Setup Co-Management Cloud DP Azure Blob Storage

Let’s learn how to Set up Co-Management Cloud DP Azure Blob Storage. A Cloud-based Distribution Point (CDP) is an SCCM DP hosted in Microsoft Azure. The application packages will be stored in Azure Blob storage.

And it is a PaaS (Platform As A Service) solution from Microsoft SCCM. Security Patching of Azure PaaS solution servers is Microsoft’s responsibility. This post will show how to set up co-management cloud DP.

Update: A separate Cloud DP configuration/installation can be avoided. From SCCM 1806 onwards, you can have SCCM CMG as a Cloud DP.

I recommend reading the following post for more details: Learn How to Setup SCCM Cloud Management Gateway as cloud DP.

Sign up to get the best of How To Manage Devices straight to your inbox!

Video Tutorial to Setup Co-Management Cloud DP

This video tutorial will show how to set up co-management cloud DP Azure Blob Storage.

Co-Management Related Posts

• All Co-Management Video tutorials
• Overview Windows 10 Co-Management with Intune and SCCM
• Custom Report to Identify Machines Connected via SCCM CMG
• How to Setup Co-Management – Introduction – Prerequisites Part 1
• How to Setup Co-Management – Firewall Ports Proxy Requirements Part 2
• Setup Co-Management – AAD Connect UPN Suffix Part 3
• Setup Co-Management – CA PKI & Certificates Part 4
• Setup Co-Management Cloud DP Azure Blob Storage Part 5 (This Post)
• Setup Co-Management Azure Cloud Services CMG Part 6
• SCCM Configure Settings for Client PKI certificates Part 7
• How to Setup SCCM Co-Management to Offload Workloads to Intune – Part 8
• How to Deploy SCCM Client from Intune – Co-Management – Part 9
• End-User Experience of Windows 10 Co-Management – Part 10

Co-Management Cloud DP Requirement

Cloud DP (CDP) is not a prerequisite for SCCM Co-Management. However,  Cloud DP (CDP) is required for scenarios where you want to install an SCCM client from the internet.

SCCM Cloud Management Gateway (CMG) & CDP are necessary for the above situation.

Azure subscription and access rights are required to provide a Cloud DP server and storage in Azure PaaS. SCCM will automatically provide you with cloud DP. You can confirm the configuration details in the SCCM console wizard.

ARM-based CDP is not an option for SCCM 1802 or previous versions. Hence, we must use the classic model to provide CDP with a self-signed authentication certificate.

This cert is required to complete the Cloud DP wizard from the SCCM CB console. For more details, I recommend reading the previous post, Setup Co-Management CA PKI Certificate.

A service certificate (PKI) or Public Cert has required SCCM clients to use that to connect to CDP and download content from them by using HTTPS.

Before a device or user can access content from a cloud-based distribution point, it must have Allow Access to Cloud distribution points set to Yes in the client setting of Cloud Services. By default, this value is set to No.

A client must be able to access the Internet to use the cloud-based distribution point.

A client must be able to resolve the cloud service’s name, which requires a Domain Name System (DNS) alias and a CNAME record in your DNS namespace.

More details https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/use-a-cloud-based-distribution-point#client-to-cloud-distribution-point

TIP: For SCCM LAB, use the host file to resolve the name. The following is the sample entry that I used in the host file 52.183.228.213 http://5351e58bea6d46e3b2483e2d.cloudapp.net/

I would recommend reading the documentation on CDP prerequisites before proceeding further.

How to Configure Cloud DP

Once you have Azure subscription ID, Certs, and appropriate access to the subscription, you can start the Cloud DP installation wizard from the SCCM console. Co-management Cloud DP installation is straightforward once you have the requirements ready.

Navigate via SCCM console \Administration\Overview\Cloud Services\Cloud Distribution Points. Click on the “Create Cloud Distribution Point” ribbon icon to kick-start the CDP installation wizard. Please go through the wizard as I have shown in the video tutorial.

