See how organizations are driving productivity with Microsoft Teams. “What we’ve done with Microsoft Teams and Power Apps represents a real shift in how we communicate, how reporting works, and the ways in which employees can build upon the tools they have at their disposal.”. Abe Dev, Digital Technology and Innovation Value Stream Lead. A content services platform builds on the strengths of traditional Enterprise Content Management (ECM) and serves as the foundation for enterprise-wide content management. There are two choices to this: 1. Pure: build a javascript client in the form of a single page app. The app directly interacts with the API 2. Default.with redirection: If you go for the first choice, assuming you are using OAuth for your API. Jul 28, 2021 Tricky setup. Serviio is similar to UMS, as it is a fast and powerful open-source media server rich in advanced controls and functions. But unlike UMS, Serviio has a paid version that.
-->Applies to: Configuration Manager (current branch)
The second primary step to set up a cloud management gateway (CMG) is to integrate the Configuration Manager site with your Azure Active Directory (Azure AD) tenant. This integration allows the site to authenticate with Azure AD, which it uses to deploy and monitor the CMG service. If you can't use Configuration Manager to automate the creation of the apps during the Azure Service Wizard, you can use the wizard to import a previously created app. For example, if your Azure administrators require that they manually create all Azure AD app registrations, then use this process.
Tip
This article provides prescriptive guidance to integrate the site specifically for the cloud management gateway. For more information on this process and other uses of the Azure Services node in the Configuration Manager console, see Configure Azure services.
Cached
When you integrate the site, you create app registrations in Azure AD. The CMG requires two app registrations:
- Web app (also referred to as a server app in Configuration Manager)
- Native app (also referred to as a client app in Configuration Manager)
There are two methods to create these apps, both of which require a global administrator role in Azure AD:
- Use Configuration Manager to automate the creation of the apps when you integrate the site.
- Manually create the apps in advance, and then import them when you integrate the site.
This article provides the specific details for the second method. Pair these instructions with the procedures in the Configure Azure AD for CMG article to complete the process.
Get tenant details
Tip
During this process, you'll need to note several values to use later. Open an app like Windows Notepad to paste in the values that you'll copy from the Azure Portal.
First, you need to make note of the Azure AD tenant name and tenant ID. These values are the first two pieces of information that you need to import the app registrations in Configuration Manager.
In the Azure portal, select Azure Active Directory.
In the Azure AD menu, select Custom domain names.
Note the tenant name. For example,
contoso.onmicrosoft.com
.In the Azure AD menu, select Properties.
Copy the Tenant ID GUID value.
Register the web (server) app
In the Azure AD menu, select App registrations. Select New registration to create a new app.
In the Register an application pane, specify the following information:
- Name: A friendly name for the app. For example,
CMG-ServerApp
. - Supported account types: Leave this setting as the default option, Accounts in this organizational directory only.
- Redirect URI: Leave this optional value blank.
- Name: A friendly name for the app. For example,
Select Register to create the app.
In the properties of the new app, copy the following values:
- Display name: This value is the friendly name for this app registration that you'll use later as the application name.
- Application (client) ID: You'll use this GUID value later as the client ID.
In the menu of the app properties, select Certificates & secrets, then select New client secret.
- Description: You can use any name for the secret or leave it blank.
- Expires: Select either 12 months or 24 months.
Select Add. Immediately copy the client secret string Value and Expires. If you leave this pane, you can't retrieve the same secret again. You'll use these values later as the secret key and secret key expiry values.
If you're going to use Azure AD User Discovery in Configuration Manager, you need to adjust the permissions on this app. In the menu of the app properties, select API permissions. By default it should have the User.Read permission for the Microsoft Graph API, which needs to change.
Select Microsoft Graph to enumerate the list of available API permissions, then select Application permissions.
Expand Directory, and then select Directory.Read.All.
Switch to Delegated permissions.
Expand User, and remove the User.Read permission.
Select Update permissions.
On the API permissions pane, select Grant admin consent for..., then select Yes.
In the menu of the app properties, select Expose an API.
