Microsoft IT installed the latest update to System Center Configuration Manager (version 1602) using a new in-console service. The in-console update service automates many tasks, such as checking that prerequisites are met before an update, and helps ensure that we are running the latest version. It delivers updates as they are available, with no service packs or cumulative update versions for us to download and deploy separately. Updates are now much easier to manage.


Installing System Center Configuration Manager 1602 using in-console updates


Recently, Microsoft IT installed the latest update to System Center Configuration Manager. To upgrade to System Center Configuration Manager version 1602, we used a new in-console service that automates many tasks and helps ensure that we are running the latest version of the product. The new in-console service provides updates as they become available, making it much easier for IT administrators to manage the update process.

This also means that there are no more service packs or cumulative update versions for us to download and deploy separately. We were able to use existing infrastructure and complete the update 50 percent faster than previous updates.

System Center Configuration Manager becomes a regularly updated service

Configuration Manager 1602 was the first incremental update since System Center Configuration Manager 1511 was installed as an in-place upgrade from System Center Configuration Manager 2012 (in December 2015). In addition to incremental updates, other important changes are helping Microsoft deliver on its commitment to turn Configuration Manager into a regularly updated service.

For more information, visit Upgrade to System Center Configuration Manager.

Using new features in the 1602 update

There is a long list of new features and improved functionality in Configuration Manager 1602. We have already begun using a few of them, including:

  • SQL Server AlwaysOn availability groups. We have begun using SQL Server AlwaysOn availability groups to host the site database at primary sites and the central administration site as a high-availability and disaster recovery solution.
  • Conditional access for PCs managed by Configuration Manager. Before this release, a PC had to be enrolled in Microsoft Intune to configure conditional access. Since the 1602 update, we have begun to configure proof-of-concept policies for conditional access for PCs managed by Configuration Manager.
  • Compliance settings. Configuration Manager 1602 introduced an improved workflow for creating configuration items. Now, when we create a configuration item and select supported platforms, only the settings relevant to that platform are available.
  • Create configuration item wizard. The Create Configuration Item Wizard now makes it easier for us to choose the configuration item type we want to create. There is support for managing settings on OS X computers that are either enrolled with Microsoft Intune or managed using the Configuration Manager client. New and updated configuration items are also available for:
    • Windows 10 devices that are domain joined and managed with the Configuration Manager client.
    • Windows 8.1 and Windows 10 devices that are non-domain joined.
    • Additional platforms that are managed with Configuration Manager and Microsoft Intune, including Windows Phone, OS X, iOS, and Android devices.

Updating Configuration Manager

There are approximately 210,000 users at Microsoft with 350,000 client PCs and 65,000 mobile devices that we manage using a hybrid configuration of Configuration Manager and Microsoft Intune.

We had already upgraded our infrastructure from Configuration Manager 2012 to Configuration Manager 1511, which was the baseline that made update versions possible. After upgrading to 1511, we were able to start using the Updates and Servicing feature within the Configuration Manager console to automatically download and install new updates. Using the in-console update method to install the Configuration Manager 1602 update was easier and more automated than installing service pack upgrades for previous versions.

Screenshot of in-console updates

Figure 1. In-console updates

Before Configuration Manager 1602, we used to update all of the hierarchies manually. We would perform any manual prerequisite tasks before the update, and then update each primary site individually. For the 1602 update, we simply downloaded the available update and started planning the process.

The update was completed in about 12 hours with no additional hardware requirements. The new in-console update method was faster than upgrades for Configuration Manager 2012, which took between 36 and 48 hours.

You can view our checklist to plan a successful upgrade. And, before you update from Configuration Manager 1511 to 1602, review the Checklist for updating from System Center Configuration Manager version 1511 to 1602.

System Center Configuration Manager infrastructure

Our Configuration Manager infrastructure was designed for high availability. We have an active/passive SQL cluster configured for each primary site.

Table 1. Hardware specifications for SQL Servers






HP ProLiant DL560G8 2U SFF – 5 drive chassis

CPU (Clock Speed, Cache, Max TDP)


Intel Xeon E5-4650L, 2.6GHz, 8-Core, 20MB, 115W



16GB PC3L-10600R (32 x 16GB = 512GB total memory)



1GB Flash Back Write Cache module



Emulex LPe12000-E 8GB Single Port HBA





HP Ethernet 1GbE 4P 331FLR Adapter (This is used for Cluster Heartbeat)


HP Ethernet 10Gb 2-port 523SFP Adapter (These two NICs teamed and used for CORP connectivity)

With the exception of the primary site SQL Server clusters, all other servers run on VMs. For high-availability of VMs, we have multiple Hyper-V Servers managing all of the Configuration Manager VMs that are part of the cluster.

