You may already be aware that the introduction of Azure Active Directory (Azure AD) integration with System Center Configuration Manager (SCCM) starts reducing the certificate requirements.

Well, this integration has been updated (with the current release – build 1806 – this is still a preview) to allow Azure AD Joined devices managed by SCCM to communicate using HTTP with the SCCM environment through the cloud management gateway

To implement this new capability, you need to have setup and configure at least one cloud management gateway and enable your SCCM site for HTTS or HTTP communication and enable the option Use Configuration Manager-generated certificates for HTTP site system

From the Administration workspace, reach out the Site Configuration\Sites section to then open the site properties


Then go to the Client Computer Communication to enable the “Use Configuration Manager-generated certificates” option


2 Thoughts to “SCCM – Improvements for Azure AD Joined devices managed by SCCM”

  1. Jake

    Can azure ad joined devices communicate with a http management point if on the intranet. I.e. not going through a CMG?

    1. I don’t think so
      The only way to have a ‘non domain joined’ device (in this case Azure AD Joined) to connect through HTTP to the MP is to have the MP configure for HTTP communication only, but in this case you will not be able to connect to the MP from Internet, and then you do not have the ability to use the CMG
      The CMG is used to authenticate the AAD Joined device to the MP on behalf of the client using the Azure AD cert

Comments are closed.