Is there an Onboarding Process for Endpoint Management?
This article provides an overview of the Endpoint Management onboarding process for SCCM and Jamf.
1. Provisioning request form is filled out by department.
NOTE: Each service offering needs to be requested. They can be requested together or separately.
2. Department is notified when site has been configured.
Additional steps for SCCM:
3. Distribution point server obtained and configured(requirements listed below).
- Create Windows Server 2016/2019 machine.
- Assign SCCM server and Primary site computer objects to local admin group
- IIS Certs installed
- Powershell 3.0+
- Microsoft Visual C++ 2013 Redistributable Package
- The IIS, Remote Differential Compression Role, and WDS Role for PXE boot
- Firewall configuration (Inbound Connections)
|Dynamic Host Configuration Protocol (DHCP)||UDP 67 and 68|
|Trivial File Transfer Protocol (TFTP)||UDP 69|
|Boot Information Negotiation Layer (BINL)||UDP 4011|
|Server Message Block (SMB)||TCP 445|
|RPC Endpoint Manager||TCP 135, UDP 135|
|RPC Dynamic Ports|
- Firewall Configuration (outbound connections)
|Hypertext Transfer Protocol (HTTP)||80|
|Secure Hypertext Transfer Protocol (HTTPS)||443|
4. Send distribution point IP address to firstname.lastname@example.org, if not included in original request form, to configure a static public NAT .
NOTE: Once NAT is configured. Edit the IPV4 settings on the distribution point to not register itself automatically in DNS.
5. Distribution point role is installed.
NOTE: When configuring the distribution point in SCCM, DO NOT check "Enable this distribution point for prestaged content".