Configuration Manager update 2207 is the recently released update of Microsoft Endpoint Configuration Manager version. 2207 update is available as in-console update, this is not a baseline version. Configuration Manager version 2207 will only be available in console after global availability of in-console update. You can still install this update, for that you need to opt in using a script provided by Microsoft.
Following are the benefit of in-console update:
In-console updates provides greater flexibility of upgrading the SCCM Current Branch by getting updates of SCCM within SCCM console only.
- You just need to make sure that “Service connection point site system role” should be installed on SCCM to make sure synchronization schedule pull latest updates for SCCM.
- Once you install in-console update on CAS site, updates will be automatically applied to Primary sites. For secondary sites, you need to initiate it manually.
Configuration Manager Supported Versions:
Configuration Manager 2103 and 2203 are the 2 supported Baseline versions when publishing this post. If you are doing fresh setup of SCCM, you can download and use this Baseline version as baseline media for installation through Volume Licensing Service.
|Version||Availability date||Support end date||Baseline||In-console update|
Servicing Support for Configuration Manager
Microsoft releases update for Configuration Manager current branch version 3 times a year. Each update is supported for a period of 18 months. For 18 months of lifecycle, initial 4 months are for Security & Critical Updates while next 14 months are for Security Updates only. Above mentioned table can be used to see the servicing life cycle for Configuration Manager updates (supported versions of Configuration Manager including both Baseline and In-console update)
Following link can be used as a reference for supported versions
Supported ADK version
Make sure to have supported Windows ADK version, following is the table showing support for existing ConfigMgr versions:
|Windows ADK version||ConfigMgr 2103||ConfigMgr 2107||ConfigMgr 2111||ConfigMgr 2203||ConfigMgr 2207|
|Windows Server 2022|
|Windows 10, version 2004|
Windows 10, version 2004 is the only version which is supported for last all 5 versions of Configuration Manager
What’s new in SCCM 2207
For detailed list on what’s new in version 2207 of Configuration, you can follow this What’s new in version 2207
Following are the improvements and new features, important things to be noted down is:
- Enhanced security for Configuration Manager administration service
- Simplified application deployment approval
- Include and prefer a cloud source for a management point in a default boundary group
- Granular control over compliance settings evaluation
- Improved manageability of automatic deployment rules (ADRs)
- Enhanced control over monthly maintenance windows
- Improved Microsoft Defender for Endpoint (MDE) onboarding for Windows Server 2012 R2 and Windows Server 2016
- Enhanced protection for untrusted environments
- Improvements to the console
- Improvements to the dark theme
Following is the Checklist for installing update 2207 for Configuration Manager
Early update ring – Download opt-in script
As Configuration Manager version 2203 has released recently only, it is available for early update ring. We need to opt in for installation, ie we have to download the Version 2207 opt-in script
Once downloaded (EnableEarlyUpdateRing2207.exe), execute it to extract EnableEarlyUpdateRing2207.ps1
Open PowerShell as Administrator, and run following command:
.\enableearlyupdatering2207.ps1 -siteServer <SiteServername>
(Replace <SiteServerName> with your SCCM server)
Configuration Manager 2207 will be made available immediately under Updates and Servicing.
Install Configuration Manager 2207 update
Login to SCCM server, open Configuration manager console and navigate to \Administration\Overview\Updates and Servicing, we can see new version available “Configuration Manager 2207” version 5.00.9088.1000.
Downloading should start automatically, if not should Right click “Configuration Manager 2207” and click on download.
The status of the update will soon change from available to downloading. It will download the update in cab format (91959d25-96b7-47fa-a36e-e958f2454ce3.cab) which can be monitored through dmpdownloader.log and the location of update will be:
D:\Program Files\Microsoft Configuration Manager\EasySetupPayload
Following info you can see in the dmpdownloader.log:
Content for 91959d25-96b7-47fa-a36e-e958f2454ce3 does not exist locally. Download it from internet
File 'D:\Program Files\Microsoft Configuration Manager\EasySetupPayload\91959d25-96b7-47fa-a36e-e958f2454ce3.cab' is signed and trusted.
File D:\Program Files\Microsoft Configuration Manager\EasySetupPayload\91959d25-96b7-47fa-a36e-e958f2454ce3.cab has been extracted with 0
Once downloaded, cab file will be extracted with in same folder and original cab will be deleted, you will be able to see following folder:
D:\Program Files\Microsoft Configuration Manager\EasySetupPayload\56db32ee-4377-460e-bb19-5095fbcfbe1d
Once update is download, you will see the status as “Ready to Install” for “Configuration Manager 2207”
Run Prerequisite Check
Select “Configuration Manager 2207”, right click and select “Run Prerequisite Check”, the status will change to “Checking prerequisites”. Verify CMUpdate.log for process initiation and verify c:\ConfigMgrPrereq.log for success or failure.
CMUpdate will show you multiple stages of Prerequisite check which can be seen as SubStageID such as 0xe0005.
Wait for last stage to get it completed.
