In order to walk you through the entire process of setting up the co-management feature, I am going to break this down into a number of parts;

A cloud-based distribution point is a ConfigMgr distribution point that is hosted in Microsoft Azure. The cloud distribution point will allow clients to download content from the internet public interface of the CDP when client in not in the corporate network.

  1. Right-click Cloud Distribution Points, click Create Cloud Distribution Point

  2. Azure environment: AzurePublicCloud
    Subscription ID: Your Azure subscription ID
    Management certificate: Choose AzureManaement.pfx that we created on part 2

  3. Click on Next
    Region: The Azure region where the cloud service will be hosted
    Certificate file: Choose CloudDP001.pfx that we exported on part 2
    You will see Service FQDN is automatic assigned based on the subject name we input in certificate
    Service name is also automatic assigned. Copy Service name to notepad, you will need that later

  4. Continue the wizard to complete installation
  5. To view the status, open CloudMgr.log or from Admin console. It took about 20 minutes to finish installation in my test
  6. Once the Cloud Distribution Point is ready, a status message ID 9409 is sent for the SMS_CLOUD_SERVICES_MANAGER component


  7. Admin console shows cloud distribution point status is Ready

  8. Important: You will need to configure a DNS alias (CNAME record). This lets you map the service name that you defined in the cloud distribution point service certificate, to the automatically generated GUID. This GUID is the Service name on step 3
    In my case, I need to create a CNAME in my public DNS zone, and point it to
  9. If you didn’t write down the GUID, you can find it from Azure Portal.
    Click All resources, you will find your cloud distribution point Cloud services name, that is your GUID

  10. Distribute an Application to Cloud distribution point, monitor distmgr.log, I see my package is distributed .


Configure client settings to allow cloud services.

If you have not setup client settings yet, follow steps from part 4

Verify client can download content from cloud distribution point

  1. On your test device (device must be added to Pilot Co-Management collection), run a refresh of both the machine and user policies
  2. After the policies are applied, connect the device to an internet connection
  3. Check if client can communicate with cloud management gateway. See part 4
  4. Install an application from Software Center, check status from DataTransferService.log, You should see it will download content from cloud distribution point


We will continue to Part 6 (Configure Co-management feature)


Sandy has been working in the IT industry since 2009. Primarily dealing with SCCM, MDT, Group Policy, software packaging, workstation problem solving. Sandy currently works for a large Finnish company with several thousand endpoints. In 2016, Sandy founded the blog and is now a guest blogger on SCConfigMgr.

There are no comments.

Leave a Reply