I am trying to install the SCCM Agent through Autopilot and ultimately using ProvisionTS to run a task sequence. I can see the SCCM agent trying to install using the first suggested parameters for the CCMSetup. I quickly discovered those don't work because the agent doesn't have the certs to authenticate with the SCCM environment when on the Internet.
So I did some more digging and found that Azure AD can be used for that authentication, which makes a lot more sense. The article https://learn.microsoft.com/en-us/mem/configmgr/core/clients/deploy/deploy-clients-cmg-azure helped with some of it.
That led me to the following CCMSetup command. Edited for easy of reading.
The Tenant ID, ClientID and ResourceURI are all fields came from the SQL query select * from proxy_settings, that came from the article https://eskonr.com/2020/05/how-to-prepare-sccm-cmg-client-installation-switches-for-internet-based-client/
ccmsetup
CCMHOSTNAME=CMAZUREZZZCMG.SOUTHCENTRALUS.CLOUDAPP.AZURE.COM/CCM_Proxy_MutualAuth/72057594037927939
SMSSiteCode=ZZZ
SMSMP=https://cmserver.ad.ZZZ.com
AADTENANTID=Tenant ID
AADCLIENTAPPID=ClientID
AADRESOURCEURI=ResourceURI
Unfortunately, it doesn't work, and there isn't a real clear reason in the logs. But if I had to guess this is the one that is causing the problem.
[CCMHTTP] ERROR: URL=https://CMAZUREZZZCMG.SOUTHCENTRALUS.CLOUDAPP.AZURE.COM/CCM_PROXY_ServerAuth/ServiceMetadata, Port=443, Options=224, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 0%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
