How to setup and configure CMG in SCCM

 Microsoft System Center Configuration Manager (SCCM), also known as Endpoint Configuration Manager, is a comprehensive solution that helps organizations manage their devices and applications. With the Cloud Management Gateway (CMG), you can extend the capabilities of SCCM to manage your devices over the internet. This blog post will guide you through setting up and configuring the Cloud Management Gateway for SCCM.


Before diving into the setup process, ensure that you have the following in place:

A Microsoft Azure subscription.

An SCCM hierarchy with at least one primary site.

The SCCM version should be 1806 or later.

A PKI infrastructure for HTTPS communication (optional, but recommended).

Step-by-Step Guide to Setting up and Configuring Cloud Management Gateway for SCCM

Step 1: Create a Cloud Management Gateway in the Azure Portal

Sign in to the Azure portal (

Click on "Create a resource" and search for "Cloud Management Gateway".

Click "Create" to start the deployment process.

Fill in the required fields, such as your subscription, resource group, and region. Additionally, provide a unique name for your CMG.

Upload your server authentication certificate, which should be issued by your PKI infrastructure.

Choose your desired deployment model, either "Classic" or "Resource Manager", and click "Create" to deploy the CMG.

Step 2: Configure SCCM to use the Cloud Management Gateway

Open the SCCM console, and navigate to "Administration > Overview > Cloud Services > Cloud Management Gateway".

Click "Create Cloud Management Gateway" from the toolbar.

Sign in with your Azure subscription credentials and select your subscription.

Choose the CMG resource you created in step 1.

Upload your server authentication certificate and select the desired management point(s) for the CMG.

Enable "Allow CMG to function as a cloud distribution point" if you want to use CMG for content distribution.

Click "Next" and then "Finish" to complete the configuration.

Step 3: Configure Client Settings for CMG

In the SCCM console, navigate to "Administration > Overview > Client Settings".

Create a new custom client settings or modify an existing one.

Navigate to "Cloud Services" settings and enable the "Automatically register new Windows 10 or later domain-joined devices with Azure AD" option.

In the "Specify intranet and internet client settings" section, enable the "Enable clients to use a cloud management gateway" option.

Configure other desired settings and click "OK" to save the changes.

Step 4: Verify CMG Functionality

In the SCCM console, navigate to "Monitoring > Overview > Cloud Management > Cloud Management Gateway".

Verify that the CMG connection point is active and that the number of connected clients is increasing.

Check the "cmg-*.log" files on the site server and the "CCMMessaging.log" file on the client devices for any errors or issues.

The Cloud Management Gateway for SCCM provides a secure and reliable way to manage your devices over the internet. By following the steps outlined in this blog post, you can successfully set up and configure CMG for your organization. Remember to monitor the CMG connection points and logs regularly to ensure its smooth operation and troubleshoot any issues that may arise.


Popular posts from this blog

SCCM Task Sequence GUI - How to set up the TS to work with a GUI

Windows 10 Setup Script - Version

How to Deploy a Windows 10 Servicing update as a Application