As usual, great post and more informative as well in small video!

Clear and to the point explanation of this new feature. Thanks a lot!

Dude the way you explain this are awesome and to the point. Thanks

Excellent way of presenting, nice and clear you are a good presenter. 7 days is a bit of a limiting factor, whilst this is cool it's not ideal for my use case (installing the client during ESP AutoPilot with no VPN)

Awesome video ❤️

Really great work as always. Appreciate your effort 😊.

Great video with explanation sir. Looking fwd more videos on sccm .. If u can make a video on how to migrate cm database to remote sql cluster would be very helpful.

Great video, and followed every step , im in test lab environment using an internal pki , CMG is working fine , when I use is the procedure I receive errors that it cannot establish a connection, does my cmg have to have a public cert for this to work?

Do we have to use the new token for every new devices coming in company after seven days??

Why am I only seeing this now!!! I have now subscribed! Quick question - on the video the MS doc on Step 5 - shows an entry for "SMSMP=mp1.contoso.com" - in your batch file you also have the entry but in the current MS doc "docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/deploy-clients-cmg-token" Step 5 is not showing "SMSMP=mp1.contoso.com" in the example. This is puzzling me! Is this required? If so is this my internal SCCM server address? Thanks

Hi Justin, I have been trying to install the sccm agent on a workgroup PC over the internet using token based authentication but I cannot get it to work. When I try the install, ccmsetup is throwing errors as if there is a cert trust issue between the client and CMG. Among the errors I am getting in ccmsetup, I think these are my main issue: WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED and WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA. If I import the RootCA to the PC, I can prevent the INVALID_CA error from appearing but I shouldn't have to do that. My command line is very similar to what you have in the video. I found if I include /nocrlcheck, the client will install but will still refuse to talk to the CMG and will throw the same cert errors. I have disabled the CRL check for the site but that did not help. Do you have any thoughts? I am running SCCM 2010 and trying to install the client on a Win10 1909 machine. Thanks.

Great video! I was wondering if I can use 'Token-based Authentication' temporary to onboard a client and then let it switch to AzureAD based authentication?

Great video, such a great feature. My question is, what if the machine already has the client?

this was very informative, but i need info on client auth check. MS article after 90 days the token expires , what after that ? how the systems will connect back. how the registration happens if the system is in internet without LAN access

Does it also work with Windows 7 ?