The cloud management gateway (CMG) provides a simple way to manage Configuration Manager client over internet.
In the previous posts we discussed about CMG prerequisites, server authentication certificate requirement for CMG, client authentication certificate reqiurment and SSL configuration for ConfigMgr site.
In this post, we will discuss about Configuration Manager site integration with Azure Active Directory.
Post in this series:
- Part 1 | Cloud Management Gateway (CMG) Setup Guide
- Part 2 | Issue, Enroll & Export Server Authentication Certificate
- Part 3 | Configure SCCM Site for SSL
- Part 4 | Integrate Azure Active Directory with ConfigMgr
- Part 5 | Setup Cloud Management Gateway
- Part 6 | Validate CMG Health & Client Communication
Table of contents
- Configure Azure Services
- Run Azure AD Full Disocvery
- Verify App registrtion in Azure
Configure Azure Services
The Configuration Manager site need to be integrated with Azure AD before we go ahead with Cloud Management Gateway setup. The integration process creates and register two apps (Server and Client) in Azure active directory. These apps are used for SCCM site and client commincation with CMG service hosted in Azure.
Follow the below process to complete the integration.
On the SCCM console, go to Administration > Cloud Services > Azure Services, right click and select Configure Azure Services
Provide a Name Techuisitive CMG, Select Cloud Management and click on Next.
Browse and Create Web App (Cloud management web app) and then Native app (Cloud management native client app.
In the App Properties page, To create a Web App, click on Browse
Click Create on Server App window
Provide the below details in Create Server Application window.
• Application Name: ConfigMgr CMG server App
• Secret Key expires: 1 years
• Azure AD admin account: Sign in with Azure AD admin account
• Azure AD Tenant Name: Select Azure AD Tenant name from the list
Click on Ok
Review the details and click on Ok to create Web App and retrun to Server App Window.
Back in App properties click on Browse under Native Client app to create Client app.
In the Client App window, Click on Create.
Provide the following details in Create Client Application.
• Application Name: ConfigMgr CMG Client App
• Azure AD admin account: Sign in with Azure AD admin account
• Azure AD Tenant Name: Select Azure AD Tenant name from the list
Click on Ok to return to previous window.
In the Client App window, click on Ok.
Back to App Properties window, click on Next.
On the Discovery page, select Enable Azure Active Directory User Discovery, click Next
In the Summary page, review the details and click on Next to finish the task.
You can now see the Azure Service details in ConfigMgr console.
Run Azure Full Discovery
- In the SCCM console, select Administration/Azure Services/ <Azure Service Name>
- At the bottom view, right click on the Azure Active Directory User Disocvery and select Run Full Discovery Now
Verify App registration in Azure
Once ConfigMgr site integration with Azure Ad completed, you can see the Client and Server apps registered in Azure Active Directory.
- Login to Azure portal.
- Search for App registration and click on All applcations tab.
- You should see Server and Client app listed there.
Nex post : Part 5 | Setup Cloud Management Gateway
