Close Menu
    Facebook X (Twitter) Instagram
    Sunday, July 20
    X (Twitter) LinkedIn
    All about Endpoint Management
    • Home
    All about Endpoint Management
    Home»CMG»Configuration Manager Technical preview 2006 – Allow Intranet clients to scan against CMG Software update point

    Configuration Manager Technical preview 2006 – Allow Intranet clients to scan against CMG Software update point

    Eswar KonetiBy Eswar KonetiJune 28, 11:50 pm3 Mins Read CMG 1,892 Views
    Share
    Facebook Twitter LinkedIn Reddit

    Microsoft has released Configuration Manager Technical Preview version 2006 with a lot of cloud features. For more information about the features of this preview release, please refer https://docs.microsoft.com/en-us/mem/configmgr/core/get-started/2020/technical-preview-2006

    This Technical preview version is not a baseline version and can be installed only from the in-console update. If you are building a new site, please install the baseline version (tech preview) 2002 and update it to 2006 using in-console.

    This technical preview version focused more on cloud-related feature.One of the most waiting features of CMG is, to allow intranet clients to scan against CMG software update point when you configure the boundary groups.

    Until now, in all the preview technical preview features and also in the current branch build, all the client (on-prem) traffic can be routed via CMG except the software update scan which is now possible using a technical preview build 2006.

    The following are the 2 scenarios in which you can configure the boundary groups to allow intranet clients to scan against CMG software update point.

    · When an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.

    · If the only software update point for the boundary group is the CMG software update point, then all intranet and internet devices will scan against it

    How to test this feature to allow intranet clients to scan against CMG SUP?

    Create boundaries and boundary groups for your VPN clients. In my lab, i use my intranet client as VPN boundary.

    Boundary group:

    image

    Go to properties of the VPN boundary group and click on references:

    Add the CMG here (pls note that, am using 3rd party cert in my lab, hence there is no cloudapp.net).

    image

    My lab has only 1 SUP so i configured it to support both intranet and internet based clients.

    The following setting is applicable in scenario, If the only software update point for the boundary group is the CMG software update point, then all intranet and internet devices will scan against it.

    image

    If you have dedicated SUP for internet-based clients then you can choose ‘Allow Internet-only client connections’ for your VPN clients. So when an internet machine connects to the VPN, it will continue scanning against the CMG software update point over the internet.

    In the relationships tab, leave it blank. There is no need to configure any fallback.

    In the options tab (for downloads), configure the ‘prefer cloud based sources over on-premise sources’.

    image

    Now login to the client (win10- connected to on-prem ) and restart the SMS agent host service for a quick test or refresh the machine policy cycle.

    From the configuration manager applet, run software update scan cycle and monitor wuahandler.log and locationservices.log

    Locationservices.log

    image

    wuahandler.log:

    image

    As you can see, client is connected to intranet but the software update scan is scanning against the CMG software update point.

    Following is the SQL code that will help you to identify the clients connecting to CMG software update point.

    select uss.LastScanPackageLocation [Scan Location],
    count(*) Total
    from v_UpdateScanStatus uss
    group by uss.LastScanPackageLocation

    image

    This is great feature to route all the traffic via internet.

    Hope to see this feature in the next version of production build.

    cmg configmgr intranet Intranet based MEMCM software update scan Tech preview update scan
    Share. Twitter LinkedIn Email Facebook Reddit

    Related Posts

    SCCM SQL Report – Compare Installed Apps on TWO Different Computers

    July 13, 10:35 am

    Optimize Your Intune Workflow with a Powerful Browser Extension

    March 22, 10:39 am

    Migrate Microsoft 365 Updates from SCCM/MECM to Intune for Co-Managed Devices

    February 11, 9:50 pm

    Leave a ReplyCancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Sign Up

    Get email notifications for new posts.

    Author

    I’m Eswar Koneti ,a tech enthusiast, security advocate, and your guide to Microsoft Intune and Modern Device Management. My goal? To turn complex tech into actionable insights for a streamlined management experience. Let’s navigate this journey together!

    Support

    Awards

    Archives

    © Copyright 2009-2024 Eswar Koneti, All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.