Supported configurations for cloud management gateway
Applies to: Configuration Manager (current branch)
Use this article as a reference for the features and configurations that are supported by the Configuration Manager cloud management gateway (CMG).
All Windows versions listed in Supported operating systems for clients and devices are supported for CMG.
CMG only supports the management point and software update point roles.
CMG doesn't support clients that only communicate with IPv6 addresses.
Software update points using a network load balancer don't work with CMG.
Starting in version 2203, the option to deploy a CMG as a cloud service (classic) is removed. All CMG deployments should use a virtual machine scale set. For more information, see Removed and deprecated features.
CMG names need to be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens.
Support for Configuration Manager features
The following table lists CMG support for Configuration Manager features:
|Endpoint protection||Note 1|
|Hardware and software inventory|
|Client status and notifications|
|Automatic client upgrade|
(with Azure AD integration)
(with token authentication)
|Software distribution (device-targeted)|
|Software distribution (user-targeted, required)
(with Azure AD integration)
|Software distribution (user-targeted, available)
|Pull distribution point source|
|Windows in-place upgrade task sequence Note 2|
|Task sequence without a boot image, deployed with the option to Download all content locally before starting task sequence Note 2|
|Task sequence without a boot image, deployed with either download option Note 2|
|Task sequence with a boot image, started from Software Center Note 2|
|Task sequence with a boot image, started from bootable media Note 2|
|Any other task sequence scenario Note 2|
|Content for PXE or multicast-enabled deployments|
|Automatic site assignment|
|Software approval requests|
|Configuration Manager console|
|Remote tools||Note 3|
|Wake on LAN|
|Alternate content providers||Note 4|
|Content for App-V streaming applications|
|Content for Microsoft 365 Apps updates|
|= This feature is supported with CMG by all supported versions of Configuration Manager|
|(YYMM) = This feature is supported with CMG starting with version YYMM of Configuration Manager|
|= This feature isn't supported with CMG|
Note 1: Support for endpoint protection
Clients that communicate via a CMG can immediately apply endpoint protection policies without an active connection to Active Directory.
Note 2: Support for task sequences
For more information about support for deploying a task sequence to a client via the CMG, see Deploy a task sequence over the internet.
Note 3: Support for remote tools
As announced at Microsoft Ignite 2021, a public preview of the new remote assistance solution is now available in the Microsoft Endpoint Manager admin center. This cloud-based tool can help you more securely support users of Windows devices.
For more information, see the following resources:
Note 4: Support for alternate content providers
Alternate content providers aren't supported to get content from a content-enabled CMG. You can still use them on a client that communicates with a CMG and gets content from other supported content locations.
Starting in version 2203, you can also configure the task sequence to allow token authentication with alternate content providers. For more information, see Task sequence variables: SMSTSAllowTokenAuthURLForACP.
Next, plan how the design the CMG for the best performance at the appropriate scale:
Submit and view feedback for