The cloud management gateway (CMG) provides a simple way to manage Configuration Manager client over internet.
In the previous posts we discussed about CMG prerequisites, server authentication certificate requirement for CMG, client authentication certificate reqiurment and SSL configuration for ConfigMgr site.
In this post, we will discuss about Configuration Manager site integration with Azure Active Directory.
Post in this series:
- Part 1 | Cloud Management Gateway (CMG) Setup Guide
- Part 2 | Issue, Enroll & Export Server Authentication Certificate
- Part 3 | Configure SCCM Site for SSL
- Part 4 | Integrate Azure Active Directory with ConfigMgr
- Part 5 | Setup Cloud Management Gateway
- Part 6 | Validate CMG Health & Client Communication
Configure Azure Services
The Configuration Manager site need to be integrated with Azure AD before we go ahead with Cloud Management Gateway setup. The integration process creates and register two apps (Server and Client) in Azure active directory. These apps are used for SCCM site and client commincation with CMG service hosted in Azure.
Follow the below process to complete the integration.
On the SCCM console, go to Administration > Cloud Services > Azure Services, right click and select Configure Azure Services
Provide a Name Techuisitive CMG, Select Cloud Management and click on Next.
Browse and Create Web App (Cloud management web app) and then Native app (Cloud management native client app.
In the App Properties page, To create a Web App, click on Browse
Click Create on Server App window
Provide the below details in Create Server Application window.
• Application Name: ConfigMgr CMG server App
• Secret Key expires: 1 years
• Azure AD admin account: Sign in with Azure AD admin account
• Azure AD Tenant Name: Select Azure AD Tenant name from the list
Click on Ok
Review the details and click on Ok to create Web App and retrun to Server App Window.
Back in App properties click on Browse under Native Client app to create Client app.
In the Client App window, Click on Create.
Provide the following details in Create Client Application.
• Application Name: ConfigMgr CMG Client App
• Azure AD admin account: Sign in with Azure AD admin account
• Azure AD Tenant Name: Select Azure AD Tenant name from the list
Click on Ok to return to previous window.
In the Client App window, click on Ok.
Back to App Properties window, click on Next.
On the Discovery page, select Enable Azure Active Directory User Discovery, click Next
In the Summary page, review the details and click on Next to finish the task.
You can now see the Azure Service details in ConfigMgr console.
Run Azure Full Discovery
- In the SCCM console, select Administration/Azure Services/ <Azure Service Name>
- At the bottom view, right click on the Azure Active Directory User Disocvery and select Run Full Discovery Now
Verify App registration in Azure
Once ConfigMgr site integration with Azure Ad completed, you can see the Client and Server apps registered in Azure Active Directory.
- Login to Azure portal.
- Search for App registration and click on All applcations tab.
- You should see Server and Client app listed there.
Nex post : Part 5 | Setup Cloud Management Gateway
Related posts:
- Configure Management Point for HTTPS | ConfigMgr | SCCM
- Configure Software Update Point for SSL | ConfigMgr | SCCM
- Deploy client authentication certificate for SCCM clients
- SCCM CMG Part 1 | Cloud Management Gateway (CMG) Setup Guide
- SCCM CMG Part 2 | Issue, Enroll & Export Server Authentication Certificate
- SCCM CMG Part 3 | Configure SCCM Site for SSL
- SCCM CMG Part 4 | Integrate Azure Active Directory with ConfigMgr
- SCCM CMG Part 5 | Setup Cloud Management Gateway
- SCCM CMG Part 6 | Validate CMG Health & Client Communication
- Location of smsts.log file during Operating System Deployment (OSD)
- Schedule SCCM Client Reboot through ConfigMgr
- Check Software Center Business Hours of Remote Computer
- SCCM Software deployment strategy
- How to deal with wrong deployment in ConfigMgr
- How to Initiate SCCM client agent actions using PowerShell
Subscribe to Techuisitive Newsletter
Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.