That documentation in no way says anything about your site server in Azure and 
in no way discusses the CMG as being domain joined either. Whomever is drawing 
this conclusion is incorrect and needs to read the documentation. In fact, the 
CMG is a service provide by Azure – you have no explicit control over it. There 
is also a CMG connector role that you load on a site system (or your site 
server) but this is an on-prem role and has nothing to do with Azure except 
that it communicates with the CMG that is in Azure. So, it’s time to either 
correct the security guys and/or give them the proper information.


From: [] On 
Behalf Of SCCM Admin
Sent: Wednesday, August 9, 2017 11:52 AM
Subject: Re: [mssms] Cloud Management Gateway

On Wed, Aug 9, 2017 at 11:43 AM, Nemec, Dale 
<<>> wrote:
My CMG’s are not domain joined and are working as expected.

Do you have a link to the documentation that you are following/referencing?

Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix

On Behalf Of SCCM Admin
Sent: Tuesday, August 8, 2017 4:24 PM
Subject: [mssms] Cloud Management Gateway

We submitted our plans to implement CMG and after speaking with security they 
had issues with securing our site server in Azure since it has to be domain 

Could we put that server in another trusted domain and apply a trust between 
the two.

Also is there that much of a security threat to having a server in Azure as 
apposed on premises?


Please be advised that this email may contain confidential information. If you 
are not the intended recipient, please notify us by email by replying to the 
sender and delete this message. The sender disclaims that the content of this 
email constitutes an offer to enter into, or the acceptance of, any agreement; 
provided that the foregoing does not invalidate the binding effect of any 
digital or other electronic reproduction of a manual signature that is included 
in any attachment.

Reply via email to