Cloud Management Gateway - Application deployment question

Question

Hi
With CMG, realise that your remote machine needs to be on VPN or onsite at least once initially to receive the policy from SCCM to say there is a CMG around. So lets say this has been done.

Now a new app is deployed from SCCM to my machine and has been distributed to CMG DP.
My remote machine has not been connected to VPN for awhile.
Will my machine receive this app if i am on internet only? Or do i have to connect my machine to VPN first, to know that there is a deployment for my machine?

Thanks
DM

Answer 1

If the devices are already aware of CMG then they can be managed over internet. Also, for VPN you don't need to, but it is good to have your devices communicating through CMG to ease the load on your vpn infrastructure.

Answer 2

With CMG, realise that your remote machine needs to be on VPN or onsite at least once initially to receive the policy from SCCM to say there is a CMG around

This is not correct. See https://learn.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/configure-clients#install-off-premises-clients-using-a-cmg.

If a VPN were required for anything, that would defeat the entire purpose of having or using a CMG, i.e., a VPN is in no way required for ConfigMgr clients to be remotely managed.

Answer 3

Hi All
Thanks for your feedback.
Found the issue... dont know if it was a bug or not... but had the same issue with this:
https://learn.microsoft.com/en-us/answers/questions/122165/clients-not-communicating-with-cmg.html

This tick box for this was ticked,
"Allow configuration manager cloud management gateway traffic"

But the registry was not enabled. So basically unticked the box, apply, and re-tick box, apply, did the trick.

DM