Symptoms

Note: This update rollup is now contained in a later update rollup. It is recommended to install the newer version 2002 update rollup listed below.

KB 4560496Update Rollup for Microsoft Endpoint Configuration Manager version 2002

An update for Microsoft Endpoint Configuration Manager current branch, version 2002, is available to resolve the following tenant attach related issues.

  • Duplicate deployments may appear in the on-premises Configuration Manager environment. This occurs after editing a pre-existing assignment Endpoint Detection and Response (EDR) policy assignment in the Microsoft Endpoint Manager admin center targeting co-managed devices.

  • Clients are unable to onboard to Microsoft Defender Advanced Threat Protection (ATP) after deploying the policy to a target collection. This occurs if the following registry key is missing.
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection.
    Errors resembling the following are recorded in the ATPHandler.log on the client.

ATPHandler: ATP Service is not running, onboarding...
ATPHandler: Error, Windows Advanced Threat Protection namespace does not exist in registry.
ATPHandler: Failure in CATPHandler::GenerateAndRunScript: 0x80004005
ATPHandler: Failure in CATPHandler::SetBlobInRegistry: 0x80004005
ATPHandler: Failure in CATPHandler::HandleOnboardingRule: 0x80004005

After this update is installed the ATP registry key will be created if missing during policy deployment.

  • The Devices blade in the admin center may sporadically take 30 seconds to load.

 

 

Update information for Microsoft Endpoint Configuration Manager current branch, version 2002

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using early update ring or globally available builds of version 2002, and have completed the tenant attach process.

Prerequisites

Members of the Configuration Manager Technology Adoption Program (TAP) for Configuratation Manager version 2002 must first apply the private TAP rollup before this update is displayed.

Users who installed an early update ring version of 2002 must first apply the following update.
KB 4553501: Update for Microsoft Endpoint Configuration Manager version 2002, early update ring

Restart information

You do not have to restart the computer after you apply this update.

Update replacement information

This update does not replace any previously released update.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up-to-date, with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

File information


 

File name

File version

File size

Date

Time

Platform

adminservice.controllers.dll

5.0.8968.1026

70008

10-May-2020

00:00

x86

adminservice.host.dll

5.0.8968.1026

158072

10-May-2020

00:00

x86

cm2002-client-kb4563473-i386.msp

Not Applicabile

1232896

10-May-2020

00:00

Not Applicable

cm2002-client-kb4563473-x64.msp

Not Applicabile

3723264

10-May-2020

00:00

Not Applicable

cmgsconfiguration.xml

Not Applicabile

4444

10-May-2020

00:00

Not Applicable

cmupdate.exe

5.00.8968.1026

25220464

10-May-2020

00:00

x64

microsoft.configurationmanager.serviceconnector.dll

5.0.8968.1026

391024

10-May-2020

00:00

x86

setupcore.dll

5.00.8968.1026

26601840

10-May-2020

00:00

x64

 

References

Tenant attach documentation

Updates and servicing for Configuration Manager

Learn about the terminology Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×