You will see following in CMUpdate.log:
Content replication succeeded. Start extracting the package to run prereq check...
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xd0005, IsComplete=1, Progress=1, Applicable=1)
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xd0005, IsComplete=1, Progress=25, Applicable=1)
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xd0005, IsComplete=2, Progress=100, Applicable=1)
Running prereq checking against Server [SCCM01.MANBAN.COM] ...
ConfigMgrprereq.log will show: ******* Prerequisite checking is completed. *******
We got the result “Prerequisite check passed with warnings”, we can continue with installation now, but in production environment make sure to get rid of any warnings that appears which can be checked through Updates and servicing status.
Initiate Install Update Pack
Open SCCM Console, click on Administration Tab, go to Overview > Updates and Servicing. On right Pane you will be able to see now “Configuration Manager 2207”, from the top ribbon select “Install Update Pack”.
This will launch Configuration Manager Update Wizard, under General page check the box Ignore any prerequisite check warnings and install this update regardless of missing requirements. Once again, don’t do it in production environment. Click Next.
Under Features included in update pack page, select the options you want to enable or leave it as default. You can enable this at later stage as well. Click Next
Under Client Update Settings page, select Validate in pre-production collection and select the collection used for this so that you can test new client agent on few systems before rolling out in production. Click Next.
Under License Terms page, check the box “I accept these License Terms and Privacy Statement”. Click Next.
You will get completion status, click on Close to exit.
Under SCCM Console, you will see the installation status showing as Installing.
You can monitor the installation through Monitoring \ Overview \ Updates and Servicing Status and through CMUpdate.log.
Navigate to \Monitoring\Overview\Updates and Servicing Status, select Configuration Manager 2207, right click and select Show Status.
Update Pack Installation Status will show the installation progress.
One important update I saw in monitoring ie.:
[Completed with warning]:HTTPS or Enhanced HTTP are not enabled for client communication. HTTP-only communication is deprecated and support will be removed in a future version of Configuration Manager. Enable a more secure communication method for the site either by enabling HTTPS or Enhanced HTTP. For more information, see https://go.microsoft.com/fwlink/?linkid=2155007.
Organizations should plan upgrading to Https communication.
After waiting for some time, Update Pack installation status will show success in cmupdate.log with message:
Content replication succeeded. Start extracting the package to run prereq check...
Update pack install status will show the upgrade has been completed.
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xe0005, IsComplete=2, Progress=100, Applicable=1)
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xe0006, IsComplete=1, Progress=1, Applicable=1)
MonitorDrsReplication waiting for server to be in replication active state for maximum 1800 second .
check current replication details
successfully detected the site server is in ReplicationInactive state.
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xe0006, IsComplete=2, Progress=100, Applicable=1)
Once installation is done, and you try to open the SCCM console, this will ask you to update your console with version 5.2207.1048.1700. Click on Ok to initiate download and install.
Download of Adminconsole.msi will happen at following location:
C:\Program Files (x86)\ConfigMgr10\AdminconsoleSetup\469A3000-14DA-425E-B288-4B0E16DB87C4
Adminconsole.msi will be visible which will be executed automatically.
Downloading & installation of console can be verified through log file:
Once completed you can verify the site version and control version (by clicking on top left of the SCCM ribbon and selection option “About Configuration Manager”.
Console Version: 5.2207.1048.1700
Site Version: 5.0.9088.1000
Navigate to \Administration\Overview\Updates and Servicing, we can see Configuration Manager 2207 showing status as “Installed”
We can see the Production client version is 5.00.9078.1006 and Pre-production client version is 5.00.9088.1007 under \Administration\Overview\Site Configuration\Sites.
Updated client version (5.00.9088.1007) is currently Pre-production client version which is targeted on collection “Pilot Client” as we selected during installation Phase. Under Hierarchy Settings Properties, we must make sure to check the box “Upgrade all clients in the hierarchy using production client”
Source of this client version is created in StagingClient under Microsoft Configuration Manager Folder:
Promote Pre-production Client
If you want to promote the Pre-production client in production environment, then navigate to \Monitoring\Overview\Client Status. Right click Pre-production Client Deployment and select Promote Pre-production Client.
Promote Pre-production Client window will appear, click on Promote to replicate the changes in the environment using new SCCM client package.
Update Boot image
For better support with your boot images, it is recommended to update the client version in boot image as well, though old one will also work fine. Benefit of having latest client version in boot image is better support and compatibility.
Navigate to \Software Library\Overview\Operating Systems\Boot Images, select the boot image and click Update Distribution Points. You will be represented with current Windows ADK version and current client version and showing the old client version as well.
You don’t require to select “Reload this boog image with the current Windows PE version from the Windows ADK”, this option is only required when you have updated the ADK.
The consequences of reloading the boot image is, you are going to loose all kind of customization done (if any) within the boot image such as injecting MsDart binaries, increasing smsts.log file size using smsts.ini etc, everything will be lost. For more info on find the link on Customize boot image