications, 440, 712
write filters (Windows Embedded), creating applications, 456–457
WSIM (Windows System Image Manager), 875
WSUS (Windows Server Update Services), 574, 967, 989
application pool memory, 631
ConfigMgr installations, 222
databases, 782
backups, 989
shared databases, 574
DSI and, 17
PowerShell installations, 576
synchronizing updates, 577
Microsoft Update sources, 780–782
Proxy and Account Settings page (Add Site System Roles Wizard), software updates, 581
self-signed certificates, 635
Server Cleanup Wizard, 989–990
Software Update Point role (site systems), 40
versions of, 222
WSUS clean-up task, ConfigMgr Current Branch baseline version 1511, 55
WUfB (Windows Update for Business), ConfigMgr Current Branch baseline version 1511, 55
WunderBar. See Navigation pane (ConfigMgr console)
XML (eXtensible Markup Language)
ConfigMgr databases, client settings, 104–105
.zip files (compressed), importing/exporting, 545