This article provides an overview of the Endpoint Management onboarding process for MECM, Intune, and Jamf.
1. Provisioning request form is filled out by department.
NOTE: Each service offering needs to be requested. They can be requested together or separately.
2. Department is notified when site has been configured.
Additional steps for MECM:
3. Distribution point server obtained and configured(requirements listed below).
- Create Windows Server 2016/2019 machine.
- Assign MECM server and Primary site computer objects to local admin group
- IIS Certs installed
- Powershell 3.0+
- Microsoft Visual C++ 2013 Redistributable Package
- The IIS, Remote Differential Compression Role, and WDS Role for PXE boot
- Firewall configuration (Inbound Connections)
| Dynamic Host Configuration Protocol (DHCP) |
UDP 67 and 68 |
| Trivial File Transfer Protocol (TFTP) |
UDP 69 |
| Boot Information Negotiation Layer (BINL) |
UDP 4011 |
| Server Message Block (SMB) |
TCP 445 |
| RPC Endpoint Manager |
TCP 135, UDP 135 |
| RPC Dynamic Ports |
|
- Firewall Configuration (outbound connections)
| Hypertext Transfer Protocol (HTTP) |
80 |
| Secure Hypertext Transfer Protocol (HTTPS) |
443 |
4. Send distribution point IP address via our web form, to configure a static public NAT.
NOTE: Once NAT is configured. Edit the IPV4 settings on the distribution point to not register itself automatically in DNS.
5. Distribution point role is installed.
NOTE: When configuring the distribution point in MECM, *DO NOT* check "Enable this distribution point for prestaged content".