Overview
- In this video guide, we will review the new feature for Token-based authentication for cloud management gateway released in Configuration Manager current branch 2002 https://docs.microsoft.com/en-us/configmgr/core/plan-design/changes/whats-new-in-version-2002#token-based-authentication-for-cloud-management-gateway.
Topics in Video
- Please see youtube: https://youtu.be/e5QSv1Yna6M
Helpful Resources
- Token-based authentication for cloud management gateway – https://docs.microsoft.com/en-us/configmgr/core/plan-design/changes/whats-new-in-version-2002
- Register for token on the internal network – https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/deploy-clients-cmg-token#register-on-the-internal-network
- Create a bulk registration token – https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/deploy-clients-cmg-token#create-a-bulk-registration-token
- Bulk registration token tool usage – https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/deploy-clients-cmg-token#bulk-registration-token-tool-usage
I'm Justin Chalfant! I'm the founder of 
Very helpful video Justin, thanks.
I was wondering about approval for a workgroup machineS, but as always you answered right in the video.
:), yeah it seems the token is essentially the factor that allows the site to trust the client and auto-approve unless like a traditional workgroup ccmsetup installation.
This video shows for 1 computer registration in the cloud. How do I manage 1000+ computers in Cloud Environment
You could use PKI for existing devices or Intune to auto-enroll into ConfigMgr.
What’s the secret sauce? For some reason it’s not recognizing the new /regtoken and still trying with certificates. I see in your video CCMTOKENAUTH=1, currently mine says =0, does this mean anything in your brilliance?
Hmm, so your machine has a client authentication certificate as well?
Amazing stuff and at 11:59, what i understood is when client goes for registration it goes with client GUID and certificate thumbprint. Thumbprint is of self-signed certificate.
That’s correct. CMG will use PKI cert, Azure AD, or Bulk token for the auth/registration.
this was very informative, but i need info on client auth check. MS article after 90 days the token expires , what after that ? how the systems will connect back. how the registration happens if the system is in internet without LAN access
The token will auto-renew for clients that have access to the MP.
Can i use this single token to authorize multiple machines ?
You can as long as it’s not expired!