SCCM CMG Setup Guide – Part 4 | Integrate Azure Active Directory with ConfigMgr

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager client over internet.

In the previous posts we discussed about CMG prerequisites, server authentication certificate requirement for CMG, client authentication certificate reqiurment and SSL configuration for ConfigMgr site.

In this post, we will discuss about Configuration Manager site integration with Azure Active Directory.

Post in this series:

Table of contents

  • Configure Azure Services
  • Run Azure AD Full Disocvery
  • Verify App registrtion in Azure

Configure Azure Services

The Configuration Manager site need to be integrated with Azure AD before we go ahead with Cloud Management Gateway setup. The integration process creates and register two apps (Server and Client) in Azure active directory. These apps are used for SCCM site and client commincation with CMG service hosted in Azure.

Follow the below process to complete the integration.

On the SCCM console, go to Administration > Cloud Services > Azure Services, right click and select Configure Azure Services

Provide a Name Techuisitive CMG, Select Cloud Management and click on Next.

Browse and Create Web App (Cloud management web app) and then Native app (Cloud management native client app.

In the App Properties page, To create a Web App, click on Browse

Click Create on Server App window

Provide the below details in Create Server Application window.

Application Name: ConfigMgr CMG server App

Secret Key expires: 1 years

Azure AD admin account: Sign in with Azure AD admin account

Azure AD Tenant Name: Select Azure AD Tenant name from the list

Click on Ok

Review the details and click on Ok to create Web App and retrun to Server App Window.

Back in App properties click on Browse under Native Client app to create Client app.

In the Client App window, Click on Create.

Provide the following details in Create Client Application.

Application Name: ConfigMgr CMG Client App

Azure AD admin account: Sign in with Azure AD admin account

Azure AD Tenant Name: Select Azure AD Tenant name from the list

Click on Ok to return to previous window.

In the Client App window, click on Ok.

Back to App Properties window, click on Next.

On the Discovery page, select Enable Azure Active Directory User Discovery, click Next

In the Summary page, review the details and click on Next to finish the task.

You can now see the Azure Service details in ConfigMgr console.

Run Azure Full Discovery

  • In the SCCM console, select Administration/Azure Services/ <Azure Service Name>
  • At the bottom view, right click on the Azure Active Directory User Disocvery and select Run Full Discovery Now

Verify App registration in Azure

Once ConfigMgr site integration with Azure Ad completed, you can see the Client and Server apps registered in Azure Active Directory.

  • Login to Azure portal.
  • Search for App registration and click on All applcations tab.
  • You should see Server and Client app listed there.

Nex post : Part 5 | Setup Cloud Management Gateway

Related posts:

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top