CMG / on-prem IBCM – Integration with Azure AD
Question
Hello,
I am concerned about user targeted deployment over Internet.
As I read technet documentation, it says for user targeted deployment, ConfigMgr integration with Azure AD is needed. With this, I have below queries:
- Does it mean, I just need to configure “Azure services” in SCCM?
- Does SCCM send any data to Azure?
- Does anything needs to be done on devices (which are on premise domain joined machines)?
- Can integration with Azure AD be used for on-premise IBCM solution as well for user targeted deployments?
Answers ( 4 )
I think you have not seen the video recording of Rajul’s presentation.
He discussed this in the video as someone asked the question. – You can have detailed information – https://howtomanagedevices.com/sccm/1989/sccm-cloud-management-gateway/
To quickly answer the question:
1. I think you need to enable SCCM Azure AD user discovery for user-based deployment to work via CMG – https://www.anoopcnair.com/video-tutorial-sccm-azure-ad-user-discovery/ (sorry for the music of the video 🙁 )
1.2 – There are some requirements to have Azure AD registration for the devices if the device is Domain join. More details available in the video above ☝
2. You can use a token-based authentication system with ConfigMgr 2002 version – https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/deploy-clients-cmg-token
3. If you have IBCM, there is no requirement of having Azure AD, Services etc… it just works with HTTPS communication – See https://www.anoopcnair.com/sccm-ibcm-vs-cmg-my-top-10-list/
Thanks Anoop for the answer. I tried to search a lot about this. I think I missed this video.
My only concern is user targeted deployment. As for IBCM, it needs one way trust. I am just trying to see if by just integrating SCCM with Azure AD, does user based deployment work? Or do we still need to discover users?
Sure. Let me know if you more questions after going through the Above referenced resources
Awesome video.. watching it!!