CMG client troubleshooting




We have cmg configured in our environment, but the problem is many devices are not having cloud policy and those can’t come back to network due to covid 19 situation. Need your advise on how those machine can talk to SCCM? Any registery changes or again SCCM installation with tenant id and cmg detail will work? We don’t have intune and clients are azure AD joined.

Answers ( 10 )


    Hello Vivek,

    First resort for your troubleshooting is look at CMG and MP logs whether those client requested for tokens and MP provisioned and authorized it.

    Second look at those devices Azure AD device registration and the device should be registered (dsregcmd /status) PRT and WAM should be enabled.

    If you are open to learn about fiddler.. just investigate Azure AD authentication process through fiddler traces.

    Validate Azure MFA of SCCM server app excluded for those devices in Conditional Access policy

    All this will give you a hints..


    What version of ConfigMgr are you uisng? Is TLS 1.2 enforced for you CMG?. Can these clients resolve your CMG destination?


    Hi anoop,jitesh,

    There is no connection issue. It’s working Fine for other clients.

    Problem is with only those clients which do not have cmg policy. How can we make those client to talk to sccm.

  1. Hello – Have you tried looking into the following step for client troubleshooting

    Fix SCCM Client CMG Communication Failure Error 0x87d0027e | ConfigMgr by Rajul –

    And Also try CMG server side troubleshooting –

    SCCM CMG Troubleshooting Tips with Connection Analyzer –

  2. Hello Vivek, SCCM CMG connection analyzer tool helps you to analyze end to end CMG communication.
    Please check –

    Best answer

Leave an answer

Sorry, you do not have permission to answer to this question .