This blog will show you how to create a cloud distribution point from Configuration Manager in Azure. I chose to create 2 tabs in this blog one called “Create The Cloud DP” and the other “Certificate Creation”. I did this to not make this a lengthy blog and to keep it readible.

There are a couple of things that are needed before you can create the Cloud DP. The following things need to be arranged:

  1. Configuration Manager 2012 SP1 [icon  icon=”0101.png”][/icon]
  2. A PKI Infrastructure [icon  icon=”0101.png”][/icon]
  3. Windows Azure Subscription [icon  icon=”0101.png”][/icon]
  4. Certificate needed for secure communication [icon  icon=”0101.png”][/icon]
  5. Import the certificate in Windows Azure (*.cer file) [icon  icon=”0101.png”][/icon]
  6. Export the private key of the certificate (*.pfx file) [icon  icon=”0101.png”][/icon]
  7. Create the Cloud distribution point [icon  icon=”0101.png”][/icon]

The first 3 steps are clear, no need to say anything about that. The 4th point on the list is creating the certificate. Steps 4 to 6 you can read about on the tab “Certificate Creation”.

[tab title=”Create The Cloud DP”]

On this tab I will continue to describe how to create the distribution point. Once you have all the bits and pieces together, open the Configuration Manager Console and navigate to the Administration node, Hierarchy Configuration and right click Cloud.



The wizard will be started and you will have to fill in the information needed.


You need your Azure subscribtion ID, you can find this on the settings page in the Windows Azure Portal. Also you will need the private key file that you have exported and browse to that file (*.pfx).


A validation takes place and the next screen appears.


Change the region to where you need the DP, in my case West Europe.


In the next page you can specify the alerts for the amount of storage and the amount of data transfer from the Cloud DP.



Creation of the Cloud service is started.


If you go to the distribution point you will see that a new Cloud DP is visible.


The provisioning will take a bit of time and when it is finished you can see it in Azure and in ConfigMgr.


This concludes the Cloud DP creation, in a following blog I will test if the DP is working properly.

[tab title=”Certificate Creation”]

First of all you will need a certificate for secure communication between ConfigMgr on-premise and you Cloud DP in Windows Azure. You can follow the steps below and or read more on Technet: This link includes the steps below and also the requesting of the certificate and exporting the certificate

  1. Create a security group named ConfigMgr Site Servers that contains the member servers to install System Center 2012
  2. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.
  3. In the results pane, right-click the entry that displays Web Server in the column Template Display Name, and then click Duplicate Template.
  4. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.
    Do not select Windows 2008 Server, Enterprise Edition.


  5. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the web server certificate for cloud-based distribution points, such as ConfigMgr Cloud-Based Distribution Point Certificate.
  6. Click the Request Handling tab, and select Allow private key to be exported.
  7. Click the Security tab, and remove the Enroll permission from the Enterprise Admins security group.
  8. Click Add, enter ConfigMgr Site Servers in the text box, and then click OK.
  9. Select the Enroll permission for this group, and do not clear the Read permission.
  10. Click OK and close Certificate Templates Console.
  11. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.
  12. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Cloud-Based Distribution Point Certificate, and then click OK.
  13. If you do not have to create and issue any more certificates, close Certification Authority.


After creation of the certificate you will have to request the certificate on the Primary Site.  After that this certificate has to be exported twice, once as a *.cer file and once as a *.pfx file. The *.cer file needs to be imported into Windows Azure. You can do this by opening the Azure portal go to Setting and click management certificates. There you can upload the *.cer file.  The *.pfx file is needed for the creation of the Cloud DP in ConfigMgr.


The exported Private Key (*.pfx) you will need for the configuration in Configuration Manager.