First Look at ConfigMgr 2012 R2

In this post I want to touch on the changes which are coming with System Center 2012 R2. Obviously this blog will concentrate on ConfigMgr and Endpoint Protection, so let’s get started!

You can download the R2 preview of System Center 2012 along with an optional evaluation of Windows Server 2012 R2 (which looks amazing) from TechNet.

Deploying and Managing Windows 8.1

Let’s kick off by looking at what is available to the IT administrator when it comes to deploying Windows 8.1, this leads on from my post yesterday which if you read you will notice ConfigMgr addresses some of the capabilities.

  • Boot support for Surface Pro is only available through USB media
  • Surface Pro May 2013 driver pack and deployment guide
  • VHD upload to Virtual Machine Manager, however VMM is still used for deployment
  • Resultant client settings in console when having multiple policies
  • Windows ADK 8.1 available

Unified Device Management

In ConfigMgr 2012 R2, we get unified device management by configuring the connector to Windows In Tune.

  • Native company portal application for Windows, iOS and Android
  • Choice between company or personal to decide management of devices for inventory
  • Register and enroll devices through the Windows In Tune cloud and workplace join
  • New site role, certificate registration point
  • Ability to manage VPN profiles, WiFi profiles and certificates via ConfigMgr

Endpoint Protection

Not a massive amount has changed in the Endpoint Protection space, just some minor improvements and things which take advantage of Windows 8.

  • Early Launch Antimalware (ELAM)
  • Measured Boot for boot protection
  • Secure boot using UEFI
  • Improved real-time client operations to clients < 1 minute
  • Full support for Windows 8.1 and Windows Server 2012
  • Supports alert toasts on the modern UI
  • Supports Resilient File System (ReFS) and cluster shared volumes (CSV)
  • Supports the scanning and remediation of modern UI applications
  • Improvements made to Windows Defender in Windows 8 are now added to Endpoint Protection
  • For MAPS customers, Endpoint Protection sends a recurring heartbeat, and new behavior monitoring telemetry from the new network sensor
  • More resilient to malware attacks through AM Service hardening and improved methods of sending telemetry when under attack

Generic Updates

A few other things are also coming in R2.

  • Update cadence for cumulative updates is changed to quarterly
  • Native integration of some MDT functionality such as Gather and Validate
  • For untrusted forests, multiple network access accounts are supported
  • More detailed status messaging
  • New report for distribution point utilisation
  • Enrollment UI for OS X devices, not longer a need to manually run a command line
  • Maintenance windows specific for software updates


There you have it, quite a lot happening and a few things changing. I’m very happy with the changes, nothing massive has changed here just some minor tweaks here and there.


Tags: , , , , ,

About Martyn

Martyn is one of the Senior Cloud Architects and DevOps Team Leader at one of the worlds leading Cloud Transformation Specialists Inframon. Martyn is responsible for the architecture of some of the largest Azure deployments in EMEA and is a advisor to a many businesses on their strategies. Martyn is a regular speaker at Microsoft events and community events on Azure and DevOps, giving his insight to a growing number of audiences.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: