With this capability, you may extend the versatility of System Center Configuration Manager's device management capabilities by connecting it to the Microsoft Cloud. Despite the benefits of the cloud, not all IT departments are prepared to let go of their management tools for on-premises just yet.
Before proceeding further into our discussion, get this online SCCM Training course that helps you to understand the essentials of configuration manager site system roles, configuring network firewall settings, investigating the SCCM console, and SQL database server installation to improve your MDM configuration skills.
Many classic products, including SCCM, link to the cloud, removing some technological barriers like the need for a Virtual Private Network. Not all businesses are similar, and many are hesitant to completely abandon long-standing data-center-based operational techniques in favor of cloud-based ones. When Microsoft created the SCCM's tenant attach feature, it addressed these issues by allowing an organization to progressively migrate some management duties to a cloud.
In late 2019, MEM was released, combining the functionality of SCCM and Intune into a single website dubbed the Microsoft Endpoint Manager admin center. You connect SCCM to your tenant for viewing and managing your devices.
What Does Tenant Attach Mean in SCCM?
A Tenant attach establishes a connection between your Tenant in Azure and your SCCM environment on-premises, you can then see and handle the devices straight from a web URL at endpoint.microsoft.com.
Tenant attach displays client details like information about clients in real-time and collections, as well as allowing you to do actions such as viewing information about hardware and deploying apps using the resource explorer.
These features of tenant-attach are currently in preview at the time of publication:
● Details of client;
● Installation of an application;
● Timeline of the device;
● explorer of resources;
● The capability of running scripts;
● The enant-attached devices CMPivot; and
● The tenant-attached device endpoint security.
What Problems Can Tenant Attach Resolve the SCCM Administrators?
You'll require a PC and a working Virtual Private Network connection to remotely manage devices using the SCCM console. Tenant attach allows you to manage devices through any device from any location that has access to the internet by using the web portal through a browser.
The Microsoft Endpoint Manager admin center provides access to a variety of every day IT functions, such as:
● Machine policy triggering;
● User policy triggering;
● Triggering the cycle of app evaluation;
● Applications deployment;
● Retrieving the reports with a Query tool CMPivot; and
● Running client-side scripting.
You can also see information about the client, like when it’s last active, which point of management it contacted, and whether it belongs to a device collection.
What are the Constraints of Tenant Attach?
In your SCCM system, tenant attach is confined to seeing data and conducting basic administrative operations, but the flexibility to handle your devices from anywhere compensates for those limitations.
The cloud service availability is verified by regularly monitoring network connectivity problems on the SCCM service connection point. For debugging, the point of service connection creates two log files entitled CMGatewayNotificationWorker.log and CMGatewaySyncUploadWorker.log.
Tenant attach doesn’t render the System Center Configuration Manager console useless, but Microsoft intends to continue developing the MEM admin center for enabling this in the coming future.
What's the Distinction Between Co-Management and Tenant Attach?
You can control your devices using both Microsoft Intune and SCCM with co-management. You can move workloads between the two tools, like deployment of software updates. The co-management benefit is that it allows you to transition from an on-premises framework of management to a cloud in stages. Some functions of SCCM, including control of software metering and deployments of Windows Server, are currently unavailable in Intune.
Tenant attach is configured using co-management, but it doesn’t require devices to enroll in workloads or Intune to be moved from System Center Configuration Manager to Intune. A Tenant attach gives the Microsoft Endpoint Manager admin center simple capabilities of management.
What is the Tenant Attach in SCCM Requirements?
The following conditions must be met for configuring tenant attach:
● An account with the rights of a Global Administrator;
● Later or version 2002 of SCCM;
● A subscription to Azure;
● Syncing user accounts from an Active Directory to an Active Directory of Azure triggers actions for devices; and
● Several endpoints for server connectivity are configured via the firewall.
Azure China and Azure US Government Cloud don’t support uploading devices to MEM.
When you activate tenant attach in SCCM 2010, extra validation tasks would be performed to guarantee connectivity of a network.
How Can You Configure a ConfigMgr Tenant?
The property settings of co-management are where you configure tenant attach. If you don't have the co-management turned on, you'll need to use the wizard for setting up co-management to set up device upload.
Administration -> Overview -> Cloud Services -> Co-management is where you'll discover the co-management properties. Checkbox should be enabled for Upload to MEM admin center on the tab Configure upload.
You can handle every device or individual machines under that configuration, or you could create a testing environment for a tenant attach. In the previous case, you'd choose the option for uploading device data from only one collection.
Changes to the settings of co-management are required as part of the tenant attach configuration process.
It’s not necessary to enroll devices in co-management automatically, nor is it necessary to migrate workloads to Intune for using tenant attach for System Center Configuration Manager.
After that, go to Administration -> Overview -> Cloud Services -> Co-management and use the co-management configuration wizard. To begin the configuration, select Configure co-management.
Check Upload to MEM admin center after logging in with your Azure credentials.
After the completion of setup, you can check the progress in a log file “GatewaySyncUploadWorker.log”, that is the same log you'll use to troubleshoot if devices don't appear in Microsoft Endpoint Manager.
Conclusion:
In this blog, we learned to understand tenant attach, the solutions offered for SCCM administrators, the limitations, differences between tenant attach and co-management, the requirements, and the configuration of ConfigMgr.
COMMENTS