So what about the server that the MP and DP reside on? How will devices get applications and policies that are on the internet?
On Wed, Aug 9, 2017 at 3:50 PM Jason Sandys <ja...@sandys.us> wrote: > That documentation in no way says anything about your site server in Azure > and in no way discusses the CMG as being domain joined either. Whomever is > drawing this conclusion is incorrect and needs to read the documentation. > In fact, the CMG is a service provide by Azure – you have no explicit > control over it. There is also a CMG connector role that you load on a site > system (or your site server) but this is an on-prem role and has nothing to > do with Azure except that it communicates with the CMG that is in Azure. > So, it’s time to either correct the security guys and/or give them the > proper information. > > > > J > > > > *From:* listsad...@lists.myitforum.com [mailto: > listsad...@lists.myitforum.com] *On Behalf Of *SCCM Admin > > *Sent:* Wednesday, August 9, 2017 11:52 AM > *To:* firstname.lastname@example.org > *Subject:* Re: [mssms] Cloud Management Gateway > > > > > https://docs.microsoft.com/en-us/sccm/core/understand/configuration-manager-on-azure#networking > > > > On Wed, Aug 9, 2017 at 11:43 AM, Nemec, Dale <dale.ne...@tektronix.com> > wrote: > > My CMG’s are not domain joined and are working as expected. > > > > Do you have a link to the documentation that you are following/referencing? > > > > *Dale Nemec | Global Architecture & Technology Ops (ESS) | Tektronix* > > > > *From:* listsad...@lists.myitforum.com [mailto: > listsad...@lists.myitforum.com] *On Behalf Of *SCCM Admin > *Sent:* Tuesday, August 8, 2017 4:24 PM > *To:* email@example.com > *Subject:* [mssms] Cloud Management Gateway > > > > We submitted our plans to implement CMG and after speaking with security > they had issues with securing our site server in Azure since it has to be > domain joined. > > > > Could we put that server in another trusted domain and apply a trust > between the two. > > > > Also is there that much of a security threat to having a server in Azure > as apposed on premises? > > > ------------------------------ > > *Please be advised that this email may contain confidential information. > If you are not the intended recipient, please notify us by email by > replying to the sender and delete this message. The sender disclaims that > the content of this email constitutes an offer to enter into, or the > acceptance of, any agreement; provided that the foregoing does not > invalidate the binding effect of any digital or other electronic > reproduction of a manual signature that is included in any attachment. * > > > >