Hence those devices have Intune managed devices, and those need configurations that let All Users access services through firewalls/proxy. When the co-managed devices connect to corporate LAN, you may need to have some proxy exception to connect to the internet.Ĭo-managed devices require Intune connectivity. But SCCM CMG connection point supports internet proxy via TCP ports, as mentioned in the above table.Ĭo-managed devices connect either to the corporate network (LAN) or the internet to get the policies and deployments from both Intune/SCCM. The TCP-TLS connection between the CMG connection point site system and Azure CMG service doesn’t support an internet proxy. All those communications should go through internet proxy servers. Most organizations may not have direct connectivity to the internet from their servers. SCCM service connection point & CMG connection point site system roles require an internet connection. Internet Proxy Exceptions for Co-Management, CDP, and CMG Connections to cloud services, such as Microsoft Intune and CDPs.SCCM CAS/Primary Site server to site system (MP/SUP/DP.).SCCM CAS/Standalone Primary Site to Primary/Secondary site.SCCM does not allow you to configure ports for the following types of communication However, some of the subsequent communications are possible only via predefined ports. CMG, CDP, and Intune communications are NOT possible via custom ports. However, SCCM allows having custom ports for many contacts. Most Intune communications are via standard HTTP/HTTPS (80 & 443 ports), and there is no option to customize that communication. SCCM ConfigMgr How to Setup Co-Management – Firewall Ports Proxy Requirements SCCM Intune Custom Port Options? The client connects to the CMG over HTTPS port 443.Īzure Cloud Management Gateway (CMG) VM#1 = 10124Īzure Cloud Management Gateway (CMG) VM#2 = 10125Īzure Cloud Management Gateway (CMG) VM#1 = 10140Īzure Cloud Management Gateway (CMG) VM#2= 10141Īzure Cloud Management Gateway (CMG) – ONLY one CMG VM with HTTPS 443 It holds the connection open and builds the channel for future two-way communication.ģ. The CMG connection point connects to the CMG in Azure over TCP-TLS or HTTPS. The service connection point connects to Azure over HTTPS port 443.Ģ. These two site system roles must be able to create outbound connections to the Microsoft cloud.ġ. The SCCM service connection point and CMG connection point initiate all communication with Azure and the CMG. We do not need to open any inbound ports to your on-premises network. How to Deploy SCCM Client from Intune - Co-Management - Part 9Įnd User Experience of Windows 10 Co-Management - Part 10įirewall Ports Required for Co-Management, CMG, and CDP How to Setup SCCM Co-Management to Offload Workloads to Intune - Part 8 SCCM Configure Settings for Client PKI certificates Part 7 Before this, make sure you have enabled the Nonsecure and secure of the Dynamic updates in the zone properties.Overview Windows 10 Co-Management with Intune and SCCM Custom Report to Identify Machines Connected via SCCM CMG How to Setup Co-Management - Introduction - Prerequisites Part 1 How to Setup Co-Management - Firewall Ports Proxy Requirements Part 2(This Post) Setup Co-Management - AAD Connect UPN Suffix Part 3 Setup Co-Management - CA PKI & Certificates Part 4 Setup Co-Management Cloud DP Azure Blob Storage Part 5 Setup Co-Management Azure Cloud Services CMG Part 6 Go to the DNS server, you will see the DNS records updated. Azure leaves the primary DNS suffix blank, and you can set the suffix in the VM as the picture below:Īfter changing the DNS suffix, you will restart the VM, then you will see a new DNS suffix in the DNS Suffix Search List in the output of prompt commands. Moreover, Azure doesn't have the credentials to directly create records in your DNS servers. It says that your custom DNS suffix is not supplied to VMs because it interferes with other DNS architectures (like domain-joined scenarios). Instead, Azure provides a non-functioning placeholder Interferes with other DNS architectures (like domain-joined Resolution solution, this suffix is not supplied to VMs because it Resolution because the hostname records are in the When you are using Azure-provided name resolution, Azure Dynamic HostĬonfiguration Protocol (DHCP) provides an internal DNS suffix From this document about Name resolution that uses your own DNS server:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |