If I don’t have pki communication how to manage without https over internet is it possible or if we must enable HTTPS communication means what are the ways to do that?
Question
Dears,
I Just want to understand how to manage devices without HTTPS communication over internet if possible or is it mandate to enable HTTPS and have a PKI certificate ? Is there any other procedure to do the same
Answers ( 5 )
You have two options as Harjit mentioned to manage Internet based clients
1. IBCM – Must need PKI certs even external ones
2. CMG – Eliminates the complexity and need of PKI at the same time you can be rest assured that the communication is secure using enhanced HTTP (EHTTP) option
If you dont have PKI setup in the infra for generating the client authentication certs, then you must have the following to achieve it.
1.enable the enhanced http in your site properties.
2. Use configuration manager build 2002 token based authentication. PKI is not mandatory requirement from 2002 onwards
https://docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/deploy-clients-cmg-token
Starting in version 2002, Configuration Manager extends its device support with the following methods:
Register on the internal network for a unique token
Create a bulk registration token for internet-based devices
Thanks,
Eswar
http://Www.eskonr.com
Manage from the Internet by using IBCM or CMG? If you want to manage with CMG without using certs, then Enhanced HTTP is how to get that done. See Anoop’s reply.
Hello – The question is not clear to me …
Can you clarify pls
Do you want to manage devices from internet without deploying public certificates ?
If so you can deploy EHTTP certificate
Try using this guide
https://www.anoopcnair.com/new-sccm-cmg-setup-guide-ehttp/
CMG Connection will helps for your requirement.
Here Rajul given weekend session for CMG connection