Co-management is an excellent choice but not for this issue as co-management is not* a solution for remote management. Remote management is addressed in ConfigMgr using a CMG (or IBCM).
SCCM Remote Updates/Deployments
Hello,
I am looking to accomplish pushout out Software Updates, Application Deployments, and Windows 10 Servicing to endpoints that rarely connect to our VPN.
My current environment is roughly 400 devices including servers that are on prem.
I have many end users who will never need to connect to the VPN to get company resources, so this makes utilizing SCCM very difficult to reach these devices.
I have a current project ongoing right now with a vendor and want to see if we are heading in the right direction or if we're not.
They are helping me configure Co-Management/Azure Hybrid Joined devices, and while I know Intune can handle this I don't feel we're ready to utilize Intune for this.
My goal is that I want devices to check into SCCM regardless if they are connected to the VPN or not. If they are in house I want them receiving the Updates/Applications from on prem, and if they are not connected to the VPN I want to be able to manage these devices. I want SCCM to do ALL the lifting here, so that devices follow my ADR's deployment windows and such.
Should I be looking to change the direction of my project to one of the following?
- Stand up a server in the DMZ for a remote DP these devices would communicate with
- Cloud Management Gateway
- Stick with Intune/Azure Hybrid joined
-
Jason Sandys 31,291 Reputation points Microsoft Employee
2020-10-15T19:42:30.453+00:00
1 additional answer
Sort by: Most helpful
-
Rahul Jindal [MVP] 9,966 Reputation points MVP
2020-10-15T20:18:40.747+00:00 CMG is the right option here. Doesn’t require any additional infra and at the same time you are taking a step towards extending your existing ConfigMgr infrastructure to use cloud services.