This post will show how you can import the Azure Web Apps in SCCM Current Branch so you can use the same Azure hosting subscription for the CMG for different SCCM Current Branch environments. For example, you might have a Dev SCCM environment and a Production SCCM environment, and you only have one Azure Subscription, but you want to deploy a CMG in both the Dev and Prod environment.
In the SCCM Cloud Management Gateway documentation, there is an FAQ’s section here that says:
Do the user accounts have to be in the same Azure subscription as the subscription that hosts the CMG cloud service?
If your environment has more than one subscription, you can deploy CMG into any subscription that can host Azure cloud services.
This question is common in the following scenarios:
- When you have distinct test and production Active Directory and Azure AD environments, but one single, centralized Azure hosting subscription
- Your use of Azure has grown organically across different teams
When you’re using a Resource Manager deployment, onboard the associated Azure AD tenant. This connection allows Configuration Manager to authenticate to Azure to create, deploy, and manage the CMG.
If you’re using Azure AD authentication for the users and devices managed over the CMG, onboard that Azure AD tenant. For more information on Azure services for cloud management, see Configure Azure services. When you onboard each Azure AD tenant, a single CMG can provide Azure AD authentication for multiple tenants, regardless of the hosting location.
In the SCCM console, go to Azure Services, then Configure Azure Services.
Give it a Name, and select Cloud Management Gateway.
Click on Brwose next to the Web app.
You can create a new one, or you can import the existing one. Select Import.
Now open up your Internet browser, go to portal.azure.com, then Azure Active Directory, I am using the new preview for App Registrations, so I have selected App registrations (Preview) and selected my Server App that I want to import.
To import this web app, copy the Display Name, Client ID, and Tenant ID.
Also go to Certificates & secrets, and create a new client secret.
Copy the value. We will use this later.
Type in your Azure AD Tenant name, the Tenant ID that you copied earlier, the Application Name, Client ID, Secret Key, Secret Key Expiry, and the App ID URI. Make sure to click the Verify button to verify that all the information is correct.
Click on OK.
Do the same for the Native Client app. You can follow the instructions above to get the correct values.
Once both apps have been imported, click on Next.
I won’t be enabling Azure AD discovery.
Finish the rest of the wizard and the the Subscription information will be imported so you can deploy the CMG in this subscription.