<img alt="" src="https://secure.hims1nice.com/151009.png" style="display:none;">
Skip to main content

Preserve your Configuration Manager deployment by extending it to the Cloud

Even before the Spring of 2020, we had customers who were running into challenges with roaming and remote workers. ...

Tim Humphrey
Posted by Tim Humphrey
Preserve your Configuration Manager deployment by extending it to the Cloud

In today's fast-paced business landscape, staying ahead of the competition requires efficient and effective solutions. According to Microsoft’s Work Trend Index, nearly 70% of employee report that they don’t have sufficient time in the day to focus on “work”, with more time being spent Communicating than Creating.

Microsoft 365 Copilot is designed, with Microsoft’s cloud trust platform at its core, to allow for employees to both be more productive, reduce the time spent searching for information, performing mundane tasks, and other low-value activities.

Even before the Spring of 2020, we had customers who were running into challenges with roaming and remote workers. Trying to identify devices and keeping up with their statuses (health, updates, etc.) proved to be challenging, at best. VPN costs were getting more and more expensive, yet the challenges of constant connectivity to the on-premises environment were vital to many of our customers. Security teams were adamant that devices needed to be compliant with patches for both the OS and the workloads running on them. Then came the waves of Windows feature upgrades that needed to be performed. Our customers were frustrated and said, “There must be a better way.”

So, is there a better way to manage these predominantly on-premises devices using Configuration Manager when they roam or are working remotely? The short answer is yes. Let’s explore the options for extending Configuration Manager to the cloud to bring these devices back under constant management without direct connectivity to your on-premises environment.

  1. Deploying a Cloud Management Gateway(s)
  2. Extending your deployment via Internet-Based Client Management
  3. Cloud Attaching your Configuration Manager environment to Intune
  4. Configuring Co-Management


Option 1: The Cloud Management Gateway


This is by far the ultimate upgrade for your existing Configuration Manager deployment. This solves the VPN connectivity issue while still allowing you to manage the device over the internet. Essentially, the CMG provides a line-of-sight for your on-premises joined devices to be managed without being on-premises.

Device Management Part 1 Cloud Management Gateway

Advantages of CMG:

  • No disruption to existing devices under management
  • Does not require any additional on-premises infrastructure or opening ports in your firewalls
  • Ability to deploy software updates/software deployment and obtain statuses for each
  • Device configuration
  • Client Health status/inventory


Option 2: Internet-Based Client Management


This is the on-premises alternative to using the CMG. Use internet-based client management (IBCM) to manage Configuration Manager clients when they aren't connected to your internal network. Just extend your Configuration Manager infrastructure to the DMZ.


Advantages of using IBCM:

  • Full control of servers and roles providing the service
  • No cloud service dependency
  • Ability to deploy software updates and software (applications) and obtain statuses for each client
  • Device configuration
  • Client Health status/inventory


Option 3: Tenant Attach Configuration Manager to Intune


Tenant attach sets up synchronization between your Configuration Manager site and your Intune tenant. Extending the investment in your on-premises environment to the cloud without recreating net new configuration is the simplest way to add value. You will gain actions and insights into devices on-premises or off-premises from the Microsoft Endpoint Manager admin center.

Then you can see your Configuration Manager devices in the Microsoft Endpoint Manager admin center.


Advantages of IBCM:

  • This connection provides you with a single pane of glass view for all the devices that you manage with Microsoft Endpoint Configuration Manager/Intune.
  • This web-based console may be beneficial in some scenarios that don't want to use the full Configuration Manager console, such as with help desk staff. 
  • Leverage Endpoint Analytics and Timeline events


Option 4: Configuring Co-Management


When you enroll existing Configuration Manager clients in co-management, you light up new features in the cloud provided by Intune. This brings new functionality to your existing endpoint management capabilities and allows you to manage workloads in a hybrid fashion with Configuration Manager or push them to Intune at your own pace.


Advantages of Co-Management:

  • Conditional access with device compliance
  • Intune-based remote actions, for example: restart, remote control, or factory reset
  • Centralized visibility of device health
  • Link users, devices, and apps with Azure Active Directory (Azure AD)
  • Modern provisioning with Windows Autopilot
  • Remote actions

Let us know if you need us to help you plan or implement any of these options to extend your investment and provide additional capabilities for your Configuration Manager environment. We have been helping our customers manage their endpoint devices using SMS/SCCM/Configuration Manager and now Microsoft Endpoint Configuration for nearly 30 years.

MEM / MECM Modern Management Accelerator

Leverage your existing Microsoft Endpoint Configuration Manager (MECM) environment to accelerate the adoption of Modern Management with Microsoft Endpoint Manager (MEM) and Windows 10 devices.


KiZAN Logo Blue

KiZAN is a Microsoft National Solutions Provider with numerous gold and silver Microsoft competencies, including gold data analytics. Our primary offices are located in Louisville, KY, and Cincinnati, OH, with additional sales offices located in Tennessee, Indiana, Michigan, Pennsylvania, Florida, North Carolina, South Carolina, Georgia and Texas.