Modernize the Cloud Management Gateway into an Azure WebApp - Network Security
Currently the Cloud Management Gateway(CMG) for SCCM is a legacy "Cloud Service" in Azure. This prevents Network Security controls, such as placing a Web Application Firewall in front of the service, or peering it to a Virtual Network to be impossible. There are many customers in both the public and private sector that would like to see the CMG modernized into an Azure PaaS WebApp(ARM). This way they can place the CMG into an App Service Environment(ASE), and enforce Trusted Internet Control(TIC) policies.
Kind of duplicate of https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/17404900-cloud-management-gateway-as-csp as the change to WebApp should allow CSP customers to build those as well.
Agree - my client also is questioning the security of the CMG PAAS service in their own Azure tenant and would like more security.
Greg Ferguson commented
This would be a much welcomed change to how to implement CMG and would allow for greater flexibility when customers want to leverage the role!