SCCM in Azure: is it fits for your corporation?

by Guest Author on January 24, 2021

in Guest Posts

Cloud services like Microsoft Azure have become more evident after the immediate rush of people running remotely, adding stress to current VPN infrastructures. For this scalability feature, a few typical on-premises roles provided the way to the cloud service model. Enhancing your SCCM conditions into Azure is a fantastic way to begin exploring with a hybrid procedure. You can learn this course sccm training available online to get an idea for improving your business needs. In this blog, I will brief you about the choice of preferences, which you can use SCCM with Azure, supported scenarios, and how you can monitor the content source.

Microsoft has updated the product after launching SCCM’s current to connect it to the cloud using back-end Azure services. Presently, most corporations can select and prefer and shift some of the on-premises services based on Azure. Corporations that would like to employ a cloud-only tool must contemplate adopting Intune, where the Configuration Manager is also packaged in the Microsoft Endpoint Management product. You can prefer three choices to blend the use of SCCM with Azure: Moving workload changes from on-premise to Microsoft Update, Use or migrate the SCCM infrastructure to Azure using the Cloud Management Gateway (CMG).

Preference 1: Moving workload changes from on-premise to Microsoft Update

Many administrators have started implementing this most typical scenario to move Updating binaries from internal repositories to Microsoft Update applications. The required software updates can be deployed and controlled through your SCCM infrastructure by implementing the below methods, but the binaries come from the Microsoft Update. If the content is not located on a distribution point in SCCM, the client will proceed to the cloud. 

Essentials: VPN Split Tunneling.

Configuration: To push moving clients to Microsoft Update, you have to:

  1. Discover which IP ranges incorporate your VPN clients?
  2. Build a Boundary Group for the IP ranges in SCCM. Any other boundary groups cannot be part of the IP ranges.
  3. Except for software updates, build a distribution point that includes everything.
  4. To the boundary group, specify the distribution point.
  5. Move to the deployment settings of each software update deployment and any automatic deployment rules. Navigate to the “Download Settings” tab and then select the checkbox next to where it displays like,If software updates are not available on a distribution point in current, neighbor or site boundary groups, download content from Microsoft Updates.”

Price: There are no extra charges for using Microsoft Update but setting up a new distribution point is the only supplementary charge. 

Support: Moving workloads for software updates to Microsoft Update is fully described and reported.


  • Unintended behavior is caused because of a wrong or lost configuration of split tunneling in the VPN.
  • Overlapping borders may also cause unusual actions.
  • If the customers are on-site and the software upgrade material is not stored on internal delivery points, They’re switching to Microsoft Update. By having multiple deployments, you can counteract this, but it adds complexity to the configuration.

Preference 2: Cloud control gateway

The cloud service CMG simplifies internet-facing clients’ management. It contacts Azure services rather than running through the VPN. The CMG is a PaaS, and VMs management is not required in Azure. CMG can be used as a manage-out client management system and a content distribution cloud service. A standard A2 v2 VM is used by the service. The full configuration of the CMG is performed through the SCCM console. Microsoft deprecated the cloud delivery point, which is now in the CMG offering, from SCCM 1810 onwards.


  • An Azure subscription is active.
  • Online mode link point for service(can be co-located with other SCCM roles).
  • Server authentication Certificates.
  • Points for CMG control in HTTPS mode.
  • IPv4 Mode clients.
  • Azure AD incorporation.
  • A name remarkable globally.

Configuration: The high-level strategy to configure the CGM is as follows:

  1. Check essentials.
  2. Add CGM to your console with SCCM.
  3. Set up the Primary Client Certificate Authentication Site
  4. Add a connection point for CMG
  5. Configure an HTTPS or improved HTTPS Management Point.
  6. Establish a boundary group for external customers.
  7. Allocate the CMG to the current Boundary Party.

Price: CMG appends supplementary charges, which include:

  • VMs: This is dependent on the number of deployed CMGs;
  • Storage capacity: The price depends on the distribution of content, and
  • egress: Utilization of outgoing traffic.

Support: The CMG is one of Microsoft’s client management’s priority areas, so expect the functionality to be expanded in the future.

Drawbacks: Additional costs and increased difficulty with HTTPS provide two different downsides to CMG use.

Preference 3: Switch the infrastructure for the SCCM to Azure

Moving the resources of the SCCM is as it articulates: pushing the servers to Azure instead of on-site hosting them.

Essentials: VPN Gateway for Azure and ExpressRoute for Azure.

Configuration: When setting up SCCM in Azure, follow the same format in the cloud as you do for an on-premise environment.

Price: Depending on the licensing agreement, the rates differ significantly.

Support: In Azure configurations, Microsoft completely supports multiple SCCMs, such as Configuration Manager on an Azure VM or using an Azure VM runs various device roles on the Configuration Manager site, with other functions operating in the data center.

Drawbacks: You would need an unlimited data plan and a secure link between the on-site data center and Microsoft Azure if you want to transfer all the SCCM servers to Microsoft Azure.

Supported scenarios

  • There is no support for Microsoft update for operating system deployment, but there is support for Cloud Management Gateway and SCCM in Azure.
  • There is full support for software updates for Microsoft update, Cloud Management Gateway, and SCCM in Azure.
  • There is no support for Microsoft update for application development, but there is support for cloud management gateway and SCCM in Azure.
  • There is no support for Microsoft update for compliance management, but there is support for cloud management gateway and SCCM in Azure.
  • There is no support for Microsoft update for client management, but there is support for cloud management gateway and SCCM in Azure.
  • There is full support for Driver management for Microsoft update, Cloud Management Gateway, and SCCM in Azure.

Monitoring the content source

There are some ways to monitor the content, but the dashboards for Cloud Management and Customer Data Sources in SCCM are the two methods that are used for verifying. This is shown below or check the client’s log files.


Now I think you have a glance at the choice of available preferences, which you can select while using SCCM in Azure. I have summarized the descriptions in terms of prerequisites, configuration, cost, support, drawbacks, and supported scenarios. By looking at these measures, you can now prefer which option suits your organization the most and decide accordingly.

Guest article written by: I am keerthika reddy a vibrant technical content writer works for Hkr Trainings and an enthusiast to learn new things and grow professionally. My articles focus on delivering content into cutting edge technologies like Sitecore,Sccm,Netapp, Python etc.  

Comments & Leave a Comment


{ 2 comments… read them below or add one }

Hazel January 24, 2021 at 12:00

Really thoughtful and very well written


Roberts Arthur January 25, 2021 at 08:47

Thank you so much your article is the best one. SCCM in Azure is best for any corporation in every scenario either cost or configuration.



Leave a Comment

CommentLuv badge

Previous post:

Next post: