Cloud Support

Content Distribution supports the following Configuration Manager on Azure scenarios:

Infrastructure as a Service (IaaS): Your host CM infrastructure servers are in Azure virtual machines.
Cloud based Distribution Points: Configuration Management distribution points are hosted in Microsoft Azure as a cloud service.
Cloud Management Gateway (CMG): Configuration Management management points are hosted in the cloud, including support for CMG VM scale sets.

Infrastructure as a Service (IaaS)

Content Distribution supports integration with Configuration Manager and Active Directory (AD) infrastructure servers in Azure virtual machines (Infrastructure as a Service). This is where Configuration Manager and AD are being run in Azure, managing local clients network on organization's premises and this local network is connected to Azure using Microsoft Azure Site-to-Site Connectivity. 1E Platform may be hosted on a virtual machine hosted in the Azure cloud or locally on the on-premises network, with Content Distribution as usual installed on all client devices.

Cloud based Distribution Points

Configuration Manager now supports Distribution Points (DP) that are hosted in Microsoft Azure. The DP Site system role hosted on Windows Azure is referred to as a site system cloud service. The site system cloud service contrasts to a site system server, which refers to an on-premises computer that is managed in the local network environment. Content Distribution also support Cloud Management Gateway (CMG) for management point roles to manage CM clients on the Internet.

When a CM Client ContentTransferManager requests Content Distribution to download the content from a cloud based Distribution Point, Content Distribution performs the following tasks:

Downloads the encrypted content.
Decrypts the content before copying it to its own cache.
When the download is complete, Content Distribution encrypts the content and copies it to the CM cache.
Content Distribution peers looking for the original content in the subnet, perform an election for the decrypted content and then copy it from an elected master.
When the peer copy is complete, the peer Content Distribution encrypts the content and copies it to the CM cache.

Unlike other content, for content downloaded from a cloud based Distribution Point, Content Distribution does not create hard links between the Content Distribution cache content and the CM cache, but the Content Distribution cache cleaner is able to delete the content from both the Content Distribution cache and the CM cache.

Support is not yet available for Delta downloads, like Office 365 or Windows 10 software updates in Content Distribution. Microsoft does not recommend using distributing software update content on Cloud Distribution Points, for more information refer to Plan for the CMG in Configuration Manager.

Cloud based DP content and LSZ/LST file generation

Content Distribution content relies on having access to an LSZ file that provides metadata regarding the download content. With on-premises Distribution Points, the LSZ file is normally generated by a local Content Distribution service. That option is not available for cloud based DP as they run as a service in Azure, and a Content Distribution service cannot be installed. Instead, the LSZ file is generated locally by mimicking the process used by CM agent, which queries the content's metadata from the DP directly.

Cloud based Distribution Points are not currently supported for Office 365 updates.
RDC is not supported on cloud-based Distribution Points.
If content is marked to be delivered as 1 (Compressed) or 2 (Encrypted) under Content Distribution SECure and needs to be downloaded to the client from a cloud based distribution point, these settings are ignored and content is downloaded in the original format. For the same reason, Ahead Of Time (AOT) LSZ generation is also not supported for cloud-based distribution points.

Cloud Management Gateway (CMG)

From Configuration Manager version 1610 and above, the cloud management gateway provides a simple way to manage Configuration Manager clients on the Internet. The Cloud Management Gateway (CMG) service is deployed to Microsoft Azure and requires an Azure subscription. It connects to your on-premises Configuration Manager infrastructure using a new role called the Cloud Management Gateway connector point. Once deployed and configured, clients will be able to access on-premises Configuration Manager site system roles regardless of whether they're on the internal private network or on the Internet. Currently, CMG only supports management point and software update point roles, and Content Distribution has only been tested with management points.

When a client is on the Internet, the Configuration Manager Client requests Content Distribution to download the content from a cloud based distribution point. Content Distribution gets the management point list (including cloud management gateway enabled Internet management points) from WMI and uses those to determine the appropriate distribution points. The rest works as usual.