How to setup and configure CMG in SCCM

By -

 Microsoft System Center Configuration Manager (SCCM), also known as Endpoint Configuration Manager, is a comprehensive solution that helps organizations manage their devices and applications. With the Cloud Management Gateway (CMG), you can extend the capabilities of SCCM to manage your devices over the internet. This blog post will guide you through setting up and configuring the Cloud Management Gateway for SCCM.



Prerequisites


Before diving into the setup process, ensure that you have the following in place:


A Microsoft Azure subscription.

An SCCM hierarchy with at least one primary site.

The SCCM version should be 1806 or later.

A PKI infrastructure for HTTPS communication (optional, but recommended).

Step-by-Step Guide to Setting up and Configuring Cloud Management Gateway for SCCM


Step 1: Create a Cloud Management Gateway in the Azure Portal


Sign in to the Azure portal (https://portal.azure.com).

Click on "Create a resource" and search for "Cloud Management Gateway".

Click "Create" to start the deployment process.

Fill in the required fields, such as your subscription, resource group, and region. Additionally, provide a unique name for your CMG.

Upload your server authentication certificate, which should be issued by your PKI infrastructure.

Choose your desired deployment model, either "Classic" or "Resource Manager", and click "Create" to deploy the CMG.

Step 2: Configure SCCM to use the Cloud Management Gateway


Open the SCCM console, and navigate to "Administration > Overview > Cloud Services > Cloud Management Gateway".

Click "Create Cloud Management Gateway" from the toolbar.

Sign in with your Azure subscription credentials and select your subscription.

Choose the CMG resource you created in step 1.

Upload your server authentication certificate and select the desired management point(s) for the CMG.

Enable "Allow CMG to function as a cloud distribution point" if you want to use CMG for content distribution.

Click "Next" and then "Finish" to complete the configuration.

Step 3: Configure Client Settings for CMG


In the SCCM console, navigate to "Administration > Overview > Client Settings".

Create a new custom client settings or modify an existing one.

Navigate to "Cloud Services" settings and enable the "Automatically register new Windows 10 or later domain-joined devices with Azure AD" option.

In the "Specify intranet and internet client settings" section, enable the "Enable clients to use a cloud management gateway" option.

Configure other desired settings and click "OK" to save the changes.

Step 4: Verify CMG Functionality


In the SCCM console, navigate to "Monitoring > Overview > Cloud Management > Cloud Management Gateway".

Verify that the CMG connection point is active and that the number of connected clients is increasing.

Check the "cmg-*.log" files on the site server and the "CCMMessaging.log" file on the client devices for any errors or issues.


The Cloud Management Gateway for SCCM provides a secure and reliable way to manage your devices over the internet. By following the steps outlined in this blog post, you can successfully set up and configure CMG for your organization. Remember to monitor the CMG connection points and logs regularly to ensure its smooth operation and troubleshoot any issues that may arise.

Comments

Post a Comment

Popular posts from this blog

SCCM Task Sequence GUI - How to set up the TS to work with a GUI

By -
Image
Before I have posted how you can create a TS for windows 10 , add a GUI to your TS and run a script to configure your windows 10 install . However all of this has become out dated and so I wanted to update all of that. This how to will walk you through how to create a TS that will allow you to choose a windows 10 or windows 7 image, name the computer, add the computer description to AD, Choose form a list what applications you want to install, Choose to enable BitLocker and set the PIN as well as create a local account. Prerequisites: MDT integrated to SCCM A boot image with the following components added Windows Powershell(WinPE-DismCmdlest) HTML(WinPE-HTA) Microsoft .NET (WinPE-NetFx) Windows Powershell (WinPE-Powershell) A windows 10 and windows 7 image  1. Download the package I have put together containing the scripts you will need https://github.com/sccmtst/SCCM-Management-Scripts/tree/master/TSGUI 2. If you have not already done so download and instal
Read more

SCCM Applications vs. SCCM Packages: Understanding the Key Differences

By -
Microsoft System Center Configuration Manager (SCCM) is a versatile and powerful tool for managing devices, applications, and updates in an organization's IT environment. Among its many features, SCCM allows you to deploy software to your end-users in two primary ways: Applications and Packages. Although both methods have a similar goal, they have some key differences that IT administrators should understand when choosing the appropriate deployment method. In this blog post, we will explore these differences and help you decide which option is best for your organization. Definition and Deployment Scenarios SCCM Applications: An SCCM Application is a high-level, user-centric deployment method that focuses on providing the desired user experience. Applications are designed to be state-based, meaning they can detect if the application is already installed and only perform the necessary actions if the application is not present or if a newer version is available. Applications are suita
Read more

How to Deploy a Windows 10 Servicing update as a Application

By -
Image
 When a little after windows 10 build updates started coming out Microsoft released a new feature in SCCM called Windows 10 Serving. This feature is used to deploy windows 10 build to devices, However the deployment status and some of the reporting are not always the most accurate. So I will show you away that you can deploy the update using a standard application deployment. You will need to enable the windows 10 serving feature in your SCCM environment or have access to a SCCM setup that has windows 10 serving enabled.  If you dont have it enabled here is a good way to do so  Download the Windows 10 Serving Update, to do so find the update and right click Download  Once you have the update downloaded navigate to the path you downloaded the update to and copy the content of the GUID folder to a folder in your content library source. You should see a esd file and a WindowsUpdateBox.exe file in the folder. In the folder you copied the content to create a bat file with the following sta
Read more