Thanks for joining our wrap up webinar with MVP Jason Sandys. Jason and I had a chance to explore the MMS conference and we each came away with lots of new things to share. If you missed the live session, the recording is available to you now. Below are some questions that were asked and if you have any more, please reach out on Twitter @1E_Global.
Question: Can the analytics tell us why a machine triggered bit locker recovery prompt? or is there any way to know why a pc is asking for bit locker recovery key?
Answer: I haven’t seen this specific data but it may be in there. This link talks about how to determine what is causing the issue.
Question: How does CM Pivot stand up against Tachyon?
Answer: CMPivot (Technical Preview 1805) is a really useful graphical utility that will help you query Windows Diagnostics Data (aka Telemetry) in real time. The GUI was written in the 15 days before MMSMOA (really impressive). For every query of Diagnostic Data, a Kusto (Log analytics language) like the query is written for you. The data is retrieved via the use of Current Branch Fast Channel, aka BGB big green button (online status). The Fast channel can only query 42 devices simultaneously and is used by multiple features of Current Branch. During the Demo in the MMSMOA State of the Union, it took longer than 5 minutes to get back the BIOS on 42 of 250+ devices. Each query gives me time to go get a coffee. I like the idea of CMPivot as it allows me a real-time query of data already gathered in ConfigMgr inventory or via Windows Analytics. Any centrally collected data is prone to be out of date. Once you have the group of machines you want to work with you can start to think about change via the Script engine new in ConfigMgr or standard software deployments.
1E Tachyon is a modern application that allows massively parallel communications. By ‘massively parallel’, I mean a 5 or so second response time of 1,500,000 endpoints. We are not limited to that number, rather that is high as we have tested… so far.
Why write a massively parallel secure framework? ConfigMgr and Security tools do a phenomenal job of processing the known jobs of Traditional IT. To go forward you need to go big or go home. When you go big you can’t use black boxes with major SSD, NIC, RAM, and processing requirements on the client can’t prevent your business form making money; you have to be flexible work on-prem and the cloud out of the box. Tachyon accentuates ConfigMgr and allows you to fix the ConfigMgr clients when they break as well as change configurations at the speed of thought. No longer need you fear the managerial drive-by of what is in our environment right now, what configuration change needs to occur, what security vulnerability do I need to hunt for, what has changed, what is new, what needs to be fixed. No longer am I constrained to only devices that have a CM agent that is working and in the office or VPN connection. Unlimber your work day while staying focused on getting it done with a 5-second delay between asking a multitude questions and taking actions to ensure change. Then go get a coffee.
Question: CM Pivot – seems like a response to Tanium…?
Answer: CMPivot is cool see above. It is not ONLY a response to Tanium but also to the Command Channel of BigFix, and many other pseudo direct endpoint connection technologies. Remember Tanium’s heritage is that of BigFix. However, 9-year-old code like Tanium is like an iPhone one to modern technology. Yes, it is a smartphone. However, newer smartphones are much better and don’t use the same communication technologies (5g versus edge). CM Pivot is about making ConfigMgr an even better and useful tool than it is today. Imagine building a collection graphically versus WQL kung fu!
Question: Do you have any feel for how soon we may see SQL performance improvements incorporated into SCCM? Things like the indexing you mentioned, etc.
Answer: Great question and there is hope! The session had two speakers. MVP Steve Thompson (Awesome) and Microsoft Internal IT Benjamin Reynolds. One would assume that Ben’s suggestions will get incorporated. TP1805 has several fixes for WSUS server. The indexes were not part of the TP but that doesn’t mean they aren’t great ideas for another TP/CB. David James in a couple of sessions mentioned a feature of Current Branch called Management Insights. Currently, there are 12. David James was talking about hundreds within the next year. I don’t see any reason why something like this won’t be incorporated. Go to User Voice and get voting!
Question: If you have an alternative content provider like 1E, or Adaptiva, how does that affect the bulletin in optimization?
Answer: Alternative Content Provider (ACP) takes precedence over Peer Cache, Branch Cache, and Delivery Optimization as related to ConfigMgr. Keep in mind the optimization slide is about ensuring you have tuned Delivery Optimization so you aren’t negatively impacting your Windows 10 estate. The trifecta of PC, BC, and DO gives you an overlapping answer to poorly connected sites, roaming clients, or with 1E remote clients connected via VPN and the rest. Pure ACP providers like Adaptiva are losing the lead which is why you see them making partnerships with competing technologies to Microsoft. 1E has a very robust and well-tuned ACP but that is just where the company starts. The 1E Windows Servicing Suite (WSS) is all about scaling your support of Windows as a Service without additional overhead. Modern IT and WaaS should be Business as Usual and not a struggle. With 1E and Microsoft you get that easy button.
Question: Is there a “Roadmap” type document for ConfigMgr / Windows 10 showing the benefits/detriments of the various versions now and (possibly into the future)
Answer: Not really.
Just assume that every version of Semi-Annual Channel (SAC) release of Windows 10 will have more features, security enhancements, and improvements. You can view all the changelogs for Windows 10 here. If you want to get to know more about Windows 10 before each SAC check out the Windows Insider Program.
ConfigMgr has 3 releases a year. Fall, Summer, and Spring. Fall and Spring are to ensure support of each SAC W10 release. Summer is about new features of ConfigMgr. As for change logs for each version, those exist but only after they are released. If you want to get to know more about each release of ConfigMgr before Current Branch check out the Technical Previews.
Question: It appears (in our environment) that the Windows 10 Team may drive the Update schedule for the ConfigMgmt team and we’re trying to get a better handle when we have to be prepared for a CM Update.
Answer: ConfigMgr has 3 releases a year. Fall, Summer, and Spring. Fall and Spring are to ensure support of each SAC W10 release. Summer is about new features of ConfigMgr. If you are being driven by Semi-Annual Channel for Windows 10 then you really need to focus on the Fall and Spring releases. Great news during the State of the Union session the Product team showed that >62% of ConfigMgr CB environments had updated to CB 1802 and they had less than a 0.04% server upgrade failure rate. That’s impressive! Any issues with a CB are usually talked about on Twitter right away.
Question: Decline updates in WSUS, is that for a pure WSUS?
Answer: Tuning WSUS and ConfigMgr is a huge topic. I highly recommend you check out Brian Mason’s and Johann’s recent blog posts. At a super high level try to tune for the following:
- Review what updates you bringing down. If you are not patching it you probably don’t need to download it
- Remove patches for Itanium if you don’t have Itanium
- Run the indexes from Steve Thompson AKA Soup
- NEW: I haven’t tried this yet!!!! Warning: Please research before you try it. In CB1802 a new feature was added that would allow you to move a primary sites libraries. Turns out if you use the feature this ONLY moves currently active and referenced content. So if you move it away and move it back you will shrink your data. COOL!
Thanks again to Mr. Sandys for joining us. Check out the recording and get in touch if you have any questions!