For the Application ID URI, select Set. Specify a URI that's unique for the tenant. You'll use this value later as the App ID URI. For example,
https://ConfigMgrService
. Select Save.Select Add a scope, and specify the following required information:
- Scope name:
user_impersonation
- Who can consent: Select Admins and users
- Admin consent display name: Specify a meaningful name. For example,
Access CMG-ServerApp
- Admin consent description: Specify a meaningful description. For example,
Allow the application to access CMG-ServerApp on behalf of the signed-in user.
- Scope name:
Select Add scope to save.
In the menu of the app properties, select Manifest. Set the oauth2AllowIdTokenImplicitFlow entry to true. For example:
Select Save.
The web (server) app for CMG is now registered in Azure AD.
Register the native (client) app
In the Azure AD menu, select App registrations. Select New registration to create a new app.
In the Register an application pane, specify the following information:
- Name: A friendly name for the app. For example,
CMG-ClientApp
. - Supported account types: Leave this setting as the default option, Accounts in this organizational directory only.
- Redirect URI: Leave this optional value blank.
- Name: A friendly name for the app. For example,
Select Register to create the app.
In the properties of the new app, copy the following values:
- Display name: This value is the friendly name for this app registration that you'll use later as the application name.
- Application (client) ID: You'll use this GUID value later as the client ID.
In the menu of the app properties, select Authentication.
Under Platform configurations, select Add a platform.
In the Configure platforms pane, select Mobile and desktop applications.
In the Configure Desktop + devices pane, under Custom redirect URIs, specify
ms-appx-web://Microsoft.AAD.BrokerPlugin/<ClientID>
. Use the app's client ID GUID, for example:ms-appx-web://Microsoft.AAD.BrokerPlugin/2afe572e-d268-4c77-a22d-fdca617e2255
.Select Configure.
Under Advanced settings, set Allow public client flows to Yes. Select Save.
If you're going to use Azure AD User Discovery in Configuration Manager, you need to adjust the permissions on this app. In the menu of the app properties, select API permissions. By default it should have the User.Read delegated permission for the Microsoft Graph API.
On the API permissions pane, select Add a permission.
Switch to the My APIs tab, and select your web (server) app. For example, CMG-ServerApp. Select the user_impersonation permission, and then select Add permissions to save.
On the API permissions pane, select Grant admin consent for..., and then select Yes.
In the menu of the app properties, select Manifest. Set the oauth2AllowIdTokenImplicitFlow entry to true. For example:
Select Save.
The native (client) app for CMG is now registered in Azure AD. This step also concludes the process in the Azure portal. The role of the Azure global administrator is done.
Import the apps to Configuration Manager
After you manually register the two apps in the Azure portal, use the process in the article to Configure Azure AD for CMG, but select the option to Import each of the apps.
These processes import metadata about the Azure AD apps into Configuration Manager. You don't require any Azure AD permissions to import these apps.
Import web (server) app
When you select Import from the Server app window, it opens the Import apps window. Enter the following information about the Azure AD web app that's already registered in the Azure portal:
- Azure AD Tenant Name: The name of your Azure AD tenant.
- Azure AD Tenant ID: The GUID of your Azure AD tenant.
- Application Name: A friendly name for the app, the display name in the app registration.
- Client ID: The Application (client) ID value of the app registration. The format is a standard GUID.
- Secret Key: Copy the secret key when you register the app in Azure AD and create the secret key.
- Secret Key Expiry: Specify the same date as from the Azure portal.
- App ID URI: The value is the Application ID URI of the app registration entry in the Azure AD portal. The format is similar to
https://ConfigMgrService
.
#1 Guide To Setup SCCM Cloud Management Gateway (SCCM CMG ...
After entering the information, select Verify. Then select OK to close the Import apps window.
Important
When you use an imported Azure AD app, you aren't notified of an upcoming expiration date from console notifications.
Import native (client) app
When you select Import from the Client app window, it opens the Import apps window. Enter the following information about the Azure AD native app that's already registered in the Azure portal:
- The wizard autopopulates the Azure AD tenant name and tenant ID based on the web (server) app that you already specified.
- Application Name: A friendly name for the app.
- Client ID: The Application (client) ID value of the app registration. The format is a standard GUID.
After entering the information, select Verify. Then select OK to close the Import apps window.
Next steps
After you manually register the two apps in the Azure portal, use the process in the following article to import the apps: