UPDATE: This is no longer needed if you are using CB1806 and up. With CB1806, a CMG can now also serve content to clients. This functionality reduces the required certificates and cost of Azure VMs. To enable this feature, enable the new option to Allow CMG to function as a cloud distribution point and serve content from Azure storage on the Settings tab of the CMG properties.
In order to walk you through the entire process of setting up the co-management feature, I am going to break this down into a number of parts;
- How to setup Co-Management – Part 1 (Roles and Certificates)
- How to setup Co-management – Part 2 (Create Certificates) – This post
- How to setup Co-management – Part 3 (Cloud Management Gateway)
- How to setup Co-management – Part 4 (Management point and Software Update point)
- How to setup Co-management – Part 5 (Cloud Distribution point) – This post
- How to setup Co-management – Part 6 (Setup Co-management in ConfigMgr)
- How to setup Co-Management – Part 7 (Deploy ConfigMgr client to Azure AD joined devices from Intune)
A cloud-based distribution point is a ConfigMgr distribution point that is hosted in Microsoft Azure. The cloud distribution point will allow clients to download content from the internet public interface of the CDP when client in not in the corporate network.
Setup Cloud Distribution Point is not prerequisite for Co-Management, but if you want to deploy ConfigMgr client to AAD Devices from Intune and use ConfigMgr functionality for AAD devices, you will need setup Cloud Distribution Point.
This post is for Scenario 1: Use Co-Management for Azure AD joined machines
IMPORTANT: before you continue this, please sure you have created all the certificates what is needed in part 2
- Right-click Cloud Distribution Points, click Create Cloud Distribution Point
- Azure environment: AzurePublicCloud
Subscription ID: Your Azure subscription ID
Management certificate: Choose AzureManaement.pfx that we created on part 2
- Click on Next
Region: The Azure region where the cloud service will be hosted
Certificate file: Choose CloudDP001.pfx that we exported on part 2
You will see Service FQDN is automatic generated, write down the cloud service name.
- Continue the wizard to complete installation.
- Go to your public DNS provider website, and add CNAME of your cloud distribution point map to that service name. My example:
CNAME is clouddp001.smsboot.com, and the service name is ae510985b7d6461d9a4a057d.cloudapp.net
- To view the status, open CloudMgr.log or from Admin console. It took about 20 minutes to finish installation in my test
- Once the Cloud Distribution Point is ready, a status message ID 9409 is sent for the SMS_CLOUD_SERVICES_MANAGER component
STATMSG: ID=9409 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_CLOUD_SERVICES_MANAGER” SYS=CM01.ZIT.LOCAL SITE
- Admin console should shows cloud distribution point status is Ready.
- Distribute an Application to Cloud distribution point, monitor distmgr.log, I see my package is distributed .
Configure client settings to allow cloud services.
If you have not setup client settings yet, follow steps from part 4
Verify client can download content from cloud distribution point
- On your test device (device must be added to Pilot Co-Management collection), run a refresh of both the machine and user policies
- After the policies are applied, connect the device to an internet connection
- Check if client can communicate with cloud management gateway. See part 4
- Install an application from Software Center, check status from DataTransferService.log, You should see contents are downloaded from cloud distribution point
We will continue to Part 6 (Configure Co-management feature)
Sandy is an Enterprise Mobility MVP since 2018. She has been working in the IT industry since 2009, primarily dealing with device management solution planning and implementation. Sandy has worked with SCCM, MDT, Group Policy, software packaging, problem solving. Sandy currently works for a large Finnish company with several thousand endpoints as system architect. In 2016, Sandy founded the https://thesccm.com blog and is now a guest blogger on SCConfigMgr.