That documentation in no way says anything about your site server in Azure and in no way discusses the CMG as being domain joined either. Whomever is drawing this conclusion is incorrect and needs to read the documentation. In fact, the CMG is a service provide by Azure – you have no explicit control over it. There is also a CMG connector role that you load on a site system (or your site server) but this is an on-prem role and has nothing to do with Azure except that it communicates with the CMG that is in Azure. So, it’s time to either correct the security guys and/or give them the proper information.
J From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of SCCM Admin Sent: Wednesday, August 9, 2017 11:52 AM To: mssms@lists.myitforum.com Subject: Re: [mssms] Cloud Management Gateway https://docs.microsoft.com/en-us/sccm/core/understand/configuration-manager-on-azure#networking On Wed, Aug 9, 2017 at 11:43 AM, Nemec, Dale <dale.ne...@tektronix.com<mailto:dale.ne...@tektronix.com>> wrote: My CMG’s are not domain joined and are working as expected. Do you have a link to the documentation that you are following/referencing? Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of SCCM Admin Sent: Tuesday, August 8, 2017 4:24 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] Cloud Management Gateway We submitted our plans to implement CMG and after speaking with security they had issues with securing our site server in Azure since it has to be domain joined. Could we put that server in another trusted domain and apply a trust between the two. Also is there that much of a security threat to having a server in Azure as apposed on premises? ________________________________ Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.