Wednesday 25 November 2020

SCCM Firewall Port

 

Direction of the Communication

Port

Remarks

Client (HQ) à Primary Site Server (HQ)

80 (TCP)

443 (TCP)

445 (TCP)

HTTP

HTTPS

SMB

Client (Branch) à Primary Site Server (HQ)

80 (TCP)

443 (TCP)

HTTP

HTTPS

Client (Branch) à  Distribution Point

80 (TCP)

443 (TCP)

445 (TCP)

HTTP

HTTPS

SMB

Primary Site Server (HQ) à Distribution Point

445 (TCP)

135 (UDP, TCP)

RPC Dynamic TCP

SMB

RPC Endpoint Mapper

RPC

Distribution Point à Primary Site Server (HQ)

80 (TCP)

443 (TCP)

HTTP

HTTPS

Primary Site Server (HQ) à  Client (HQ)

9 (UDP)

80 (TCP)

443 (TCP)

2701 (TCP)

Wake on LAN

HTTP

HTTPS

Remote Control

Primary Site Server (HQ) à  Client (Branch)

9 (UDP)

2701 (TCP)

Wake on LAN

Remote Control

Primary Site Server (HQ) à Active Directory Domain Controller

389 (TCP)

3268 (TCP)

135 (TCP, UDP)

RPC Dynamic TCP

LDAP

Global catalog LDAP

RPC Endpoint Mapper

RPC

Primary Site Server (HQ) à Microsoft Update Server (Internet)

80 (TCP)

443 (TCP)

HTTP

HTTPS

 

VM SPECIFICATION

 

HQ

BRANCH

Server Role

SCCM Primary Site Server

SCCM Distribution Point Server

No. & Type of Servers

(Physical/Virtual)

1 x Virtual Machine

1 x Virtual Machine per site/facility

Recommended CPU

8 vCPU

4 vCPU

Recommended RAM

32 GB

At least 4 GB

OS / Software

WS2012 R2 / WS2016, SQL Server 2016 SP1 / SCCM 2016 (Current Branch)

Win 8.1, Win10, Win2012R2, Win2016

Disk

100 GB (OS), 500GB (Data)

100 GB (OS), 200 GB (Data)

Ethernet / Others

2 vNIC

1 vNIC

 

 




Posted by at No comments:

Tuesday 3 November 2020

Summary for MDM assigned policy from user device

There's a few ways to check on the policy that has been assigned via MEM. 

1. Registry Editor for MDM device.

  • Launch regedit.msc. 
  • Navigate to  Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device



2. Info from Azure AD connected

  • Navigate to Settings > Accounts > Access work or school 
  • Expand the connected user
  • Click on Info button
  • The policies applied is appeared

3. Export the MDM Diagnostic report

  • Navigate to Settings > Accounts
  • At the right pane under Related Settings
  • Click on Export your management log files
  • Extract the MDMDiagHtmlReport.html and open in Microsoft Edge.

  • Under Managed Policies details, you may find the policies assigned. 
  • Example of highlighted below, WiFi policy is assigned to Disabled to Allow Auto Connect Wifi Hotspot. 

  • Picture below is the WiFi policy assigned from MEM portal.






Posted by at No comments:
Subscribe to: Posts (Atom)