SCCM CMG Setup Guide – Part 4 | Integrate Azure Active Directory with ConfigMgr

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager client over internet.

In the previous posts we discussed about CMG prerequisites, server authentication certificate requirement for CMG, client authentication certificate reqiurment and SSL configuration for ConfigMgr site.

In this post, we will discuss about Configuration Manager site integration with Azure Active Directory.

Post in this series:

Configure Azure Services

The Configuration Manager site need to be integrated with Azure AD before we go ahead with Cloud Management Gateway setup. The integration process creates and register two apps (Server and Client) in Azure active directory. These apps are used for SCCM site and client commincation with CMG service hosted in Azure.

Follow the below process to complete the integration.

On the SCCM console, go to Administration > Cloud Services > Azure Services, right click and select Configure Azure Services

Provide a Name Techuisitive CMG, Select Cloud Management and click on Next.

SCCM CMG Azure Services | Integrate Azure Active Directory with ConfigMgr

Browse and Create Web App (Cloud management web app) and then Native app (Cloud management native client app.

In the App Properties page, To create a Web App, click on Browse

SCCM CMG App Properties

Click Create on Server App window

SCCM CMG App

Provide the below details in Create Server Application window.

Application Name: ConfigMgr CMG server App

Secret Key expires: 1 years

Azure AD admin account: Sign in with Azure AD admin account

Azure AD Tenant Name: Select Azure AD Tenant name from the list

Click on Ok

SCCM CMG App

Review the details and click on Ok to create Web App and retrun to Server App Window.

SCCM CMG App

Back in App properties click on Browse under Native Client app to create Client app.

SCCM CMG App

In the Client App window, Click on Create.

SCCM CMG App

Provide the following details in Create Client Application.

Application Name: ConfigMgr CMG Client App

Azure AD admin account: Sign in with Azure AD admin account

Azure AD Tenant Name: Select Azure AD Tenant name from the list

Click on Ok to return to previous window.

SCCM CMG Client App

In the Client App window, click on Ok.

SCCM CMG Client App

Back to App Properties window, click on Next.

SCCM CMG Client App

On the Discovery page, select Enable Azure Active Directory User Discovery, click Next

SCCM CMG Client App

In the Summary page, review the details and click on Next to finish the task.

SCCM CMG Client App

You can now see the Azure Service details in ConfigMgr console.

SCCM CMG Status

Run Azure Full Discovery

  • In the SCCM console, select Administration/Azure Services/ <Azure Service Name>
  • At the bottom view, right click on the Azure Active Directory User Disocvery and select Run Full Discovery Now

SCCM CMG - Full Discovery

Verify App registration in Azure

Once ConfigMgr site integration with Azure Ad completed, you can see the Client and Server apps registered in Azure Active Directory.

  • Login to Azure portal.
  • Search for App registration and click on All applcations tab.
  • You should see Server and Client app listed there.

Azure App Registration

Nex post : Part 5 | Setup Cloud Management Gateway

Related posts:

Subscribe to Techuisitive Newsletter

Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top