When to use SCCM in the cloud with a CMG

Comments · 224 Views

Microsoft System Center Configuration Manager remains the most popular tool for managing enterprise-wide systems and applications,


Microsoft System Center Configuration Manager remains the most popular tool for managing enterprise-wide systems and applications, but it now faces new challenges when working with remote machines connected over the internet. Get this SCCM Training course curated by the industrial experts which assist in providing solutions to business problems by enhancing your career. This blog enables you to learn the specifications of Cloud Management Gateway, prominent use cases of SCCM in the cloud, etc.


To address these remote management problems, Microsoft is developing System Center Configuration Manager (SCCM), and the cloud management gateway (CMG) function provides a simple way to handle Configuration Manager client devices over the internet. IT may use CMG as an SCCM management point in Azure by deploying it as a cloud application in Azure.

Use of a Cloud Management Gateway Specifications

SCCM needs a range of infrastructure components, both on-premises and in Azure, to run through the cloud management portal. IT will be responsible for four main local services.

  • Point of management: the machine function that handles standard local client device management and reporting requests;
  • Point of software update: the device function that handles normal software update requests from local clients;
  • Point of connection for the service: The framework function that connects to Azure's cloud service manager component, which is responsible for CMG implementation tasks. The Azure Active Directory service connection point also tracks and records service health and log data; and
  • Connection point for CMG: the system function that creates a high-performance, continuous connection from the local network to the Azure CMG service. Endpoint client requests are forwarded from the cloud to the local data center through this connection. Connection and security information is also sent to the CMG by the CMG connection point.

Azure also has two main components that desktop administrators would have in place:


  • CMG's cloud-based service: System Center Configuration Manager requests are authenticated and forwarded to the local CMG connection point by this Azure service. The Azure side of the CMG connection is represented by this service.
  • Point of cloud distribution: This is responsible for delivering data to clients connected to the internet.

This entire connection is also reliant on client endpoints connected to the CMG through the internet. Based on certification HTTPS secures connectivity with the internet and client computers, while PKI certificates or Azure Active Directory provide user identification and authentication.

SCCM in the cloud: Prominent Use Cases

In the industry, SCCM with CMG has a wide range of applications. With a CMG that is joined to the business domain through Active Directory(AD), IT can handle standard Windows 8.1 and Windows 10 client endpoints. PKI certificates are used to secure contact between the enterprise and the endpoints in this scenario.

CMG can also assist IT administrators in managing Windows 10 client endpoints that are connected to the cloud domain through Azure AD. Clients should authenticate directly by Azure AD and avoid using PKI certificates in this case.

IT administrators may use any method to perform a variety of activities, including product fixes, endpoint security, deciding endpoint inventory and condition (also known as system health), applying enforcement settings, delivering software to endpoint devices, and managing Windows 10 upgrades. Administrators may also deliver applications to remote users rather than only remote devices using Azure AD.

When will cloud-based SCCM be more beneficial to IT?

Extending endpoint control to a distributed cloud like Azure can be advantageous in a range of scenarios. The ease of control for remote or roaming endpoint devices like laptops is also the most compelling explanation to use this technique. A consumer can connect to the data center using SCCM in the cloud and CMG from nearly any place with internet access. The public cloud is used for the user's connection and authentication. This isolates the corporate data center and its resources, improving data center access and security.

When IT managers must blend various IT cultures as a result of mergers and acquisitions, they face major challenges. By joining devices to Azure AD and controlling outside devices with a CMG, SCCM and CMG will have at least a temporary workaround for centralized management. This will serve as an interim solution before another IT administrator will set up a more centralized management framework.

Finally, SCCM and CMG can be used to support more common Windows Workgroup client devices. Additional configuration, such as certificates for authentication, is often required by workgroups. Token-based authentication is supported by SCCM and CMG, and it can be used by IT to authenticate remote workgroup clients.


Thus you have reviewed the usage of cloud management with specifications and local services along with the components of desktop administrators in Azure. You have also seen the most common use cases of SCCM in the cloud and how SCCM cloud benefits IT.