How to Test Cloud DP Functionality

We can confirm the functionality of cloud DP without manually distributing any packages. Two (2) default packages are automatically distributed to CDP.

• Configuration Manager Client Package 224.74 MB
• Configuration Manager Client Piloting Package 224.74 MB

You can check the status of these package distributions from the SCCM console “\Monitoring\ Overview\Distribution Status\Content Status\Configuration Manager Package.”

You can also look at the log files for more details about the Cloud DP provisioning process and communication.

• DistMgr.log
• CloudDP-.log
• and PkgXferMgr.log

CloudDP-<ServiceName>.log ***Start of trace dump from WADLogsTable, storage account = 5351e58bec6d46e3b148ve2d. (query for entries between [01/01/1601 00:00:00] and [04/12/2018 13:54:57]

lt;C:\Program Files\Microsoft Configuration Manager\bin\x64\smsexec.exe><04-12-2018 13:59:59.255381-00><thread=33 (2508)> UpdateTraceSwitchValues – Trace switch values set: TraceLevel =Information

lt;ContentService_IN_0 9a7fed20432c44879cd210acc451b21b><04-12-2018 13:28:36.229625-00><thread=2904 (1784)> Starting…; TraceSource ‘CloudDPService’ event

lt;ContentService_IN_0 9a7fdd20432b44879ed210acc451b21b><04-12-2018 13:28:36.229625-00><thread=2904 (1784)> Exiting…; TraceSource ‘CloudDPService’ event

lt;ContentService_IN_0 9a7fed20432c44879cd211acc451b21b><04-12-2018 13:49:26.136926-00><thread=2256 (1784)>

PkgXferMgr.log ————– Sending thread starting for Job: 2, package: PR300004, Version: 4, Priority: 1, server: ACMCDP01.CLOUDAPP.NET, DPPriority: 200 Sent status to the distribution manager for pkg PR300007, version 4, status 0 and distribution point [“Display=\\ACMCDP01.cloudapp.net\”]MSWNET:[“SMS_SITE=PR3”]\\ACMCDP01.cloudapp.net [“Display=\\ACMCDP01.cloudapp.net\”]MSWNET:[“SMS_SITE=PR3”]\\ACMCDP01.cloudapp.net\ is a cloud distribution point. Will attempt to upload the package to this Cloud distribution point Sent status to the distribution manager for pkg PR300003, version 5, status 0 and distribution point [“Display=\\ACMCDP01.cloudapp.net\”]MSWNET:[“SMS_SITE=PR3”]\\ACMCDP01.cloudapp.net\

Sample/Default Configuration of Cloud DP Wizard

General
• Subscription ID: dda75f69a-5a3b-4ecd-b385-db1223e9549873
• Management Certificate:\dc1\Sources\Certs\Azure MGMT Cert\ACNCMGAzureMgmt.pfx
Settings
• Service Name: 5351e58beadhdgd6d46e3b148ee2d
• Description: ACNCDP01
• Primary Site: Primary CB 2 (PR3)
• Region: South Central US
• Resource group:
• Service Certificate:\dc1\Sources\Certs\ACNCDP01.pfx
• CName:ACMCDP01.cloudapp.net
Alerts
• Storage alert threshold: Enabled
• Storage alert threshold: 2000 GB
• Warning Storage alert level: 50%
• Critical Storage alert level: 90%
• Traffic Out Threshold: Enabled
• Traffic Out Threshold: 10000 GB
• Warning Traffic alert level: 50%
• Critical Traffic alert level: 90%

Azure Blob Storage Cloud DP

Deep Dive into the Azure portal and check the blob storage for the content files. The cloud DP package content is stored in the blob storage. You don’t have to change anything in the permission level in the blog storage.

You can delegate Blob storage permissions to the SCCM team if needed. However, this permission setting is not part of SCCM RBAC. The permission delegation can be done via Azure AD.

I recommend reading the following document Install cloud-based distribution points in Microsoft Azure for SCCM.

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.