1. https://anthonyfontanez.com/index.php/2021/05/28/migrating-configmgr-to-https-only/
  2. Configure “AJF8729 LAB ConfigMgr DP Client” certificate template
  3. Install Fallback Status Point
    • Add-CMFallbackStatusPoint -SiteSystemServerName labcm01.lab.dev.ajf8729.com
  4. Configure IIS HTTPS bindings
  5. Enable certificate use when available
  6. Add root CA certificate to site
  7. Enable MP HTTPS
    • Set-CMManagementPoint -SiteSystemServerName "labcm01.lab.dev.ajf8729.com" -EnableSsl $true
  8. Enable DP HTTPS
    • Set-CMDistributionPoint -SiteSystemServerName "labcm01.lab.dev.ajf8729.com" -ClientCommunicationType Https -CertificatePath "C:\LAB\AJF8729 LAB ConfigMgr DP Client 2021.11.03.pfx" -CertificatePassword (Read-Host -Prompt "Enter PFX Password" -AsSecureString)
  9. Verify communication
  10. Set site to HTTPS-only
    • Set-CMSite -SiteCode LAB -ClientComputerCommunicationType HttpsOnly