Share via

better understand on boundary

matteu31 467 Reputation points
2020-09-08T17:40:40.093+00:00

Hello,

I installed on lab an SCCM environment with AD site boundary and I didn't configure any subnet on AD sites and service.
I expected my clients to not be able to be managed because there is not any subnet defined but they were correctly managed and able to receive any policy + content (application, software update, ...).

I don't find any documentation about it but I would like to understand better.

For me :
If ad sites and subnet is not "managed" we need to use IP adress range.
If AD sites and subnet is managed we can use it and ip adress range for workgroup device.

Could you explain me why it works without any subnet on AD sites and services setup pls ?

Microsoft Configuration Manager
0 comments
Accepted answer
  1. Jason Sandys 31,181 Reputation points Microsoft Employee
    2020-09-09T01:38:12.907+00:00

    I agree, client is needed to be managed but if client is not part of boundary group, it can't receive policy right ?

    No, not at all. Policy delivery is in no way contingent on boundaries. As noted above, boundaries and boundary groups a mechanism to map client to specific site roles. Full stop.

    I already solve client issue where client can't install application / updates because it's not part of any boundary and can't discover his dp/sup/.... I am wrong to think it or I misunderstand completelly how it work ?

    Correct because locating a DP and SUP uses boundaries and boundary groups; they are mappings exactly as noted. However, MP mapping is just a preference. Clients will always fallback to any available MP if they cannot locate or access a preferred one as noted in my first reply.

    1 person found this answer helpful.
    0 comments

5 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,181 Reputation points Microsoft Employee
    2020-09-08T21:12:58.323+00:00

    Boundaries do not define whether or not systems can be managed. All that is needed to be managed is to install the client agent on a device. If the device is part of the same domain as the site, then it'll be automatically approved.

    Boundaries are a mapping from clients to the three main client-facing site roles: MP, DP, SUP.

    Client -> Client IP(s) -> Boundary/Boundaries -> Boundary Group(s) -> Site System(s) -> Client-facing Site Role(s)

    For MPs, this only defines a preference, however. Clients will always fallback to using an MP regardless of boundaries and boundary groups even if MP affinity is enabled (which it isn't by default).

    1 person found this answer helpful.
    0 comments
  2. Jason Sandys 31,181 Reputation points Microsoft Employee
    2020-09-09T15:08:05.48+00:00

    How about the official docs: https://learn.microsoft.com/en-us/mem/

    1 person found this answer helpful.
    0 comments
  3. matteu31 467 Reputation points
    2020-09-08T22:06:43.723+00:00

    Thanks for your answer.

    I agree, client is needed to be managed but if client is not part of boundary group, it can't receive policy right ?

    I already solve client issue where client can't install application / updates because it's not part of any boundary and can't discover his dp/sup/.... I am wrong to think it or I misunderstand completelly how it work ?

    0 comments
  4. matteu31 467 Reputation points
    2020-09-09T06:48:06.797+00:00

    ok perfect :)

    Last point : Is there a good book to improve SCCM knowledge ?
    I used a lot sccm 2012r2 ans its root roles (inventory, application deployment, osd, software update, some compliance) but there are a lot of new feature (cloud feature / cmpivot / powershell script / datawhare house / desktop analytics / .... ) and I don't know anything about it. I would like to find book or excellent website to learn about it.
    I often used systemcenterdudes and prajwal website for now.

    0 comments