Table 2. Hardware specifications for SAN storage

Configuration Summary

7450c - 4 Node

Rack Units

9 U


96 x 1.92 TB SSD (RAID 5)


112 TB useable RAID 5 (3 1)


Operating System Suite

Virtual Copy (Snapshot)

Reporting Suite


~ 170,000 IOPS

~ 2,000 MB/s

Workload Sizing Assumptions Used

Block Size

8k Random Mix


RAID 5 (3 1)

Read/Write Ratio


Response Time




Our Configuration Manager infrastructure consists of 6 primary sites, 13 secondary sites, and 300 distribution points. We continually look to optimize and simplify the infrastructure and processes. We are in the process of reducing our distribution points and are in the planning phase to move our infrastructure to Microsoft Azure.

Central and primary site architecture

Figure 2. Central and primary site architecture

Getting ready for the Configuration Manager 1602 update

Before updating, we made sure every site server in the hierarchy was running Configuration Manager 1511. During updates, site system roles installed on the site server and on remote computers are automatically updated. Therefore, before installing the update, we had to make sure each site system server met the prerequisites for the new update.

Running the prerequisite check and updating preproduction sites to test update

We have preproduction environments set up to reproduce the design of the top-level sites in our production environment, on a slightly smaller scale. We used the in-console update method to run the prerequisite checker and install Configuration Manager 1602 on the pre-production sites.

Timing the update

We planned to install updates to the production environment during times that would least affect the performance of reliant systems. We installed updates when the installation process and reinstalling site components and site system roles would least affect business operations. Most of the update activities were invisible to our users, but Service Managers were informed about the upcoming update.

Updating the central, primary, and secondary sites

We installed Configuration Manager 1602 starting with our central administration site. After the central administration site finished installing the update, it was automatically replicated and installed on primary sites. We chose to take advantage of automatically updating the primary sites to reduce the update time for all sites and not use the Service Windows feature. We manually updated secondary sites from within the Configuration Manager console after the primary sites were updated. Automatic updates of secondary site servers are currently not supported.

Updating the Configuration Manager console

The console was updated using the auto-update feature. The first time the console is launched, users are prompted to update, and, upon acceptance to install, the required files are downloaded and installed.

Automatic client upgrade

We rolled out the client upgrade to our pilot test client collection. Based on results of the pilot, we promoted the remaining 350,000 client machines to production over the course of a week using the automatic client upgrade feature. We set the number of days to upgrade the overall hierarchy of client machines, and the client update distribution was automated.

Best practices

For a successful update, we found that it was helpful to:

  • Disable all SQL Server tasks during the update installation on each site. When a site database maintenance task runs during the update installation, the update can fail to install. Before you disable a task, record the schedule of the task so you can restore its configuration after the update is done.
  • Install all critical updates for operating systems. Critical updates should be installed on computers that host the site, the site database server, and remote site system roles. Before you install an update for Configuration Manager, install any critical updates for each applicable site system. If an update that you install requires a restart, restart the computer before you begin the upgrade.
  • Review file and data replication between sites. Ensure that file and database replication between sites is operational and current. Delays or backlogs in either can prevent a smooth or successful update. For database replication, you can use the Replication Link Analyzer to help resolve issues before starting the update. For more information, see About the Replication Link Analyzer in the Monitor hierarchy and replication infrastructure in System Center Configuration Manager.

You can find a complete list of recommended best practices at Checklist for updating from System Center Configuration Manager version 1511 to 1602.


Automating many of the update tasks that used to be manual saved us time and effort. The automated tasks that are included in the in-console update method improve the overall consistency and quality of the update as it helps prevent manual errors or the inadvertent omission of any required tasks.

The 1602 update of System Center Configuration Manager was the first time we used the new in-console update service and we are getting ready for the next release. Using the console to manage and install incremental updates for Configuration Manager makes it easier for us to stay current and to take advantage of new and improved features as they are released and pertain to our environment. Moving forward, we see an improved, simpler process for installing future server and client updates.

For more information

Microsoft IT


© 2019 Microsoft Corporation. All rights reserved. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

You might also be interested in

IT expert roundtable: Modern desktop and device management
June 03, 2019

IT expert roundtable: Modern desktop and device management

Watch webinar
Microsoft adopts Azure Monitor for enterprise monitoring
April 23, 2019

Microsoft adopts Azure Monitor for enterprise monitoring

Read case study
Preparing your organization for a seamless Windows 10 deployment
April 02, 2019

Preparing your organization for a seamless Windows 10 deployment

Learn more
Changing of the guard: How Microsoft moved from SCOM to Azure Monitor
March 06, 2019

Changing of the guard: How Microsoft moved from SCOM to Azure Monitor

Read blog