Wednesday, December 1, 2021

Update 2111 for Microsoft Endpoint Configuration Manager current branch is now available

Update 2111 for Microsoft Endpoint Configuration Manager current branch is now available. Microsoft Endpoint Manager is an integrated solution for managing all your devices. Microsoft brings together Configuration Manager and Intune into a single console called Microsoft Endpoint Manager admin center. We are excited to announce that two popular pre-release features, orchestration groups and application groups are now full features in this release.


Many server administrators need to carefully manage updates for specific workloads and automate behaviors in between. An orchestration group gives you the flexibility to update devices based on a percentage, a specific number, or an explicit order. You can also run a PowerShell script before and after the devices run the update deployment.


Starting in this release Pre and post-scripts for orchestration groups now require approval to take effect. If you open, author, or modify a script, approval for the script is required from another admin. When selecting an approved script from the Scripts library, no additional approval is needed. To assist you with script approval, the following two tabs were added to the details pane for Orchestration Groups:

  • Summary: Contains information about the selected orchestration group, including the Approval State of scripts.
  • Scripts: Lists information about pre and post-scripts, including the timeout, approver, and approval state for each script.



Application groups are a group of applications that you can send to a user or device collection as a single deployment. The metadata you specify about the app group is seen in Software Center as a single entity. You can order the apps in the group so that the client installs them in a specific order. Customers wanted a simpler experience in managing and deploying applications as a suite, e.g., grouping applications by role or creating a suite of related applications with the convenience of single deployment. The applications group feature is designed to provide out-of-the-box functionality for the lifecycle of such groups. This release includes the following improvements to application groups:

  • Now when you deploy an app group as required to a device or user collection, you can specify that it automatically uninstalls when the resource is removed from the collection.
  • More app approval behaviors and real-time actions are now supported with app groups.

This release also includes:


Application Management

Implicit uninstall for user collections - In Configuration Manager current branch version 2107, you can enable an application deployment to support implicit uninstall. Starting in this release, this behavior also applies to deployments to user collections. If a user is in a collection, the application installs. Then when you remove the user from the collection, the application uninstalls.


Software updates

Improvements to ADR search criteria - This release adds more options to the Date Released or Revised search criteria for automatic deployment rules.

  • Older than 30 days
  • Older than 60 days
  • Older than 90 days
  • Older than 6 months
  • Older than 1 year

Enable update notifications from Microsoft 365 Apps - You can now configure the end-user experience for Microsoft 365 Apps updates. This client setting allows you to enable or disable notifications from Microsoft 365 Apps for these updates. The new Enable update notifications from Microsoft 365 Apps option has been added to the Software Updates group of client settings.


Cloud-attached management

Simplified cloud attach configuration - We've simplified the process to cloud attach your Configuration Manager environment. You can now choose to use a streamlined set of recommended defaults when cloud attaching your environment. By using the recommended default settings, your eligible devices will be cloud attached and you'll enable capabilities like rich analytics, cloud console, and real-time device querying.


Improvements to cloud management gateway

Starting in this release, cloud management gateway (CMG) deployments with a virtual machine scale set support Azure US Government cloud environments.


Site infrastructure

Improvements to external notifications - Starting in Configuration Manager current branch version 2107, you could enable the site to send notifications to an external system or application. This feature used a PowerShell script to manage the status filter rules and subscriptions. This release adds support in the Configuration Manager console to create or edit a subscription for external notifications. It supports events for status filter rules and application approval requests.


.NET version 4.6.2 prerequisite check is an error - Configuration Manager current branch version 2107 has a warning prerequisite rule that checks for Microsoft .NET Framework version 4.6.2. This version of .NET is required on site servers, specific site systems, clients, and the Configuration Manager console. Starting in this release, this prerequisite rule for .NET 4.6.2 is an error. Until you upgrade .NET, you can't continue installing or updating the site to this version of Configuration Manager.


Improvements to VPN boundary types - If you use the VPN boundary type, you can now match the start of a connection name or description instead of the whole string. Some third-party VPN drivers dynamically create the connection, which starts with a consistent string but also has a unique connection identifier. For example, Virtual network adapter #19. When you use the Connection name or Connection description options, also use the new Starts with option.


Status messages for console extensions - To improve the visibility and transparency of console extensions, the site now creates status messages for related events. These status messages have IDs from 54201 to 54208.


Client management

Improvements to client health dashboard - This release includes multiple improvements to the Client health dashboard.

  • New actions in the ribbon:
    • Choose Default Collection: Set a persistent user preference
    • Client Status Settings: Configure the periods of time to evaluate client health
  • More prominent Overall client health tile
  • Filters condensed on a single tile
  • The Combined (All) and Combined (Any) scenarios are replaced by a new tile, Clients with any failure
  • New tile for Health trends by scenario


Software Center

Software Center notifications display with logo - If you enable Software Center customizations, the logo that you specify for Windows notifications is separate from the Software Center logo. This logo helps users to trust these notifications. When you deploy software to a client, the user sees notifications with your logo. 


Operating system deployment

Task sequence check for TPM 2.0 - To help you better deploy Windows 11, the Check Readiness step in the task sequence now includes checks for TPM 2.0.


Improvements to the Windows servicing dashboard - We now display a Windows 11 Latest Feature Updates chart in the Windows Servicing dashboard. The new chart makes it easier to determine how many of your Windows 11 clients are on the latest feature update.


Configuration Manager console

Custom properties for devices in the console - In Configuration Manager current branch version 2107, you can use the administration service to set custom properties on devices. These custom properties let you add external data to a device to help with deployment targeting, collection building, and reporting. Starting in this release, you can create and edit these custom properties in the Configuration Manager console. This new user interface makes it easier to view and edit these properties. You can still use the administration service interface to automate the process from an external system.


Export to CSV - You can now export the contents of a grid view in the console along with the column headers to a comma-separated values (CSV) file that can be used to import to Excel or other applications. While you could previously cut and paste from a grid view, exporting to CSV makes extracting a large number of rows faster and easier.


Import console extensions wizard - There's a new wizard for importing console extensions that are managed for the hierarchy. You no longer need to use a PowerShell script to import a signed or unsigned console extension.


Require installation of a console extension - You can now require a console extension to be installed before it connects to the site. After you require an extension, it automatically installs for the local console the next time an admin launches it.


Send product feedback from wizard and property dialogs - Wizards and some property pages now include an icon to provide feedback. When you select the feedback icon, the Send a smile and Send a frown options are displayed in the drop-down menu. The additional feedback locations allow you to quickly send feedback right from your current activity. The feedback icon in the admin console's ribbon has also been updated to the new icon.


Power BI sample reports - The following reports were recently added to the Configuration Manager Sample Power BI Reports:

  • Client Status
  • Content Status
  • Microsoft Edge Management

Console improvements

In this release we've made the following improvements to the Configuration Manager console:

  • Independent Software Vendors (ISVs) can create applications that extend Configuration Manager. They can use Configuration Manager to assign a certificate to an ISV proxy, which enables custom communication with the management point. To simplify the management of these ISV proxy certificates, you can now copy its GUID in the Configuration Manager console.
  • When you show the members of a device collection, and select a device in the list, switch to the Collections tab in the details pane. This new view shows the list of collections of which the selected device is a member. It makes it easier for you to see this information.
  • When viewing a collection, you could previously see the amount of time the site took to evaluate the collection membership. This data is now also available in the Monitoring workspace. When you select a collection in either subnode of the Collection Evaluation node, the details pane displays this collection evaluation time data.



Options for Support Center Data Collector and Client Tools - New command-line options have been added to the Support Center Data Collector and Client Tools. The following options were added:

  • Launch as current user without elevation
  • Specify machine name
  • Disable integrated authentication
  • Display help

Improvements to Support Center Log File Viewer and OneTrace - The Support Center Log File Viewer and OneTrace now display status messages in an easy to read format. Entries starting with >> are status messages that are automatically converted into a readable format when a log is opened. Search or filter on the >> string to find status messages in the log.


Deprecated features

Learn about support changes before they're implemented in removed and deprecated items.

The following features are deprecated. You can still use them now, but Microsoft plans to end support in the future.

  • Managing apps from the Microsoft Store for Business and Education with Configuration Manager
  • Asset intelligence
  • On-premises MDM

As previously announced, version 2111 drops support for the following features:

  • Third-party add-ons that use Microsoft .NET Framework version 4.6.1 or earlier, and rely on Configuration Manager libraries. Such add-ons need to use .NET 4.6.2 or later.



The Microsoft Connected Cache in Configuration Manager is now generally available for production use.


For more information on changes to the Windows PowerShell cmdlets for Configuration Manager, see version 2111 release notes.

For more details and to view the full list of new features in this update, check out our What’s new in version 2111 of Microsoft Endpoint Configuration Manager documentation. 


Note: As the update is rolled out globally in the coming weeks, it will be automatically downloaded, and you’ll be notified when it’s ready to install from the “Updates and Servicing” node in your Configuration Manager console. If you can’t wait to try these new features, see these instructions on how to use the PowerShell script to ensure that you are in the first wave of customers getting the update. By running this script, you’ll see the update available in your console right away.


For assistance with the upgrade process, please post your questions in the Site and Client Deployment forum. Send us your Configuration Manager feedback through Feedback in the Configuration Manager console.  Continue to share and vote on ideas about new features in Configuration Manager.


Thank you, 

The Configuration Manager team 


Additional resources: 

Posted at