4. Cloud Management Gateway
The Cloud Management Gateway is the most modern variant of managing MEM clients via the internet. It functions in a similar way to internet-based client management, but with the major difference that the infrastructure does not need to be manually established in the DMZ but is instead created automatically in Azure. Clients download guidelines and content from the Cloud Management Gateway or the integrated Cloud Distribution Point.
To enable MEM clients to communicate with the Cloud Management Gateway they must either have a certificate or be part of the Azure Active Directory via “hybrid/pure-cloud join”.
The Cloud Management Gateway has a further major advantage. Those using Microsoft Intune or planning to do so in the future can use the Cloud Management Gateway to operate their MEM clients in co-management. Clients are managed by both MEM and Intune in this case.
A comparison between MEM and Intune can be found here.
Here too, the rule is: If the VPN client makes the complete network traffic pass through the VPN tunnel, no bandwidth whatsoever is saved.