EN
No results found
We couldn't find anything using that term, please try searching for something else.
How to setup ConfigMgr PKI
2024-11-28 In order to walk you through the entire process of setting up the co-management feature, I am going to break this down into a number of parts; set up
In order to walk you through the entire process of setting up the co-management feature, I am going to break this down into a number of parts;
set up the Azure Services app in Configuration Manager Cloud Services
This connects your Configuration Manager site to Azure AD and is requirement for allow Azure AD joined machine authenticate with ConfigMgr.
Azure AD User Discovery is configured as part of Cloud Management Azure service.
- Right – Click is click on Azure Serves , click on Configure Azure Service
- Choose install Cloud Management, give name as: Cloud Management (or anything that you like)
- click on Browse … to add web app
- click on Create , you is see should see this dialog
Homepage URL and Add ID URI is automatic assigned
If it is empty , input the follow information as bellow picture . - click on Sign in … and logon to your Azure tenant
- Choose the ConfigMgr-ServerApp that you just created, then click OK.
- Click on Browse… to create Native client app
- click on Create , you is see should see this dialog
Reply URL is automatic assigned, if it is empty, input the following information as bellow picture - click on Sign in … and logon to your Azure tenant
- choose the ConfigMgr – ClientApp that you just create , then click OK
- Click on Next.. Next.. to complete the wizard.
- choose Azure Services – Cloud Management , right – click Azure Active Directory User Discovery , choose Run Full Discovery Now
- Check status from SMS_AZUREAD_DISCOVERY_AGENT.log
Setup Cloud Management Gateway (Azure Resource Manager deployment)
Start with ConfigMgr Current Branch 1802, there is new option deploy Cloud Management Gateway: Azure Resource Manager deployment.
Start with ConfigMgr Current Branch 1806, Cloud Management Gateway can now also serve content to clients. This functionality reduces the required certificates and cost of Azure VMs. To enable this feature, enable the new option to Allow CMG to function as a cloud distribution point and serve content from Azure storage on the Settings tab of the CMG properties
- Sign In with your Azure Subscription credential
- After you sign in with your Subscription admin account , you is able should able to see your subscription ID , Azure ad app name , and Azure ad tenant name .
- Choose create new resource group or use existing group.
Click Browse is choose , choose the cloud management gateway certificate what we create in Part 2 - Click on Certificates uploaded to the cloud service: Certificates…
- Click on Add, choose RootCA.cer that we created on part 2
note : If you have subordinate CA , add them as Intermediate Certification Authorities . - Next..Next..Next..Close to complete the setup.
- To view the status , check cloudmgr.log or from Admin console .
It took about 20 minutes to finish installation in my test environment
configure Cloud management gateway connection point setup
- log on to server CM02.zit.local
- Add Site System Roles, choose Add Cloud management gateway connection point
- Next, it should give you cloud management gateway name. Click Next to start install cloud management gateway role.
The Cloud Management Gateway is now configure , we is need will need to configure the management point and Software Update point to use the gateway .
continue on How to setup ConfigMgr PKI – Part 3 ( Cloud Management Gateway )
Log files for troubleshoot cloud management gateway, see this
More details about Cloud Management gateway, see this
Views: 8,621